VOID Dlg_PopulateModuleList(HWND hwnd) { HWND hwndModuleHelp = GetDlgItem(hwnd, IDC_MODULEHELP); ListBox_ResetContent(hwndModuleHelp); CToolhelp thProcesses(TH32CS_SNAPPROCESS); PROCESSENTRY32 pe = { sizeof(pe) }; BOOL fOk = thProcesses.ProcessFirst(&pe); for (; fOk; fOk = thProcesses.ProcessNext(&pe)) { CToolhelp thModules(TH32CS_SNAPMODULE, pe.th32ProcessID); MODULEENTRY32 me = { sizeof(me) }; BOOL fOk = thModules.ModuleFirst(&me); for (; fOk; fOk = thModules.ModuleNext(&me)) { int n = ListBox_FindStringExact(hwndModuleHelp, -1, me.szExePath); if (n == LB_ERR) { // This module hasn't been added before ListBox_AddString(hwndModuleHelp, me.szExePath); } } } HWND hwndList = GetDlgItem(hwnd, IDC_PROCESSMODULELIST); SetWindowRedraw(hwndList, FALSE); ComboBox_ResetContent(hwndList); int nNumModules = ListBox_GetCount(hwndModuleHelp); for (int i = 0; i < nNumModules; i++) { TCHAR sz[1024]; ListBox_GetText(hwndModuleHelp, i, sz); // Place module name (without its path) in the list int nIndex = ComboBox_AddString(hwndList, _tcsrchr(sz, TEXT('\\')) + 1); // Associate the index of the full path with the added item ComboBox_SetItemData(hwndList, nIndex, i); } ComboBox_SetCurSel(hwndList, 0); // Select the first entry // Simulate the user selecting this first item so that the // results pane shows something interesting FORWARD_WM_COMMAND(hwnd, IDC_PROCESSMODULELIST, hwndList, CBN_SELCHANGE, SendMessage); SetWindowRedraw(hwndList, TRUE); InvalidateRect(hwndList, NULL, FALSE); }
VOID ShowModuleInfo(HWND hwnd, PCTSTR pszModulePath) { SetWindowText(hwnd, TEXT("")); // Clear the output box CToolhelp thProcesses(TH32CS_SNAPPROCESS); PROCESSENTRY32 pe = { sizeof(pe) }; BOOL fOk = thProcesses.ProcessFirst(&pe); AddText(hwnd, TEXT("Pathname: %s\r\n\r\n"), pszModulePath); AddText(hwnd, TEXT("Process Information:\r\n")); AddText(hwnd, TEXT(" PID %-*s Process\r\n"), s_cchAddress, TEXT("BaseAddr")); for (; fOk; fOk = thProcesses.ProcessNext(&pe)) { CToolhelp thModules(TH32CS_SNAPMODULE, pe.th32ProcessID); MODULEENTRY32 me = { sizeof(me) }; BOOL fOk = thModules.ModuleFirst(&me); for (; fOk; fOk = thModules.ModuleNext(&me)) { if (_tcscmp(me.szExePath, pszModulePath) == 0) { AddText(hwnd, TEXT(" %08X %p %s\r\n"), pe.th32ProcessID, me.modBaseAddr, pe.szExeFile); } } } }
void OnRefreshProcesses() { HWND hwndList = GetDlgItem(g_hDlg, IDC_COMBO_PROCESS); SetWindowRedraw(hwndList, FALSE); ComboBox_ResetContent(hwndList); CToolhelp thProcesses(TH32CS_SNAPPROCESS); PROCESSENTRY32 pe = { sizeof(pe) }; BOOL fOk = thProcesses.ProcessFirst(&pe); for (; fOk; fOk = thProcesses.ProcessNext(&pe)) { TCHAR sz[1024]; // Place the process name (without its path) & ID in the list PCTSTR pszExeFile = _tcsrchr(pe.szExeFile, TEXT('\\')); if (pszExeFile == NULL) { pszExeFile = pe.szExeFile; } else { pszExeFile++; // Skip over the slash } StringCchPrintf(sz, _countof(sz), TEXT("%04u - %s"), pe.th32ProcessID, pszExeFile); int n = ComboBox_AddString(hwndList, sz); // Associate the process ID with the added item ComboBox_SetItemData(hwndList, n, pe.th32ProcessID); } ComboBox_SetCurSel(hwndList, 0); // Select the first entry // Simulate the user selecting this first item so that the // results pane shows something interesting FORWARD_WM_COMMAND(g_hDlg, IDC_COMBO_PROCESS, hwndList, CBN_SELCHANGE, SendMessage); SetWindowRedraw(hwndList, TRUE); InvalidateRect(hwndList, NULL, FALSE); }
VOID Dlg_PopulateProcessList(HWND hwnd) { HWND hwndList = GetDlgItem(hwnd, IDC_PROCESSMODULELIST); SetWindowRedraw(hwndList, FALSE); ComboBox_ResetContent(hwndList); CToolhelp thProcesses(TH32CS_SNAPPROCESS); PROCESSENTRY32 pe = { sizeof(pe) }; BOOL fOk = thProcesses.ProcessFirst(&pe); /* Call function Process32Next for each process in the system */ for (; fOk; fOk = thProcesses.ProcessNext(&pe)) { TCHAR sz[1024]; /* Place the process name (without its path) & ID in the list */ PCTSTR pszExeFile = _tcsrchr(pe.szExeFile, TEXT('\\')); if (pszExeFile == NULL) { pszExeFile = pe.szExeFile; } else { /* Skip over the slash */ pszExeFile++; } /* Append the code/resource integrity level and policy */ DWORD dwCodeIntegrityLevel = 0; DWORD dwCodePolicy = TOKEN_MANDATORY_POLICY_OFF; DWORD dwResourcePolicy = 0; DWORD dwResourceIntegrityLevel = 0; TCHAR szCodeDetails[256]; szCodeDetails[0] = TEXT('\0'); TCHAR szResourceDetails[256]; szResourceDetails[0] = TEXT('\0'); if (GetProcessIntegrityLevel(pe.th32ProcessID, &dwCodeIntegrityLevel, &dwCodePolicy, &dwResourceIntegrityLevel, &dwResourcePolicy)) { switch (dwCodeIntegrityLevel) { case SECURITY_MANDATORY_LOW_RID: _tcscpy_s(szCodeDetails, _countof(szCodeDetails), TEXT("- Low ")); break; case SECURITY_MANDATORY_MEDIUM_RID: _tcscpy_s(szCodeDetails, _countof(szCodeDetails), TEXT("- Medium ")); break; case SECURITY_MANDATORY_HIGH_RID: _tcscpy_s(szCodeDetails, _countof(szCodeDetails), TEXT("- High ")); break; case SECURITY_MANDATORY_SYSTEM_RID: _tcscpy_s(szCodeDetails, _countof(szCodeDetails), TEXT("- System ")); break; default: _tcscpy_s(szCodeDetails, _countof(szCodeDetails), TEXT("- ??? ")); } if (dwCodePolicy == TOKEN_MANDATORY_POLICY_OFF) { // = 0 _tcscat_s(szCodeDetails, _countof(szCodeDetails), TEXT(" + no policy")); } else { if ((dwCodePolicy & TOKEN_MANDATORY_POLICY_VALID_MASK) == 0) { _tcscat_s(szCodeDetails, _countof(szCodeDetails), TEXT(" + ???")); } else { if ((dwCodePolicy & TOKEN_MANDATORY_POLICY_NO_WRITE_UP) == TOKEN_MANDATORY_POLICY_NO_WRITE_UP) { _tcscat_s(szCodeDetails, _countof(szCodeDetails), TEXT(" + no write-up")); } if ((dwCodePolicy & TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN) == TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN) { _tcscat_s(szCodeDetails, _countof(szCodeDetails), TEXT(" + new process min")); } } } switch (dwResourceIntegrityLevel) { case SECURITY_MANDATORY_LOW_RID: _tcscpy_s(szResourceDetails, _countof(szResourceDetails), TEXT("Low")); break; case SECURITY_MANDATORY_MEDIUM_RID: _tcscpy_s(szResourceDetails, _countof(szResourceDetails), TEXT("Medium")); break; case SECURITY_MANDATORY_HIGH_RID: _tcscpy_s(szResourceDetails, _countof(szResourceDetails), TEXT("High")); break; case SECURITY_MANDATORY_SYSTEM_RID: _tcscpy_s(szResourceDetails, _countof(szResourceDetails), TEXT("System")); break; case 0: _tcscpy_s(szResourceDetails, _countof(szResourceDetails), TEXT("Not set")); break; default: _tcscpy_s(szResourceDetails, _countof(szResourceDetails), TEXT("???")); } if (dwResourcePolicy == 0) { // = 0 _tcscat_s(szResourceDetails, _countof(szResourceDetails), TEXT(" + 0 policy")); } else { if ((dwResourcePolicy & TOKEN_MANDATORY_POLICY_VALID_MASK) == 0) { _tcscat_s(szResourceDetails, _countof(szResourceDetails), TEXT(" + ???")); } else { if ((dwResourcePolicy & SYSTEM_MANDATORY_LABEL_NO_WRITE_UP) == SYSTEM_MANDATORY_LABEL_NO_WRITE_UP) { _tcscat_s(szResourceDetails, _countof(szResourceDetails), TEXT(" + no write-up")); } if ((dwResourcePolicy & SYSTEM_MANDATORY_LABEL_NO_READ_UP) == SYSTEM_MANDATORY_LABEL_NO_READ_UP) { _tcscat_s(szResourceDetails, _countof(szResourceDetails), TEXT(" + no read-up")); } if ((dwResourcePolicy & SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) == SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) { _tcscat_s(szResourceDetails, _countof(szResourceDetails), TEXT(" + no execute-up")); } } } } StringCchPrintf(sz, _countof(sz), TEXT("%s (0x%08X) %s [%s]"), pszExeFile, pe.th32ProcessID, szCodeDetails, szResourceDetails); int n = ComboBox_AddString(hwndList, sz); // Associate the process ID with the added item ComboBox_SetItemData(hwndList, n, pe.th32ProcessID); } ComboBox_SetCurSel(hwndList, 0); // Select the first entry // Simulate the user selecting this first item so that the // results pane shows something interesting FORWARD_WM_COMMAND(hwnd, IDC_PROCESSMODULELIST, hwndList, CBN_SELCHANGE, SendMessage); SetWindowRedraw(hwndList, TRUE); InvalidateRect(hwndList, NULL, FALSE); }