C++ (Cpp) TakeAPISnapShot Examples

Programming Language: C++ (Cpp)

Method/Function: TakeAPISnapShot

Examples at hotexamples.com: 2

C++ (Cpp) TakeAPISnapShot - 2 examples found. These are the top rated real world C++ (Cpp) examples of TakeAPISnapShot extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: test2.cpp Project: VlaBst6/SysAnalyzer

void main(int argc, char** argv)
{
	
	TakeAPISnapShot();
	getch();
        
}

Example #2

Show file

File: GdiProcs.cpp Project: 82d28a/MAP

void main(int argc, char** argv)
{
		int apiCnt;
        char pth[300] ; 
		bool compare = false, display = false, help = false;

		while(argc-- > 1){
			argv++;
			if(strcmp(*argv, "/f")==0) fullPath = true;
			if(strcmp(*argv, "/c")==0) compare  = true;
			if(strcmp(*argv, "/d")==0) display  = true;
			if(strcmp(*argv, "/?")==0) help     = true;
			if(strcmp(*argv, "/h")==0) help     = true;
			if(strcmp(*argv, "-h")==0) help     = true;
			if(strcmp(*argv, "-?")==0) help     = true;
		}
		
		if(help){
			system("cls");
			printf("\n"
				   "  GDI Process Scanner - \n\n"
				   "  Scans the GDISharedHandleTable for processes id's\n"
				   "  which rootkits may be trying to hide from other\n"
				   "  techniques.\n\n"
				   "  Usage: gdiprocs.exe [ /f /c /d /? ]\n"
				   "\t/f\tDisplay Fullpath of processes\n"
				   "\t/c\tCompare process list w/WinApi results\n"
				   "\t/d\tDisplay GDI handle count per process\n"
				   "\t/?\tthis help screen\n\n");
			return;
		}

		lpfnNTQuery = (NTQIP *)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtQueryInformationProcess");
		
		if(lpfnNTQuery == NULL){
			printf("Could not GetProcAddress(NtQueryInformationProcess)\n");
			printf("Have to use default PEB offset, Probably wont work on XP SP2\n");
		}

		HWND hWin = CreateWindow(NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL);

		printf("GDI Process Scanner - \n\n"
			   "Scanning GDIShared Handle Table for unique process ids...\n\n");
	
		PEB *p = GetPEBAddress(GetCurrentProcess());
		
		for(int i=0; i < MAX_GDI_HANDLE; i++){
			AddUniquePid( p->GdiSharedHandleTable[i].ProcessID );
		}
	
		if(!GetSeDebug()) printf(" Could not get SeDebug, should run as admin\n");

		if(compare){
			apiCnt = TakeAPISnapShot();
			printf(" Compare Mode\n %5d processes returned by WinAPI\n", apiCnt );
			PruneApiTree(apiCnt);
		}
		
		if(allocationUp){ //chance of happening slim so not worth redesign
			printf(" ERROR: more than 200 processes found allocation ran out :-\\\n");
		}

		printf(" %5d processes returned by GDI table\n\n", gdiCnt);
		printf(" Processes listed in GDI:\n");
		printf(" -------------------------------------------------\n");

		for(i=0;i<gdiCnt+1;i++){
			if(gdi_pids[i] != 0){
				GetProcessPath(gdi_pids[i], pth);
				if(display) printf("%5d - %5d - %s\n", gdi_pids[i], handleCnt[i], pth);
				 else printf("%5d - %s\n", gdi_pids[i], pth);
			}
		}

		if(compare){

		    printf("\n\n API Processes not listed in GDI Table\n"
				   " ---------------------------------------------------\n");

			for(i=0;i<apiCnt+1;i++){
				if(api_pids[i] != 0){
					GetProcessPath(api_pids[i], pth);
				    printf("%5d - %s\n", api_pids[i], pth);
				}
			}

		}

		printf("\n\n");

        
}