bool ProcessInfo::EnumCurrentUserProcess(PIDList& pids)
{
const char* UNIX_PROC_DIR = "/proc";
DIR* fdDir;
struct dirent* dirData;
if((fdDir = opendir(UNIX_PROC_DIR)) != NULL)
{
while((dirData = readdir(fdDir)) != NULL)
{
int pid = atoi(dirData->d_name);
if(pid > 0)
{
PStatusMap status;
if(GetProcessInfoByPID(status, pid))
{
if(getuid() == (unsigned int)atoi(status["Uid:"].c_str()))
{
pids.push_back(pid);
}
}
}
}
closedir(fdDir);
}
else
{
return false;
}
return true;
}
bool DesktopShellView::DoContextMenu(int x, int y)
{
IDataObject* selection;
HRESULT hr = _pShellView->GetItemObject(SVGIO_SELECTION, IID_IDataObject, (void**)&selection);
if (FAILED(hr))
return false;
PIDList pidList;
hr = pidList.GetData(selection);
if (FAILED(hr)) {
selection->Release();
//CHECKERROR(hr);
return false;
}
LPIDA pida = pidList;
if (!pida->cidl) {
selection->Release();
return false;
}
LPCITEMIDLIST parent_pidl = (LPCITEMIDLIST) ((LPBYTE)pida+pida->aoffset[0]);
LPCITEMIDLIST* apidl = (LPCITEMIDLIST*) alloca(pida->cidl*sizeof(LPCITEMIDLIST));
for(int i=pida->cidl; i>0; --i)
apidl[i-1] = (LPCITEMIDLIST) ((LPBYTE)pida+pida->aoffset[i]);
hr = ShellFolderContextMenu(ShellFolder(parent_pidl), _hwnd, pida->cidl, apidl, x, y, _cm_ifs);
selection->Release();
if (SUCCEEDED(hr))
refresh();
else
CHECKERROR(hr);
return true;
}
// process default command: look for folders and traverse into them
HRESULT IShellBrowserImpl::OnDefaultCommand(IShellView* ppshv)
{
IDataObject* selection;
HRESULT hr = ppshv->GetItemObject(SVGIO_SELECTION, IID_IDataObject, (void**)&selection);
if (FAILED(hr))
return hr;
PIDList pidList;
hr = pidList.GetData(selection);
if (FAILED(hr)) {
selection->Release();
return hr;
}
hr = OnDefaultCommand(pidList);
selection->Release();
return hr;
}
PIDList GetProcessIDsByName(const char* processName)
{
// list of correct PIDs
PIDList pids;
// gets a snapshot from 32 bit processes
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == INVALID_HANDLE_VALUE)
{
printf("ERROR: Can't get snapshot from 32 bit processes, ");
printf("ErrorCode: %u\n", GetLastError());
return pids;
}
// a 32 bit process entry from a snapshot
PROCESSENTRY32 processEntry;
// from MSDN: The calling application must set the
// dwSize member of PROCESSENTRY32 to the size, in bytes, of the structure.
processEntry.dwSize = sizeof(PROCESSENTRY32);
// checks the first process from the snapshot
if (Process32First(hSnapshot, &processEntry))
{
do
{
// process found
if (!strcmp(processEntry.szExeFile, lookingProcessName))
pids.push_back(processEntry.th32ProcessID);
}
// loops over the snapshot
while (Process32Next(hSnapshot, &processEntry));
}
CloseHandle(hSnapshot);
return pids;
}
int main(int argc, char* argv[])
{
// nice title :)
SetConsoleTitle("SzimatSzatyor, WoW injector sniffer");
// some info
printf("Welcome to SzimatSzatyor, a WoW injector sniffer.\n");
printf("SzimatSzatyor is distributed under the GNU GPLv3 license.\n");
printf("Source code is available at: ");
printf("http://github.com/Konctantin/SzimatSzatyor\n\n");
if (argc > 3)
{
printf("ERROR: Invalid parameters. ");
printf("\"szatyor.exe [wow_exe_name] [dll_name]\" should be used.\n\n");
system("pause");
return 0;
}
// custom process' name
else if (argc > 1)
lookingProcessName = argv[1];
else if (argc > 2)
injectDLLName = argv[2];
// this process will be injected
DWORD processID = 0;
// tries to get the PIDs
PIDList& pids = GetProcessIDsByName(lookingProcessName);
if (pids.empty())
{
printf("'%s' process NOT found.\n", lookingProcessName);
printf("Note: be sure the process which you looking for ");
printf("is must be a 32 bit process.\n\n");
system("pause");
return 0;
}
// just one PID found
else if (pids.size() == 1)
{
processID = pids.front();
printf("'%s' process found, PID: %u\n", lookingProcessName, processID);
// checks this process is already injected or not
if (IsProcessAlreadyInjected(processID, injectDLLName))
{
printf("Process is already injected.\n\n");
system("pause");
return 0;
}
}
// size > 1, multiple possible processes
else
{
printf("Multiple '%s' processes found.\n", lookingProcessName);
printf("Please select one which will be injected.\n\n");
// stores the PIDs which are already injected
// so these are "invalid"
PIDList injectedPIDs;
unsigned int idx = 1;
for (PIDList_ConstItr itr = pids.begin(); itr != pids.end(); ++itr)
{
DWORD pid = *itr;
printf("[%u] PID: %u\n", idx++, pid);
if (IsProcessAlreadyInjected(pid, injectDLLName))
{
printf("Already injected!\n\n");
injectedPIDs.push_back(pid);
}
}
// same size: there is no non-injected PID
if (pids.size() == injectedPIDs.size())
{
printf("All the processes are already injected.\n\n");
system("pause");
return 0;
}
unsigned int selectedIndex = 0;
// loops until has correct PID
while (1)
{
processID = 0;
selectedIndex = 0;
printf("Please select a process, use [index]: ");
scanf("%u", &selectedIndex);
// bigger than max index
if (selectedIndex > idx - 1)
{
printf("Your index is too big, max index is %u.\n", idx - 1);
continue;
}
// 0 or non int used
else if (selectedIndex == 0)
{
printf("Your index is invalid, 1-%u should be used.\n", idx - 1);
continue;
}
// gets PID via index
PIDList_ConstItr itr = pids.begin();
std::advance(itr, selectedIndex - 1);
processID = *itr;
// if already injected
if (std::find(injectedPIDs.begin(), injectedPIDs.end(), processID) != injectedPIDs.end())
{
printf("This process is already injected. ");
printf("Please choose a different one.\n");
continue;
}
// looks like all good
break;
}
printf("\n");
}
// stores where the injector is, so location/path of the current process
char injectorPath[MAX_PATH] = { 0 };
// gets where the injector is
DWORD injectorPathSize = GetModuleFileName(NULL, injectorPath, MAX_PATH);
if (!injectorPathSize)
{
printf("ERROR: Can't get the injector's path, ");
printf("ErrorCode: %u\n\n", GetLastError());
system("pause");
return 0;
}
// full path of the DLL
char* dllPath = new char[MAX_PATH];
// copies injector's full path to dllPath
strncpy_s(dllPath, MAX_PATH, injectorPath, injectorPathSize);
// some magic to replace path/szatyor.exe to path/szimat.dll
// removes injector's name
PathRemoveFileSpec(dllPath);
// appends DLL's name
PathAppend(dllPath, injectDLLName);
printf("DLL: %s\n", dllPath);
if (InjectDLL(processID, dllPath))
{
printf("\nInjection of '%s' is successful.\n\n", injectDLLName);
}
else
{
printf("\nInjection of '%s' is NOT successful.\n\n", injectDLLName);
system("pause");
}
delete[] dllPath;
//system("pause");
return 0;
}
void Monitor::procProcesses() {
PIDList deletes;
PIDList adds;
unsigned long long totalTicks = 0;
if ( fCPUTotalTicks.size() > 0 ) {
totalTicks = fCPUTotalTicks[0];
}
ProcessStatHandler statHandler(fProcMap, totalTicks);
ProcessStatMHandler statMHandler(fProcMap, fTotalMemory);
ProcessCmdLineHandler cmdLineHandler(fProcMap, fAppNameMap);
QStringList procList = fProcReader.getProcList();
QStringListIterator slIterator(procList);
pid_t pid;
int iteration = 0;
while ( (pid = getNextPID(slIterator, iteration)) != 0 ) {
iteration++;
const QString pidStr = QString::number(pid);
QString pathStatM("/proc/" + pidStr + "/statm");
QString pathCmdLine("/proc/" + pidStr + "/cmdline");
QString pathStat("/proc/" + pidStr + "/stat");
if ( !fProcMap.contains(pid) ) {
fProcMap[pid];
adds.append(pid);
}
const QString oldName = fProcMap.value(pid).getStatName();
if ( fProcReader.readProcFile(pathStat, statHandler, 1, pid) != 0 ) {
qCritical() << "Error reading process stat file " << pid << "\n";
continue;
}
if ( !oldName.isEmpty() && oldName != fProcMap.value(pid).getStatName() ) {
fProcMap.remove(pid);
fProcMap[pid];
deletes.append(pid);
adds.append(pid);
if ( fProcReader.readProcFile(pathStat, statHandler, 1, pid) != 0 ) {
qCritical() << "Error reading process stat file " << pid << "\n";
continue;
}
}
if ( fProcReader.readProcFile(pathStatM, statMHandler, 1, pid) != 0 ) {
qCritical() << "Error reading process mstat file " << pid << "\n";
continue;
}
if ( fProcMap.value(pid).getNameState() == 0 ) {
if ( fProcReader.readProcFile(pathCmdLine, cmdLineHandler, 1, pid) != 0 ) {
qCritical() << "Error reading process cmdline file " << pid << "\n";
continue;
}
}
}
QMapIterator<pid_t, ProcInfo> iterator(fProcMap);
while ( iterator.hasNext() ) {
iterator.next();
const pid_t pid = iterator.key();
const QString pidStr = QString::number(pid);
QString pathStat("/proc/" + pidStr + "/stat");
if ( !QFile::exists(pathStat) ) {
fProcMap.remove(pid);
deletes.append(pid);
}
}
emit processChanged(&fProcMap, adds, deletes);
}
