// // FindPID will return ProcessID for an ExeName // retruns 0 if no window has a process created by exename // DWORD FindPID(TCHAR *exename) { DWORD dwPID=0; TCHAR exe[MAX_PATH]; wsprintf(exe, L"%s", exename); //Now make a snapshot for all processes and find the matching processID HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0); if (hSnap != NULL) { PROCESSENTRY32 pe; pe.dwSize = sizeof(PROCESSENTRY32); if (Process32First(hSnap, &pe)) { do { if (wcsicmp (pe.szExeFile, exe) == 0) { CloseToolhelp32Snapshot(hSnap); dwPID=pe.th32ProcessID ; return dwPID; } } while (Process32Next(hSnap, &pe)); }//processFirst }//hSnap CloseToolhelp32Snapshot(hSnap); return 0; }
BOOL IsProcessRunning( TCHAR *pname ) { HANDLE hProcList; PROCESSENTRY32 peProcess; DWORD thDeviceProcessID; TCHAR lpname[MAX_PATH]; if ( wcslen(pname)==0 ) { return FALSE; } wcscpy( lpname, pname ); _tcslwr( lpname ); //init ToolHelp for process list snapshot hProcList = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0 ); if ( hProcList == INVALID_HANDLE_VALUE ) { ULONG err = GetLastError(); if(err == ERROR_NOT_ENOUGH_MEMORY) DEBUGMSG(1, (L"IsProcessRunning:CreateToolhelp32Snapshot failed with ERROR_NOT_ENOUGH_MEMORY\n")); else DEBUGMSG(1, (L"IsProcessRunning:CreateToolhelp32Snapshot failed with GetLastError()=0x0%x\n", GetLastError())); return FALSE; } /* end if */ memset( &peProcess, 0, sizeof(peProcess) ); peProcess.dwSize = sizeof( peProcess ); if ( !Process32First( hProcList, &peProcess ) ) { CloseToolhelp32Snapshot( hProcList ); return FALSE; } /* end if */ thDeviceProcessID = 0; //try to find the process name do{ //_wcslwr( peProcess.szExeFile ); DEBUGMSG(1, (L"IsProcessRunning: comparing '%s' against '%s'\n", lpname, peProcess.szExeFile)); if ( wcsicmp( peProcess.szExeFile, lpname ) == 0) //replaced wcsstr by wcsicmp { thDeviceProcessID = peProcess.th32ProcessID; break; } /* end if */ }while ( Process32Next( hProcList, &peProcess ) ); if ( (GetLastError() == ERROR_NO_MORE_FILES) && (thDeviceProcessID == 0) ) { CloseToolhelp32Snapshot( hProcList ); return FALSE; } /* end if */ CloseToolhelp32Snapshot( hProcList ); return TRUE; } /* IsProcessRunning */
void * AllocateMemInKernelProc(int p_iSize) { LPVOID pAllocated = NULL; // find process id of nk.exe HANDLE snapShot = INVALID_HANDLE_VALUE; DWORD dwNKProcessId = 0; __try { snapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0); if (snapShot != INVALID_HANDLE_VALUE) { // Build new list PROCESSENTRY32 processEntry; processEntry.dwSize = sizeof(PROCESSENTRY32); BOOL ret = Process32First(snapShot, &processEntry); while (ret == TRUE) { if (lstrcmpi(processEntry.szExeFile, L"nk.exe") == 0) { dwNKProcessId = processEntry.th32ProcessID; break; } ret = Process32Next(snapShot, &processEntry); } CloseToolhelp32Snapshot(snapShot); } } __except (EXCEPTION_EXECUTE_HANDLER) { if (snapShot != INVALID_HANDLE_VALUE) { CloseToolhelp32Snapshot(snapShot); } return NULL; } HANDLE hNKProcess = OpenProcess(0, FALSE, dwNKProcessId); if (hNKProcess == NULL) return NULL; HINSTANCE hCoreDll = LoadLibrary(_T("COREDLL")); CALLBACKINFO cbi; cbi.m_hDestinationProcessHandle = hNKProcess; cbi.m_pFunction = (FARPROC)MapPtrToProcess(GetProcAddress(hCoreDll, L"VirtualAlloc"), hNKProcess); cbi.m_pFirstArgument = (LPVOID)0; DWORD dwParam2 = p_iSize; DWORD dwParam3 = MEM_COMMIT; DWORD dwParam4 = PAGE_EXECUTE_READWRITE; DWORD dwPtr = PerformCallBack4(&cbi, dwParam2, dwParam3, dwParam4); //returns 1 if correctly executed pAllocated = MapPtrToProcess( (LPVOID)dwPtr, hNKProcess); CloseHandle(hNKProcess); return pAllocated; }
LONG Process_GetID(LPWSTR name) { HANDLE hProcessSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, NULL); if(hProcessSnapshot == INVALID_HANDLE_VALUE) return 0; LONG result = 0; PROCESSENTRY32 processentry32; memset(&processentry32, 0, sizeof(PROCESSENTRY32)); processentry32.dwSize = sizeof(processentry32); Process32First(hProcessSnapshot, &processentry32); do { wchar_t *sz = wcslwr(processentry32.szExeFile); if(wcsicmp(name, sz) == 0) { result = processentry32.th32ProcessID; break; } } while(Process32Next(hProcessSnapshot, &processentry32)); CloseToolhelp32Snapshot(hProcessSnapshot); return result; };
bool GetProcessName(DWORD dwProcessId, WCHAR wzProcessName[MAX_PATH]) { bool bFound = false; HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0); PROCESSENTRY32 pe = {0}; pe.dwSize = sizeof(PROCESSENTRY32); if (hSnapshot != INVALID_HANDLE_VALUE) { if (Process32First(hSnapshot, &pe)) { do { if (pe.th32ProcessID == dwProcessId) { wcscpy(wzProcessName, pe.szExeFile); bFound = true; break; } } while (Process32Next(hSnapshot, &pe)); } CloseToolhelp32Snapshot(hSnapshot); } return bFound; }
BOOL IsProcessRunning( TCHAR *pname ) { HANDLE hProcList; PROCESSENTRY32 peProcess; DWORD thDeviceProcessID; TCHAR lpname[MAX_PATH]; if ( wcslen(pname)==0 ) { return FALSE; } wcscpy( lpname, pname ); _tcslwr( lpname ); hProcList = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0 ); if ( hProcList == INVALID_HANDLE_VALUE ) { return FALSE; } /* end if */ memset( &peProcess, 0, sizeof(peProcess) ); peProcess.dwSize = sizeof( peProcess ); if ( !Process32First( hProcList, &peProcess ) ) { CloseToolhelp32Snapshot( hProcList ); return FALSE; } /* end if */ thDeviceProcessID = 0; do { //_wcslwr( peProcess.szExeFile ); if ( wcsicmp( peProcess.szExeFile, lpname ) == 0) //replaced wcsstr by wcsicmp { thDeviceProcessID = peProcess.th32ProcessID; break; } /* end if */ } while ( Process32Next( hProcList, &peProcess ) ); if ( (GetLastError() == ERROR_NO_MORE_FILES) && (thDeviceProcessID == 0) ) { CloseToolhelp32Snapshot( hProcList ); return FALSE; } /* end if */ CloseToolhelp32Snapshot( hProcList ); return TRUE; } /* IsProcessRunning */
DWORD FindProcess(TCHAR *szName) { HINSTANCE hProcessSnap = NULL; PROCESSENTRY32 pe32 = {0}; DWORD dwTaskCount = 0; hProcessSnap = (HINSTANCE)CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0); if (hProcessSnap == (HANDLE)-1) return 0; dwTaskCount = 0; pe32.dwSize = sizeof(PROCESSENTRY32); // must be filled out before use if (Process32First(hProcessSnap, &pe32)) { do { if (_wcsicmp(pe32.szExeFile,szName)==0) { CloseToolhelp32Snapshot(hProcessSnap); return pe32.th32ProcessID; } } while (Process32Next(hProcessSnap, &pe32)); } CloseToolhelp32Snapshot(hProcessSnap); return 0; }
void getProcList(){ for (int i=0; i<32; i++) wsprintf(procLIST[i].szName, L""); PROCESSENTRY32 pe32; DWORD dwPID=0; HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPNOHEAPS | TH32CS_SNAPPROCESS, dwPID); if(hProcessSnap ==INVALID_HANDLE_VALUE) return; pe32.dwSize=sizeof(PROCESSENTRY32); if( !Process32First( hProcessSnap, &pe32 ) ){ CloseToolhelp32Snapshot(hProcessSnap); return; } do{ procLIST[iLISToffset].dwID=pe32.th32ProcessID; wsprintf(procLIST[iLISToffset++].szName, L"%s", pe32.szExeFile); } while( Process32Next( hProcessSnap, &pe32 ) ); CloseToolhelp32Snapshot(hProcessSnap); //for (int i=0; i<32; i++){ // DEBUGMSG(1, (L"%i\t0x%08x\t'%s'\n", i, procLIST[i].dwID, procLIST[i].szName)); //} }
extern "C" __declspec(dllexport) DWORD GetProcessMainThreadId(DWORD procId) { #ifndef MAKEULONGLONG #define MAKEULONGLONG(ldw, hdw) ((ULONGLONG(hdw) << 32) | ((ldw) & 0xFFFFFFFF)) #endif #ifndef MAXULONGLONG #define MAXULONGLONG ((ULONGLONG)~((ULONGLONG)0)) #endif DWORD dwMainThreadID = 0; ULONGLONG ullMinCreateTime = MAXULONGLONG; //includes all threads in the system HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); if (hThreadSnap != INVALID_HANDLE_VALUE) { THREADENTRY32 th32; th32.dwSize = sizeof(THREADENTRY32); BOOL bOK = TRUE; //Enumerate all threads in the system and filter on th32OwnerProcessID = pid for (bOK = Thread32First(hThreadSnap, &th32); bOK ; bOK = Thread32Next(hThreadSnap, &th32)) { //if (th32.dwSize >= FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(th32.th32OwnerProcessID)) { if (th32.th32OwnerProcessID == procId && (th32.dwSize >= FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(th32.th32OwnerProcessID))) { //_tprintf(_T("DEBUG Enumerate Process (%ld) Thread Id: %ld\n"), procId, th32.th32ThreadID); HANDLE hThread = OpenThread(THREAD_QUERY_INFORMATION, TRUE, th32.th32ThreadID); if (hThread) { FILETIME afTimes[4] = {0}; if (GetThreadTimes(hThread, &afTimes[0], &afTimes[1], &afTimes[2], &afTimes[3])) { ULONGLONG ullTest = MAKEULONGLONG(afTimes[0].dwLowDateTime, afTimes[0].dwHighDateTime); if (ullTest && ullTest < ullMinCreateTime) { //check each thread's creation time ullMinCreateTime = ullTest; dwMainThreadID = th32.th32ThreadID; // let it be main thread } } CloseHandle(hThread); //must close opened thread } } } #ifndef UNDER_CE CloseHandle(hThreadSnap); //close thread snapshot #else CloseToolhelp32Snapshot(hThreadSnap); //close thread snapshot #endif } return dwMainThreadID; //returns main thread id or returns 0 if can't find it }
DWORD GetRunningProcesses( PROCESSENTRY32 *pProcess ) { HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS|TH32CS_SNAPNOHEAPS, 0); DWORD index = 0; if(hSnapShot == (HANDLE)-1) { #if 1 fprintf (fp, "GetRunningProcesses: Failed CreateToolhelp32Snapshot Error: %d\n", GetLastError()); #endif return 0; } memset(pProcess,0,sizeof(PROCESSENTRY32)); index = 0; pProcess->dwSize = sizeof(PROCESSENTRY32); if(Process32First(hSnapShot, pProcess)) { while(TRUE) { index += 1; if( index < MAX_PROCESSES ) { memcpy( pProcess + 1, pProcess, sizeof(PROCESSENTRY32)); pProcess++; if(!Process32Next(hSnapShot, pProcess)) { break; } } else { index = MAX_PROCESSES; break; } } } CloseToolhelp32Snapshot (hSnapShot); return index ; }
void GetProcessNames(VIRTUALDATA *pvd) { HANDLE hProcessSnap; HANDLE hProcess; PROCESSENTRY32 pe32; int slot; for(slot=STARTBAR;slot<STARTBAR+NUMBARS;slot++) swprintf(pvd->szExeName[slot-STARTBAR],TEXT("Slot %d: empty"),slot); if((1-STARTBAR)>=0) wcscpy(pvd->szExeName[1-STARTBAR],TEXT("Slot 1: ROM DLLs")); // Take a snapshot of all processes in the system. hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS|TH32CS_SNAPNOHEAPS, 0 ); if( hProcessSnap != INVALID_HANDLE_VALUE ) { memset(&pe32,0x00,sizeof(PROCESSENTRY32)); pe32.dwSize = sizeof( PROCESSENTRY32 ); if( Process32First( hProcessSnap, &pe32 ) ) { do { hProcess = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, pe32.th32ProcessID ); if( hProcess != NULL ) { slot=pe32.th32MemoryBase/0x02000000; if(slot-STARTBAR<NUMBARS) swprintf(pvd->szExeName[slot-STARTBAR],TEXT("Slot %d: %s"),slot,pe32.szExeFile); CloseHandle( hProcess ); } } while( Process32Next( hProcessSnap, &pe32 ) ); } CloseToolhelp32Snapshot( hProcessSnap ); } }
void ProcessList::init() { HANDLE h; PROCESSENTRY32 pe32; h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (h == INVALID_HANDLE_VALUE) { return; } pe32.dwSize = sizeof(PROCESSENTRY32); if (!Process32First(h, &pe32)) { return; } do { HANDLE hProcess = getProcessHandle(pe32.th32ProcessID); if (!hProcess) { continue; } QString name = getProcessName(pe32.th32ProcessID); #ifndef _WIN32_WCE PSID sid = getProcessOwner(hProcess); if (!sid || m_userId && !EqualSid(m_userId, sid)) { freeSid(sid); continue; } #else PSID sid = 0; #endif m_processes << new ProcessListEntry(hProcess, name, pe32.th32ProcessID, sid); } while (Process32Next(h, &pe32)); #ifndef _WIN32_WCE CloseHandle(h); #else CloseToolhelp32Snapshot(h); #endif }
void * dlsym(void *handle, const char *symbol) { FARPROC fp = NULL; LPCTSTR new_symbol; if (!symbol || !*symbol) return NULL; #ifdef UNICODE new_symbol = evil_char_to_wchar(symbol); #else new_symbol = symbol; #endif /* UNICODE */ if (handle == RTLD_DEFAULT) { #ifdef _WIN32_WCE HANDLE snapshot; MODULEENTRY32 module; snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPMODULE | TH32CS_GETALLMODS, 0); if (!snapshot) return NULL; module.dwSize = sizeof(module); if (Module32First(snapshot, &module)) do { fp = GetProcAddress(module.hModule, new_symbol); if (fp) break; } while (Module32Next(snapshot, &module)); CloseToolhelp32Snapshot(snapshot); #else HMODULE modules[1024]; DWORD needed; DWORD i; /* TODO: use EnumProcessModulesEx() on Windows >= Vista */ if (!EnumProcessModules(GetCurrentProcess(), modules, sizeof(modules), &needed)) return NULL; for (i = 0; i < (needed / sizeof(HMODULE)); i++) { fp = GetProcAddress(modules[i], new_symbol); if (fp) break; } #endif } else fp = GetProcAddress(handle, new_symbol); #ifdef UNICODE free((void *)new_symbol); #endif /* UNICODE */ if (!fp) get_last_error("GetProcAddress returned: "); return fp; }