void killItunes() { OSVERSIONINFO OSVersion; OSVersion.dwOSVersionInfoSize=sizeof(OSVERSIONINFO); if(!GetVersionEx(&OSVersion)) return ; HANDLE hProcess; if(OSVersion.dwPlatformId==VER_PLATFORM_WIN32_NT)// NT based OS { HINSTANCE hiPSAPI = LoadLibrary("PSAPI.DLL"); if( hiPSAPI == NULL ) return ; // PSAPI Function Pointers. typedef BOOL (WINAPI *LPENUMPROCESSES)(DWORD *,DWORD,DWORD *); typedef BOOL (WINAPI *LPENUMPROCESSMODULES)( HANDLE,HMODULE *,DWORD,LPDWORD); typedef DWORD (WINAPI *LPGETMODULEFILENAMEEX)( HANDLE,HMODULE,LPTSTR,DWORD); LPENUMPROCESSES lpfEnumProcesses = (LPENUMPROCESSES)GetProcAddress(hiPSAPI,"EnumProcesses"); LPENUMPROCESSMODULES lpfEnumProcessModules = (LPENUMPROCESSMODULES)GetProcAddress(hiPSAPI,"EnumProcessModules"); LPGETMODULEFILENAMEEX lpfGetModuleFileNameEx = (LPGETMODULEFILENAMEEX)GetProcAddress(hiPSAPI,"GetModuleFileNameExA"); if(!lpfEnumProcesses||!lpfEnumProcessModules||!lpfGetModuleFileNameEx) { //problem loading pointers to functions FreeLibrary(hiPSAPI); return; } //TODO: add loop to increase to max dwNeeded, set at 400 for test DWORD ProcessIDList[400],dwCb=400,dwCbNeeded,cbRet; if(!lpfEnumProcesses(ProcessIDList,dwCb,&dwCbNeeded)) { //enumprocesses failed FreeLibrary(hiPSAPI); return; } HMODULE hModule[50]; DWORD i=0; char ModuleFileName[256]; while(i<dwCbNeeded/sizeof(DWORD)) { hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_TERMINATE,0,ProcessIDList[i++]); if(hProcess) { if(lpfEnumProcessModules(hProcess,hModule,50,&cbRet)) { if(lpfGetModuleFileNameEx(hProcess,hModule[0],ModuleFileName,256)) { if(strstr(ModuleFileName,"iTunes")) { cout << "Terminating " << ModuleFileName << endl; TerminateProcess(hProcess,0); } } } } cbRet=GetLastError(); CloseHandle(hProcess); } FreeLibrary(hiPSAPI); } else if(OSVersion.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS)// Win 9x { HINSTANCE hiKernel32 = LoadLibrary("Kernel32.DLL"); if(hiKernel32 == NULL) return; // ToolHelp32 Function Pointers. typedef HANDLE (WINAPI *LPCREATETOOLHELP32SNAPSHOT)(DWORD,DWORD); typedef BOOL (WINAPI *LPPROCESS32FIRST)(HANDLE,LPPROCESSENTRY32); typedef BOOL (WINAPI *LPPROCESS32NEXT)(HANDLE,LPPROCESSENTRY32); LPCREATETOOLHELP32SNAPSHOT lpfCreateToolhelp32Snapshot = (LPCREATETOOLHELP32SNAPSHOT)GetProcAddress(hiKernel32,"CreateToolhelp32Snapshot"); LPPROCESS32FIRST lpfProcess32First = (LPPROCESS32FIRST)GetProcAddress(hiKernel32,"Process32First"); LPPROCESS32NEXT lpfProcess32Next = (LPPROCESS32NEXT)GetProcAddress(hiKernel32,"Process32Next"); if(!lpfCreateToolhelp32Snapshot||!lpfProcess32First||!lpfProcess32Next) { FreeLibrary(hiKernel32); return; } HANDLE hProcessList = lpfCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); if(!hProcessList) { FreeLibrary(hiKernel32); return; // cannot take the snapshot } PROCESSENTRY32 Process; Process.dwSize = sizeof(PROCESSENTRY32); if(!lpfProcess32First(hProcessList,&Process)) { CloseHandle(hProcessList); FreeLibrary(hiKernel32); return; } do { if(strstr(Process.szExeFile,"iTunes")) { cout << "Killing " << Process.szExeFile << endl; hProcess = OpenProcess(PROCESS_TERMINATE,0,Process.th32ProcessID); if(!hProcess) break;// cannot open the process TerminateProcess(hProcess,0); CloseHandle(hProcess); } } while (lpfProcess32Next(hProcessList,&Process)); CloseHandle(hProcessList); FreeLibrary(hiKernel32); } }
bool wxProcessKiller::PSExtract(wxProcessKiller::wxPInfoArray &arPinfo) { bool rc=false; arPinfo.clear(); // If Windows NT: switch(GetPlatform()) { case VER_PLATFORM_WIN32_NT: if(hInstLib1) { // Get procedure addresses. static BOOL (WINAPI *lpfEnumProcesses)( DWORD *, DWORD cb, DWORD * ) = (BOOL(WINAPI *)(DWORD *,DWORD,DWORD*))GetProcAddress( (HINSTANCE) hInstLib1, "EnumProcesses" ) ; if( lpfEnumProcesses) { if(hInstLib2) { static DWORD (WINAPI *lpfNtQueryInformationProcess)( HANDLE, int, void *, DWORD, LPDWORD ) = (DWORD(WINAPI *)(HANDLE, int, void *, DWORD, LPDWORD)) GetProcAddress( (HINSTANCE) hInstLib2,"NtQueryInformationProcess" ) ; if(lpfNtQueryInformationProcess){ DWORD dwMaxPids=256; DWORD dwPidSize; DWORD *arPids = NULL ; do { delete [] arPids; arPids=new DWORD[dwMaxPids]; } while(lpfEnumProcesses(arPids, dwMaxPids, &dwPidSize) && dwPidSize/sizeof(DWORD)==dwMaxPids) ; if(dwPidSize/sizeof(DWORD)<dwMaxPids){ rc=true; for( DWORD dwIndex = 0 ; (signed)dwIndex < dwPidSize/sizeof(DWORD); dwIndex++ ) { // Regardless of OpenProcess success or failure, we // still call the enum func with the ProcID. DWORD pid=arPids[dwIndex]; HANDLE hProcess=::OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, pid ); if (hProcess ) { struct { DWORD ExitStatus; // receives process termination status DWORD PebBaseAddress; // receives process environment block address DWORD AffinityMask; // receives process affinity mask DWORD BasePriority; // receives process priority class ULONG UniqueProcessId; // receives process identifier ULONG InheritedFromUniqueProcessId; // receives parent process identifier } pbi; memset( &pbi, 0, sizeof(pbi)); DWORD retLen; __int64 ftCreation,ftExit,ftKernel,ftUser; if(lpfNtQueryInformationProcess(hProcess, 0 /*ProcessBasicInformation*/, &pbi, sizeof(pbi), &retLen)>=0 && TRUE==::GetProcessTimes (hProcess,(FILETIME *)&ftCreation,(FILETIME *)&ftExit,(FILETIME *)&ftKernel,(FILETIME *)&ftUser)){ // The second test is important. It excludes orphaned processes who appear to have been adopted by virtue of a new // process having been created with the same ID as their original parent. wxPInfo p; p.PID=pid; p.PPID=pbi.InheritedFromUniqueProcessId; p.tCreation=ftCreation; p.tCpu=Time((ftKernel+ftUser)/10000); arPinfo.push_back(p); } CloseHandle(hProcess); } } } delete [] arPids; } } } } break; case VER_PLATFORM_WIN32_WINDOWS: if( hInstLib1) { static HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD,DWORD)= (HANDLE(WINAPI *)(DWORD,DWORD))GetProcAddress( (HINSTANCE) hInstLib1,"CreateToolhelp32Snapshot" ) ; static BOOL (WINAPI *lpfProcess32First)(HANDLE,LPPROCESSENTRY32)= (BOOL(WINAPI *)(HANDLE,LPPROCESSENTRY32))GetProcAddress( (HINSTANCE) hInstLib1, "Process32First" ) ; static BOOL (WINAPI *lpfProcess32Next)(HANDLE,LPPROCESSENTRY32)= (BOOL(WINAPI *)(HANDLE,LPPROCESSENTRY32))GetProcAddress( (HINSTANCE) hInstLib1, "Process32Next" ) ; if( lpfProcess32Next && lpfProcess32First && lpfCreateToolhelp32Snapshot) { // Get a handle to a Toolhelp snapshot of the systems // processes. HANDLE hSnapShot = lpfCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0) ; if(INVALID_HANDLE_VALUE != hSnapShot) { // Get the first process' information. PROCESSENTRY32 procentry; procentry.dwSize = sizeof(PROCESSENTRY32) ; if(lpfProcess32First( hSnapShot, &procentry )){ rc=true; do { wxPInfo p; p.PID=procentry.th32ProcessID; p.PPID=procentry.th32ParentProcessID; arPinfo.push_back(p); } while(lpfProcess32Next( hSnapShot, &procentry )); } CloseHandle(hSnapShot); } } } break; default: break; } SetParents(arPinfo); if(!rc){ wxLogError(_T("Couldn't get process information!\n")); } return rc; }
int KILL_PROC_BY_NAME(const TCHAR *szToTerminate) // Created: 6/23/2000 (RK) // Last modified: 3/10/2002 (RK) // Please report any problems or bugs to [email protected] // The latest version of this routine can be found at: // http://www.neurophys.wisc.edu/ravi/software/killproc/ // Terminate the process "szToTerminate" if it is currently running // This works for Win/95/98/ME and also Win/NT/2000/XP // The process name is case-insensitive, i.e. "notepad.exe" and "NOTEPAD.EXE" // will both work (for szToTerminate) // Return codes are as follows: // 0 = Process was successfully terminated // 603 = Process was not currently running // 604 = No permission to terminate process // 605 = Unable to load PSAPI.DLL // 602 = Unable to terminate process for some other reason // 606 = Unable to identify system type // 607 = Unsupported OS // 632 = Invalid process name // 700 = Unable to get procedure address from PSAPI.DLL // 701 = Unable to get process list, EnumProcesses failed // 702 = Unable to load KERNEL32.DLL // 703 = Unable to get procedure address from KERNEL32.DLL // 704 = CreateToolhelp32Snapshot failed // Change history: // modified 3/8/2002 - Borland-C compatible if BORLANDC is defined as // suggested by Bob Christensen // modified 3/10/2002 - Removed memory leaks as suggested by // Jonathan Richard-Brochu (handles to Proc and Snapshot // were not getting closed properly in some cases) { BOOL bResult,bResultm; DWORD aiPID[1000],iCb=1000,iNumProc,iV2000=0; DWORD iCbneeded,i,iFound=0; TCHAR szName[MAX_PATH],szToTermUpper[MAX_PATH]; HANDLE hProc,hSnapShot,hSnapShotm; OSVERSIONINFO osvi; HINSTANCE hInstLib; int iLen,iLenP,indx; HMODULE hMod; PROCESSENTRY32 procentry; MODULEENTRY32 modentry; // Transfer Process name into "szToTermUpper" and // convert it to upper case iLenP=(int)wcslen(szToTerminate); if(iLenP<1 || iLenP>MAX_PATH) return 632; for(indx=0;indx<iLenP;indx++) szToTermUpper[indx]=toupper(szToTerminate[indx]); szToTermUpper[iLenP]=0; // PSAPI Function Pointers. BOOL (WINAPI *lpfEnumProcesses)( DWORD *, DWORD cb, DWORD * ); BOOL (WINAPI *lpfEnumProcessModules)( HANDLE, HMODULE *, DWORD, LPDWORD ); DWORD (WINAPI *lpfGetModuleBaseName)( HANDLE, HMODULE, LPTSTR, DWORD ); // ToolHelp Function Pointers. HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD,DWORD) ; BOOL (WINAPI *lpfProcess32First)(HANDLE,LPPROCESSENTRY32) ; BOOL (WINAPI *lpfProcess32Next)(HANDLE,LPPROCESSENTRY32) ; BOOL (WINAPI *lpfModule32First)(HANDLE,LPMODULEENTRY32) ; BOOL (WINAPI *lpfModule32Next)(HANDLE,LPMODULEENTRY32) ; // First check what version of Windows we're in osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); bResult=GetVersionEx(&osvi); if(!bResult) // Unable to identify system version return 606; // At Present we only support Win/NT/2000/XP or Win/9x/ME if((osvi.dwPlatformId != VER_PLATFORM_WIN32_NT) && (osvi.dwPlatformId != VER_PLATFORM_WIN32_WINDOWS)) return 607; if(osvi.dwPlatformId==VER_PLATFORM_WIN32_NT) { // Win/NT or 2000 or XP // Load library and get the procedures explicitly. We do // this so that we don't have to worry about modules using // this code failing to load under Windows 9x, because // it can't resolve references to the PSAPI.DLL. hInstLib = LoadLibraryA("PSAPI.DLL"); if(hInstLib == NULL) return 605; // Get procedure addresses. lpfEnumProcesses = (BOOL(WINAPI *)(DWORD *,DWORD,DWORD*)) GetProcAddress( hInstLib, "EnumProcesses" ) ; lpfEnumProcessModules = (BOOL(WINAPI *)(HANDLE, HMODULE *, DWORD, LPDWORD)) GetProcAddress( hInstLib, "EnumProcessModules" ) ; lpfGetModuleBaseName =(DWORD (WINAPI *)(HANDLE, HMODULE, LPTSTR, DWORD )) GetProcAddress( hInstLib, "GetModuleBaseNameW" ) ; if(lpfEnumProcesses == NULL || lpfEnumProcessModules == NULL || lpfGetModuleBaseName == NULL) { FreeLibrary(hInstLib); return 700; } bResult=lpfEnumProcesses(aiPID,iCb,&iCbneeded); if(!bResult) { // Unable to get process list, EnumProcesses failed FreeLibrary(hInstLib); return 701; } // How many processes are there? iNumProc=iCbneeded/sizeof(DWORD); // Get and match the name of each process for(i=0;i<iNumProc;i++) { // Get the (module) name for this process wcscpy_s(szName,L"Unknown"); // First, get a handle to the process hProc=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE, aiPID[i]); // Now, get the process name if(hProc) { if(lpfEnumProcessModules(hProc,&hMod,sizeof(hMod),&iCbneeded) ) { iLen=lpfGetModuleBaseName(hProc,hMod,szName,MAX_PATH); } } CloseHandle(hProc); // We will match regardless of lower or upper case #ifdef BORLANDC if(strcmp(strupr(szName),szToTermUpper)==0) #else if(wcscmp(_wcsupr(szName),szToTermUpper)==0) #endif { // Process found, now terminate it iFound=1; // First open for termination hProc=OpenProcess(PROCESS_TERMINATE,FALSE,aiPID[i]); if(hProc) { if(TerminateProcess(hProc,0)) { // process terminated CloseHandle(hProc); FreeLibrary(hInstLib); return 0; } else { // Unable to terminate process CloseHandle(hProc); FreeLibrary(hInstLib); return 602; } } else { // Unable to open process for termination FreeLibrary(hInstLib); return 604; } } } } if(osvi.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS) { // Win/95 or 98 or ME hInstLib = LoadLibraryA("Kernel32.DLL"); if( hInstLib == NULL ) return 702; // Get procedure addresses. // We are linking to these functions of Kernel32 // explicitly, because otherwise a module using // this code would fail to load under Windows NT, // which does not have the Toolhelp32 // functions in the Kernel 32. lpfCreateToolhelp32Snapshot= (HANDLE(WINAPI *)(DWORD,DWORD)) GetProcAddress( hInstLib, "CreateToolhelp32Snapshot" ) ; lpfProcess32First= (BOOL(WINAPI *)(HANDLE,LPPROCESSENTRY32)) GetProcAddress( hInstLib, "Process32First" ) ; lpfProcess32Next= (BOOL(WINAPI *)(HANDLE,LPPROCESSENTRY32)) GetProcAddress( hInstLib, "Process32Next" ) ; lpfModule32First= (BOOL(WINAPI *)(HANDLE,LPMODULEENTRY32)) GetProcAddress( hInstLib, "Module32First" ) ; lpfModule32Next= (BOOL(WINAPI *)(HANDLE,LPMODULEENTRY32)) GetProcAddress( hInstLib, "Module32Next" ) ; if( lpfProcess32Next == NULL || lpfProcess32First == NULL || lpfModule32Next == NULL || lpfModule32First == NULL || lpfCreateToolhelp32Snapshot == NULL ) { FreeLibrary(hInstLib); return 703; } // The Process32.. and Module32.. routines return names in all uppercase // Get a handle to a Toolhelp snapshot of all the systems processes. hSnapShot = lpfCreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ) ; if( hSnapShot == INVALID_HANDLE_VALUE ) { FreeLibrary(hInstLib); return 704; } // Get the first process' information. procentry.dwSize = sizeof(PROCESSENTRY32); bResult=lpfProcess32First(hSnapShot,&procentry); // While there are processes, keep looping and checking. while(bResult) { // Get a handle to a Toolhelp snapshot of this process. hSnapShotm = lpfCreateToolhelp32Snapshot( TH32CS_SNAPMODULE, procentry.th32ProcessID) ; if( hSnapShotm == INVALID_HANDLE_VALUE ) { CloseHandle(hSnapShot); FreeLibrary(hInstLib); return 704; } // Get the module list for this process modentry.dwSize=sizeof(MODULEENTRY32); bResultm=lpfModule32First(hSnapShotm,&modentry); // While there are modules, keep looping and checking while(bResultm) { if(wcscmp(modentry.szModule,szToTermUpper)==0) { // Process found, now terminate it iFound=1; // First open for termination hProc=OpenProcess(PROCESS_TERMINATE,FALSE,procentry.th32ProcessID); if(hProc) { if(TerminateProcess(hProc,0)) { // process terminated CloseHandle(hSnapShotm); CloseHandle(hSnapShot); CloseHandle(hProc); FreeLibrary(hInstLib); return 0; } else { // Unable to terminate process CloseHandle(hSnapShotm); CloseHandle(hSnapShot); CloseHandle(hProc); FreeLibrary(hInstLib); return 602; } } else { // Unable to open process for termination CloseHandle(hSnapShotm); CloseHandle(hSnapShot); FreeLibrary(hInstLib); return 604; } } else { // Look for next modules for this process modentry.dwSize=sizeof(MODULEENTRY32); bResultm=lpfModule32Next(hSnapShotm,&modentry); } } //Keep looking CloseHandle(hSnapShotm); procentry.dwSize = sizeof(PROCESSENTRY32); bResult = lpfProcess32Next(hSnapShot,&procentry); } CloseHandle(hSnapShot); } if(iFound==0) { FreeLibrary(hInstLib); return 603; } FreeLibrary(hInstLib); return 0; }
int FIND_PROC_BY_NAME(const char *szToFind) // Created: 12/29/2000 (RK) // Last modified: 6/16/2003 (RK) // Please report any problems or bugs to [email protected] // The latest version of this routine can be found at: // http://www.neurophys.wisc.edu/ravi/software/killproc/ // Check whether the process "szToFind" is currently running in memory // This works for Win/95/98/ME and also Win/NT/2000/XP // The process name is case-insensitive, i.e. "notepad.exe" and "NOTEPAD.EXE" // will both work (for szToFind) // Return codes are as follows: // 0 = Process was not found // 1 = Process was found // 605 = Unable to search for process // 606 = Unable to identify system type // 607 = Unsupported OS // 632 = Process name is invalid // Change history: // 3/10/2002 - Fixed memory leak in some cases (hSnapShot and // and hSnapShotm were not being closed sometimes) // 6/13/2003 - Removed iFound (was not being used, as pointed out // by John Emmas) { BOOL bResult,bResultm; DWORD aiPID[1000],iCb=1000,iNumProc,iV2000=0; DWORD iCbneeded,i; char szName[MAX_PATH],szToFindUpper[MAX_PATH]; HANDLE hProc,hSnapShot,hSnapShotm; OSVERSIONINFO osvi; HINSTANCE hInstLib; int iLen,iLenP,indx; HMODULE hMod; PROCESSENTRY32 procentry; MODULEENTRY32 modentry; // PSAPI Function Pointers. BOOL (WINAPI *lpfEnumProcesses)( DWORD *, DWORD cb, DWORD * ); BOOL (WINAPI *lpfEnumProcessModules)( HANDLE, HMODULE *, DWORD, LPDWORD ); DWORD (WINAPI *lpfGetModuleBaseName)( HANDLE, HMODULE, LPTSTR, DWORD ); // ToolHelp Function Pointers. HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD,DWORD) ; BOOL (WINAPI *lpfProcess32First)(HANDLE,LPPROCESSENTRY32) ; BOOL (WINAPI *lpfProcess32Next)(HANDLE,LPPROCESSENTRY32) ; BOOL (WINAPI *lpfModule32First)(HANDLE,LPMODULEENTRY32) ; BOOL (WINAPI *lpfModule32Next)(HANDLE,LPMODULEENTRY32) ; // Transfer Process name into "szToFindUpper" and // convert it to upper case iLenP=strlen(szToFind); if(iLenP<1 || iLenP>MAX_PATH) return 632; for(indx=0;indx<iLenP;indx++) szToFindUpper[indx]=toupper(szToFind[indx]); szToFindUpper[iLenP]=0; // First check what version of Windows we're in osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); bResult=GetVersionEx(&osvi); if(!bResult) // Unable to identify system version return 606; // At Present we only support Win/NT/2000 or Win/9x/ME if((osvi.dwPlatformId != VER_PLATFORM_WIN32_NT) && (osvi.dwPlatformId != VER_PLATFORM_WIN32_WINDOWS)) return 607; if(osvi.dwPlatformId==VER_PLATFORM_WIN32_NT) { // Win/NT or 2000 or XP // Load library and get the procedures explicitly. We do // this so that we don't have to worry about modules using // this code failing to load under Windows 95, because // it can't resolve references to the PSAPI.DLL. hInstLib = LoadLibraryA("PSAPI.DLL"); if(hInstLib == NULL) return 605; // Get procedure addresses. lpfEnumProcesses = (BOOL(WINAPI *)(DWORD *,DWORD,DWORD*)) GetProcAddress( hInstLib, "EnumProcesses" ) ; lpfEnumProcessModules = (BOOL(WINAPI *)(HANDLE, HMODULE *, DWORD, LPDWORD)) GetProcAddress( hInstLib, "EnumProcessModules" ) ; lpfGetModuleBaseName =(DWORD (WINAPI *)(HANDLE, HMODULE, LPTSTR, DWORD )) GetProcAddress( hInstLib, "GetModuleBaseNameA" ) ; if( lpfEnumProcesses == NULL || lpfEnumProcessModules == NULL || lpfGetModuleBaseName == NULL) { FreeLibrary(hInstLib); return 605; } bResult=lpfEnumProcesses(aiPID,iCb,&iCbneeded); if(!bResult) { // Unable to get process list, EnumProcesses failed FreeLibrary(hInstLib); return 605; } // How many processes are there? iNumProc=iCbneeded/sizeof(DWORD); // Get and match the name of each process for(i=0;i<iNumProc;i++) { // Get the (module) name for this process strcpy(szName,"Unknown"); // First, get a handle to the process hProc=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE, aiPID[i]); // Now, get the process name if(hProc) { if(lpfEnumProcessModules(hProc,&hMod,sizeof(hMod),&iCbneeded) ) { iLen=lpfGetModuleBaseName(hProc,hMod,szName,MAX_PATH); } } CloseHandle(hProc); // Match regardless of lower or upper case if(strcmp(_strupr(szName),szToFindUpper)==0) { // Process found FreeLibrary(hInstLib); return 1; } } } if(osvi.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS) { // Win/95 or 98 or ME hInstLib = LoadLibraryA("Kernel32.DLL"); if( hInstLib == NULL ) return FALSE ; // Get procedure addresses. // We are linking to these functions of Kernel32 // explicitly, because otherwise a module using // this code would fail to load under Windows NT, // which does not have the Toolhelp32 // functions in the Kernel 32. lpfCreateToolhelp32Snapshot= (HANDLE(WINAPI *)(DWORD,DWORD)) GetProcAddress( hInstLib, "CreateToolhelp32Snapshot" ) ; lpfProcess32First= (BOOL(WINAPI *)(HANDLE,LPPROCESSENTRY32)) GetProcAddress( hInstLib, "Process32First" ) ; lpfProcess32Next= (BOOL(WINAPI *)(HANDLE,LPPROCESSENTRY32)) GetProcAddress( hInstLib, "Process32Next" ) ; lpfModule32First= (BOOL(WINAPI *)(HANDLE,LPMODULEENTRY32)) GetProcAddress( hInstLib, "Module32First" ) ; lpfModule32Next= (BOOL(WINAPI *)(HANDLE,LPMODULEENTRY32)) GetProcAddress( hInstLib, "Module32Next" ) ; if( lpfProcess32Next == NULL || lpfProcess32First == NULL || lpfModule32Next == NULL || lpfModule32First == NULL || lpfCreateToolhelp32Snapshot == NULL ) { FreeLibrary(hInstLib); return 605; } // The Process32.. and Module32.. routines return names in all uppercase // Get a handle to a Toolhelp snapshot of all the systems processes. hSnapShot = lpfCreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ) ; if( hSnapShot == INVALID_HANDLE_VALUE ) { FreeLibrary(hInstLib); return 605; } // Get the first process' information. procentry.dwSize = sizeof(PROCESSENTRY32); bResult=lpfProcess32First(hSnapShot,&procentry); // While there are processes, keep looping and checking. while(bResult) { // Get a handle to a Toolhelp snapshot of this process. hSnapShotm = lpfCreateToolhelp32Snapshot( TH32CS_SNAPMODULE, procentry.th32ProcessID) ; if( hSnapShotm == INVALID_HANDLE_VALUE ) { CloseHandle(hSnapShot); FreeLibrary(hInstLib); return 605; } // Get the module list for this process modentry.dwSize=sizeof(MODULEENTRY32); bResultm=lpfModule32First(hSnapShotm,&modentry); // While there are modules, keep looping and checking while(bResultm) { if(strcmp(modentry.szModule,szToFindUpper)==0) { // Process found CloseHandle(hSnapShotm); CloseHandle(hSnapShot); FreeLibrary(hInstLib); return 1; } else { // Look for next modules for this process modentry.dwSize=sizeof(MODULEENTRY32); bResultm=lpfModule32Next(hSnapShotm,&modentry); } } //Keep looking CloseHandle(hSnapShotm); procentry.dwSize = sizeof(PROCESSENTRY32); bResult = lpfProcess32Next(hSnapShot,&procentry); } CloseHandle(hSnapShot); } FreeLibrary(hInstLib); return 0; }
static BOOL WINAPI GetParentPID(PROCESSENTRY32& procentry) { OSVERSIONINFO osver; HINSTANCE hInstLib; HANDLE hSnapShot; BOOL bContinue; // ToolHelp Function Pointers. HANDLE(WINAPI *lpfCreateToolhelp32Snapshot)(DWORD, DWORD); BOOL(WINAPI *lpfProcess32First)(HANDLE, LPPROCESSENTRY32); BOOL(WINAPI *lpfProcess32Next)(HANDLE, LPPROCESSENTRY32); // Check to see if were running under Windows95 or // Windows NT. osver.dwOSVersionInfoSize = sizeof(osver); if (!GetVersionEx(&osver)) { return FALSE; } if (osver.dwPlatformId != VER_PLATFORM_WIN32_NT) { return FALSE; } hInstLib = LoadLibraryA("Kernel32.DLL"); if (hInstLib == NULL) { return FALSE; } // Get procedure addresses. // We are linking to these functions of Kernel32 // explicitly, because otherwise a module using // this code would fail to load under Windows NT, // which does not have the Toolhelp32 // functions in the Kernel 32. lpfCreateToolhelp32Snapshot = (HANDLE(WINAPI *)(DWORD, DWORD)) GetProcAddress(hInstLib, "CreateToolhelp32Snapshot"); lpfProcess32First = (BOOL(WINAPI *)(HANDLE, LPPROCESSENTRY32)) GetProcAddress(hInstLib, "Process32First"); lpfProcess32Next = (BOOL(WINAPI *)(HANDLE, LPPROCESSENTRY32)) GetProcAddress(hInstLib, "Process32Next"); if (lpfProcess32Next == NULL || lpfProcess32First == NULL || lpfCreateToolhelp32Snapshot == NULL) { FreeLibrary(hInstLib); return FALSE; } // Get a handle to a Toolhelp snapshot of the systems // processes. hSnapShot = lpfCreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0); if (hSnapShot == INVALID_HANDLE_VALUE) { FreeLibrary(hInstLib); return FALSE; } // Get the first process' information. memset((LPVOID)&procentry, 0, sizeof(PROCESSENTRY32)); procentry.dwSize = sizeof(PROCESSENTRY32); bContinue = lpfProcess32First(hSnapShot, &procentry); DWORD pid = 0; // While there are processes, keep looping. DWORD crtpid = GetCurrentProcessId(); while (bContinue) { if (crtpid == procentry.th32ProcessID) pid = procentry.th32ParentProcessID; procentry.dwSize = sizeof(PROCESSENTRY32); bContinue = !pid && lpfProcess32Next(hSnapShot, &procentry); }//while ends // Free the library. FreeLibrary(hInstLib); return pid ? TRUE : FALSE; }
void LoadModuleSymbols(DWORD dwProcessId, HANDLE hProcess) { OSVERSIONINFO osver; HINSTANCE hInstLib; HANDLE hSnapShot; MODULEENTRY32 module; BOOL fFlag; HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD,DWORD); BOOL (WINAPI *lpfModule32First)(HANDLE,LPMODULEENTRY32); BOOL (WINAPI *lpfModule32Next)(HANDLE,LPMODULEENTRY32); osver.dwOSVersionInfoSize = sizeof(osver); if (!GetVersionEx(&osver)) { // ::MessageBox(NULL,"GetVersionEx failed","error",MB_OK); return; } if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT) { // mlog("LoadModuleSymbols,VER_PLATFORM_WIN32_NT\n"); if (!g_pfnEnumerateLoadedModules(hProcess, (PENUMLOADED_MODULES_CALLBACK)EnumLoadedModulesCallback, (PVOID)hProcess)) { // ::MessageBox(NULL,"EnumerateLoadedModules failed","error",MB_OK); // mlog("LoadModuleSymbols,EnumerateLoadedModules failed\n"); } return; } if (osver.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS) { // mlog("LoadModuleSymbols,VER_PLATFORM_WIN32_WINDOWS\n"); hInstLib = LoadLibraryA("Kernel32.DLL"); if (hInstLib == NULL) return; lpfCreateToolhelp32Snapshot=(HANDLE(WINAPI *)(DWORD,DWORD)) GetProcAddress(hInstLib, "CreateToolhelp32Snapshot"); lpfModule32First=(BOOL(WINAPI *)(HANDLE,LPMODULEENTRY32)) GetProcAddress(hInstLib, "Module32First"); lpfModule32Next=(BOOL(WINAPI *)(HANDLE,LPMODULEENTRY32)) GetProcAddress(hInstLib, "Module32Next"); if (lpfModule32Next == NULL || lpfModule32First == NULL || lpfCreateToolhelp32Snapshot == NULL) { // mlog("LoadModuleSymbols,NULL\n"); FreeLibrary(hInstLib); return; } hSnapShot = lpfCreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId); if (hSnapShot == INVALID_HANDLE_VALUE) { // mlog("LoadModuleSymbols,INVALID_HANDLE_VALUE\n"); FreeLibrary(hInstLib); return; } module.dwSize = sizeof(module) ; fFlag = lpfModule32First(hSnapShot, &module); while (fFlag) { // windows98 에서 d3d9.dll 심볼을 로드하면 exe파일 심볼을 로드 못하는 경우가 생겨서 막아놓았다. if(strnicmp(module.szModule,"d3d9",4)!=0) { if (!g_pfnSymLoadModule(hProcess, 0, module.szExePath, 0, 0, 0)) { // ::MessageBox(NULL,"SymLoadModule failed","error",MB_OK); cclog("SymLoadModule failed %d ( module = %s , exe = %s ) \n",GetLastError(),module.szModule,module.szExePath); }else { // mlog("LoadModuleSymbols,SymLoadModule ok ( module = %s , exe = %s ) \n",module.szModule,module.szExePath); } }else{ // mlog("skip d3d9\n"); } fFlag = lpfModule32Next(hSnapShot, &module); } FreeLibrary(hInstLib) ; } }
int os_msw::terminate_process_by_name( const wxString& named_process_to_terminate ) { // A more wxWindows type interface const char *szToTerminate = named_process_to_terminate.c_str(); // See notes to is_named_process_running for credits and info. BOOL bResult,bResultm; DWORD aiPID[1000],iCb=1000,iNumProc,iV2000=0; DWORD iCbneeded,i,iFound=0; char szName[MAX_PATH],szToTermUpper[MAX_PATH]; HANDLE hProc,hSnapShot,hSnapShotm; OSVERSIONINFO osvi; HINSTANCE hInstLib; int iLen,iLenP,indx; HMODULE hMod; PROCESSENTRY32 procentry; MODULEENTRY32 modentry; // Transfer Process name into "szToTermUpper" and // convert it to upper case iLenP=strlen(szToTerminate); if(iLenP<1 || iLenP>MAX_PATH) return 632; for(indx=0;indx<iLenP;indx++) szToTermUpper[indx]=toupper(szToTerminate[indx]); szToTermUpper[iLenP]=0; // PSAPI Function Pointers. BOOL (WINAPI *lpfEnumProcesses)( DWORD *, DWORD cb, DWORD * ); BOOL (WINAPI *lpfEnumProcessModules)( HANDLE, HMODULE *, DWORD, LPDWORD ); DWORD (WINAPI *lpfGetModuleBaseName)( HANDLE, HMODULE, LPTSTR, DWORD ); // ToolHelp Function Pointers. HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD,DWORD) ; BOOL (WINAPI *lpfProcess32First)(HANDLE,LPPROCESSENTRY32) ; BOOL (WINAPI *lpfProcess32Next)(HANDLE,LPPROCESSENTRY32) ; BOOL (WINAPI *lpfModule32First)(HANDLE,LPMODULEENTRY32) ; BOOL (WINAPI *lpfModule32Next)(HANDLE,LPMODULEENTRY32) ; // First check what version of Windows we're in osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); bResult=GetVersionEx(&osvi); if(!bResult) // Unable to identify system version return 606; // At Present we only support Win/NT/2000/XP or Win/9x/ME if((osvi.dwPlatformId != VER_PLATFORM_WIN32_NT) && (osvi.dwPlatformId != VER_PLATFORM_WIN32_WINDOWS)) return 607; if(osvi.dwPlatformId==VER_PLATFORM_WIN32_NT) { // Win/NT or 2000 or XP // Load library and get the procedures explicitly. We do // this so that we don't have to worry about modules using // this code failing to load under Windows 9x, because // it can't resolve references to the PSAPI.DLL. hInstLib = LoadLibraryA("PSAPI.DLL"); if(hInstLib == NULL) return 605; // Get procedure addresses. lpfEnumProcesses = (BOOL(WINAPI *)(DWORD *,DWORD,DWORD*)) GetProcAddress( hInstLib, "EnumProcesses" ) ; lpfEnumProcessModules = (BOOL(WINAPI *)(HANDLE, HMODULE *, DWORD, LPDWORD)) GetProcAddress( hInstLib, "EnumProcessModules" ) ; lpfGetModuleBaseName =(DWORD (WINAPI *)(HANDLE, HMODULE, LPTSTR, DWORD )) GetProcAddress( hInstLib, "GetModuleBaseNameA" ) ; if(lpfEnumProcesses == NULL || lpfEnumProcessModules == NULL || lpfGetModuleBaseName == NULL) { FreeLibrary(hInstLib); return 700; } bResult=lpfEnumProcesses(aiPID,iCb,&iCbneeded); if(!bResult) { // Unable to get process list, EnumProcesses failed FreeLibrary(hInstLib); return 701; } // How many processes are there? iNumProc=iCbneeded/sizeof(DWORD); // Get and match the name of each process for(i=0;i<iNumProc;i++) { // Get the (module) name for this process strcpy(szName,"Unknown"); // First, get a handle to the process hProc=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE, aiPID[i]); // Now, get the process name if(hProc) { if(lpfEnumProcessModules(hProc,&hMod,sizeof(hMod),&iCbneeded) ) { iLen=lpfGetModuleBaseName(hProc,hMod,szName,MAX_PATH); } } CloseHandle(hProc); // We will match regardless of lower or upper case #ifdef __BORLANDC__ if(strcmp(strupr(szName),szToTermUpper)==0) #else if(strcmp(_strupr(szName),szToTermUpper)==0) #endif { // Process found, now terminate it iFound=1; // First open for termination hProc=OpenProcess(PROCESS_TERMINATE,FALSE,aiPID[i]); if(hProc) { if(TerminateProcess(hProc,0)) { // process terminated CloseHandle(hProc); FreeLibrary(hInstLib); return 0; } else { // Unable to terminate process CloseHandle(hProc); FreeLibrary(hInstLib); return 602; } } else { // Unable to open process for termination FreeLibrary(hInstLib); return 604; } } } } if(osvi.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS) { // Win/95 or 98 or ME hInstLib = LoadLibraryA("Kernel32.DLL"); if( hInstLib == NULL ) return 702; // Get procedure addresses. // We are linking to these functions of Kernel32 // explicitly, because otherwise a module using // this code would fail to load under Windows NT, // which does not have the Toolhelp32 // functions in the Kernel 32. lpfCreateToolhelp32Snapshot= (HANDLE(WINAPI *)(DWORD,DWORD)) GetProcAddress( hInstLib, "CreateToolhelp32Snapshot" ) ; lpfProcess32First= (BOOL(WINAPI *)(HANDLE,LPPROCESSENTRY32)) GetProcAddress( hInstLib, "Process32First" ) ; lpfProcess32Next= (BOOL(WINAPI *)(HANDLE,LPPROCESSENTRY32)) GetProcAddress( hInstLib, "Process32Next" ) ; lpfModule32First= (BOOL(WINAPI *)(HANDLE,LPMODULEENTRY32)) GetProcAddress( hInstLib, "Module32First" ) ; lpfModule32Next= (BOOL(WINAPI *)(HANDLE,LPMODULEENTRY32)) GetProcAddress( hInstLib, "Module32Next" ) ; if( lpfProcess32Next == NULL || lpfProcess32First == NULL || lpfModule32Next == NULL || lpfModule32First == NULL || lpfCreateToolhelp32Snapshot == NULL ) { FreeLibrary(hInstLib); return 703; } // The Process32.. and Module32.. routines return names in all uppercase // Get a handle to a Toolhelp snapshot of all the systems processes. hSnapShot = lpfCreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ) ; if( hSnapShot == INVALID_HANDLE_VALUE ) { FreeLibrary(hInstLib); return 704; } // Get the first process' information. procentry.dwSize = sizeof(PROCESSENTRY32); bResult=lpfProcess32First(hSnapShot,&procentry); // While there are processes, keep looping and checking. while(bResult) { // Get a handle to a Toolhelp snapshot of this process. hSnapShotm = lpfCreateToolhelp32Snapshot( TH32CS_SNAPMODULE, procentry.th32ProcessID) ; if( hSnapShotm == INVALID_HANDLE_VALUE ) { CloseHandle(hSnapShot); FreeLibrary(hInstLib); return 704; } // Get the module list for this process modentry.dwSize=sizeof(MODULEENTRY32); bResultm=lpfModule32First(hSnapShotm,&modentry); // While there are modules, keep looping and checking while(bResultm) { if(strcmp(modentry.szModule,szToTermUpper)==0) { // Process found, now terminate it iFound=1; // First open for termination hProc=OpenProcess(PROCESS_TERMINATE,FALSE,procentry.th32ProcessID); if(hProc) { //ROB: Replaced with best_terminate_process //if(TerminateProcess(hProc,0)) if ( best_terminate_process( hProc, 0 ) ) { // process terminated CloseHandle(hSnapShotm); CloseHandle(hSnapShot); CloseHandle(hProc); FreeLibrary(hInstLib); return 0; } else { // Unable to terminate process CloseHandle(hSnapShotm); CloseHandle(hSnapShot); CloseHandle(hProc); FreeLibrary(hInstLib); return 602; } } else { // Unable to open process for termination CloseHandle(hSnapShotm); CloseHandle(hSnapShot); FreeLibrary(hInstLib); return 604; } } else { // Look for next modules for this process modentry.dwSize=sizeof(MODULEENTRY32); bResultm=lpfModule32Next(hSnapShotm,&modentry); } } //Keep looking CloseHandle(hSnapShotm); procentry.dwSize = sizeof(PROCESSENTRY32); bResult = lpfProcess32Next(hSnapShot,&procentry); } CloseHandle(hSnapShot); } if(iFound==0) { FreeLibrary(hInstLib); return 603; } FreeLibrary(hInstLib); return 0; }