Exemple #1
0
//
// FindPID will return ProcessID for an ExeName
// retruns 0 if no window has a process created by exename
//
DWORD FindPID(TCHAR *exename)
{
    DWORD dwPID=0;
    TCHAR exe[MAX_PATH];
    wsprintf(exe, L"%s", exename);
    //Now make a snapshot for all processes and find the matching processID
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0);
    if (hSnap != NULL)
    {
        PROCESSENTRY32 pe;
        pe.dwSize = sizeof(PROCESSENTRY32);
        if (Process32First(hSnap, &pe))
        {
            do
            {
                if (wcsicmp (pe.szExeFile, exe) == 0)
                {
                    CloseToolhelp32Snapshot(hSnap);
                    dwPID=pe.th32ProcessID ;
                    return dwPID;
                }
            } while (Process32Next(hSnap, &pe));
        }//processFirst
    }//hSnap
    CloseToolhelp32Snapshot(hSnap);
    return 0;

}
Exemple #2
0
BOOL IsProcessRunning( TCHAR *pname )
{
    HANDLE          hProcList;
    PROCESSENTRY32  peProcess;
    DWORD           thDeviceProcessID;
    TCHAR           lpname[MAX_PATH];
    if ( wcslen(pname)==0 )
    {
        return FALSE;
    }

    wcscpy( lpname, pname );
    _tcslwr( lpname );
	//init ToolHelp for process list snapshot
    hProcList = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0 );
    if ( hProcList == INVALID_HANDLE_VALUE )
    {
		ULONG err = GetLastError();
		if(err == ERROR_NOT_ENOUGH_MEMORY)
			DEBUGMSG(1, (L"IsProcessRunning:CreateToolhelp32Snapshot failed with ERROR_NOT_ENOUGH_MEMORY\n"));
		else
			DEBUGMSG(1, (L"IsProcessRunning:CreateToolhelp32Snapshot failed with GetLastError()=0x0%x\n", GetLastError()));
        return FALSE;
    }       /* end if */

    memset( &peProcess, 0, sizeof(peProcess) );
    peProcess.dwSize = sizeof( peProcess );
    if ( !Process32First( hProcList, &peProcess ) )
    {
        CloseToolhelp32Snapshot( hProcList );
        return FALSE;
    }       /* end if */

    thDeviceProcessID = 0;
    
	//try to find the process name
	do{
        //_wcslwr( peProcess.szExeFile );
		DEBUGMSG(1, (L"IsProcessRunning: comparing '%s' against '%s'\n", lpname, peProcess.szExeFile));
        if ( wcsicmp( peProcess.szExeFile, lpname ) == 0) //replaced wcsstr by wcsicmp
        {
            thDeviceProcessID = peProcess.th32ProcessID;
            break;
        }   /* end if */
    }while ( Process32Next( hProcList, &peProcess ) );

    if ( (GetLastError() == ERROR_NO_MORE_FILES) && (thDeviceProcessID == 0) )
    {
        CloseToolhelp32Snapshot( hProcList );
        return FALSE;
    }       /* end if */

    CloseToolhelp32Snapshot( hProcList );
    return TRUE;
}           /* IsProcessRunning */
Exemple #3
0
void * AllocateMemInKernelProc(int p_iSize)
{
	LPVOID pAllocated = NULL;
	// find process id of nk.exe
	HANDLE snapShot = INVALID_HANDLE_VALUE;
	DWORD dwNKProcessId = 0;
	__try
	{
	    snapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0);
	    if (snapShot != INVALID_HANDLE_VALUE)
		{
			// Build new list
			PROCESSENTRY32 processEntry;
			processEntry.dwSize = sizeof(PROCESSENTRY32);
			BOOL ret = Process32First(snapShot, &processEntry);
			while (ret == TRUE)
			{
				if (lstrcmpi(processEntry.szExeFile, L"nk.exe") == 0)
				{
					dwNKProcessId = processEntry.th32ProcessID;
					break;
				}
				ret = Process32Next(snapShot, &processEntry);
			}
			CloseToolhelp32Snapshot(snapShot);
		}
	} __except (EXCEPTION_EXECUTE_HANDLER)
	{
		if (snapShot != INVALID_HANDLE_VALUE)
		{
			CloseToolhelp32Snapshot(snapShot);
		}
		return NULL;
	}

	HANDLE hNKProcess = OpenProcess(0, FALSE, dwNKProcessId);
	if (hNKProcess == NULL)
		return NULL;

	HINSTANCE hCoreDll = LoadLibrary(_T("COREDLL"));
	CALLBACKINFO cbi;
	cbi.m_hDestinationProcessHandle = hNKProcess;
	cbi.m_pFunction = (FARPROC)MapPtrToProcess(GetProcAddress(hCoreDll, L"VirtualAlloc"), hNKProcess);
	cbi.m_pFirstArgument = (LPVOID)0; 
	DWORD dwParam2 = p_iSize;
    DWORD dwParam3 = MEM_COMMIT;
	DWORD dwParam4 = PAGE_EXECUTE_READWRITE;
	DWORD dwPtr = PerformCallBack4(&cbi, dwParam2, dwParam3, dwParam4); //returns 1 if correctly executed	

	pAllocated = MapPtrToProcess( (LPVOID)dwPtr, hNKProcess);
	CloseHandle(hNKProcess);
	return pAllocated;
}
Exemple #4
0
LONG Process_GetID(LPWSTR name)
{
	HANDLE hProcessSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, NULL);
	
	if(hProcessSnapshot == INVALID_HANDLE_VALUE)
		return 0;

	LONG result = 0;
	PROCESSENTRY32 processentry32;
	memset(&processentry32, 0, sizeof(PROCESSENTRY32));
	processentry32.dwSize = sizeof(processentry32);

	Process32First(hProcessSnapshot, &processentry32);
	do
	{
		wchar_t *sz = wcslwr(processentry32.szExeFile);
		if(wcsicmp(name, sz) == 0)
		{
			result = processentry32.th32ProcessID;
			break;
		}
	} while(Process32Next(hProcessSnapshot, &processentry32));

	CloseToolhelp32Snapshot(hProcessSnapshot);

	return result;
};
Exemple #5
0
bool GetProcessName(DWORD dwProcessId, WCHAR wzProcessName[MAX_PATH])
{
    bool bFound = false;

    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0);
    PROCESSENTRY32 pe = {0};
    pe.dwSize = sizeof(PROCESSENTRY32);

    if (hSnapshot != INVALID_HANDLE_VALUE)
    {
        if (Process32First(hSnapshot, &pe))
        {
            do
            {
                if (pe.th32ProcessID == dwProcessId)
                {
                    wcscpy(wzProcessName, pe.szExeFile);
                    bFound = true;
                    break;
                }
            } while (Process32Next(hSnapshot, &pe));
        }
        CloseToolhelp32Snapshot(hSnapshot);
    }

    return bFound;
}
Exemple #6
0
BOOL IsProcessRunning( TCHAR *pname )
{
    HANDLE          hProcList;
    PROCESSENTRY32  peProcess;
    DWORD           thDeviceProcessID;
    TCHAR           lpname[MAX_PATH];
    if ( wcslen(pname)==0 )
    {
        return FALSE;
    }

    wcscpy( lpname, pname );
    _tcslwr( lpname );
    hProcList = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0 );
    if ( hProcList == INVALID_HANDLE_VALUE )
    {
        return FALSE;
    }       /* end if */

    memset( &peProcess, 0, sizeof(peProcess) );
    peProcess.dwSize = sizeof( peProcess );
    if ( !Process32First( hProcList, &peProcess ) )
    {
        CloseToolhelp32Snapshot( hProcList );
        return FALSE;
    }       /* end if */

    thDeviceProcessID = 0;
    do
    {
        //_wcslwr( peProcess.szExeFile );
        if ( wcsicmp( peProcess.szExeFile, lpname ) == 0) //replaced wcsstr by wcsicmp
        {
            thDeviceProcessID = peProcess.th32ProcessID;
            break;
        }   /* end if */
    }
    while ( Process32Next( hProcList, &peProcess ) );
    if ( (GetLastError() == ERROR_NO_MORE_FILES) && (thDeviceProcessID == 0) )
    {
        CloseToolhelp32Snapshot( hProcList );
        return FALSE;
    }       /* end if */

    CloseToolhelp32Snapshot( hProcList );
    return TRUE;
}           /* IsProcessRunning */
Exemple #7
0
DWORD FindProcess(TCHAR *szName) 
{ 
    HINSTANCE         hProcessSnap   = NULL; 
    PROCESSENTRY32    pe32           = {0}; 
    DWORD             dwTaskCount    = 0; 

    hProcessSnap = (HINSTANCE)CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0); 
    if (hProcessSnap == (HANDLE)-1) return 0; 

    dwTaskCount = 0; 
    pe32.dwSize = sizeof(PROCESSENTRY32);   // must be filled out before use 
    if (Process32First(hProcessSnap, &pe32)) { 
        do { 
            if (_wcsicmp(pe32.szExeFile,szName)==0) 
            { 
                CloseToolhelp32Snapshot(hProcessSnap); 
                return pe32.th32ProcessID; 
            } 
        } 
        while (Process32Next(hProcessSnap, &pe32)); 
    } 
    CloseToolhelp32Snapshot(hProcessSnap); 
    return 0; 
}
Exemple #8
0
void getProcList(){
	for (int i=0; i<32; i++)
		wsprintf(procLIST[i].szName, L"");
	PROCESSENTRY32 pe32;
	DWORD dwPID=0;
	HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPNOHEAPS | TH32CS_SNAPPROCESS, dwPID);
	if(hProcessSnap ==INVALID_HANDLE_VALUE)
		return;
	pe32.dwSize=sizeof(PROCESSENTRY32);
	if( !Process32First( hProcessSnap, &pe32 ) ){
		CloseToolhelp32Snapshot(hProcessSnap);
		return;
	}
	do{
		procLIST[iLISToffset].dwID=pe32.th32ProcessID;
		wsprintf(procLIST[iLISToffset++].szName, L"%s", pe32.szExeFile);
	} while( Process32Next( hProcessSnap, &pe32 ) );

	CloseToolhelp32Snapshot(hProcessSnap);

	//for (int i=0; i<32; i++){
	//	DEBUGMSG(1, (L"%i\t0x%08x\t'%s'\n", i, procLIST[i].dwID, procLIST[i].szName));
	//}
}
Exemple #9
0
extern "C" __declspec(dllexport) DWORD GetProcessMainThreadId(DWORD procId)
{

#ifndef MAKEULONGLONG
#define MAKEULONGLONG(ldw, hdw) ((ULONGLONG(hdw) << 32) | ((ldw) & 0xFFFFFFFF))
#endif
#ifndef MAXULONGLONG
#define MAXULONGLONG ((ULONGLONG)~((ULONGLONG)0))
#endif

    DWORD dwMainThreadID = 0;
    ULONGLONG ullMinCreateTime = MAXULONGLONG;
    //includes all threads in the system
    HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
    if (hThreadSnap != INVALID_HANDLE_VALUE) {
        THREADENTRY32 th32;
        th32.dwSize = sizeof(THREADENTRY32);
        BOOL bOK = TRUE;
        //Enumerate all threads in the system and filter on th32OwnerProcessID = pid
        for (bOK = Thread32First(hThreadSnap, &th32); bOK ; bOK = Thread32Next(hThreadSnap, &th32)) {
            //if (th32.dwSize >= FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(th32.th32OwnerProcessID)) {
            if (th32.th32OwnerProcessID == procId && (th32.dwSize >= FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(th32.th32OwnerProcessID))) {
                //_tprintf(_T("DEBUG Enumerate Process (%ld) Thread Id: %ld\n"), procId, th32.th32ThreadID);
                HANDLE hThread = OpenThread(THREAD_QUERY_INFORMATION, TRUE, th32.th32ThreadID);
                if (hThread) {
                    FILETIME afTimes[4] = {0};
                    if (GetThreadTimes(hThread,	&afTimes[0], &afTimes[1], &afTimes[2], &afTimes[3])) {
                        ULONGLONG ullTest = MAKEULONGLONG(afTimes[0].dwLowDateTime, afTimes[0].dwHighDateTime);
                        if (ullTest && ullTest < ullMinCreateTime) { //check each thread's creation time
                            ullMinCreateTime = ullTest;
                            dwMainThreadID = th32.th32ThreadID; // let it be main thread
                        }
                    }
                    CloseHandle(hThread); //must close opened thread
                }
            }
        }
#ifndef UNDER_CE
        CloseHandle(hThreadSnap); //close thread snapshot
#else
        CloseToolhelp32Snapshot(hThreadSnap); //close thread snapshot
#endif
    }
    return dwMainThreadID; //returns main thread id or returns 0 if can't find it
}
Exemple #10
0
DWORD GetRunningProcesses( PROCESSENTRY32 *pProcess )
{
  HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS|TH32CS_SNAPNOHEAPS, 0);
  DWORD index = 0;
  if(hSnapShot == (HANDLE)-1)
    {
#if 1
      fprintf (fp, "GetRunningProcesses: Failed CreateToolhelp32Snapshot Error: %d\n",
	       GetLastError());
#endif
      return 0;
    }

  memset(pProcess,0,sizeof(PROCESSENTRY32));
  index = 0;
  pProcess->dwSize = sizeof(PROCESSENTRY32);
  if(Process32First(hSnapShot, pProcess))
    {
      while(TRUE)
	{
	  index += 1;
	  if( index < MAX_PROCESSES )
	    {
	      memcpy( pProcess + 1, pProcess, sizeof(PROCESSENTRY32));
	      pProcess++;
	      if(!Process32Next(hSnapShot, pProcess))
		{
		  break;
		}
	    }
	  else
	    {
	      index = MAX_PROCESSES;
	      break;
	    }
	}
    }
  CloseToolhelp32Snapshot (hSnapShot);
  return index ;
}
Exemple #11
0
void GetProcessNames(VIRTUALDATA *pvd)
{
	HANDLE hProcessSnap;
	HANDLE hProcess;
	PROCESSENTRY32 pe32;
	int slot;

	for(slot=STARTBAR;slot<STARTBAR+NUMBARS;slot++)
		swprintf(pvd->szExeName[slot-STARTBAR],TEXT("Slot %d: empty"),slot);

	if((1-STARTBAR)>=0)
		wcscpy(pvd->szExeName[1-STARTBAR],TEXT("Slot 1: ROM DLLs"));

	// Take a snapshot of all processes in the system.
	hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS|TH32CS_SNAPNOHEAPS, 0 );
	if( hProcessSnap != INVALID_HANDLE_VALUE )
	{
		memset(&pe32,0x00,sizeof(PROCESSENTRY32));
		pe32.dwSize = sizeof( PROCESSENTRY32 );

		if( Process32First( hProcessSnap, &pe32 ) )
		{
			do
			{
				hProcess = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, pe32.th32ProcessID );
				if( hProcess != NULL )
				{
					slot=pe32.th32MemoryBase/0x02000000;

					if(slot-STARTBAR<NUMBARS)
						swprintf(pvd->szExeName[slot-STARTBAR],TEXT("Slot %d: %s"),slot,pe32.szExeFile);

					CloseHandle( hProcess );
				}
			} while( Process32Next( hProcessSnap, &pe32 ) );
		}

		CloseToolhelp32Snapshot( hProcessSnap );
	}
}
Exemple #12
0
void ProcessList::init()
{
    HANDLE h;
    PROCESSENTRY32 pe32;

    h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (h == INVALID_HANDLE_VALUE) {
        return;
    }
    pe32.dwSize = sizeof(PROCESSENTRY32);
    if (!Process32First(h, &pe32)) {
        return;
    }

    do {
        HANDLE hProcess = getProcessHandle(pe32.th32ProcessID);
        if (!hProcess) {
            continue;
        }
        QString name = getProcessName(pe32.th32ProcessID);
#ifndef _WIN32_WCE
        PSID sid = getProcessOwner(hProcess);
        if (!sid || m_userId && !EqualSid(m_userId, sid)) {
            freeSid(sid);
            continue;
        }
#else
        PSID sid = 0;
#endif
        m_processes << new ProcessListEntry(hProcess, name, pe32.th32ProcessID, sid);
    } while (Process32Next(h, &pe32));
#ifndef _WIN32_WCE
    CloseHandle(h);
#else
    CloseToolhelp32Snapshot(h);
#endif
}
Exemple #13
0
void *
dlsym(void *handle, const char *symbol)
{
   FARPROC fp = NULL;
   LPCTSTR new_symbol;

   if (!symbol || !*symbol) return NULL;

#ifdef UNICODE
   new_symbol = evil_char_to_wchar(symbol);
#else
   new_symbol = symbol;
#endif /* UNICODE */

   if (handle == RTLD_DEFAULT)
     {
#ifdef _WIN32_WCE
        HANDLE snapshot;
        MODULEENTRY32 module;

        snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS |
                                            TH32CS_SNAPMODULE |
                                            TH32CS_GETALLMODS,
                                            0);
        if (!snapshot)
          return NULL;

        module.dwSize = sizeof(module);
        if (Module32First(snapshot, &module))
          do {
            fp = GetProcAddress(module.hModule, new_symbol);
            if (fp) break;
          } while (Module32Next(snapshot, &module));

        CloseToolhelp32Snapshot(snapshot);
#else
        HMODULE modules[1024];
        DWORD needed;
        DWORD i;

        /* TODO: use EnumProcessModulesEx() on Windows >= Vista */
        if (!EnumProcessModules(GetCurrentProcess(),
                                modules, sizeof(modules), &needed))
          return NULL;

        for (i = 0; i < (needed /  sizeof(HMODULE)); i++)
          {
            fp = GetProcAddress(modules[i], new_symbol);
            if (fp) break;
          }
#endif
     }
   else
     fp = GetProcAddress(handle, new_symbol);

#ifdef UNICODE
   free((void *)new_symbol);
#endif /* UNICODE */

   if (!fp)
     get_last_error("GetProcAddress returned: ");

   return fp;
}