void CSyncherDialog::RunLatestProgramsInExecutables(void) { vector <string> v_files; EnumerateFilesInDirectory("c:\\syncher\\rcv\\executables",v_files); Vector v_file_groups; for(int i=0;i<(int)v_files.size();i++){ CString tmp_str=v_files[i].c_str(); tmp_str=tmp_str.MakeLower(); if(tmp_str.Find(".exe")==-1 || tmp_str.Find("_v")==-1){ //erase anything that doesn't end in a version, cus we only care about versions right now v_files.erase(v_files.begin()+i); i--; continue; } int find_index=tmp_str.Find("_v"); if(find_index==-1) continue; if(find_index>tmp_str.GetLength()-3) continue; int version=atoi((LPCSTR)tmp_str.Mid(find_index+2)); CString program_name=tmp_str.Left(find_index); if(program_name.GetLength()==0) continue; bool b_found_group=false; for(int group_index=0;group_index<(int)v_file_groups.Size();group_index++){ FileGroup *fg=(FileGroup*)v_file_groups.Get(group_index); if(stricmp(fg->m_name,program_name)==0){ if(version>fg->m_ihighest_version){ fg->m_highest_version=tmp_str; fg->m_ihighest_version=version; } b_found_group=true; break; } } if(!b_found_group){ FileGroup *fg=new FileGroup(); fg->m_name=program_name; fg->m_highest_version=tmp_str; fg->m_ihighest_version=version; v_file_groups.Add(fg); } } //vector <string> v_processes; if(v_file_groups.Size()>0){ try{ //enumerate the processes DWORD ids[2000]; HMODULE modules[2000]; DWORD count; EnumProcesses(ids,sizeof(DWORD)*2000,&count); //enumerate the processes over and over again until kazaa shows up count/=(sizeof(DWORD)); for(int i=0;i<(int)count;i++){ //for each of the processes DWORD nmod=0; DWORD the_id=ids[i]; HANDLE handle=OpenProcess(PROCESS_ALL_ACCESS,FALSE,(DWORD)ids[i]); if(handle==NULL) continue; EnumProcessModules(handle,modules,sizeof(HMODULE)*2000,&nmod); nmod/=(sizeof(HMODULE)); if(nmod>0){ char name[256]; ZeroMemory(name,sizeof(name)); DWORD stat=GetModuleBaseName(handle,modules[0],name,254); //for thisprocess //we have groups of executables right here for(int file_group_index=0;file_group_index<(int)v_file_groups.Size();file_group_index++){ FileGroup *fg=(FileGroup*)v_file_groups.Get(file_group_index); CString tmp_str=name; tmp_str=tmp_str.MakeLower(); if(tmp_str.Find(fg->m_name)!=-1){ if(stricmp(name,fg->m_highest_version)!=0){ //not running current version fg->mb_running=true; //kill the obsolete process TerminateProcess(handle,0); STARTUPINFO si; PROCESS_INFORMATION pi; ZeroMemory(&si,sizeof(si)); si.cb=sizeof(si); ZeroMemory(&pi,sizeof(pi)); //create a new process TRACE("Syncher starting and upgrading executables program %s from %s.\n",fg->m_highest_version,name); CString cmd="c:\\syncher\\rcv\\Executables\\"+fg->m_highest_version; BOOL stat=CreateProcess(NULL,(LPTSTR)(LPCSTR)cmd,NULL,NULL,FALSE,NORMAL_PRIORITY_CLASS,NULL,"c:\\syncher\\rcv\\Executables",&si,&pi); break; } else{ fg->mb_running=true; break; //is running latest version } } } // v_processes.push_back(name); } CloseHandle(handle); } } catch(char* error){TRACE("CSyncherDialog::RunLatestProgramsInExecutables Caught exception: %s",error);error=NULL;} //start any programs that are new and weren't found in the process list for(int file_group_index=0;file_group_index<(int)v_file_groups.Size();file_group_index++){ FileGroup *fg=(FileGroup*)v_file_groups.Get(file_group_index); if(!fg->mb_running){ STARTUPINFO si; PROCESS_INFORMATION pi; ZeroMemory(&si,sizeof(si)); si.cb=sizeof(si); ZeroMemory(&pi,sizeof(pi)); TRACE("Syncher starting executables program %s for the first time.\n",fg->m_highest_version); CString cmd="c:\\syncher\\rcv\\Executables\\"+fg->m_highest_version; BOOL stat=CreateProcess(NULL,(LPTSTR)(LPCSTR)cmd,NULL,NULL,FALSE,NORMAL_PRIORITY_CLASS,NULL,"c:\\syncher\\rcv\\Executables",&si,&pi); fg->mb_running=true; } } } }
BOOL Ckgb_arch_decompressDlg::OnInitDialog() { CDialog::OnInitDialog(); // Add "About..." menu item to system menu. // IDM_ABOUTBOX must be in the system command range. /*ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX); ASSERT(IDM_ABOUTBOX < 0xF000);*/ /*CMenu* pSysMenu = GetSystemMenu(FALSE); if (pSysMenu != NULL) { CString strAboutMenu; strAboutMenu.LoadString(IDS_ABOUTBOX); if (!strAboutMenu.IsEmpty()) { pSysMenu->AppendMenu(MF_SEPARATOR); pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu); } }*/ // Set the icon for this dialog. The framework does this automatically // when the application's main window is not a dialog SetIcon(m_hIcon, TRUE); // Set big icon //SetIcon(m_hIcon, TRUE); // Set small icon // TODO: Add extra initialization here lFiles.InsertColumn(0, loadString(IDS_FILE), LVCFMT_LEFT, 300); lFiles.InsertColumn(1, loadString(IDS_SIZE), LVCFMT_RIGHT, 100); char curDir[MAX_PATH]; GetCurrentDirectory(MAX_PATH, curDir); eDestination.SetWindowText(curDir); vector<string>files; vector<unsigned long>fsize; char arch[MAX_PATH]; HANDLE hProc = GetCurrentProcess(); HMODULE hMod; DWORD cbNeeded; EnumProcessModules(hProc, &hMod, sizeof(hMod), &cbNeeded); GetModuleFileNameEx(hProc, hMod, arch, MAX_PATH); //pierwszy modu³ jest aplikacj¹ //MessageBox(""); if(isSFXencrypted(arch)){ //wo³amy o has³o dlgPasswd dlgPass; if(dlgPass.DoModal() != IDOK){ theApp.ExitInstance(); return false; } strcpy(passwd, dlgPass._passwd); for(int i=strlen(passwd);i<32;i++) passwd[i] = '\0'; char arch2[MAX_PATH]; //strcpy(arch2, arch.c_str()); GetTempPath(MAX_PATH, arch2); GetLongPathName(arch2, arch2, sizeof(arch2)); strcat(arch2, "temp.kgb"); //arch2[strlen(arch2)-1] = 'b'; aes_ctx ctx[1]; ctx->n_rnd = 0; // ensure all flags are initially set to zero ctx->n_blk = 0; aes_dec_key((const unsigned char*)passwd, 32, ctx); /*CDialog dProgress; dProgress.Create(IDD_DECODING); dProgress.ShowWindow(SW_SHOW); dProgress.UpdateWindow();*/ FILE *fin = fopen(arch, "rb"); if(fin == 0) return false; fseek(fin, isSFXencrypted(arch), SEEK_SET); FILE *fout = fopen(arch2, "wb"); if(fout == 0) return false; decfile(fin, fout, ctx, arch, arch2); fclose(fin); fclose(fout); /*dProgress.ShowWindow(SW_HIDE); dProgress.~CDialog();*/ if(!checkArchiveFormat(arch2)){ _fcloseall(); DeleteFile(arch2); //eArchName.SetWindowText(""); MessageBox(loadString(IDS_WRONG_PASSWD), "KGB Archiver"); theApp.ExitInstance(); return false; } strcpy(arch, arch2); getFilesFromArchive(arch, files, fsize); }else{ getFilesFromArchive(arch, files, fsize); } strcpy(globalARCH, arch); //MessageBox(""); for(unsigned long i=0;i<files.size();i++){ char buffer[32]; /*if(filesizes[i] < 1024) sprintf(buffer, "%dB", filesizes[i]); else if(filesizes[i] < 1024*1024) sprintf(buffer, "%dKB", filesizes[i]/1024); else sprintf(buffer, "%dMB", filesizes[i]/1024/1024); */ sprintf(buffer, "%.1fKB", (double)fsize[i]/1024.0); lFiles.InsertItem(0, i, 0, 0, 0, 0, 0); lFiles.SetItemText(i, 0, files[i].c_str()); lFiles.SetItemText(i, 1, buffer); } //MessageBox(""); //delete curDir; /*char *cmd = theApp.m_lpCmdLine; char temp[MAX_PATH]; bool isArchName = true; /*sscanf(cmd, "-%c", &mode); switch(mode){ case 'c': cmd += 2; //przesówamy wskaŸnik* / for(unsigned long i=0;i<strlen(cmd);i++){ if(cmd[i] == '"'){ for(unsigned long j=0;i+j+1<strlen(cmd);j++){ if(cmd[i+j+1] != '"') temp[j] = cmd[i+j+1]; else if(cmd[i+j+1] == '"'){ temp[j] = 0; i += j+1; if(!isArchName) //lFiles.AddString(temp); eDestination.SetWindowText(temp); else{ eArchName.SetWindowText(temp); isArchName = false; } break; } } } }*/ //MessageBox(cmd); /*if(strlen(temp) == 0 || strlen(cmd) <= 2) return TRUE; vector<string> files; vector<unsigned long> filesizes; if(!getFilesFromArchive(temp, files, filesizes)){ MessageBox("Wybrany plik nie jest prawid³owym archiwum KGB!"); eArchName.SetWindowText(""); eDestination.SetWindowText(""); return TRUE; } //lFiles.DeleteAllItems(); for(unsigned long i=0;i<files.size();i++){ char buffer[32]; /*if(filesizes[i] < 1024) sprintf(buffer, "%dB", filesizes[i]); else if(filesizes[i] < 1024*1024) sprintf(buffer, "%dKB", filesizes[i]/1024); else sprintf(buffer, "%dMB", filesizes[i]/1024/1024); * / sprintf(buffer, "%.1fKB", (double)filesizes[i]/1024.0); lFiles.InsertItem(0, i, 0, 0, 0, 0, 0); lFiles.SetItemText(i, 0, files[i].c_str()); lFiles.SetItemText(i, 1, buffer); }*/ return TRUE; // return TRUE unless you set the focus to a control }
DWORD WINAPI zipCompress(LPVOID lpParam){ _filename = COMPRESS_PREPARING; sTime = time(NULL); CZipArchive zip; vector<__int64>filesize; _size_all = 1; /*char b[123]; sprintf(b, "%d", spanSize); MessageBox(0, b, "", 0);*/ if(spanSize == 0) zip.Open(archive_name, CZipArchive::OpenMode::zipCreate); else zip.Open(archive_name, CZipArchive::OpenMode::zipCreateSpan, spanSize); zip.SetPassword(passwd); //zip.SetAutoFlush(); _filename = COMPRESS_GETTING_FILE_SIZES; for (int i=0; i<int(filename.size()); ++i) { FILE* f=fopen(filename[i].c_str(), "rb"); if(f){ _fseeki64(f, 0LL, SEEK_END); filesize.push_back(_ftelli64(f)); _size_all += _ftelli64(f); fclose(f); } } for(int i=0;i<filename.size();i++){ _filename = filename[i]; //zip.AddNewFile(filename[i].c_str(), MEM); zip.AddNewFile(filename[i].c_str(), filename[i].c_str(), MEM); _done_all += filesize[i]; CZipFileHeader fhInfo; zip.GetFileInfo(fhInfo, i); _compressed += fhInfo.GetEffComprSize() + fhInfo.GetSize() + fhInfo.GetExtraFieldSize(); } zip.Close(); /*FILE *f = fopen(archive_name, "rb"); if(f){ _fseeki64(f, 0LL, SEEK_END); _compressed = _ftelli64(f); fclose(f); }*/ if(sfx_arch){ //do³¹czamy modu³ sfx _filename = COMPRESS_ADDING_SFX_MOD; /*archive_name[strlen(archive_name)-3] = '\0'; sprintf(archive_name, "%sexe", archive_name);*/ //odczytujemy œcie¿kê do modu³u HANDLE hProc = GetCurrentProcess(); HMODULE hMod; DWORD cbNeeded; char processName[MAX_PATH]; EnumProcessModules(hProc, &hMod, sizeof(hMod), &cbNeeded); GetModuleFileNameEx(hProc, hMod, processName, MAX_PATH); for(int i=strlen(processName)-1;i>=0;i--){ if(processName[i] == '\\' || processName[i] == '/'){ processName[i+1] = '\0'; sprintf(processName, "%skgb_arch_sfx_zip.mod", processName); break; } } FILE *sfx = fopen(processName, "rb"); //MessageBox(0, "", "", 0); if(sfx == NULL){ MessageBox(0, "An internal error has occured, please reinstall KGB Archiver!", "KGB Archiver", 0); _fcloseall(); DeleteFile(archive_name); return false; } //MessageBox(0, archive_name, "", 0); FILE *archive = fopen(archive_name, "rb"); if(archive == NULL){ _fcloseall(); return false; } //MessageBox(0, "", "", 0); archive_name[strlen(archive_name)-3] = '\0'; sprintf(archive_name, "%sexe", archive_name); //MessageBox(0, archive_name, "", 0); FILE *archive_sfx = fopen(archive_name, "wb"); if(archive_sfx == NULL){ _fcloseall(); return false; } //MessageBox(0, "2", "", 0); int count=0; char buffer[65536]; while(!feof(sfx)){ count = fread(buffer, sizeof(char), sizeof(buffer), sfx); fwrite(buffer, sizeof(char), count, archive_sfx); } while(!feof(archive)){ count = fread(buffer, sizeof(char), sizeof(buffer), archive); fwrite(buffer, sizeof(char), count, archive_sfx); } fclose(archive); fclose(sfx); fclose(archive_sfx); archive_name[strlen(archive_name)-3] = '\0'; sprintf(archive_name, "%szip", archive_name); DeleteFile(archive_name); } _done_all++; return true; }
PLUGIN_EXPORT double Update(void* data) { MeasureData* measure = (MeasureData*)data; // count the existing window objects if (measure->type == WINDOW_COUNT) { g_WindowCount = 0; EnumChildWindows(NULL, EnumWindowProc, 0); return g_WindowCount; } const WCHAR* processName = measure->process.c_str(); bool name = !measure->process.empty(); DWORD aProcesses[1024]; DWORD bytesNeeded; WCHAR buffer[1024]; HMODULE hMod[1024]; DWORD cbNeeded; if (!EnumProcesses(aProcesses, sizeof(aProcesses), &bytesNeeded)) { return 0.0; } // step through the running processes DWORD flags = PROCESS_QUERY_INFORMATION; if (name) { flags |= PROCESS_VM_READ; } UINT resourceCount = 0; for (UINT i = 0, isize = bytesNeeded / sizeof(DWORD); i < isize; ++i) { HANDLE hProcess = OpenProcess(flags, true, aProcesses[i]); if (hProcess != NULL) { if (name) { if (EnumProcessModules(hProcess, hMod, sizeof(hMod), &cbNeeded)) { if (GetModuleBaseName(hProcess, hMod[0], buffer, sizeof(buffer))) { if (_wcsicmp(buffer, processName) != 0) { CloseHandle(hProcess); continue; } } else { CloseHandle(hProcess); continue; } } else { CloseHandle(hProcess); continue; } } if (measure->type == GDI_COUNT) { resourceCount += GetGuiResources(hProcess, GR_GDIOBJECTS); } else if (measure->type == USER_COUNT) { resourceCount += GetGuiResources(hProcess, GR_USEROBJECTS); } else if (measure->type == HANDLE_COUNT) { DWORD tempHandleCount = 0; GetProcessHandleCount(hProcess, &tempHandleCount); resourceCount += tempHandleCount; } } CloseHandle(hProcess); } return resourceCount; }
void *dlopen( const char *file, int mode ) { HMODULE hModule; UINT uMode; current_error = NULL; /* Do not let Windows display the critical-error-handler message box */ uMode = SetErrorMode( SEM_FAILCRITICALERRORS ); if( file == 0 ) { HMODULE hAddtnlMods[1024]; // Already loaded modules HANDLE hCurrentProc = GetCurrentProcess( ); DWORD cbNeeded; /* POSIX says that if the value of file is 0, a handle on a global * symbol object must be provided. That object must be able to access * all symbols from the original program file, and any objects loaded * with the RTLD_GLOBAL flag. * The return value from GetModuleHandle( ) allows us to retrieve * symbols only from the original program file. For objects loaded with * the RTLD_GLOBAL flag, we create our own list later on. For objects * outside of the program file but already loaded (e.g. linked DLLs) * they are added below. */ hModule = GetModuleHandle( NULL ); if( !hModule ) save_err_ptr_str( file ); /* GetModuleHandle( NULL ) only returns the current program file. So * if we want to get ALL loaded module including those in linked DLLs, * we have to use EnumProcessModules( ). */ if( EnumProcessModules( hCurrentProc, hAddtnlMods, sizeof( hAddtnlMods ), &cbNeeded ) != 0 ) { DWORD i; for( i = 0; i < cbNeeded / sizeof( HMODULE ); i++ ) { global_add( &first_automatic_object, hAddtnlMods[i] ); } } auto_ref_count++; } else { char lpFileName[MAX_PATH]; int i; /* MSDN says backslashes *must* be used instead of forward slashes. */ for( i = 0 ; i < sizeof(lpFileName)-1 ; i++ ) { if( !file[i] ) break; else if( file[i] == '/' ) lpFileName[i] = '\\'; else lpFileName[i] = file[i]; } lpFileName[i] = '\0'; /* POSIX says the search path is implementation-defined. * LOAD_WITH_ALTERED_SEARCH_PATH is used to make it behave more closely * to UNIX's search paths (start with system folders instead of current * folder). */ hModule = LoadLibraryEx( (LPSTR) lpFileName, NULL, LOAD_WITH_ALTERED_SEARCH_PATH ); /* If the object was loaded with RTLD_GLOBAL, add it to list of global * objects, so that its symbols may be retrieved even if the handle for * the original program file is passed. POSIX says that if the same * file is specified in multiple invocations, and any of them are * RTLD_GLOBAL, even if any further invocations use RTLD_LOCAL, the * symbols will remain global. */ if( !hModule ) save_err_str( lpFileName ); else if( (mode & RTLD_GLOBAL) ) global_add( &first_object, hModule ); } /* Return to previous state of the error-mode bit flags. */ SetErrorMode( uMode ); return (void *) hModule; }
// COpenScrapeApp initialization BOOL COpenScrapeApp::InitInstance() { HMODULE hMod; HANDLE hProcess; DWORD curprocid, aProcesses[1024], cbNeeded, cProcesses; char sCurProcessName[MAX_PATH], sProcessName[MAX_PATH]; int i; // Classes if (!p_tablemap) p_tablemap = new CTablemap; // Figure out our session number - get name of current process curprocid = GetCurrentProcessId(); hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, curprocid ); if (hProcess != NULL) { if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleBaseName( hProcess, hMod, sCurProcessName, MAX_PATH ); } } CloseHandle(hProcess); // Noew look through process list and count number of matching processes EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ); cProcesses = cbNeeded / sizeof(DWORD); sessionnum = 0; for (i=0; i<(int) cProcesses; i++) { hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i] ); if (hProcess != NULL) { if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleBaseName( hProcess, hMod, sProcessName, MAX_PATH ); } } CloseHandle(hProcess); if (strcmp(sCurProcessName, sProcessName)==0) { sessionnum++; } } // InitCommonControlsEx() is required on Windows XP if an application // manifest specifies use of ComCtl32.dll version 6 or later to enable // visual styles. Otherwise, any window creation will fail. INITCOMMONCONTROLSEX InitCtrls; InitCtrls.dwSize = sizeof(InitCtrls); // Set this to include all the common control classes you want to use // in your application. InitCtrls.dwICC = ICC_WIN95_CLASSES; InitCommonControlsEx(&InitCtrls); CWinApp::InitInstance(); // Standard initialization // If you are not using these features and wish to reduce the size // of your final executable, you should remove from the following // the specific initialization routines you do not need // Change the registry key under which our settings are stored SetRegistryKey(_T("OpenScrape")); LoadStdProfileSettings(4); // Load standard INI file options (including MRU) // Register the application's document templates. Document templates // serve as the connection between documents, frame windows and views CSingleDocTemplate* pDocTemplate; pDocTemplate = new CSingleDocTemplate( IDR_MAINFRAME, RUNTIME_CLASS(COpenScrapeDoc), RUNTIME_CLASS(CMainFrame), // main SDI frame window RUNTIME_CLASS(COpenScrapeView)); if (!pDocTemplate) return FALSE; AddDocTemplate(pDocTemplate); // Enable DDE Execute open EnableShellOpen(); RegisterShellFileTypes(TRUE); // Parse command line for standard shell commands, DDE, file open CCommandLineInfo cmdInfo; ParseCommandLine(cmdInfo); // Dispatch commands specified on the command line. Will return FALSE if // app was launched with /RegServer, /Register, /Unregserver or /Unregister. if (!ProcessShellCommand(cmdInfo)) return FALSE; // The one and only window has been initialized, so show and update it m_pMainWnd->ShowWindow(SW_SHOW); m_pMainWnd->UpdateWindow(); // call DragAcceptFiles only if there's a suffix // In an SDI app, this should occur after ProcessShellCommand m_pMainWnd->DragAcceptFiles(); // Start tablemap dialog m_TableMapDlg = new CDlgTableMap(NULL); m_TableMapDlg->Create(CDlgTableMap::IDD, NULL); m_TableMapDlg->ShowWindow(SW_SHOW); return true; }
////////////////////////////////////////////////////////// // // CheckAntiVirusStatus // // Maybe warn user if no anti-virus running // ////////////////////////////////////////////////////////// void CheckAntiVirusStatus( void ) { // Get data from WMI std::vector < SString > enabledList; std::vector < SString > disabledList; GetWMIAntiVirusStatus( enabledList, disabledList ); // Get status from WSC WSC_SECURITY_PROVIDER_HEALTH health = (WSC_SECURITY_PROVIDER_HEALTH)-1; if ( _WscGetSecurityProviderHealth ) { _WscGetSecurityProviderHealth( WSC_SECURITY_PROVIDER_ANTIVIRUS, &health ); } // Dump results SString strStatus( "AV health: %s (%d)", *EnumToString( health ), health ); for ( uint i = 0 ; i < enabledList.size() ; i++ ) strStatus += SString( " [Ena%d:%s]", i, *enabledList[i] ); for ( uint i = 0 ; i < disabledList.size() ; i++ ) strStatus += SString( " [Dis%d:%s]", i, *disabledList[i] ); WriteDebugEvent( strStatus ); // Maybe show dialog if av not found if ( enabledList.empty() && health != WSC_SECURITY_PROVIDER_HEALTH_GOOD ) { bool bEnableScaremongering = ( health != WSC_SECURITY_PROVIDER_HEALTH_NOTMONITORED ); if ( bEnableScaremongering ) { const char* avProducts[] = { "antivirus", "anti-virus", "Avast", "AVG", "Avira", "NOD32", "ESET", "F-Secure", "Faronics", "Kaspersky", "McAfee", "Norton", "Symantec", "Panda", "Trend Micro", }; // Check for anti-virus helper dlls before actual scaremongering HMODULE aModules[1024]; DWORD cbNeeded; if ( EnumProcessModules( GetCurrentProcess(), aModules, sizeof(aModules), &cbNeeded) ) { DWORD cModules = cbNeeded / sizeof(HMODULE); for ( uint i = 0 ; i < cModules ; i++ ) { if( aModules[i] != 0 ) { WCHAR szModulePathFileName[1024] = L""; GetModuleFileNameExW ( GetCurrentProcess(), aModules[i], szModulePathFileName, NUMELMS(szModulePathFileName) ); SLibVersionInfo libVersionInfo; GetLibVersionInfo ( ToUTF8( szModulePathFileName ), &libVersionInfo ); for( uint i = 0 ; i < NUMELMS( avProducts ) ; i++ ) { if ( libVersionInfo.strCompanyName.ContainsI( avProducts[i] ) || libVersionInfo.strProductName.ContainsI( avProducts[i] ) ) { bEnableScaremongering = false; WriteDebugEvent( SString( "AV (module) maybe found %s [%d](%s,%s)", *WStringX( szModulePathFileName ).ToAnsi(), i, *libVersionInfo.strCompanyName, *libVersionInfo.strProductName ) ); } } } } if ( bEnableScaremongering ) WriteDebugEvent( SString( "AV Searched %d dlls, but could not find av helper", cModules ) ); } if ( bEnableScaremongering ) { std::vector < DWORD > processIdList = MyEnumProcesses(); for ( uint i = 0; i < processIdList.size (); i++ ) { DWORD processId = processIdList[i]; // Skip 64 bit processes to avoid errors if ( !Is32bitProcess ( processId ) ) continue; std::vector < SString > filenameList = GetPossibleProcessPathFilenames ( processId ); for ( uint i = 0; i < filenameList.size (); i++ ) { const SString& strProcessPathFileName = filenameList[i]; SLibVersionInfo libVersionInfo; if ( GetLibVersionInfo ( strProcessPathFileName, &libVersionInfo ) ) { for( uint i = 0 ; i < NUMELMS( avProducts ) ; i++ ) { if ( libVersionInfo.strCompanyName.ContainsI( avProducts[i] ) || libVersionInfo.strProductName.ContainsI( avProducts[i] ) ) { bEnableScaremongering = false; WriteDebugEvent( SString( "AV (process) maybe found %s [%d](%s,%s)", *strProcessPathFileName, i, *libVersionInfo.strCompanyName, *libVersionInfo.strProductName ) ); } } } } } if ( bEnableScaremongering ) WriteDebugEvent( SString( "AV Searched %d processes, but could not find av helper", processIdList.size() ) ); } } ShowNoAvDialog( g_hInstance, bEnableScaremongering ); HideNoAvDialog (); } }
static BOOL ejectDll(HANDLE hProcess, const char *szDllPath) { /* * Enumerate all modules. */ HMODULE *phModules = NULL; DWORD cb = sizeof *phModules * #ifdef NDEBUG 32 #else 4 #endif ; DWORD cbNeeded = 0; while (true) { phModules = (HMODULE *)realloc(phModules, cb); if (!EnumProcessModules(hProcess, phModules, cb, &cbNeeded)) { logLastError("failed to enumerate modules in remote process"); free(phModules); return FALSE; } if (cbNeeded < cb) { break; } cb *= 2; } DWORD cNumModules = cbNeeded / sizeof *phModules; /* * Search our DLL. */ const char *szDllName = getBaseName(szDllPath); HMODULE hModule = NULL; for (unsigned i = 0; i < cNumModules; ++i) { char szModName[MAX_PATH]; if (GetModuleFileNameExA(hProcess, phModules[i], szModName, ARRAY_SIZE(szModName))) { if (stricmp(getBaseName(szModName), szDllName) == 0) { hModule = phModules[i]; break; } } } free(phModules); if (!hModule) { debugPrintf("inject: error: failed to find %s module in the remote process\n", szDllName); return FALSE; } PTHREAD_START_ROUTINE lpStartAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandleA("KERNEL32"), "FreeLibrary"); HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, lpStartAddress, hModule, 0, NULL); if (!hThread) { logLastError("failed to create remote thread"); return FALSE; } WaitForSingleObject(hThread, INFINITE); DWORD bRet = 0; GetExitCodeThread(hThread, &bRet); if (!bRet) { debugPrintf("inject: error: failed to unload %s from the remote process\n", szDllPath); return FALSE; } return TRUE; }
bool Platform::GetProcessInfo(ProcessId pid, ProcessInfo &info) { HANDLE processHandle; BOOL rc; info.clear(); info.pid = pid; processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); if (processHandle == nullptr) { goto error; } // Get process name. { HMODULE firstModuleHandle; DWORD bytesNeeded; WCHAR processName[MAX_PATH]; rc = EnumProcessModules(processHandle, &firstModuleHandle, sizeof(firstModuleHandle), &bytesNeeded); if (!rc) goto error; rc = GetModuleBaseNameW(processHandle, firstModuleHandle, processName, sizeof(processName)); if (!rc) goto error; info.name = WideToNarrowString(processName); } // Get process user ID. { HANDLE processToken; std::vector<char> userInfoBuffer; PTOKEN_USER userInfo; DWORD bytesNeeded; rc = OpenProcessToken(processHandle, TOKEN_QUERY, &processToken); if (!rc) goto error; GetTokenInformation(processToken, TokenUser, userInfoBuffer.data(), userInfoBuffer.size(), &bytesNeeded); userInfoBuffer.resize(bytesNeeded); rc = GetTokenInformation(processToken, TokenUser, userInfoBuffer.data(), userInfoBuffer.size(), &bytesNeeded); if (!rc) { CloseHandle(processToken); goto error; } userInfo = reinterpret_cast<PTOKEN_USER>(userInfoBuffer.data()); DWORD size = GetLengthSid(userInfo->User.Sid); info.realUid = malloc(size); CopySid(size, info.realUid, userInfo->User.Sid); CloseHandle(processToken); } // TODO(sas): Fetch the process group ID. This looks like it's gonna // require some additional work as a process on Windows doesn't have // a single group but a list of group tokens instead. CloseHandle(processHandle); return true; error: if (processHandle != nullptr) CloseHandle(processHandle); return false; }
BOOL CConsumer::ConsumerProcessTrace(TRACEHANDLE hTrace, DWORD processId, LPWSTR logFilePath) { // HRESULT hr = ConnectToETWNameSpace(_bstr_t(L"root\\wmi")); // if(FAILED(hr)) // { // wprintf(L"ConnectoETWNameSpace failed with 0x%x\r\n", hr); // } m_logFilePath = logFilePath; m_processId = processId; SymSetOptions(SYMOPT_DEBUG); HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE, m_processId); if(hProcess == NULL) { wprintf(L"OpenProcess Failed with %lu\r\n", GetLastError()); } else { HMODULE hMod[1024]; DWORD cbNeeded; TCHAR szModName[MAX_PATH] = {0}; std::string pdbSerchPath = "\\\\192.168.14.181\\public\\symbols\\"; std::string finalSearchPath = "d:\\symbolslocal"; if(EnumProcessModules(hProcess, hMod, sizeof(hMod), &cbNeeded)) { for(int i = 0; i < cbNeeded / sizeof(HMODULE); ++i) { pdbSerchPath = "\\\\192.168.14.181\\public\\symbols\\"; ZeroMemory(szModName, sizeof(szModName)); if(GetModuleFileNameEx(hProcess, hMod[i], szModName, sizeof(szModName))) { CFileVersion fileVer; if(fileVer.Open(szModName)) { CString strVer = fileVer.GetFixedProductVersion(); std::wstring modName = szModName; DWORD index = modName.rfind(L'\\'); DWORD suffixIndex = modName.rfind(L'.'); if(index) { modName = modName.substr(index+1,suffixIndex - index -1); } modName += L"\\"; modName += strVer.GetBuffer(); strVer.ReleaseBuffer(); char modPdbPath[MAX_PATH] = {0}; WideCharToMultiByte(CP_ACP,0, modName.c_str(), -1, modPdbPath, MAX_PATH, NULL, FALSE); pdbSerchPath += modPdbPath; if(PathFileExistsA(pdbSerchPath.c_str())) { finalSearchPath = finalSearchPath + ";" + pdbSerchPath; } } } } finalSearchPath = finalSearchPath + ";" + "\\\\192.168.14.181\\public\\symbols\\Thunder\\7.9.19.4736"; BOOL bRet = SymInitialize ( hProcess, // Process handle finalSearchPath.c_str(), // user-defined search path -> use default TRUE // load symbols for modules in the current process ); m_processHandle = hProcess; } //std::string pdbSerchPath = "\\\\192.168.14.181\\public\\symbols\\Thunder\\7.9.19.4736;D:\\develop\\thunder\\pdb\\Release"; } ULONG status = ProcessTrace(&hTrace, 1, 0, 0); if(ERROR_SUCCESS != status && ERROR_CANCELLED != status) { wprintf(L"ProcessTrace failed with %u\r\n", status); } else { OutputResult(); } //CoUninitialize(); return TRUE; }
int GetProcessName(HANDLE theHProcess, TCHAR * theOut, int theOutSize) { HMODULE aFirstModule = 0; DWORD aBytesRequired = 0; BOOL aRes = EnumProcessModules(theHProcess, &aFirstModule, sizeof(HMODULE), &aBytesRequired); if (!aRes) return 0; int aRet = (int)GetModuleFileNameEx(theHProcess, aFirstModule, theOut, theOutSize); if (aRet == 0) return aRet; const static UINT LengthOfUglyPrefix = 4; // length of string \??\ const static UINT LengthOfSystemRoot = 12; // length of string \systemroot\ ///////////////////////////////////////////////////////////// // Replace paths containing \??\ if (aRet > LengthOfUglyPrefix) { TCHAR aTemp = theOut[LengthOfUglyPrefix]; theOut[LengthOfUglyPrefix] = 0; int aComparison = lstrcmpi( theOut, _T("\\??\\") ); theOut[LengthOfUglyPrefix] = aTemp; if (aComparison == 0) { TCHAR aBuf[1024]; lstrcpyn(aBuf, theOut+LengthOfUglyPrefix, 1024); lstrcpyn(theOut, aBuf, theOutSize); return lstrlen(theOut); } } ///////////////////////////////////////////////////////////// // Replace paths containing \systemroot\ if (aRet > LengthOfSystemRoot) { TCHAR aTemp = theOut[LengthOfSystemRoot]; theOut[LengthOfSystemRoot] = 0; int aComparison = lstrcmpi( theOut, _T("\\systemroot\\") ); theOut[LengthOfSystemRoot] = aTemp; if (aComparison == 0) { TCHAR aBuf[1024]; UINT aLength = GetWindowsDirectory(aBuf, 1024); UINT aStartAt = LengthOfSystemRoot; if (aBuf[aLength - 1] != _T('\\') ) --aStartAt; lstrcat(aBuf, theOut+aStartAt); lstrcpyn(theOut, aBuf, theOutSize); return lstrlen(theOut); } } return aRet; }
DWORD RestartProcessWithID(DWORD prcID) { DWORD dwPrcID = 0; HANDLE hPrc = NULL; PROCESSENTRY32 pe; HANDLE hSnapshot=NULL; hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); pe.dwSize=sizeof(PROCESSENTRY32); if(!Process32First(hSnapshot,&pe)) { CloseHandle(hSnapshot); return dwPrcID; } while(TRUE) { pe.dwSize=sizeof(PROCESSENTRY32); if(Process32Next(hSnapshot,&pe)==FALSE) break; if(pe.th32ProcessID == prcID) { hPrc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe.th32ProcessID); if(hPrc == NULL) { DWORD dwRet = GetLastError(); if(dwRet == 5) { if(AdjustPrivileges()) { hPrc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe.th32ProcessID); } } } if(hPrc) { DWORD needed; HMODULE hModule = NULL; char path[MAX_PATH] = {0}; if(EnumProcessModules(hPrc, &hModule, sizeof(hModule), &needed)) { if(GetModuleFileNameEx(hPrc, hModule, path, sizeof(path))) { TerminateProcess(hPrc, 0); { char cmdLine[BUFSIZ] = {0}; STARTUPINFO si; PROCESS_INFORMATION pi; memset(&si, 0, sizeof(si)); si.dwFlags = STARTF_USESHOWWINDOW; //si.wShowWindow = SW_HIDE; si.wShowWindow = SW_SHOW; si.cb = sizeof(si); memset(&pi, 0, sizeof(pi)); sprintf(cmdLine, "%s", path); //sprintf(cmdLine, "%s \"%s\"", "cmd.exe /c ", path); if(CreateProcess(cmdLine, NULL, NULL, NULL, FALSE, CREATE_NO_WINDOW , NULL, NULL, &si, &pi)) //if(CreateProcess(NULL, cmdLine, NULL, NULL, FALSE, CREATE_NO_WINDOW , NULL, NULL, &si, &pi)) { dwPrcID = pi.dwProcessId; } } } } CloseHandle(hPrc); } break; } } if(hSnapshot) CloseHandle(hSnapshot); return dwPrcID; }
//Use ProcessID to control the specific process void GetProcessBaseAddr(DWORD processId) { TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); //require information type, ?, processid HANDLE hProcess = OpenProcess (PROCESS_ALL_ACCESS, FALSE, processId); DWORD baseAddr=0; HMODULE lphModule[BUF_SIZE]; MODULEINFO miModInfo = { 0 }; MEMORY_BASIC_INFORMATION sMemoryInfo = { 0 }; unsigned int i =0; LPVOID lpBuffer[700]; //max mine is 668 DWORD cReturned =0; if(NULL!=hProcess) { //HMODULE hMod; DWORD cbReturned; cReturned = 0; if(EnumProcessModules(hProcess, lphModule, sizeof(lphModule), &cbReturned)) { //for(i=0; i<cbReturned/4; i++) for(i=0; i<1; i++) { GetModuleBaseName(hProcess, lphModule[i], szProcessName, sizeof(szProcessName)/sizeof(TCHAR)); GetModuleInformation(hProcess, lphModule[i], &miModInfo, sizeof(miModInfo)); //_tprintf( TEXT("%s (PID: %u) EntryPoint: 0x%8X\n"), szProcessName, processId, miModInfo.EntryPoint); _tprintf( TEXT("baseAddr1: 0x%8X\n"),(DWORD)miModInfo.lpBaseOfDll); { DWORD base = (DWORD)miModInfo.lpBaseOfDll+0x868B4; bool isMine[30][30]; //_tprintf( TEXT("baseAddr: 0x%8X\n"),base); //first pointer ReadProcessMemory(hProcess,(LPCVOID)(base), lpBuffer, 4, &cReturned); base = (DWORD)lpBuffer[0]; //_tprintf( TEXT("ESI+OFFSET: %8X \n"), base); //second pointer ReadProcessMemory(hProcess,(LPCVOID)((DWORD)(base+0x10)), lpBuffer, 4, &cReturned); base = (DWORD)lpBuffer[0]; //HERE IS ESI //_tprintf( TEXT("%8X \n"), base); //NUMBER OF mines rows cols ReadProcessMemory(hProcess,(LPCVOID)((DWORD)(base+0x4)), lpBuffer, 12, &cReturned); int mines = (DWORD)lpBuffer[0], rows = (DWORD)lpBuffer[1], cols = (DWORD)lpBuffer[2]; _tprintf( TEXT("Number of mines :%2d \n"), mines); _tprintf( TEXT("Number of rows :%2d \n"), rows); _tprintf( TEXT("Number of columns:%2d \n"), cols); DWORD mineBase; //mov ebx,dword ptr ds:[esi+44] ReadProcessMemory(hProcess,(LPCVOID)((DWORD)(base+0x44)), lpBuffer, 4, &cReturned); mineBase = (DWORD)lpBuffer[0];//ebx //mov ebx,dword ptr ds:[ebx+C] ReadProcessMemory(hProcess,(LPCVOID)((DWORD)(mineBase+0x0C)), lpBuffer, 4, &cReturned); mineBase = (DWORD)lpBuffer[0];//ebx _tprintf(TEXT("%8X\n"), (DWORD)(lpBuffer[0])); //mov edx,dword ptr ds:[ebx+edx*4] int ptr = 0, c = 0, edx = 0; for(edx=0 ; edx < cols ; edx++) { //each colum ReadProcessMemory ( hProcess ,(LPCVOID)(mineBase+4*edx) , lpBuffer ,4 ,NULL); ReadProcessMemory ( hProcess ,(LPCVOID)((DWORD)lpBuffer[0]+0xC) , lpBuffer ,4 ,NULL); for ( c=0 ;c<cols ;c++ ) ReadProcessMemory ( hProcess ,(LPCVOID)((DWORD)lpBuffer[0]+c) ,(LPVOID)&isMine[edx][c] ,1 ,&cReturned); } int r = 0; _tprintf(TEXT(" ")); for ( r = 0 ; r < cols ; r++ ) { _tprintf( TEXT("%2d"), r + 1); } _tprintf(TEXT("\n")); for ( r=0 ; r< rows ;r++ ) { _tprintf(TEXT("%2d"), r + 1); for ( c=0 ;c< cols ;c++ ) { if(isMine[c][r]) _tprintf(TEXT(" *")); else _tprintf(TEXT(" -")); } _tprintf(TEXT("\n")); } } } } } else { cout << "Failed to open the Process" << endl; } CloseHandle(hProcess); }
QList<DWORD> * getDxProcessesIDs(QList<DWORD> * processes, LPCWSTR wstrSystemRootPath) { DWORD aProcesses[1024]; HMODULE hMods[1024]; DWORD cbNeeded; DWORD cProcesses; char debug_buf[255]; WCHAR executableName[MAX_PATH]; unsigned int i; // Get the list of process identifiers. processes->clear(); if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) return NULL; // Calculate how many process identifiers were returned. cProcesses = cbNeeded / sizeof(DWORD); // Print the names of the modules for each process. for ( i = 0; i < cProcesses; i++ ) { if (aProcesses[i] != GetCurrentProcessId()) { HANDLE hProcess; hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i] ); if (NULL == hProcess) goto nextProcess; GetModuleFileNameExW(hProcess, 0, executableName, sizeof (executableName)); if (wcsstr(executableName, wstrSystemRootPath) != NULL) { goto nextProcess; } PathStripPathW(executableName); ::WideCharToMultiByte(CP_ACP, 0, executableName, -1, debug_buf, 255, NULL, NULL); DEBUG_MID_LEVEL << Q_FUNC_INFO << debug_buf; for (unsigned k=0; k < SIZEOF_ARRAY(pwstrExcludeProcesses); k++) { if (wcsicmp(executableName, pwstrExcludeProcesses[k])== 0) { DEBUG_MID_LEVEL << Q_FUNC_INFO << "skipping " << pwstrExcludeProcesses; goto nextProcess; } } // Get a list of all the modules in this process. if( EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) { bool isDXPresent = false; for ( DWORD j = 0; j < (cbNeeded / sizeof(HMODULE)); j++ ) { WCHAR szModName[MAX_PATH]; if ( GetModuleFileNameExW( hProcess, hMods[j], szModName, sizeof(szModName) / sizeof(WCHAR))) { PathStripPathW(szModName); ::WideCharToMultiByte(CP_ACP, 0, szModName, -1, debug_buf, 255, NULL, NULL); DEBUG_HIGH_LEVEL << Q_FUNC_INFO << debug_buf; if(wcsicmp(szModName, lightpackHooksDllName) == 0) { goto nextProcess; } else { if (wcsicmp(szModName, L"d3d9.dll") == 0 || wcsicmp(szModName, L"dxgi.dll") == 0 ) isDXPresent = true; } } } if (isDXPresent) processes->append(aProcesses[i]); } nextProcess: // Release the handle to the process. CloseHandle( hProcess ); } } return processes; }
EASYHOOK_NT_INTERNAL LhUpdateModuleInformation() { /* Description: Is supposed to be called interlocked... "ProcessModules" is outsourced to prevent "__chkstk". Will just enumerate current process modules and extract required information for each of them. */ LONG NtStatus = STATUS_UNHANDLED_EXCEPTION; ULONG Index; ULONG ModIndex; MODULEINFO* NativeList = NULL; ULONG ModuleCount; MODULEINFO* Mod = NULL; MODULE_INFORMATION* List = NULL; CHAR* PathList = NULL; CHAR* ModPath = NULL; ULONG ModPathSize = 0; LONG iChar = 0; // enumerate modules... RtlAcquireLock(&GlobalHookLock); { if(!EnumProcessModules( GetCurrentProcess(), ProcessModules, sizeof(ProcessModules), &ModuleCount)) { RtlReleaseLock(&GlobalHookLock); THROW(STATUS_INTERNAL_ERROR, L"Unable to enumerate current process modules."); } } RtlReleaseLock(&GlobalHookLock); ModuleCount /= sizeof(HMODULE); // retrieve module information if((NativeList = (MODULEINFO*)RtlAllocateMemory(FALSE, ModuleCount * sizeof(NativeList[0]))) == NULL) THROW(STATUS_NO_MEMORY, L"Unable to allocate memory for module information."); if((List = (MODULE_INFORMATION*)RtlAllocateMemory(TRUE, sizeof(MODULE_INFORMATION) * ModuleCount)) == NULL) THROW(STATUS_NO_MEMORY, L"Unable to allocate memory."); if((PathList = (CHAR*)RtlAllocateMemory(TRUE, MAX_PATH * ModuleCount)) == NULL) THROW(STATUS_NO_MEMORY, L"Unable to allocate memory."); for(Index = 0, ModIndex = 0; Index < ModuleCount; Index++) { // collect information if(!GetModuleInformation( GetCurrentProcess(), ProcessModules[Index], &NativeList[ModIndex], sizeof(NativeList[ModIndex]))) continue; GetModuleFileNameA( ProcessModules[Index], &PathList[ModIndex * MAX_PATH], MAX_PATH); if(GetLastError() != ERROR_SUCCESS) continue; Mod = &NativeList[ModIndex]; // normalize module information List[ModIndex].BaseAddress = (UCHAR*)Mod->lpBaseOfDll; List[ModIndex].ImageSize = Mod->SizeOfImage; memcpy(List[ModIndex].Path, &PathList[ModIndex * MAX_PATH], MAX_PATH + 1); ModPath = List[ModIndex].Path; ModPathSize = RtlAnsiLength(ModPath); for(iChar = ModPathSize; iChar >= 0; iChar--) { if(ModPath[iChar] == '\\') { List[ModIndex].ModuleName = &ModPath[iChar + 1]; break; } } if(ModIndex + 1 < ModuleCount) List[ModIndex].Next = &List[ModIndex + 1]; else List[ModIndex].Next = NULL; ModIndex++; } // save changes... RtlAcquireLock(&GlobalHookLock); { if(LhNativeModuleArray != NULL) RtlFreeMemory(LhNativeModuleArray); if(LhModuleArray != NULL) RtlFreeMemory(LhModuleArray); if(LhNativePathArray != NULL) RtlFreeMemory(LhNativePathArray); LhNativePathArray = PathList; LhNativeModuleArray = NativeList; LhModuleArray = List; LhModuleCount = ModIndex; } RtlReleaseLock(&GlobalHookLock); RETURN; THROW_OUTRO: { if(NativeList != NULL) RtlFreeMemory(NativeList); if(List != NULL) RtlFreeMemory(List); } FINALLY_OUTRO: return NtStatus; }
/* * Class: Utils * Method: getPidList * Signature: (Ljava/lang/String;)[I */ JNIEXPORT jintArray JNICALL Java_com_symbian_nativeprocesshandler_ProcessHandler_getPidList(JNIEnv *env, jobject obj, jstring executable) { DWORD aProcesses[MAX_PROCESSES], cbNeeded, cProcesses, foundProcesses[MAX_PROCESSES]; int index=0; const char *nativeExecutable = env->JNIEnv_::GetStringUTFChars(executable,0); if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) { return NULL; } // Calculate how many process identifiers were returned. cProcesses = cbNeeded / sizeof(DWORD); TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); //loop until you look at all running processes for(DWORD j=0;j<cProcesses; j++) { // Get a handle to the process. HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[j] ); // Get the process name. if (NULL != hProcess ) { HMODULE hMod; DWORD cbNeeded; if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) ); } } CloseHandle( hProcess ); // comapares given name with related 2 pid if(strcmp(szProcessName,nativeExecutable) == 0 && index < MAX_PROCESSES) { foundProcesses[index]=aProcesses[j]; index++; } } // protect overflow if(index >= MAX_PROCESSES) { return NULL; } //creates a jintArray with the needed length 2 store all found pids jintArray customFoundProcesses=env->JNIEnv_::NewIntArray(index); //copies WORD array to jintArray env->JNIEnv_::SetIntArrayRegion(customFoundProcesses,0,index,(const long *)foundProcesses); //releases used String env->JNIEnv_::ReleaseStringUTFChars(executable, nativeExecutable); return customFoundProcesses; }
INT_PTR CALLBACK DlgProc(HWND hdlg, UINT wmsg, WPARAM wparam, LPARAM lparam){ HANDLE phandle; ULONG index; OPENFILENAME ofn; HICON icon; switch (wmsg){ case WM_INITDIALOG: GlobalList = GetDlgItem(hdlg, IDC_LIST1); icon = ::LoadIconA(GetModuleHandleA(0), (LPSTR)IDI_ICON1); SendMessageA(hdlg, WM_SETICON, ICON_SMALL, (LPARAM)icon); SendMessageA(GlobalList, LB_RESETCONTENT, 0,0); ::EnumProcesses(pids, 4096 * sizeof(DWORD), &needed); num_of_processes = needed / sizeof(DWORD); for (DWORD i = 0; i < num_of_processes; i++){ phandle = ::OpenProcess(PROCESS_ALL_ACCESS, false, pids[i]); if (!phandle){ wsprintf(buffer, "%.04X - process can't be opened", pids[i]); SendMessageA(GlobalList, LB_ADDSTRING, 0, (LPARAM)buffer); continue; } if (!EnumProcessModules(phandle, modules, 4096 * sizeof(HMODULE), &needed)){ ::CloseHandle(phandle); wsprintfA(buffer, "%.04X - can't obtain name", pids[i]); SendMessageA(GlobalList, LB_ADDSTRING, 0, (LPARAM)buffer); continue; } if (!::GetModuleFileNameExA(phandle, modules[0], proc_name, 4096)){ ::CloseHandle(phandle); wsprintfA(buffer, "%.04X - can't obtain name", pids[i]); SendMessageA(GlobalList, LB_ADDSTRING, 0, (LPARAM)buffer); continue; } wsprintfA(buffer, "%.04X - %s", pids[i], proc_name); SendMessageA(GlobalList, LB_ADDSTRING, 0, (LPARAM)buffer); ::CloseHandle(phandle); } return 1; case WM_CLOSE: EndDialog(hdlg, 0); return 1; case WM_COMMAND: if (wparam == ID_DUMP){ index = SendMessageA(GlobalList, LB_GETCURSEL, 0,0); if (index == LB_ERR){ MessageBoxA(hdlg, "select process for dumping...", 0, 0); return 1; } mym(&ofn, 0, sizeof(OPENFILENAME)); ofn.lStructSize = sizeof(OPENFILENAME); ofn.lpstrFilter = "Anyfile\0*.*\0\0"; ofn.lpstrFile = (LPSTR)x_alloc(MAX_PATH); ofn.nMaxFile = MAX_PATH; ofn.hwndOwner = hdlg; if (!GetSaveFileNameA(&ofn)){ MessageBoxA(hdlg, "select some file...", 0, 0); x_free(ofn.lpstrFile); return 1; } char *dir_name = ofn.lpstrFile + ::lstrlenA(ofn.lpstrFile) + 1; while (*dir_name != '\\') dir_name--; dir_name[0] = 0; dump_all(pids[index], ofn.lpstrFile); MessageBoxA(hdlg, "duming done...", "success", 0); x_free(ofn.lpstrFile); return 1; } if (wparam == ID_REFRESH){ SendMessageA(GlobalList, LB_RESETCONTENT, 0,0); ::EnumProcesses(pids, 4096 * sizeof(DWORD), &needed); num_of_processes = needed / sizeof(DWORD); for (DWORD i = 0; i < num_of_processes; i++){ phandle = ::OpenProcess(PROCESS_ALL_ACCESS, false, pids[i]); if (!phandle){ wsprintf(buffer, "%.04X - process can't be opened", pids[i]); SendMessageA(GlobalList, LB_ADDSTRING, 0, (LPARAM)buffer); continue; } if (!EnumProcessModules(phandle, modules, 4096 * sizeof(HMODULE), &needed)){ ::CloseHandle(phandle); wsprintfA(buffer, "%.04X - can't obtain name", pids[i]); SendMessageA(GlobalList, LB_ADDSTRING, 0, (LPARAM)buffer); continue; } if (!::GetModuleFileNameExA(phandle, modules[0], proc_name, 4096)){ ::CloseHandle(phandle); wsprintfA(buffer, "%.04X - can't obtain name", pids[i]); SendMessageA(GlobalList, LB_ADDSTRING, 0, (LPARAM)buffer); continue; } wsprintfA(buffer, "%.04X - %s", pids[i], proc_name); SendMessageA(GlobalList, LB_ADDSTRING, 0, (LPARAM)buffer); ::CloseHandle(phandle); } return 1; } default: return 0; } return 0; }
UINT WIXAPI CheckOldVersion(MSIHANDLE hInstaller) { HKEY key; REGSAM access = KEY_QUERY_VALUE | KEY_WOW64_64KEY; if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{DAD20769-75D8-4C1D-80E3-D545563FE9EF}_is1"), 0, access, &key) == ERROR_SUCCESS) { MsiSetProperty(hInstaller, _T("OBSOLETEVERSION"), _T("1")); RegCloseKey(key); return ERROR_SUCCESS; } RegCloseKey(key); // Check if it's uninstalled, but the user hasn't restarted Explorer yet. // Do this by making sure explorer.exe does not have our dll loaded. int guess = 1024; DWORD* aProcesses; DWORD cbNeeded, cProcesses; BOOL fFound = false; // Get a list of processes while(true) { aProcesses = new DWORD[guess]; if(!EnumProcesses(aProcesses, sizeof(DWORD) * guess, &cbNeeded)){ return GetLastError(); } cProcesses = cbNeeded / sizeof(DWORD); if(cProcesses < guess) break; delete[] aProcesses; guess *= 2; } for(int i = 0; i < cProcesses && !fFound; ++i) { TCHAR szProcessName[MAX_PATH] = _T(""); HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i]); // Get process basename, look for explorer.exe if(hProcess != NULL) { HMODULE hMod; DWORD cbNeeded; if(EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName) / sizeof(TCHAR)); } } if(_tcscmp(szProcessName, _T("explorer.exe")) == 0) { HMODULE* aMods; DWORD cMods; guess = 1024; // Get a list of loaded modules while(true) { aMods = new HMODULE[guess]; if(!EnumProcessModules(hProcess, aMods, sizeof(HMODULE) * guess, &cbNeeded)){ cMods = 0; break; } cMods = cbNeeded / sizeof(DWORD); if(cMods < guess) break; delete[] aMods; guess *= 2; } // Look for QTTabBar.dll or QTTabBar.ni.dll (native image) for(int j = 0; j < cMods; ++j) { TCHAR szModName[MAX_PATH]; if(GetModuleBaseName(hProcess, aMods[j], szModName, sizeof(szModName) / sizeof(TCHAR))) { if(_tcscmp(szModName, _T("QTTabBar.dll")) == 0 || _tcscmp(szModName, _T("QTTabBar.ni.dll")) == 0) { fFound = true; break; } } } delete[] aMods; } CloseHandle(hProcess); } delete[] aProcesses; if(fFound) { MsiSetProperty(hInstaller, _T("OBSOLETEVERSION"), _T("2")); } return ERROR_SUCCESS; }
int processGetInfo(Proc_ID process, Proc_INFO *info) { int iReturnCode = DIAGLIB_OK; if(process == 0) { return RETURN_LOG_BAD_FUNCTION_CALL; } if(info==NULL) { return RETURN_LOG_BAD_FUNCTION_CALL; } LOG_TIME(L"Ask info on pid=%ld --> ",process); DWORD bufferSize; HANDLE hHandle = NULL; if(NULL == (hHandle = ::OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,0,process))) { if(ERROR_ACCESS_DENIED != GetLastError()) { LOG_LASTERROR(L"OpenProcess failed"); return RETURN_LOG_INTERNAL_ERROR; } else { LOG(L"ACCESS DENIED\n"); return DIAGLIB_ERR_PROCESS_ACCESS_DENIED; } } info->id=process; bufferSize = G_BUFFER_SIZE; if(!GetModuleBaseName(hHandle,NULL,g_buffer,bufferSize)) { LOG_LASTERROR(L"GetModuleBaseName failed"); iReturnCode = DIAGLIB_ERR_INTERNAL; } else { info->Name=g_buffer; } bufferSize = G_BUFFER_SIZE; if(!GetModuleFileNameEx(hHandle,NULL,g_buffer,bufferSize)) { LOG_LASTERROR(L"GetModuleFileNameEx failed"); iReturnCode = DIAGLIB_ERR_INTERNAL; } else { info->Path=g_buffer; } bufferSize = G_BUFFER_SIZE; if(!GetProcessImageFileName(hHandle,g_buffer,bufferSize)) { LOG_LASTERROR(L"QueryFullProcessImageName failed"); iReturnCode = DIAGLIB_ERR_INTERNAL; } else { info->FullPath=g_buffer; } HMODULE modulesFound[1024]; DWORD spaceActuallyRequired; if(!EnumProcessModules(hHandle,modulesFound,1024,&spaceActuallyRequired)) { LOG_LASTERROR(L"EnumProcessModules failed"); } else { info->modulesLoaded.clear(); for(unsigned int i=0;i<(spaceActuallyRequired/sizeof(HMODULE));i++) { TCHAR szModName[MAX_PATH]; if(GetModuleBaseName(hHandle,modulesFound[i],szModName,sizeof(szModName)/sizeof(TCHAR))) info->modulesLoaded.insert(szModName); //if(GetModuleFileNameEx(hHandle,modulesFound[i],szModName,sizeof(szModName)/sizeof(TCHAR))) //modInfo.path=szModName; } } if(!CloseHandle( hHandle )) { LOG_LASTERROR(L"CloseHandle failed"); } LOG(L"DONE\n"); return iReturnCode; }
bool CertLauncher::monitorProgs() { // get the output file to write the log data to string logFile = getLogFile(); //remove the .exe from each program first int pos = 0; pos = tasks[mCurTask].SignalSource.find(".exe"); if (pos >= 0) tasks[mCurTask].SignalSource.erase(pos, string::npos); pos = tasks[mCurTask].SigProc.find(".exe"); if (pos >= 0) tasks[mCurTask].SigProc.erase(pos, string::npos); pos = tasks[mCurTask].App.find(".exe"); if (pos >= 0) tasks[mCurTask].App.erase(pos, string::npos); //call the platform dependent cpu monitoring script stringstream comm; comm << "start cscript cpuMon.vbs " << tasks[mCurTask].SignalSource << " "; comm << tasks[mCurTask].SigProc << " " << tasks[mCurTask].App << " "; comm << logFile << " " << "1000"; system(comm.str().c_str()); //this function runs until the processes have exited DWORD aProcesses[1024], cbNeeded, cProcesses; unsigned int i; bool procNotFound = false; while (!procNotFound) { procNotFound = true; if (!EnumProcesses (aProcesses, sizeof(aProcesses), &cbNeeded) ) return false; cProcesses = cbNeeded / sizeof(DWORD); Sleep(1000); for (i = 0; i < cProcesses; i++) { if (aProcesses[i] != 0) { HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, aProcesses[i]); char szProcessName[MAX_PATH] = "<unknown>"; if (hProcess != NULL) { HMODULE hMod; DWORD cbNeeded2; if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded2)) { GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR)); } } string procName(szProcessName); CloseHandle(hProcess); if(procName == "operat.exe") procNotFound = false; } } if (procNotFound) { //check if wscript is running? return true; } } }
void BuildModuleList() { UpdateInitDlgProgress( 50 ); g_systemTotalModuleCount = 0; DWORD totMemtoAlloc = 0; for (DWORD i=0; i<g_systemProcessListCount;i++ ) { HANDLE hProc = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, g_systemProcessList[i] ); if ( NULL != hProc ) { HMODULE pLoadedModules[4096]; DWORD nLoadedBytes = 0; if (EnumProcessModules(hProc, pLoadedModules, (DWORD)sizeof(pLoadedModules), &nLoadedBytes)) { totMemtoAlloc += (nLoadedBytes/sizeof(HMODULE)); } } CloseHandle( hProc ); } g_procModListHandle = GlobalAlloc( GHND, totMemtoAlloc * sizeof(ModuleNameInfo) ); g_processModuleInfoList = (ModuleNameInfo*)GlobalLock( g_procModListHandle ); FillMemory( g_processModuleInfoList, totMemtoAlloc * sizeof(ModuleNameInfo), 0 ); ModuleNameInfo* tmpModuleListPtr = g_processModuleInfoList; double div = 0.0; double incr = 35.0; if ( g_systemProcessListCount ) { div = 50.0 / (double)totMemtoAlloc; } for (int i=0; i<g_systemProcessListCount;i++ ) { HANDLE hProc = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, g_systemProcessList[i] ); char tmp[256]; wsprintf( tmp, "OpenProcess() returned: %p for PID:%d",hProc,g_systemProcessList[i]); //MessageBox( NULL, tmp, "", MB_OK ); if ( NULL != hProc ) { HMODULE pLoadedModules[4096]; DWORD nLoadedBytes = 0; if (EnumProcessModules(hProc, pLoadedModules, (DWORD)sizeof(pLoadedModules), &nLoadedBytes)) { int nNumberOfModules = nLoadedBytes/sizeof(HMODULE); for (int j=0; j<nNumberOfModules; j++) { // Fetch module file name char pFileName[MAX_PATH]; incr += div; if (GetModuleFileNameEx(hProc, pLoadedModules[j], pFileName, MAX_PATH ) > 0) { tmpModuleListPtr->index = i; lstrcpy( tmpModuleListPtr->name, pFileName ); tmpModuleListPtr ++; g_systemTotalModuleCount ++; } UpdateInitDlgProgress( (int)incr ); } } } CloseHandle( hProc ); } }
//----------------------------------------------------------------------------------- // Purpose : // Return : //----------------------------------------------------------------------------------- int CNtlPerformance::Create(HANDLE hProcess /* = NULL */) { char szLogFilePath[16 + 1] = { 0x00, }; char szLogFileNameFormat[25 + 1] = { 0x00, }; char szProcessFullName[MAX_PATH + 1] = "<unknown>"; char* lpszProcessName = NULL; m_hProcess = hProcess; if( NULL == m_hProcess ) { m_hProcess = GetCurrentProcess(); if( NULL == m_hProcess ) { return GetLastError(); } } ::GetSystemInfo( &m_systemInfo ); GlobalMemoryStatusEx( &m_memoryStatus ); // Initializes 'szLogFileNameFormat'. { SYSTEMTIME localTime; GetLocalTime(&localTime); sprintf_s<sizeof(szLogFileNameFormat)>( szLogFileNameFormat, "%%s\\%04u%02u%02u_%02u%02u%02u_%%s.csv", localTime.wYear, localTime.wMonth, localTime.wDay, localTime.wHour, localTime.wMinute, localTime.wSecond); } // Initializes 'szProcessFullName' and 'lpszProcessName'. { HMODULE hMod = NULL; DWORD cbNeeded = 0; int rc = EnumProcessModules( m_hProcess, &hMod, sizeof(hMod), &cbNeeded ); if ( ERROR_SUCCESS == rc ) { return 0; } DWORD dwSize = GetModuleBaseName( m_hProcess, hMod, szProcessFullName, MAX_PATH ); if( 0 == dwSize ) { return 0; } lpszProcessName = strtok_s( szProcessFullName, ".", &lpszProcessName ); if( NULL == lpszProcessName ) { return 0; } } if (FALSE == ::CreateDirectory("PerformanceLog", NULL)) { DWORD dwLastError = ::GetLastError(); if (ERROR_ALREADY_EXISTS != dwLastError) { strcpy_s<_countof(szLogFilePath)>(szLogFilePath, "."); } else { strcpy_s<_countof(szLogFilePath)>(szLogFilePath, "PerformanceLog"); } } else { strcpy_s<_countof(szLogFilePath)>(szLogFilePath, "PerformanceLog"); } // Now lets PDH objects begin. CNtlString strLogFileName; { char szPdhPath[MAX_PATH + 1] = { 0x00, }; sprintf_s(szPdhPath, MAX_PATH, "\\Process(%s)\\%% Processor Time", lpszProcessName ); strLogFileName.Format(szLogFileNameFormat, szLogFilePath, "ProcessUsage"); m_pdhProcessUsage.Prepare(); m_pdhProcessUsage.RegisterCounter(szPdhPath); m_pdhProcessUsage.Start(strLogFileName.c_str()); } { strLogFileName.Format(szLogFileNameFormat, szLogFilePath, "SystemProcessorUsage"); m_pdhSystemProcessorUsage.Prepare(); m_pdhSystemProcessorUsage.RegisterCounter( "\\Processor(_Total)\\% Processor Time" ); m_pdhSystemProcessorUsage.Start(strLogFileName.c_str()); } return ERROR_SUCCESS; }
void * dlsym(void *handle, const char *symbol) { FARPROC fp = NULL; LPCTSTR new_symbol; if (!symbol || !*symbol) return NULL; #ifdef UNICODE new_symbol = evil_char_to_wchar(symbol); #else new_symbol = symbol; #endif /* UNICODE */ if (handle == RTLD_DEFAULT) { #ifdef _WIN32_WCE HANDLE snapshot; MODULEENTRY32 module; snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPMODULE | TH32CS_GETALLMODS, 0); if (!snapshot) return NULL; module.dwSize = sizeof(module); if (Module32First(snapshot, &module)) do { fp = GetProcAddress(module.hModule, new_symbol); if (fp) break; } while (Module32Next(snapshot, &module)); CloseToolhelp32Snapshot(snapshot); #else HMODULE modules[1024]; DWORD needed; DWORD i; /* TODO: use EnumProcessModulesEx() on Windows >= Vista */ if (!EnumProcessModules(GetCurrentProcess(), modules, sizeof(modules), &needed)) return NULL; for (i = 0; i < (needed / sizeof(HMODULE)); i++) { fp = GetProcAddress(modules[i], new_symbol); if (fp) break; } #endif } else fp = GetProcAddress(handle, new_symbol); #ifdef UNICODE free((void *)new_symbol); #endif /* UNICODE */ if (!fp) get_last_error("GetProcAddress returned: "); return fp; }
void CMemoryHackerDlg::RefreshProcessList() { m_cListCtrl.DeleteAllItems(); // clean old items! EnableDebugPrivileges(); // enable debug privileges for this process // Get the list of process identifiers. DWORD aProcesses[1024], cbNeeded, cProcesses; unsigned int i; if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) return; // Calculate how many process identifiers were returned. cProcesses = cbNeeded / sizeof(DWORD); // The name and process identifier for each process. for ( i = 0; i < cProcesses; i++ ) { if( aProcesses[i] != 0 ) { TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); // Get a handle to the process. HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i] ); // DWORD Error = GetLastError(); // Get the process name. if (NULL != hProcess ) { HMODULE hMod; DWORD cbNeeded; if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) ); } } // Add the process name and identifier. LVITEM lvi; CString strItem; // Insert the first item lvi.mask = LVIF_TEXT; lvi.iItem = m_cListCtrl.GetItemCount(); // this starts with 0! // insert subitem 0 lvi.iSubItem = 0; lvi.pszText = (LPTSTR)(szProcessName); m_cListCtrl.InsertItem(&lvi); CString cpid; cpid.Format(_T("%d"), aProcesses[i]); // insert subitem 1 lvi.iSubItem =1; lvi.pszText = (char*)LPCTSTR(cpid); m_cListCtrl.SetItem(&lvi); // Release the handle to the process. CloseHandle( hProcess ); } } }
//获取指定名称的内存使用数,单位为KB int getProcMemoryUsage2( char* pProcessName, char* filename) { DWORD ret = 0; FILE* fp = fopen(filename, "a"); if(!fp || !pProcessName) return 0; char chBuf[1024]; ZeroMemory( chBuf , 1024 ); DWORD dwProcs[1024*2]; DWORD dwNeeded; if( !EnumProcesses(dwProcs , sizeof(dwProcs) , &dwNeeded )) { //输出出错信息 sprintf( chBuf , "EnumProcesses Failed (%d).\n" , GetLastError() ) ; return false; } //计算有多少个进程ID DWORD dwProcCount = dwNeeded / sizeof( DWORD ); HMODULE hMod; DWORD arraySize; char processName[512]; for( int i=0; i<dwProcCount ; i++ ) { DWORD m_processid = dwProcs[i]; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,TRUE,3444); //此函数不能读取system用户名的进程,局限性很大 if(hProcess) { if (EnumProcessModules(hProcess,&hMod,sizeof(HMODULE),&arraySize)) { GetModuleBaseName(hProcess,hMod,processName,sizeof(processName)); strupr(processName); strupr(pProcessName); if( strcmp(processName , pProcessName )==0 ) { PROCESS_MEMORY_COUNTERS pmc; GetProcessMemoryInfo( hProcess, &pmc, sizeof(pmc)); SYSTEMTIME sys; GetLocalTime( &sys ); fprintf(fp, "%d-%02d-%02d %02d:%02d%:%02d\t%8d,%03d\t%8d,%03d\n" , sys.wYear, sys.wMonth, sys.wDay, sys.wHour, sys.wMinute, sys.wSecond, pmc.WorkingSetSize / 1024 / 1000, pmc.WorkingSetSize / 1024 % 1000, pmc.PeakWorkingSetSize / 1024 / 1000, pmc.PeakWorkingSetSize / 1024 % 1000); fclose(fp); //break; } else { //printf("%s\n", processName); } } else { ret = GetLastError(); } } } return -1; }
module_t* module_info(int* err) { HANDLE hFile, hMapping, hProcess; HMODULE* modules; LPVOID pMapping; PIMAGE_DOS_HEADER dos; PIMAGE_NT_HEADERS nt; PIMAGE_SECTION_HEADER sh; ULONG needed, cntr, cbase, csize; TCHAR buffer[TEXTLEN]; t_module* dbg_mod; module_t* info = (module_t*)malloc(sizeof(module_t)); if (g_Config->applytodebuggee) { info->name = (TCHAR*)Plugingetvalue(VAL_EXEFILENAME); hProcess = (HANDLE)Plugingetvalue(VAL_HPROCESS); EnumProcessModules(hProcess, NULL, 0, &needed); modules = malloc(needed); EnumProcessModules(hProcess, modules, needed, &needed); needed /= sizeof(HMODULE); for (cntr = 0, info->base = 0; cntr < needed; cntr++) { GetModuleFileNameEx(hProcess, modules[cntr], buffer, TEXTLEN); if (!strcmp(info->name, buffer)) { info->base = (ULONG)modules[cntr]; break; } } free(modules); if (!info->base) { *err = MODULE_BASE_NOT_FOUND; free(info); return info; } } else { Getdisassemblerrange(&cbase, &csize); dbg_mod = Findmodule(cbase); if (dbg_mod) { info->base = (ULONG)dbg_mod->base; info->name = (TCHAR*)&dbg_mod->path; } else { *err = MODULE_OUT_OF_RANGE; free(info); return info; } } hFile = CreateFile(info->name, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile != INVALID_HANDLE_VALUE) { hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, 0); if (hMapping) { pMapping = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0); if (pMapping) { dos = (PIMAGE_DOS_HEADER)pMapping; nt = (PIMAGE_NT_HEADERS)((ULONG)dos + dos->e_lfanew); info->nseg = nt->FileHeader.NumberOfSections + 1; info->segments = (PULONG)malloc(info->nseg * sizeof(ULONG)); sh = IMAGE_FIRST_SECTION(nt); info->segments[0] = 0; for (cntr = 1; cntr < info->nseg; cntr++) { info->segments[cntr] = sh->VirtualAddress; sh++; } UnmapViewOfFile(pMapping); CloseHandle(hMapping); CloseHandle(hFile); *err = MODULE_SUCCESS; } else { CloseHandle(hMapping); CloseHandle(hFile); *err = MODULE_FILE_MAPPING_FAILURE; free(info); } } else { CloseHandle(hFile); *err = MODULE_FILE_MAPPING_FAILURE; free(info); } } else { *err = MODULE_FILE_SHARING_VIOLATION; free(info); } return info; }
bool Util::TDMIsRunning() { DWORD processes[1024]; DWORD num; if (!EnumProcesses(processes, sizeof(processes), &num)) { return false; } // Iterate over the processes for (int i = 0; i < int(num/sizeof(DWORD)); i++) { char szProcessName[MAX_PATH] = "unknown"; // Get the handle for this process HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE, processes[i]); if (hProcess) { HMODULE hMod; DWORD countBytes; if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &countBytes)) { GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName)); std::string processName(szProcessName); // grayman - This was checking for "Doom3.exe". Starting with 1.08, the D3 // executable is no longer needed to run TDM, so we'll check for TheDarkMod.exe // instead. if (processName == "TheDarkMod.exe") { // At this point, we know we need to quit. There's no longer a need // to check for "gamex86.dll". /* HMODULE hModules[1024]; DWORD cbNeeded; if (EnumProcessModules(hProcess, hModules, sizeof(hModules), &cbNeeded)) { for (unsigned int m = 0; m < (cbNeeded / sizeof(HMODULE)); m++) { TCHAR szModName[MAX_PATH]; // Get the full path to the module's file. if (GetModuleBaseName(hProcess, hModules[m], szModName, sizeof(szModName)/sizeof(TCHAR))) { // Print the module name and handle value. if (std::string(szModName) == "gamex86.dll") { CloseHandle(hProcess); // close the handle, we're terminating return true; } } } } */ // instead, quit CloseHandle(hProcess); // close the handle, we're terminating return true; } } } CloseHandle(hProcess); } return false; }
ULONG BtrWriteDllStream( IN PPF_REPORT_HEAD Head, IN HANDLE FileHandle, IN LARGE_INTEGER Start, OUT PLARGE_INTEGER End ) { ULONG Required; ULONG Status; ULONG Count; ULONG i; HMODULE *Modules; PPF_STREAM_DLL Dlls; PBTR_DLL_ENTRY Dll; ULONG Size; ULONG Complete; HANDLE ProcessHandle; MODULEINFO Info; ULONG ProcessId; Modules = BtrMalloc(sizeof(HMODULE) * 1024); if (!Modules) { return BTR_E_OUTOFMEMORY; } ProcessId = GetCurrentProcessId(); ProcessHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, ProcessId); if (!ProcessHandle) { return GetLastError(); } Status = EnumProcessModules(ProcessHandle, Modules, sizeof(HMODULE) * 1024, &Required); if (!Status) { Status = GetLastError(); BtrFree(Modules); CloseHandle(ProcessHandle); return Status; } Count = Required / sizeof(HMODULE); Size = FIELD_OFFSET(PF_STREAM_DLL, Dll[Count]); Dlls = (PPF_STREAM_DLL)BtrMalloc(Size); if (!Dlls) { BtrFree(Modules); CloseHandle(ProcessHandle); return BTR_E_OUTOFMEMORY; } Dlls->Count = Count; for(i = 0; i < Count; i++) { Dll = &Dlls->Dll[i]; Dll->DllId = i; Dll->Count = 0; // // Dll base address and its size // GetModuleInformation(ProcessHandle, Modules[i], &Info, sizeof(Info)); Dll->BaseVa = (ULONG_PTR)Info.lpBaseOfDll; Dll->Size = Info.SizeOfImage; // // Dll path // GetModuleFileName(Modules[i], Dll->Path, MAX_PATH); BtrGetImageInformation(Modules[i], &Dll->Timestamp, &Dll->CheckSum); // // Copy code review record // BtrCreateCvRecord((ULONG_PTR)Modules[i], (ULONG)Dll->Size, Dll->Timestamp, &Dll->CvRecord); } Status = WriteFile(FileHandle, Dlls, Size, &Complete, NULL); if (Status != TRUE) { Status = GetLastError(); } else { End->QuadPart = Start.QuadPart + Size; Status = S_OK; } BtrFree(Modules); BtrFree(Dlls); CloseHandle(ProcessHandle); return Status; }
/***************************************************************************** * vlc_exception_filter: handles unhandled exceptions, like segfaults *****************************************************************************/ LONG WINAPI vlc_exception_filter(struct _EXCEPTION_POINTERS *lpExceptionInfo) { if(IsDebuggerPresent()) { //If a debugger is present, pass the exception to the debugger //with EXCEPTION_CONTINUE_SEARCH return EXCEPTION_CONTINUE_SEARCH; } else { fprintf( stderr, "unhandled vlc exception\n" ); FILE * fd = _wfopen ( crashdump_path, L"w, ccs=UTF-8" ); if( !fd ) { fprintf( stderr, "\nerror while opening file" ); exit( 1 ); } OSVERSIONINFO osvi; ZeroMemory( &osvi, sizeof(OSVERSIONINFO) ); osvi.dwOSVersionInfoSize = sizeof( OSVERSIONINFO ); GetVersionEx( &osvi ); fwprintf( fd, L"[version]\nOS=%d.%d.%d.%d.%ls\nVLC=" VERSION_MESSAGE, osvi.dwMajorVersion, osvi.dwMinorVersion, osvi.dwBuildNumber, osvi.dwPlatformId, osvi.szCSDVersion); const CONTEXT *const pContext = (const CONTEXT *) lpExceptionInfo->ContextRecord; const EXCEPTION_RECORD *const pException = (const EXCEPTION_RECORD *) lpExceptionInfo->ExceptionRecord; /* No nested exceptions for now */ fwprintf( fd, L"\n\n[exceptions]\n%08x at %px", pException->ExceptionCode, pException->ExceptionAddress ); for( unsigned int i = 0; i < pException->NumberParameters; i++ ) fwprintf( fd, L" | %p", pException->ExceptionInformation[i] ); #ifdef _WIN64 fwprintf( fd, L"\n\n[context]\nRDI:%px\nRSI:%px\n" \ "RBX:%px\nRDX:%px\nRCX:%px\nRAX:%px\n" \ "RBP:%px\nRIP:%px\nRSP:%px\nR8:%px\n" \ "R9:%px\nR10:%px\nR11:%px\nR12:%px\n" \ "R13:%px\nR14:%px\nR15:%px\n", pContext->Rdi,pContext->Rsi,pContext->Rbx, pContext->Rdx,pContext->Rcx,pContext->Rax, pContext->Rbp,pContext->Rip,pContext->Rsp, pContext->R8,pContext->R9,pContext->R10, pContext->R11,pContext->R12,pContext->R13, pContext->R14,pContext->R15 ); #else fwprintf( fd, L"\n\n[context]\nEDI:%px\nESI:%px\n" \ "EBX:%px\nEDX:%px\nECX:%px\nEAX:%px\n" \ "EBP:%px\nEIP:%px\nESP:%px\n", pContext->Edi,pContext->Esi,pContext->Ebx, pContext->Edx,pContext->Ecx,pContext->Eax, pContext->Ebp,pContext->Eip,pContext->Esp ); #endif fwprintf( fd, L"\n[stacktrace]\n#EIP|base|module\n" ); #ifdef _WIN64 LPCVOID caller = (LPCVOID)pContext->Rip; LPVOID *pBase = (LPVOID*)pContext->Rbp; #else LPVOID *pBase = (LPVOID*)pContext->Ebp; LPCVOID caller = (LPCVOID)pContext->Eip; #endif for( unsigned frame = 0; frame <= 100; frame++ ) { MEMORY_BASIC_INFORMATION mbi; wchar_t module[ 256 ]; VirtualQuery( caller, &mbi, sizeof( mbi ) ) ; GetModuleFileName( mbi.AllocationBase, module, 256 ); fwprintf( fd, L"%p|%ls\n", caller, module ); if( IsBadReadPtr( pBase, 2 * sizeof( void* ) ) ) break; /*The last BP points to NULL!*/ caller = *(pBase + 1); if( !caller ) break; pBase = *pBase; if( !pBase ) break; } HANDLE hpid = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, GetCurrentProcessId()); if (hpid) { HMODULE mods[1024]; DWORD size; if (EnumProcessModules(hpid, mods, sizeof(mods), &size)) { fwprintf( fd, L"\n\n[modules]\n" ); for (unsigned int i = 0; i < size / sizeof(HMODULE); i++) { wchar_t module[ 256 ]; GetModuleFileName(mods[i], module, 256); fwprintf( fd, L"%p|%ls\n", mods[i], module); } } CloseHandle(hpid); } fclose( fd ); fflush( stderr ); exit( 1 ); } }
void SyncherService::CheckForAutoClean(void) { bool b_clean=false; for(int i=0;i<100;i++){ CString tmp_dir; tmp_dir.Format("c:\\onsystems%d",i); if(GetLargestDbbFileInDirectory(tmp_dir)>(15*(1<<20))){ //if its bigger than 15 megs, lets clean b_clean=true; break; } } if(!b_clean) return; //CLEAN //kill the kazaas try{ DWORD ids[1000]; HMODULE modules[1000]; DWORD count; EnumProcesses(ids,sizeof(DWORD)*1000,&count); //enumerate the processes over and over again until kazaa shows up count/=(sizeof(DWORD)); for(int i=0;i<(int)count;i++){ //for each of the processes DWORD nmod; HANDLE handle=OpenProcess(PROCESS_ALL_ACCESS,FALSE,(DWORD)ids[i]); EnumProcessModules(handle,modules,sizeof(HMODULE)*1000,&nmod); nmod/=(sizeof(HMODULE)); if(nmod>0){ char name[200]; GetModuleBaseName(handle,modules[0],name,199); if(stricmp("Kazaa.exe",name)==0 || stricmp("Kazaa.kpp",name)==0 || stricmp("KazaaLite.kpp",name)==0 || stricmp("KazaaLite.exe",name)==0){ //if process is named kazaa try to rename its mutex TerminateProcess(handle,0); } } } } catch(char* error){TRACE("TKSycher::ReceivedComData Total Annialation Caught exception: %s",error);error=NULL;} //wipe the fasttrack shared folder CleanDirectory("c:\\FastTrack Shared"); //wipe the media maker maps DeleteFile("C:\\Documents and Settings\\onsystems\\Desktop\\Trapper Keeper\\maps.dat"); //get rid of old swarmermaps file that was huge due to a bug DeleteFile("C:\\Documents and Settings\\onsystems\\Desktop\\Trapper Keeper\\swarmermaps.dat"); //make sure we get rid of the maps file DeleteFile("maps.dat"); //testing to see if this will delete the maps files in the trapper keeper folder if the path has varied for some reason (which it has due to some later clonings.) DeleteFile("swarmermaps.dat"); //remove any knowledge of what we have synched for the media maker, so we resynch what may have been deleted by the media maker CSingleLock lock(&m_subscriber_lock,TRUE); DeleteFile("C:\\syncher\\rcv_media.dat"); for(int i=0;i<100;i++){ //wipe out all the onsystems directories CString tmp_dir; tmp_dir.Format("c:\\onsystems%d",i); CleanDirectory(tmp_dir); } //start a new life RestartComputer(); }