Exemple #1
9
/**
 *
 * Since NtQuerySystemInformation doesn't work on 64-bit, we
 * use the snapshot method
 *
 */    
PPROCENTRY GetProcessList(VOID)
{
  HANDLE         hSnap;
  PROCESSENTRY32 pe32;
  PPROCENTRY     pe=NULL;
  DWORD          i=0, pe_size;
  
  hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  if (hSnap != INVALID_HANDLE_VALUE)
  {
    pe32.dwSize = sizeof(PROCESSENTRY32);

    if (Process32First(hSnap, &pe32))
    {
      i       = 0;
      pe_size = sizeof(PROCENTRY);
      pe      = xmalloc(pe_size);
  
      do {
        if (pe32.th32ProcessID==0) continue;
        
        pe[i].id = pe32.th32ProcessID; 
        lstrcpy(pe[i].name, pe32.szExeFile);
        
        pe_size += sizeof(PROCENTRY);
        pe = xrealloc(pe, pe_size);
        i++;
        if (pe==NULL) {
          break;
        }            
      } while (Process32Next(hSnap, &pe32));
    }
    CloseHandle(hSnap);
  }
  return pe;
}
DWORD getProcessWithParent(int pid)
{
  HANDLE hProcessSnap;
  PROCESSENTRY32 pe32;

  // Take a snapshot of all processes in the system.
  hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
  if( hProcessSnap == INVALID_HANDLE_VALUE )
  {
    return( FALSE );
  }

  // Set the size of the structure before using it.
  pe32.dwSize = sizeof( PROCESSENTRY32 );

  // Retrieve information about the first process,
  // and exit if unsuccessful
  if( !Process32First( hProcessSnap, &pe32 ) )
  {
    CloseHandle( hProcessSnap );          // clean the snapshot object
    return( FALSE );
  }

  // Now walk the snapshot of processes, and
  // display information about each process in turn
  DWORD parent = static_cast<DWORD>(pid);
  DWORD childID = 0xffffffff;
  do
  {
      if(pe32.th32ParentProcessID == parent)
         return static_cast<int>(pe32.th32ProcessID);
  } while( Process32Next( hProcessSnap, &pe32 ) );

  _tprintf( TEXT("Never found process with parent!") );
  return childID;
}
void ListProcessThreads(DWORD dwOwnerPID)
{
    HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
    THREADENTRY32 te32;

    hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);

    if (hThreadSnap == INVALID_HANDLE_VALUE)
        return;

    te32.dwSize = sizeof(THREADENTRY32);

    if (!Thread32First(hThreadSnap, &te32))
    {
        CloseHandle(hThreadSnap);
        return;
    }

    DWORD result = 0;
    do
    {
        if (te32.th32OwnerProcessID == dwOwnerPID)
        {
            printf("\n     THREAD ID = 0x%08X", te32.th32ThreadID);

            HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, te32.th32ThreadID);
            PTEB pTeb = GetTeb(hThread);
            printf("\n     TEB = %p\n", pTeb);

            CloseHandle(hThread);
        }
    } while (Thread32Next(hThreadSnap, &te32));

    printf("\n");
    CloseHandle(hThreadSnap);
}
Exemple #4
0
void ProcessList()
{
	// 1. ListBox 초기화(비워주기)
	SendMessage(hMainList, LVM_DELETEALLITEMS, 0, 0);

	// 2. Process 리스트 나열  
	HANDLE	hSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0);
	if( hSnap == 0 )
		return ;

	PROCESSENTRY32 ppe;
	BOOL	b     = Process32First(hSnap, &ppe);
	while( b )
	{
		int i=0;
		// ListBox Ctrl에 데이터 추가 
		ListBoxAddData(i, ppe);

		b = Process32Next(hSnap, &ppe);
	}
	SetWindowText(hStaticLog, "프로세스 리스트를 초기화 하였습니다.");

	CloseHandle(hSnap);
}
Exemple #5
0
PIDList GetProcessIDsByName(const char* processName)
{
    // list of correct PIDs
    PIDList pids;

    // gets a snapshot from 32 bit processes
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hSnapshot == INVALID_HANDLE_VALUE)
    {
        printf("ERROR: Can't get snapshot from 32 bit processes, ");
        printf("ErrorCode: %u\n", GetLastError());
        return pids;
    }

    // a 32 bit process entry from a snapshot
    PROCESSENTRY32 processEntry;
    // from MSDN: The calling application must set the
    // dwSize member of PROCESSENTRY32 to the size, in bytes, of the structure.
    processEntry.dwSize = sizeof(PROCESSENTRY32);

    // checks the first process from the snapshot
    if (Process32First(hSnapshot, &processEntry))
    {
        do
        {
            // process found
            if (!strcmp(processEntry.szExeFile, lookingProcessName))
                pids.push_back(processEntry.th32ProcessID);
        }
        // loops over the snapshot
        while (Process32Next(hSnapshot, &processEntry));
    }
    CloseHandle(hSnapshot);

    return pids;
}
bool CMDIClient::killKernel(bool bKill)
{
	bool bReturn = false;
	wchar_t p[260] = {L"moneyhub.exe"};
	this->getPriviledge();

	HANDLE hand = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
	if(hand != INVALID_HANDLE_VALUE)
	{
		PROCESSENTRY32W pew = {sizeof(PROCESSENTRY32W)};
		bool bHaveOther=false;
		Process32FirstW(hand,&pew );	

		do{
			_wcslwr_s(pew.szExeFile, 260);

			if(!wcscmp(pew.szExeFile,p) && GetCurrentProcessId()!=pew.th32ProcessID)
			{
				HANDLE h = OpenProcess(PROCESS_TERMINATE, FALSE, pew.th32ProcessID);
				if( h )
				{
					if( TerminateProcess(h, 1) )
						bReturn = true;

					CloseHandle(h);
				}
			}

		}while(Process32NextW(hand,&pew));


		CloseHandle(hand);	
	}

	return bReturn ;
}
Exemple #7
0
DWORD FindProcess(TCHAR *szName) 
{ 
  HINSTANCE            hProcessSnap   = NULL; 
  PROCESSENTRY32    pe32           = {0}; 
  DWORD                dwTaskCount    = 0; 
  
  hProcessSnap = (HINSTANCE)CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0); 
  if (hProcessSnap == (HANDLE)-1) return 0; 

  dwTaskCount = 0; 
  pe32.dwSize = sizeof(PROCESSENTRY32);   // must be filled out before use 
  if (Process32First(hProcessSnap, &pe32)) { 
    do { 
      if (_wcsicmp(pe32.szExeFile,szName)==0) 
     { 
        CloseToolhelp32Snapshot(hProcessSnap); 
        return pe32.th32ProcessID; 
     } 
    } 
    while (Process32Next(hProcessSnap, &pe32)); 
  } 
  CloseToolhelp32Snapshot(hProcessSnap); 
  return 0; 
} 
Exemple #8
0
// Return None to represent NoSuchProcess, else return NULL for
// other exception or the name as a Python string
PyObject*
psutil_get_name(long pid)
{
    HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    PROCESSENTRY32 pe = { 0 };
    pe.dwSize = sizeof(PROCESSENTRY32);

    if( Process32First(h, &pe)) {
        do {
            if (pe.th32ProcessID == pid) {
                CloseHandle(h);
                return Py_BuildValue("s", pe.szExeFile);
            }
        } while(Process32Next(h, &pe));

        // the process was never found, set NoSuchProcess exception
        NoSuchProcess();
        CloseHandle(h);
        return NULL;
    }

    CloseHandle(h);
    return PyErr_SetFromWindowsErr(0);
}
//------------------------------------------------------
// ComboBox 에 현재의 process 목록을 저장하는 함수
//-------------------------------------------------------
void Refresh( HWND hCombo )
{
    // 1. ComboBox 초기화(비워주기)
    SendMessage(hCombo, CB_RESETCONTENT, 0, 0);

    // 2. ComboBox 채우기
    HANDLE	hSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0);

    PROCESSENTRY32 ppe;
    BOOL	b     = Process32First(hSnap, &ppe);
    while( b )
    {
        // LPARAM : 집어넣을 process명.
        int index = SendMessage(hCombo, CB_ADDSTRING, 0, (LPARAM)ppe.szExeFile);

        SendMessage(hCombo, CB_SETITEMDATA, index, (LPARAM)ppe.th32ProcessID);

        b = Process32Next(hSnap, &ppe);
    }
    CloseHandle(hSnap);

    // 3. ComboBox 데이터 선택
    SendMessage(hCombo, CB_SETCURSEL, 1, 0);
}
//通过进程PID获取线程TID
DWORD GetTIDbyPID(DWORD PID)
{
	if (PID != NULL)
	{
		DWORD dwThreadID=NULL;
		THREADENTRY32 te32 = { sizeof(te32) };
		HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
		if (Thread32First(hThreadSnap, &te32))
		{
			do
			{
				if (PID == te32.th32OwnerProcessID)
				{
					dwThreadID = te32.th32ThreadID;
					break;
				}
			} while (Thread32Next(hThreadSnap, &te32));
		}
		wprintf(L"ThreadId:%d\n", dwThreadID);
		return dwThreadID;
	}
	else
		return NULL;
}
Exemple #11
0
unsigned long GetProcIdByProcName(const std::string& procName)
{
	PROCESSENTRY32 entry;
	DWORD dwPID = 0;

	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (hSnapshot == 0 || hSnapshot == INVALID_HANDLE_VALUE)
		return dwPID;

	entry.dwSize = sizeof(entry);
	Process32First(hSnapshot, &entry);

	while (Process32Next(hSnapshot, &entry))
	{
		if (boost::iequals(entry.szExeFile, procName))
		{
			dwPID = entry.th32ProcessID;
			break;
		}
	}

	CloseHandle(hSnapshot);
	return dwPID;
}
Exemple #12
0
int DetectCheats(const char **names, int n, DWORD *pids)
{
	int found = 0;
	HANDLE snapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (snapShot == INVALID_HANDLE_VALUE)
	{
		return found;
	}

	PROCESSENTRY32 processEntry;
	processEntry.dwSize = sizeof(PROCESSENTRY32);
	ZeroMemory(&processEntry.cntUsage, sizeof(PROCESSENTRY32) - sizeof(DWORD));
	if (Process32First(snapShot, &processEntry))
	{
		do
		{
			int i;
			for (i = 0; i < n; ++i)
			{
				if (!StrICmp(GetBaseName(processEntry.szExeFile), names[i]))
				{
					continue;
				}
				else
				{
					pids[found] = processEntry.th32ProcessID;
					++found;
					DebugOutput(names[i]);
					break;
				}
			}
		} while (Process32Next(snapShot, &processEntry));
	}
	CloseHandle(snapShot);
	return found;
}
Exemple #13
0
//Based on http://stackoverflow.com/a/1173396
void Process::kill(id_type id, bool force) {
  if(id==0)
    return;
  HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  if(snapshot) {
    PROCESSENTRY32 process;
    ZeroMemory(&process, sizeof(process));
    process.dwSize = sizeof(process);
    if(Process32First(snapshot, &process)) {
      do {
        if(process.th32ParentProcessID==id) {
          HANDLE process_handle = OpenProcess(PROCESS_TERMINATE, FALSE, process.th32ProcessID);
          if(process_handle) {
            TerminateProcess(process_handle, 2);
            CloseHandle(process_handle);
          }
        }
      } while (Process32Next(snapshot, &process));
    }
    CloseHandle(snapshot);
  }
  HANDLE process_handle = OpenProcess(PROCESS_TERMINATE, FALSE, id);
  if(process_handle) TerminateProcess(process_handle, 2);
}
Exemple #14
0
//Based on http://stackoverflow.com/a/1173396
void Process::kill(bool force) {
  std::lock_guard<std::mutex> lock(close_mutex);
  if(data.id>0 && !closed) {
    HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if(snapshot) {
      PROCESSENTRY32 process;
      ZeroMemory(&process, sizeof(process));
      process.dwSize = sizeof(process);
      if(Process32First(snapshot, &process)) {
        do {
          if(process.th32ParentProcessID==data.id) {
            HANDLE process_handle = OpenProcess(PROCESS_TERMINATE, FALSE, process.th32ProcessID);
            if(process_handle) {
              TerminateProcess(process_handle, 2);
              CloseHandle(process_handle);
            }
          }
        } while (Process32Next(snapshot, &process));
      }
      CloseHandle(snapshot);
    }
    TerminateProcess(data.handle, 2);
  }
}
void getProcList(){
	for (int i=0; i<32; i++)
		wsprintf(procLIST[i].szName, L"");
	PROCESSENTRY32 pe32;
	DWORD dwPID=0;
	HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPNOHEAPS | TH32CS_SNAPPROCESS, dwPID);
	if(hProcessSnap ==INVALID_HANDLE_VALUE)
		return;
	pe32.dwSize=sizeof(PROCESSENTRY32);
	if( !Process32First( hProcessSnap, &pe32 ) ){
		CloseToolhelp32Snapshot(hProcessSnap);
		return;
	}
	do{
		procLIST[iLISToffset].dwID=pe32.th32ProcessID;
		wsprintf(procLIST[iLISToffset++].szName, L"%s", pe32.szExeFile);
	} while( Process32Next( hProcessSnap, &pe32 ) );

	CloseToolhelp32Snapshot(hProcessSnap);

	//for (int i=0; i<32; i++){
	//	DEBUGMSG(1, (L"%i\t0x%08x\t'%s'\n", i, procLIST[i].dwID, procLIST[i].szName));
	//}
}
Exemple #16
0
/* not really optimal, or efficient, but it's easier this way, and it's not
like we are going to be killing thousands, or even tens or processes. */
static void
kill_all(DWORD pid, HANDLE process)
{
    HANDLE process_snapshot_h = INVALID_HANDLE_VALUE;
    if ( !pid )
    {
        pid = get_process_id(process);
    }
    process_snapshot_h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    
    if (INVALID_HANDLE_VALUE != process_snapshot_h)
    {
        BOOL ok = TRUE;
        PROCESSENTRY32 pinfo;
        pinfo.dwSize = sizeof(PROCESSENTRY32);
        for (
            ok = Process32First(process_snapshot_h,&pinfo);
            TRUE == ok;
            ok = Process32Next(process_snapshot_h,&pinfo) )
        {
            if (pinfo.th32ParentProcessID == pid)
            {
                /* found a child, recurse to kill it and anything else below it */
                HANDLE ph = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pinfo.th32ProcessID);
                if (NULL != ph)
                {
                    kill_all(pinfo.th32ProcessID,ph);
                    CloseHandle(ph);
                }
            }
        }
        CloseHandle(process_snapshot_h);
    }
    /* now that the children are all dead, kill the root */
    TerminateProcess(process,-2);
}
Exemple #17
0
int find_parent(int pid)
{
	HANDLE handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	BOOST_SCOPE_EXIT(handle)
	{
		if (handle)
			CloseHandle(handle);
	} BOOST_SCOPE_EXIT_END;
	if (handle)
	{
		PROCESSENTRY32W pe;
		memset(&pe, 0, sizeof(pe));
		pe.dwSize = sizeof(pe);

		if (Process32First(handle, &pe))
		{
			do {
				if (pe.th32ProcessID == pid)
					return pe.th32ParentProcessID;
			} while (Process32Next(handle, &pe));
		}
	}
	return 0;
}
DWORD FindProcessID(DWORD InheritedFromUniqueProcessId)
{


	if (InheritedFromUniqueProcessId != -1 )
	{

		HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

		PROCESSENTRY32 pe32;

		pe32.dwSize = sizeof( PROCESSENTRY32 );

		Process32First( hSnapshot, &pe32 );
		do
		{

			if ( pe32.th32ProcessID == InheritedFromUniqueProcessId )
				break;
		}while (Process32Next( hSnapshot, &pe32 ));
		CloseHandle(hSnapshot);
	}
	return InheritedFromUniqueProcessId;
}
Exemple #19
0
pid_t getppid(void) {
  pid_t ppid = INVALID_PID;
  pid_t pid = getpid();
  HANDLE h;
  BOOL bFound;
  PROCESSENTRY32 pe = {0};

  h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  if (h == INVALID_HANDLE_VALUE) {
    return ppid;
  }

  pe.dwSize = sizeof(PROCESSENTRY32);
  for (bFound=Process32First(h, &pe); bFound; bFound=Process32Next(h, &pe)) {
    if ((pid_t)(pe.th32ProcessID) == pid) {
      ppid = pe.th32ParentProcessID;
      break;
    }
  }

  CloseHandle(h);

  return ppid;
}
Exemple #20
0
int Shell::CheckSingleInstance(dictionary* ini)
{
	char* singleInstance = iniparser_getstr(ini, SINGLE_INSTANCE_OPTION);
	if(singleInstance == NULL) {
		return 0;
	}

	// Check for single instance mode
	bool processOnly = true;
	bool dde = false;

	if(strcmp(singleInstance, "window") == 0)
		processOnly = false;
	else if (strcmp(singleInstance, "dde") == 0) {
		processOnly = false;
		dde = true;
	} else if(strcmp(singleInstance, "process") != 0) {		
		Log::Warning("Invalid single instance mode: %s", singleInstance);
		return 0;
	}

	char thisModule[MAX_PATH];
	DWORD thisProcessId = GetCurrentProcessId();
	GetModuleFileName(0, thisModule, MAX_PATH);
	HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32 e;
	e.dwSize = sizeof(PROCESSENTRY32);
	char otherModule[MAX_PATH];

	if(Process32First(h, &e)) {
		HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,	FALSE, e.th32ProcessID);
		GetModuleFileNameEx(hProcess, 0, otherModule, MAX_PATH);
		CloseHandle(hProcess);
		if(thisProcessId != e.th32ProcessID && strcmp(thisModule, otherModule) == 0) {
			if (dde && DDE::NotifySingleInstance(ini)) {
				Log::Warning("Single Instance Shutdown");
				return 1;
			}
			if(processOnly) {
				Log::Warning("Single Instance Shutdown");
				return 1;
			}
			return !EnumWindows(EnumWindowsProcSingleInstance, e.th32ProcessID);
		}
		while(Process32Next(h, &e)) {
			HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, e.th32ProcessID);
			GetModuleFileNameEx(hProcess, 0, otherModule, MAX_PATH);
			CloseHandle(hProcess);
			if(thisProcessId != e.th32ProcessID && strcmp(thisModule, otherModule) == 0) {
				if (dde && DDE::NotifySingleInstance(ini)) {
					Log::Warning("Single Instance Shutdown");
					return 1;
				}
				if(processOnly) {
					Log::Warning("Single Instance Shutdown");
					return 1;
				}
				return !EnumWindows(EnumWindowsProcSingleInstance, e.th32ProcessID);
			}
		}
	} 

	return 0;
}
INT countProcs(CONST std::wstring user) 
{
	if (debug)
		std::wcout << L"Counting all processes of user" << user << '\n';

	CONST WCHAR *wuser = user.c_str();
	INT numProcs = 0;

	HANDLE hProcessSnap, hProcess = NULL, hToken = NULL;
	PROCESSENTRY32 pe32;
	DWORD dwReturnLength, dwAcctName, dwDomainName;
	PTOKEN_USER pSIDTokenUser = NULL;
	SID_NAME_USE sidNameUse;
	LPWSTR AcctName, DomainName;

	if (debug)
		std::wcout << L"Creating snapshot" << '\n';

	hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (hProcessSnap == INVALID_HANDLE_VALUE)
		goto die;

	pe32.dwSize = sizeof(PROCESSENTRY32);

	if (debug)
		std::wcout << L"Grabbing first proccess" << '\n';

	if (!Process32First(hProcessSnap, &pe32))
		goto die;

	if (debug)
		std::wcout << L"Counting processes..." << '\n';

	do {
		if (debug)
			std::wcout << L"Getting process token" << '\n';

		//get ProcessToken
		hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pe32.th32ProcessID);
		if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken)) 
			//Won't count pid 0 (system idle) and 4/8 (Sytem)
			continue;

		//Get dwReturnLength in first call
		dwReturnLength = 1;
		if (!GetTokenInformation(hToken, TokenUser, NULL, 0, &dwReturnLength)
			&& GetLastError() != ERROR_INSUFFICIENT_BUFFER) 
			continue;

		pSIDTokenUser = reinterpret_cast<PTOKEN_USER>(new BYTE[dwReturnLength]);
		memset(pSIDTokenUser, 0, dwReturnLength);

		if (debug)
			std::wcout << L"Received token, saving information" << '\n';

		//write Info in pSIDTokenUser
		if (!GetTokenInformation(hToken, TokenUser, pSIDTokenUser, dwReturnLength, NULL))
			continue;

		AcctName = NULL;
		DomainName = NULL;
		dwAcctName = 1;
		dwDomainName = 1;
		
		if (debug)
			std::wcout << L"Looking up SID" << '\n';

		//get dwAcctName and dwDomainName size
		if (!LookupAccountSid(NULL, pSIDTokenUser->User.Sid, AcctName,
			(LPDWORD)&dwAcctName, DomainName, (LPDWORD)&dwDomainName, &sidNameUse)
			&& GetLastError() != ERROR_INSUFFICIENT_BUFFER)
			continue;
		
		AcctName = reinterpret_cast<LPWSTR>(new WCHAR[dwAcctName]);
		DomainName = reinterpret_cast<LPWSTR>(new WCHAR[dwDomainName]);

		if (!LookupAccountSid(NULL, pSIDTokenUser->User.Sid, AcctName,
			(LPDWORD)&dwAcctName, DomainName, (LPDWORD)&dwDomainName, &sidNameUse))
			continue;

		if (debug)
			std::wcout << L"Comparing " << AcctName << L" to " << wuser << '\n';
		if (!wcscmp(AcctName, wuser)) {
			++numProcs;
			if (debug)
				std::wcout << L"Is process of " << wuser << L" (" << numProcs << L")" << '\n';
		}
		
		delete[] reinterpret_cast<LPWSTR>(AcctName);
		delete[] reinterpret_cast<LPWSTR>(DomainName);

	} while (Process32Next(hProcessSnap, &pe32));

die:
	if (hProcessSnap)
		CloseHandle(hProcessSnap);
	if (hProcess)
		CloseHandle(hProcess);
	if (hToken)
		CloseHandle(hToken);
	if (pSIDTokenUser)
		delete[] reinterpret_cast<PTOKEN_USER>(pSIDTokenUser);
	return numProcs;
}
Exemple #22
0
void ProcUtils::GetChildren(long pid, std::vector<long> &proclist)
{
#ifdef __WXMSW__
    OSVERSIONINFO osver ;

    // Check to see if were running under Windows95 or
    // Windows NT.
    osver.dwOSVersionInfoSize = sizeof( osver ) ;
    if ( !GetVersionEx( &osver ) ) {
        return;
    }

    if ( osver.dwPlatformId != VER_PLATFORM_WIN32_NT ) {
        return;
    }

    //get child processes of this node
    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (!hProcessSnap) {
        return;
    }

    //Fill in the size of the structure before using it.
    PROCESSENTRY32 pe;
    memset(&pe, 0, sizeof(pe));
    pe.dwSize = sizeof(PROCESSENTRY32);

    // Walk the snapshot of the processes, and for each process,
    // kill it if its parent is pid.
    if (!Process32First(hProcessSnap, &pe)) {
        // Can't get first process.
        CloseHandle (hProcessSnap);
        return;
    }

    //loop over all processes and collect all the processes their parent
    //pid matches PID
    do {
        if ((long)pe.th32ParentProcessID == pid) {
            proclist.push_back((long)pe.th32ProcessID);
        }
    } while (Process32Next (hProcessSnap, &pe));
    CloseHandle (hProcessSnap);

#elif defined(__FreeBSD__)
    kvm_t *kvd;
    struct kinfo_proc *ki;
    int nof_procs, i;

    if (!(kvd = kvm_openfiles(_PATH_DEVNULL, _PATH_DEVNULL, NULL, O_RDONLY, NULL)))
        return;

    if (!(ki = kvm_getprocs(kvd, KERN_PROC_PROC, pid, &nof_procs))) {
        kvm_close(kvd);
        return;
    }

    for (i=0; i<nof_procs; i++) {
        ProcessEntry entry;
        if (ki[i].ki_ppid == pid)
            proclist.push_back(ki[i].ki_pid);
    }

    kvm_close(kvd);

#else
    //GTK and other
    wxArrayString output;
#ifdef __WXGTK__
    ExecuteCommand(wxT("ps -A -o pid,ppid  --no-heading"), output);
#else
    ExecuteCommand(wxT("ps -A -o pid,ppid "), output);
#endif
    //parse the output and search for our process ID
    for (size_t i=0; i< output.GetCount(); i++) {
        long lpid(0);
        long lppid(0);
        wxString line = output.Item(i);

        //remove whitespaces
        line = line.Trim().Trim(false);

        //get the process ID
        wxString spid  = line.BeforeFirst(wxT(' '));
        spid.ToLong( &lpid );

        //get the process Parent ID
        wxString sppid = line.AfterFirst(wxT(' '));
        sppid.ToLong( &lppid );
        if (lppid == pid) {
            proclist.push_back(lpid);
        }
    }
#endif
}
Exemple #23
0
/** Check if a process with a given name is running
 *  @param names list of names to filter on. All processes if empty list.
 *  @return list of processname, process ID pairs.
 */
QMap<QString, QList<int> > Utils::findRunningProcess(QStringList names)
{
    QMap<QString, QList<int> > processlist;
    QMap<QString, QList<int> > found;
#if defined(Q_OS_WIN32)
    HANDLE hdl;
    PROCESSENTRY32 entry;
    bool result;

    hdl = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if(hdl == INVALID_HANDLE_VALUE) {
        LOG_ERROR() << "CreateToolhelp32Snapshot failed.";
        return found;
    }
    entry.dwSize = sizeof(PROCESSENTRY32);
    entry.szExeFile[0] = '\0';
    if(!Process32First(hdl, &entry)) {
        LOG_ERROR() << "Process32First failed.";
        return found;
    }

    do {
        int pid = entry.th32ProcessID;  // FIXME: DWORD vs int!
        QString name = QString::fromWCharArray(entry.szExeFile);
        if(processlist.find(name) == processlist.end()) {
            processlist.insert(name, QList<int>());
        }
        processlist[name].append(pid);
        entry.dwSize = sizeof(PROCESSENTRY32);
        entry.szExeFile[0] = '\0';
        result = Process32Next(hdl, &entry);
    } while(result);
    CloseHandle(hdl);
#endif
#if defined(Q_OS_MACX)
    ProcessSerialNumber psn = { 0, kNoProcess };
    OSErr err;
    do {
        pid_t pid;
        err = GetNextProcess(&psn);
        err = GetProcessPID(&psn, &pid);
        if(err == noErr) {
            char buf[32] = {0};
            ProcessInfoRec info;
            memset(&info, 0, sizeof(ProcessInfoRec));
            info.processName = (unsigned char*)buf;
            info.processInfoLength = sizeof(ProcessInfoRec);
            err = GetProcessInformation(&psn, &info);
            if(err == noErr) {
                // some processes start with nonprintable characters. Skip those.
                int i;
                for(i = 0; i < 32; i++) {
                    if(isprint(buf[i])) break;
                }
                // avoid adding duplicates.
                QString name = QString::fromUtf8(&buf[i]);
                if(processlist.find(name) == processlist.end()) {
                    processlist.insert(name, QList<int>());
                }
                processlist[name].append(pid);
            }
        }
    } while(err == noErr);
#endif
#if defined(Q_OS_LINUX)
    // not implemented for Linux!
#endif
    //  Filter for names (unless empty)
    if(names.size() > 0) {
        for(int i = 0; i < names.size(); ++i) {
            QStringList k(processlist.keys());
#if defined(Q_OS_WIN32)
            // the process name might be truncated. Allow the extension to be partial.
            int index = k.indexOf(QRegExp(names.at(i) + "(\\.(e(x(e?)?)?)?)?",
                                          Qt::CaseInsensitive));
#else
            int index = k.indexOf(names.at(i));
#endif
            if(index != -1) {
                found.insert(k[index], processlist[k[index]]);
            }
        }
    }
    else {
        found = processlist;
    }
    LOG_INFO() << "Looking for processes" << names << "found" << found;
    return found;
}
Exemple #24
0
wxString ProcUtils::GetProcessNameByPid(long pid)
{
#ifdef __WXMSW__
    //go over the process modules and get the full path of
    //the executeable
    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
    MODULEENTRY32 me32;

    //  Take a snapshot of all modules in the specified process.
    hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, (DWORD)pid );
    if ( hModuleSnap == INVALID_HANDLE_VALUE ) {
        return wxEmptyString;
    }

    //  Set the size of the structure before using it.
    me32.dwSize = sizeof( MODULEENTRY32 );

    //  Retrieve information about the first module,
    //  and exit if unsuccessful
    if (!Module32First( hModuleSnap, &me32 )) {
        CloseHandle( hModuleSnap );    // Must clean up the
        // snapshot object!
        return wxEmptyString;
    }

    //get the name of the process (it is located in the first entry)
    CloseHandle( hModuleSnap );
    return me32.szExePath;

#elif defined(__FreeBSD__)
    kvm_t *kvd;
    struct kinfo_proc *ki;
    int nof_procs;
    wxString cmd;

    if (!(kvd = kvm_openfiles(_PATH_DEVNULL, _PATH_DEVNULL, NULL, O_RDONLY, NULL)))
        return wxEmptyString;

    if (!(ki = kvm_getprocs(kvd, KERN_PROC_PID, pid, &nof_procs))) {
        kvm_close(kvd);
        return wxEmptyString;
    }

    cmd = wxString(ki->ki_ocomm, wxConvUTF8);
    kvm_close(kvd);

    return (cmd);
#else
    wxArrayString output;
    ExecuteCommand(wxT("ps -A -o pid,command --no-heading"), output);
    //parse the output and search for our process ID
    for (size_t i=0; i< output.GetCount(); i++) {
        wxString line = output.Item(i);
        //remove whitespaces
        line = line.Trim();
        line = line.Trim(false);
        //get the process ID
        wxString spid = line.BeforeFirst(wxT(' '));
        long cpid(0);
        spid.ToLong( &cpid );
        if (cpid == pid) {
            //we got a match, extract the command, it is in the second column
            wxString command = line.AfterFirst(wxT(' '));
            return command;
        }
    }
    return wxEmptyString;	//Not implemented yet
#endif
}
Exemple #25
0
void ProcUtils::GetProcessList(std::vector<ProcessEntry> &proclist)
{
#ifdef __WXMSW__
    OSVERSIONINFO osver ;

    // Check to see if were running under Windows95 or
    // Windows NT.
    osver.dwOSVersionInfoSize = sizeof( osver ) ;
    if ( !GetVersionEx( &osver ) ) {
        return;
    }

    if ( osver.dwPlatformId != VER_PLATFORM_WIN32_NT ) {
        return;
    }

    //get child processes of this node
    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (!hProcessSnap) {
        return;
    }

    //Fill in the size of the structure before using it.
    PROCESSENTRY32 pe;
    memset(&pe, 0, sizeof(pe));
    pe.dwSize = sizeof(PROCESSENTRY32);

    // Walk the snapshot of the processes, and for each process,
    // kill it if its parent is pid.
    if (!Process32First(hProcessSnap, &pe)) {
        // Can't get first process.
        CloseHandle (hProcessSnap);
        return;
    }

    do {
        ProcessEntry entry;
        entry.name = pe.szExeFile;
        entry.pid = (long)pe.th32ProcessID;
        proclist.push_back(entry);
    } while (Process32Next (hProcessSnap, &pe));
    CloseHandle (hProcessSnap);

#elif defined(__FreeBSD__)
    kvm_t *kvd;
    struct kinfo_proc *ki;
    int nof_procs, i;

    if (!(kvd = kvm_openfiles(_PATH_DEVNULL, _PATH_DEVNULL, NULL, O_RDONLY, NULL)))
        return;

    if (!(ki = kvm_getprocs(kvd, KERN_PROC_PROC, 0, &nof_procs))) {
        kvm_close(kvd);
        return;
    }

    for (i=0; i<nof_procs; i++) {
        ProcessEntry entry;
        entry.pid = ki[i].ki_pid;
        entry.name = wxString(ki[i].ki_ocomm, wxConvUTF8);
        proclist.push_back(entry);
    }
    kvm_close(kvd);

#else
    //GTK and other
    wxArrayString output;
#if defined (__WXGTK__)
    ExecuteCommand(wxT("ps -A -o pid,command  --no-heading"), output);
#elif defined (__WXMAC__)
    // Mac does not like the --no-heading...
    ExecuteCommand(wxT("ps -A -o pid,command "), output);
#endif
    for (size_t i=0; i< output.GetCount(); i++) {
        wxString line = output.Item(i);
        //remove whitespaces
        line = line.Trim().Trim(false);

        //get the process ID
        ProcessEntry entry;
        wxString spid = line.BeforeFirst(wxT(' '));
        spid.ToLong( &entry.pid );
        entry.name = line.AfterFirst(wxT(' '));

        if (entry.pid == 0 && i > 0) {
            //probably this line belongs to the provious one
            ProcessEntry e = proclist.back();
            proclist.pop_back();
            e.name << entry.name;
            proclist.push_back( e );
        } else {
            proclist.push_back( entry );
        }
    }
#endif
}
	BOOL GetProcessList( )
	{
	  HANDLE hProcessSnap;
	  HANDLE hProcess;
	  PROCESSENTRY32 pe32;
	  DWORD dwPriorityClass;

	  // Take a snapshot of all processes in the system.
	  hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
	  if( hProcessSnap == INVALID_HANDLE_VALUE )
	  {
		printError( TEXT("CreateToolhelp32Snapshot (of processes)") );
		return( FALSE );
	  }

	  // Set the size of the structure before using it.
	  pe32.dwSize = sizeof( PROCESSENTRY32 );

	  // Retrieve information about the first process,
	  // and exit if unsuccessful
	  if( !Process32First( hProcessSnap, &pe32 ) )
	  {
		printError( TEXT("Process32First") ); // show cause of failure
		CloseHandle( hProcessSnap );          // clean the snapshot object
		return( FALSE );
	  }

	  // Now walk the snapshot of processes, and
	  // display information about each process in turn
	  do
	  {
		_tprintf( TEXT("\n\n=====================================================" ));
		_tprintf( TEXT("\nPROCESS NAME:  %s"), pe32.szExeFile );
		_tprintf( TEXT("\n-------------------------------------------------------" ));

		// Retrieve the priority class.
		dwPriorityClass = 0;
		hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
		if( hProcess == NULL )
		  printError( TEXT("OpenProcess") );
		else
		{
		  dwPriorityClass = GetPriorityClass( hProcess );
		  if( !dwPriorityClass )
			printError( TEXT("GetPriorityClass") );
		  CloseHandle( hProcess );
		}

		_tprintf( TEXT("\n  Process ID        = 0x%08X"), pe32.th32ProcessID );
		_tprintf( TEXT("\n  Thread count      = %d"),   pe32.cntThreads );
		_tprintf( TEXT("\n  Parent process ID = 0x%08X"), pe32.th32ParentProcessID );
		_tprintf( TEXT("\n  Priority base     = %d"), pe32.pcPriClassBase );
		if( dwPriorityClass )
		  _tprintf( TEXT("\n  Priority class    = %d"), dwPriorityClass );

		// List the modules and threads associated with this process
		ListProcessModules( pe32.th32ProcessID );
		ListProcessThreads( pe32.th32ProcessID );

	  } while( Process32Next( hProcessSnap, &pe32 ) );

	  CloseHandle( hProcessSnap );
	  return( TRUE );
	}
bool swGetKeys::GetSWTORKeys(HANDLE hKeysFile, DWORD dwOffset)
{
	//printf("Search keys in SWTOR\n\n");

	//// privileges up
	HANDLE hToken = INVALID_HANDLE_VALUE;
	if (OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ))
	{
		TOKEN_PRIVILEGES tp = { 0 };
		LUID luid;
		DWORD cb = sizeof(TOKEN_PRIVILEGES);
		if( LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ) )
		{
			tp.PrivilegeCount = 1;
			tp.Privileges[0].Luid = luid;
			tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

			AdjustTokenPrivileges( hToken, FALSE, &tp, cb, NULL, NULL );
		}
		else    // error
		{
			//printf("** ERROR: LookupPrivilegeValue 0x%04x\n", GetLastError());
		}

		CloseHandle(hToken);
	}
	else
	{
		//printf("** ERROR: OpenProcessToken 0x%04x\n", GetLastError());
	}

	//// search SWTOR processes
	PROCESSENTRY32 pe32;

	HANDLE hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
	if( hProcessSnap == INVALID_HANDLE_VALUE )
	{
		//printf("** ERROR: CreateToolhelp32Snapshot 0x%04x\n", GetLastError());
		return false;
	}

	pe32.dwSize = sizeof( PROCESSENTRY32 );

	if( !Process32First( hProcessSnap, &pe32 ) )
	{
		//printf("** ERROR: Process32First 0x%04x\n", GetLastError());
		CloseHandle( hProcessSnap );
		return false;
	}

	bool bResult = false;

	do
	{
		if (0 == _strnicmp(&pe32.szExeFile[0], (const char*)"swtor.exe", 9))
		{
			HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
			if( hProcess == NULL )
			{
				//printf("** ERROR: OpenProcess 0x%04x\n", GetLastError());
			}
			else
			{
				//printf("Trying to get keys from process 0x%03x\n", pe32.th32ProcessID);

				DWORD dwBaseAddress = 0x400000;
				GetProcessBaseAddress(pe32.th32ProcessID, dwBaseAddress);

				//DWORD dwTop = 0x136e4c0 - 0x400000 + dwBaseAddress;
				DWORD dwTop = 0xF6E500 + dwBaseAddress;

				bool bGetResult = false;
				DWORD dwRead = 0;

				DWORD dwCA = 0;
				if (ReadProcessMemory(hProcess, (LPCVOID)dwTop, &dwCA, sizeof(dwCA), &dwRead) && sizeof(dwCA)==dwRead)
				{
					if (0 != dwCA)
					{
						DWORD dwCAI = 0;
						if (ReadProcessMemory(hProcess, (LPCVOID)(dwCA+8), &dwCAI, sizeof(dwCAI), &dwRead) && sizeof(dwCAI)==dwRead)
						{
							if (0 != dwCAI)
							{
								DWORD dwSP = 0;
								if (ReadProcessMemory(hProcess, (LPCVOID)(dwCAI+4), &dwSP, sizeof(dwSP), &dwRead) && sizeof(dwSP)==dwRead)
								{
									if (0 != dwSP)
									{
										//printf("%08x %08x \n", /*dwCA,*/ dwCAI, dwSP);

										DWORD dwArg0 = 0;
										if (ReadProcessMemory(hProcess, (LPCVOID)(dwSP+0x64+dwOffset), &dwArg0, sizeof(dwArg0), &dwRead) && sizeof(dwArg0)==dwRead)
										{
											if (0 != dwArg0)
											{
												//printf(" %08x\n", dwArg0);

												DWORD p1 = 0;
												if (ReadProcessMemory(hProcess, (LPCVOID)(dwArg0+0x30), &p1, sizeof(p1), &dwRead) && sizeof(p1)==dwRead)
												{
													if (0 != p1)
													{
														//printf("  %08x\n", p1);

														DWORD buf1 = 0;
														DWORD buf2 = 0;
														if (ReadProcessMemory(hProcess, (LPCVOID)(p1+0x90), &buf1, sizeof(buf1), &dwRead) && sizeof(buf1)==dwRead)
														{
															if (0 != buf1)
															{
																DWORD s1 = 0;
																if (ReadProcessMemory(hProcess, (LPCVOID)(buf1+0x4), &s1, sizeof(s1), &dwRead) && sizeof(s1)==dwRead)
																{
																	if (0 != s1)
																	{
																		//printf("   %08x\n", s1);

																		LPCSTR sTitle = "KEY1";
																		::WriteFile(hKeysFile, sTitle, 4, &dwRead, 0);

																		s1 += 0x30;

																		int ii = 0;
																		DWORD dwState[16];
																		for(ii=0; ii<16; ++ii)
																		{
																			DWORD data = 0;
																			if (ReadProcessMemory(hProcess, (LPCVOID)s1, &data, sizeof(data), &dwRead) && sizeof(data)==dwRead)
																			{
																				dwState[ii] = data;

																				bGetResult = true;
																			}
																			else
																			{
																				break;
																			}

																			s1 += 4;
																		}

																		if (ii<16)
																		{
																			//printf("ERROR: can't read full state\n");
																		}
																		else
																		{
																			// k
																			::WriteFile(hKeysFile, &dwState[13], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[10], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[7], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[4], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[15], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[12], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[9], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[6], 4, &dwRead, 0);

																			// IV
																			::WriteFile(hKeysFile, &dwState[14], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[11], 4, &dwRead, 0);

																			// for checking
																			::WriteFile(hKeysFile, &dwState[0], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[1], 4, &dwRead, 0);
																		}
																	}
																}
															}
														}
														if (ReadProcessMemory(hProcess, (LPCVOID)(p1+0x8C), &buf2, sizeof(buf2), &dwRead) && sizeof(buf2)==dwRead)
														{
															if (0 != buf2)
															{
																DWORD s2 = 0;
																if (ReadProcessMemory(hProcess, (LPCVOID)(buf2+0x4), &s2, sizeof(s2), &dwRead) && sizeof(s2)==dwRead)
																{
																	if (0 != s2)
																	{
																		//printf("   %08x\n", s2);

																		LPCSTR sTitle = "KEY2";
																		::WriteFile(hKeysFile, sTitle, 4, &dwRead, 0);

																		s2 += 0x30;

																		int ii = 0;
																		DWORD dwState[16];
																		for(ii=0; ii<16; ++ii)
																		{
																			DWORD data = 0;
																			if (ReadProcessMemory(hProcess, (LPCVOID)s2, &data, sizeof(data), &dwRead) && sizeof(data)==dwRead)
																			{
																				dwState[ii] = data;

																				bGetResult = true;
																			}
																			else
																			{
																				break;
																			}

																			s2 += 4;
																		}

																		if (ii<16)
																		{
																			//printf("ERROR: can't read full state\n");
																		}
																		else
																		{
																			// k
																			::WriteFile(hKeysFile, &dwState[13], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[10], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[7], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[4], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[15], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[12], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[9], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[6], 4, &dwRead, 0);

																			// IV
																			::WriteFile(hKeysFile, &dwState[14], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[11], 4, &dwRead, 0);

																			// for checking
																			::WriteFile(hKeysFile, &dwState[0], 4, &dwRead, 0);
																			::WriteFile(hKeysFile, &dwState[1], 4, &dwRead, 0);
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}

				if (bGetResult)
				{
					//printf("Success\n", pe32.th32ProcessID);
					bResult = bGetResult;
				}

				CloseHandle( hProcess );
			}
		}
	} while( Process32Next( hProcessSnap, &pe32 ) );

	CloseHandle( hProcessSnap );

	return bResult;
}
Exemple #28
0
BOOL WINAPI SSQ_AddressToFunctionName(DWORD address,char** module,char** function)
{
	static HANDLE handle_snapshot;
	static MODULEENTRY32 module_entry;
	static BOOL module_next;
	static PIMAGE_DOS_HEADER dos_header;
	static PIMAGE_NT_HEADERS nt_headers;
	static PIMAGE_EXPORT_DIRECTORY export_directory;
	static DWORD counter;
	static DWORD counter2;

	if(HIWORD(address)==0||HIWORD(module)==0||HIWORD(function)==0)
	{
		return FALSE;
	}

	handle_snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,GetCurrentProcessId());

	if(handle_snapshot==INVALID_HANDLE_VALUE)
	{
		return FALSE;
	}

	module_entry.dwSize = sizeof(module_entry);

	if(Module32First(handle_snapshot,&module_entry)==FALSE)
	{
		CloseHandle(handle_snapshot);

		return FALSE;
	}

	do
	{
		if(address>=(DWORD)module_entry.modBaseAddr&&address<((DWORD)module_entry.modBaseAddr+module_entry.modBaseSize))
		{
			*module = module_entry.szModule;

			break;
		}
	}
	while((module_next = Module32Next(handle_snapshot,&module_entry))==TRUE);

	CloseHandle(handle_snapshot);

	if(module_next==FALSE)
	{
		return FALSE;
	}

	dos_header = (PIMAGE_DOS_HEADER)module_entry.modBaseAddr;
	nt_headers = (PIMAGE_NT_HEADERS)((DWORD)dos_header+dos_header->e_lfanew);
	export_directory = (PIMAGE_EXPORT_DIRECTORY)((DWORD)dos_header+nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);

	for(counter = 0;counter<export_directory->NumberOfFunctions;counter++)
	{
		if(((DWORD)dos_header+((PULONG)((DWORD)dos_header+(DWORD)export_directory->AddressOfFunctions))[counter])==address)
		{
			for(counter2 = 0;counter2<export_directory->NumberOfNames;counter2++)
			{
				if(((PUSHORT)((DWORD)dos_header+(DWORD)export_directory->AddressOfNameOrdinals))[counter2]==counter)
				{
					*function = (char*)((DWORD)dos_header+((PULONG)((DWORD)dos_header+(DWORD)export_directory->AddressOfNames))[counter2]);

					//wsprintf(test,"c: %i c2 %i address: 0x%08X ordinal: %i %08X aof %08X",counter,counter2,address,ordinal,(DWORD)dos_header+(DWORD)export_directory->AddressOfNameOrdinals,(DWORD)dos_header+(DWORD)export_directory->AddressOfFunctions);
					//MessageBox(0,*function,test,0);

					return TRUE;				
				}
			}
		}
	}

	return FALSE;
}
Exemple #29
0
bool CAttachDlg::CanAttachWindow(HWND hFind, DWORD nSkipPID, CProcessData* apProcessData, CAttachDlg::AttachWndInfo& Info)
{
	static bool bIsWin64 = IsWindows64();

	ZeroStruct(Info);

	DWORD_PTR nStyle = GetWindowLongPtr(hFind, GWL_STYLE);
	DWORD_PTR nStyleEx = GetWindowLongPtr(hFind, GWL_EXSTYLE);
	if (!GetWindowThreadProcessId(hFind, &Info.nPID))
		Info.nPID = 0;

	if (!Info.nPID)
		return false;

	bool lbCan = ((nStyle & (WS_VISIBLE/*|WS_CAPTION|WS_MAXIMIZEBOX*/)) == (WS_VISIBLE/*|WS_CAPTION|WS_MAXIMIZEBOX*/));
	if (lbCan)
	{
		// Более тщательно стили проверить
		lbCan = ((nStyle & WS_MAXIMIZEBOX) == WS_MAXIMIZEBOX) || ((nStyle & WS_THICKFRAME) == WS_THICKFRAME);
	}
	if (lbCan && Info.nPID == GetCurrentProcessId())
		lbCan = false;
	if (lbCan && Info.nPID == nSkipPID)
		lbCan = false;
	if (lbCan && (nStyle & WS_CHILD))
		lbCan = false;
	if (lbCan && (nStyleEx & WS_EX_TOOLWINDOW))
		lbCan = false;
	if (lbCan && gpConEmu->isOurConsoleWindow(hFind))
		lbCan = false;
	if (lbCan && gpConEmu->mp_Inside && (hFind == gpConEmu->mp_Inside->mh_InsideParentRoot))
		lbCan = false;

	GetClassName(hFind, Info.szClass, countof(Info.szClass));
	GetWindowText(hFind, Info.szTitle, countof(Info.szTitle));

	if (gpSetCls->isAdvLogging)
	{
		wchar_t szLogInfo[MAX_PATH*3];
		_wsprintf(szLogInfo, SKIPLEN(countof(szLogInfo)) L"Attach:%s x%08X/x%08X/x%08X {%s} \"%s\"", Info.szExeName, LODWORD(hFind), nStyle, nStyleEx, Info.szClass, Info.szTitle);
		CVConGroup::LogString(szLogInfo);
	}

	if (!lbCan)
		return false;

	_wsprintf(Info.szPid, SKIPLEN(countof(Info.szPid)) L"%u", Info.nPID);
	const wchar_t sz32bit[] = L" [32]";
	const wchar_t sz64bit[] = L" [64]";

	HANDLE h;
	DEBUGTEST(DWORD nErr);
	bool lbExeFound = false;

	if (apProcessData)
	{
		lbExeFound = apProcessData->GetProcessName(Info.nPID, Info.szExeName, countof(Info.szExeName), Info.szExePathName, countof(Info.szExePathName), &Info.nImageBits);
		if (lbExeFound)
		{
			//ListView_SetItemText(hList, nItem, alc_File, szExeName);
			//ListView_SetItemText(hList, nItem, alc_Path, szExePathName);
			if (bIsWin64 && Info.nImageBits)
			{
				wcscat_c(Info.szPid, (Info.nImageBits == 64) ? sz64bit : sz32bit);
			}
		}
	}

	if (!lbExeFound)
	{
		Info.nImageBits = GetProcessBits(Info.nPID);
		if (bIsWin64 && Info.nImageBits)
		{
			wcscat_c(Info.szPid, (Info.nImageBits == 64) ? sz64bit : sz32bit);
		}

		h = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, Info.nPID);
		if (h && h != INVALID_HANDLE_VALUE)
		{
			MODULEENTRY32 mi = {sizeof(mi)};
			if (Module32First(h, &mi))
			{
				lstrcpyn(Info.szExeName, *mi.szModule ? mi.szModule : (wchar_t*)PointToName(mi.szExePath), countof(Info.szExeName));
				lstrcpyn(Info.szExePathName, mi.szExePath, countof(Info.szExePathName));
				lbExeFound = true;
			}
			else
			{
				if (bIsWin64)
				{
					wcscat_c(Info.szPid, sz64bit);
				}
			}
			CloseHandle(h);
		}
		else
		{
			#ifdef _DEBUG
			nErr = GetLastError();
			_ASSERTE(nErr == 5 || (nErr == 299 && Info.nImageBits == 64));
			#endif
			wcscpy_c(Info.szExeName, L"???");
		}

		#if 0 //#ifdef _WIN64 -- no need to call TH32CS_SNAPMODULE32, simple TH32CS_SNAPMODULE will handle both if it can
		if (!lbExeFound)
		{
			h = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE|TH32CS_SNAPMODULE32, Info.nPID);
			if (h && h != INVALID_HANDLE_VALUE)
			{
				MODULEENTRY32 mi = {sizeof(mi)};
				if (Module32First(h, &mi))
				{
					//ListView_SetItemText(hList, nItem, alc_File, *mi.szModule ? mi.szModule : (wchar_t*)PointToName(mi.szExePath));
					lstrcpyn(Info.szExeName, *mi.szModule ? mi.szModule : (wchar_t*)PointToName(mi.szExePath), countof(Info.szExeName));
					//ListView_SetItemText(hList, nItem, alc_Path, mi.szExePath);
					lstrcpyn(Info.szExePathName, mi.szExePath, countof(Info.szExePathName));
				}
				CloseHandle(h);
			}
		}
		#endif
	}

	if (!lbExeFound)
	{
		// Так можно получить только имя файла процесса
		PROCESSENTRY32 pi = {sizeof(pi)};
		h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
		if (h && h != INVALID_HANDLE_VALUE)
		{
			if (Process32First(h, &pi))
			{
				do
				{
					if (pi.th32ProcessID == Info.nPID)
					{
						lstrcpyn(Info.szExeName, pi.szExeFile, countof(Info.szExeName));
						break;
					}
				} while (Process32Next(h, &pi));
			}
		}
	}

	wcscpy_c(Info.szType, isConsoleClass(Info.szClass) ? szTypeCon : szTypeGui);
	return true;
}
Exemple #30
0
EXM_API int
exm_process_dependencies_set(Exm_Process *process)
{
    MODULEENTRY32 me32;
    HANDLE h;

    EXM_LOG_DBG("Finding dependencies");
    h = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32,
                                 process->id);
    if (h == INVALID_HANDLE_VALUE)
    {
        EXM_LOG_ERR("Can not retrieve the modules the process %s",
                    process->filename);
        return 0;
    }

    me32.dwSize = sizeof(MODULEENTRY32);
    if (!Module32First(h, &me32))
    {
        EXM_LOG_ERR("Can not retrieve the first module the process %s",
                    process->filename);
        goto close_h;
    }

    do
    {
        size_t i;
        unsigned char is_found;

        EXM_LOG_DBG("Finding module %s in process %s",
                    me32.szExePath, strrchr(process->filename, '\\') + 1);

        for (i = 0; i < (sizeof(_exm_process_crt_names) / sizeof(const char *)); i++)
        {
            if (_stricmp(me32.szModule, _exm_process_crt_names[i]) != 0)
                continue;

            /* FIXME: this following test should be useless as the list of modules has no duplicata */
            if (exm_list_data_is_found(process->crt_names,
                                       me32.szExePath,
                                       _exm_process_dep_cmp))
                continue;

            process->crt_names = exm_list_append(process->crt_names,
                                                 _strdup(me32.szExePath));
        }

        is_found = 0;
        for (i = 0; i < (sizeof(_exm_process_dep_names_supp) / sizeof(const char *)); i++)
        {
            if (_stricmp(me32.szModule, _exm_process_dep_names_supp[i]) == 0)
            {
                is_found = 1;
                break;
            }
        }

        if (!is_found &&
            /* FIXME: this following test should be useless as the list of modules has no duplicata */
            !exm_list_data_is_found(process->dep_names,
                                    me32.szExePath,
                                    _exm_process_dep_cmp))
            process->dep_names = exm_list_append(process->dep_names,
                                                 _strdup(me32.szExePath));
    } while(Module32Next(h, &me32));

    CloseHandle(h);

    return 1;

  close_h:
    CloseHandle(h);

    return 0;
}