void CExceptionHandler::Register() { // (( scope )) { ASSERT(g_lpExceptionHandler == NULL); // Build our required extra information. g_szExtraInformation = GetVersionInformation(); if (g_szExtraInformation == NULL) { goto __failed; } // Find the path to create the dump files in and ensure it exists. wstring szCrashDumpPath(GetDirname(GetModuleFileNameEx()) + L"\\" + CRASH_DUMP_PATH); SetEnvironmentVariable(L"MOZ_CRASHREPORTER_DATA_DIRECTORY", szCrashDumpPath.c_str()); DWORD dwAttr = GetFileAttributes(szCrashDumpPath.c_str()); if (dwAttr == INVALID_FILE_ATTRIBUTES) { BOOL fResult = CreateDirectory(szCrashDumpPath.c_str(), NULL); if (!fResult) { goto __failed; } } // Set the module name as the first restart parameter so the crash // reporter displays the restart button. SetEnvironmentVariable(L"MOZ_CRASHREPORTER_RESTART_ARG_0", GetModuleFileNameEx().c_str()); // Create the exception handler. g_lpExceptionHandler = new google_breakpad::ExceptionHandler( GetDirname(GetModuleFileNameEx()).c_str(), NULL, MinidumpCallback, NULL, google_breakpad::ExceptionHandler::HANDLER_ALL ); return; } __failed: if (g_szExtraInformation != NULL) { free(g_szExtraInformation); g_szExtraInformation = NULL; } }
bool FindInjectedModule(DWORD processID) { HMODULE hMods[1024]; HANDLE hProcess; DWORD cbNeeded; hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID); if (hProcess == NULL) return false; if(EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) { for (unsigned int i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) { TCHAR szModName[MAX_PATH]; if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR))) { char buf[MAX_PATH]; WideCharToMultiByte(CP_ACP, 0, szModName, -1, buf, MAX_PATH, "?", NULL); string s(buf); if (s.compare(s.length() - 6, 6, "BH.dll") == 0) { return true; } } } } CloseHandle(hProcess); return false; }
int ProcessMap::BuildUdpProcDict() { //清空processtcpdict ClearUdpProcessDict(); portdict.clear(); //构建tcpportdict MIB_UDPTABLE_OWNER_PID udptable; udptable.dwNumEntries = sizeof(udptable)/sizeof(udptable.table[0]); DWORD udptablesize = sizeof(udptable); if(GetExtendedUdpTable((void *)&udptable, &udptablesize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0) == NO_ERROR) { for(unsigned int i =0 ; i< udptable.dwNumEntries; i++) { int port = ntohs((unsigned short)udptable.table[i].dwLocalPort); int pid = udptable.table[i].dwOwningPid; portdict.insert(pair<int ,int>(port,pid)); } } //构建UdpProcessDict // Take a snapshot HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); PROCESSENTRY32 p; p.dwSize = sizeof(PROCESSENTRY32); // Traverse Process List for(BOOL ret = Process32First(hSnapShot, &p); ret != 0; ret = Process32Next(hSnapShot, &p)) { // Get pid and file name int pid = p.th32ProcessID; for(portdictit=portdict.begin();portdictit!=portdict.end();portdictit++) { if(portdictit->second == pid) { ProcessNode *processnode = new ProcessNode; processnode->pid = pid; processnode->processname = TCHARTochar(p.szExeFile); // Get full path (if possible) HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); if (hProcess == 0) { processnode->processpath = NULL; } else { TCHAR fullPath[MAX_PATH]; if (GetModuleFileNameEx(hProcess, 0, fullPath, MAX_PATH) > 0) // Success { processnode->processpath = TCHARTochar(fullPath); } else processnode->processpath = NULL; } CloseHandle(hProcess); udpprocessdict.insert(pair<int,ProcessNode*>(portdictit->first,processnode)); } } } CloseHandle(hSnapShot); UpdateUnknowUdpportdict(); return 0; }
CProfilingInfo::~CProfilingInfo(void) { if (!records.empty()) { // write profile to file TCHAR buffer [MAX_PATH] = {0}; if (GetModuleFileNameEx(GetCurrentProcess(), nullptr, buffer, _countof(buffer)) > 0) try { std::wstring fileName (buffer); fileName += L".profile"; std::string report = GetInstance()->GetReport(); CFile file (fileName.c_str(), CFile::modeCreate | CFile::modeWrite ); file.Write (report.c_str(), (UINT)report.size()); } catch (...) { // ignore all file errors etc. } // free data for (size_t i = 0; i < records.size(); ++i) delete records[i]; } }
BOOL STDCALL OSGetLoadedModuleList(HANDLE hProcess, StringList &ModuleList) { HMODULE hMods[1024]; DWORD count; if (EnumProcessModulesEx(hProcess, hMods, sizeof(hMods), &count, LIST_MODULES_ALL)) { for (UINT i=0; i<(count / sizeof(HMODULE)); i++) { TCHAR szFileName[MAX_PATH]; if (GetModuleFileNameEx(hProcess, hMods[i], szFileName, _countof(szFileName)-1)) { TCHAR *p; p = srchr(szFileName, '\\'); if (p) { *p = 0; p++; } slwr (p); ModuleList << p; } } } else return 0; return 1; }
DWORD find_process( char *pattern ) { DWORD aProcesses[1024], cbNeeded, cProcesses, mcbNeeded; unsigned int i; HMODULE hMods[1024]; HANDLE hProcess; char szModName[MAX_PATH]; if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) { deb("failed enumprocesses: %s", strerror(NULL)); return NULL; } cProcesses = cbNeeded / sizeof(DWORD); for ( i = 0; i < cProcesses; i++ ) { hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i] ); if (NULL == hProcess || !EnumProcessModules(hProcess, hMods, sizeof(hMods), &mcbNeeded)) continue; if ( GetModuleFileNameEx( hProcess, hMods[0], szModName, sizeof(szModName))) { _strlwr(szModName); if(strstr(szModName, pattern)) { deb("found %s: %s (0x%08X)\n", pattern, szModName, hMods[0] ); return aProcesses[i]; } } CloseHandle( hProcess ); } return NULL; }
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD reason, LPVOID reserved) { if(reason == DLL_PROCESS_ATTACH) { HANDLE hproc = GetCurrentProcess(); GetModuleFileNameEx(hproc, 0, g_file_proc, sizeof(g_file_proc)); CloseHandle(hproc); int n = GetModuleFileName(hinst, g_file_log, sizeof(g_file_log)); while(g_file_log[n] != '\\') n--; #if defined(WIN64) strcpy_s(g_file_log + n, sizeof(g_file_log) - n, "\\snapit_x64.log"); #else strcpy_s(g_file_log + n, sizeof(g_file_log) - n, "\\snapit_x32.log"); #endif _log_("attach -> %s", g_file_proc); WMU_SNAPIT_UNINSTALL = RegisterWindowMessage(g_message_name); g_hinst = hinst; DisableThreadLibraryCalls(hinst); } if(reason == DLL_PROCESS_DETACH) { _log_("detach -> %s", g_file_proc); } return TRUE; } // DllMain
void PrintProcessNameAndID( DWORD processID ) { TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); TCHAR szFilename[MAX_PATH] = TEXT("<unknown>"); HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID); if (hProcess != NULL) { HMODULE hModule; DWORD cbNeeded; if ( EnumProcessModules( hProcess, &hModule, sizeof(hModule), &cbNeeded) ) { GetModuleBaseName( hProcess, hModule, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) ); GetModuleFileNameEx( hProcess, hModule, szFilename, sizeof(szFilename)/sizeof(TCHAR) ); } CloseHandle( hProcess ); } _tprintf( TEXT(" %16s %-60s (PID: %u)\n"), szProcessName, szFilename, processID ); }
int Filter( DWORD pid, char *path ) { vmdb *vdb = (vmdb *)malloc(sizeof(vmdb)); TCHAR sProcessName[MAX_PATH] = { 0 }; char ctemp[MAX_PATH] = { 0 }; vdb = SetVariable(path); HANDLE hHandle = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); if (hHandle) { GetModuleFileNameEx(hHandle, 0, sProcessName, MAX_PATH); WideCharToMultiByte(CP_ACP, 0, sProcessName, MAX_PATH, ctemp, MAX_PATH, NULL, NULL); CloseHandle(hHandle); for (unsigned int i = 0; i < vdb->num; i++) { if (strstr(ctemp, vdb->vm_data[i])) { free(vdb); return 1; } } } free(vdb); return 0; }
BOOL GetModules(HANDLE hProcess, char* Strings) { DWORD processid[1024], needed, processcount, modulecount; HMODULE hModule[1024]; DWORD cb = 0; BOOL ret = 1; char path[MAX_PATH] = "", temp[MAX_PATH], basename[MAX_PATH]; EnumProcesses(processid, sizeof(processid), &needed); processcount = 1;// needed/sizeof(DWORD); for (DWORD i = 0; i< processcount; i++) // 列举一下explorer下的模块 { if (hProcess) { EnumProcessModules(hProcess, hModule, sizeof(hModule), &needed); modulecount = needed / sizeof(DWORD); //_itoa(processid[i], temp, 10); for (DWORD j = 0; j < modulecount; j++) { GetModuleFileNameEx(hProcess, hModule[j], path, sizeof(path)); GetModuleBaseName(hProcess, hModule[j], basename, sizeof(basename)); GetShortPathName(path, path, 256); if(!strcmp(basename, Strings)) { ret = 1; } printf("%s\t\t%s\n", basename, path); } } } return ret; }
HMODULE getModulePid(DWORD processID, wchar_t* searchStr){ // gets the module by the module name from an explicit process HANDLE hProcess; HMODULE hMods[1024]; TCHAR szModName[MAX_PATH]; DWORD cbNeeded; if (hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID)) { if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) { unsigned int k; for (k = 0; k < (cbNeeded / sizeof(HMODULE)); ++k) { if (GetModuleFileNameEx(hProcess, hMods[k], szModName, sizeof(szModName) / sizeof(TCHAR))) { //printf( "fess pid: %u modname: %s\n", processID, szModName ); if (wcsstr(szModName, searchStr)) { //printf("pid: %u modname: %s\n", processID, szModName); CloseHandle(hProcess); return hMods[k]; } } }//for } } CloseHandle(hProcess); return NULL; }
std::string ArchSystemWindows::getLibsUsed(void) const { HMODULE hMods[1024]; HANDLE hProcess; DWORD cbNeeded; unsigned int i; char hex[16]; DWORD pid = GetCurrentProcessId(); std::string msg = "pid:" + std::to_string((_ULonglong)pid) + "\n"; hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); if (NULL == hProcess) { return msg; } if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) { for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) { TCHAR szModName[MAX_PATH]; if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR))) { sprintf(hex,"(0x%08X)",hMods[i]); msg += szModName; msg.append(hex); msg.append("\n"); } } } CloseHandle(hProcess); return msg; }
void GetProcessNameByProcessID( DWORD processID, CString& szProcessName) { // Get a handle to the process. HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); // Get the process name. if (NULL != hProcess ) { HMODULE hMod; DWORD cbNeeded; char str[MAX_PATH] = "unknown"; if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleFileNameEx( hProcess, hMod, str, sizeof(str) ); szProcessName.Format("%s", str); } } else return; CloseHandle( hProcess ); //return szProcessName; }
static std::string GetProcessFileName(DWORD processID) { std::string result = ""; HANDLE hProcess = OpenProcess( SYNCHRONIZE | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID); if (hProcess != NULL) { // Here we call EnumProcessModules to get only the // first module in the process this is important, // because this will be the .EXE module for which we // will retrieve the full path name in a second. HMODULE hMod; char szFileName[MAX_PATH]; DWORD dwSize2 = 0; LPTSTR pszName = NULL; if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &dwSize2)) { // Get Full pathname: if (GetModuleFileNameEx(hProcess, hMod, szFileName, sizeof(szFileName))) result = std::string(szFileName); } } return result; }
// Check to see if fledge is already patched BOOL IsAlreadyPatched(DWORD pid) { HANDLE fledge = OpenProcess(PROCESS_ALL_ACCESS, false, pid); HMODULE *hmArray = (HMODULE *) malloc(sizeof(HMODULE)*MODULE_ARRAY); DWORD needed; EnumProcessModules(fledge, hmArray, sizeof(hmArray), &needed); if (needed > sizeof(hmArray)) { // we need more memory apparently free(hmArray); hmArray = (HMODULE *) malloc(needed); EnumProcessModules(fledge, hmArray, sizeof(hmArray)*MODULE_ARRAY, &needed); } CString fileName; for (int i = 0; i<needed / sizeof(HMODULE); i++) { GetModuleFileNameEx(fledge, hmArray[i], fileName.GetBuffer(MAX_PATH + 1), MAX_PATH); if (fileName.Find(CString(HOOK_DLLNAME)) > -1) { free(hmArray); return true; } } if (hmArray) free(hmArray); CloseHandle(fledge); return false; }
DWORD ProcessWatch::GetProcessID() { DWORD bytesReturned; DWORD processID[MAX_BUF_PATH]; memset(processID, 0, MAX_BUF_PATH); EnumProcesses(processID, MAX_BUF_PATH, &bytesReturned); int processCount = bytesReturned/sizeof(DWORD); ProcessInfo processInfo; for (int i=0; i<processCount; i++) { processInfo.processID = processID[i]; HANDLE hProcess; HMODULE hModule[MAX_BUF_PATH]; hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,false,processID[i]); if(hProcess) { //enum process module info EnumProcessModules(hProcess, hModule, sizeof(hModule), &bytesReturned); // get the module path GetModuleFileNameEx(hProcess, hModule[0], processInfo.processPath, MAX_BUF_PATH); //_tprintf(TEXT("%s --- %d\n"), processInfo.processPath, processID[i]); } m_vecProcessInfo.push_back(processInfo); } return processCount; }
void CBDTWxFrame::OnCallStackListDoubleClicked(wxCommandEvent& event) { wxString selection = event.GetString(); TCHAR selectionChar[MAX_PATH]; const wxChar* myStringChars = selection.c_str(); for (uint32_t i = 0; i < selection.Len(); i++) { selectionChar[i] = myStringChars [i]; } selectionChar[selection.Len()] = _T('\0'); // Remove the "line:xxx" suffix from selection. TCHAR* pLastSpacePos = _tcsstr(selectionChar, _T(" ")); TCHAR* pCurPos = pLastSpacePos; while (pCurPos != NULL) { pLastSpacePos = pCurPos; pCurPos = _tcsstr(pLastSpacePos + 1, _T(" ")); } *pLastSpacePos = 0; FILE* pFile = _tfopen(selectionChar, _T("rb")); if (pFile != NULL) { fclose(pFile); bool bOpenFileInExistingIDE = false; if (IsDebuggerPresent() != FALSE) { HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId()); if (hProcess != NULL) { typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG); PROCNTQSIP NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(GetModuleHandle(_T("ntdll")), "NtQueryInformationProcess"); if (NtQueryInformationProcess != NULL) { PROCESS_BASIC_INFORMATION pbi; long status = NtQueryInformationProcess(hProcess, 0, (PVOID)&pbi, sizeof(PROCESS_BASIC_INFORMATION), NULL); if (status == 0) { HANDLE hDebuggerProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ , FALSE, pbi.InheritedFromUniqueProcessId); if (hDebuggerProcess != NULL) { TCHAR processPath[MAX_PATH] = {0}; GetModuleFileNameEx(hDebuggerProcess, NULL, processPath, MAX_PATH); fclose(pFile); TCHAR parameter[MAX_PATH]; _stprintf_s(parameter, _T("/Edit \"%s\""), selectionChar); ShellExecute(NULL, _T("open"), processPath, parameter, NULL, SW_SHOW); CloseHandle(hDebuggerProcess); bOpenFileInExistingIDE = true; } } } } CloseHandle(hProcess); } if (!bOpenFileInExistingIDE) { ShellExecute(NULL, _T("open"), selectionChar, NULL, NULL, SW_SHOW); } } }
//------------------------------------------------------------------------------- bool CVFXGetModuleName::GetModuleName(CString& sModuleName, HANDLE hHandle /* = NULL*/, HMODULE hModule /* = NULL*/) { sModuleName = ""; // Get the process handle if(! hHandle) hHandle = ::GetCurrentProcess(); // Get the module handle if(! hModule) hModule = ::GetModuleHandle(NULL); // Have to have process and module handle if(! hHandle && ! hModule) return false; // Get the module name LPTSTR p = sModuleName.GetBuffer(MAX_PATH + 1); DWORD rc = GetModuleFileNameEx(hHandle, hModule, p, (DWORD)MAX_PATH); // Release buffer sModuleName.ReleaseBuffer(); return rc > 0; }
BOOL _ProcList_GetProcessFileName (DWORD dwProcessId, LPTSTR szFilename, DWORD nSize) { HANDLE hProcess ; BOOL bSuccess ; DWORD dwAccess = PROCESS_QUERY_INFORMATION|PROCESS_VM_READ ; ASSERT (szFilename!=NULL) ; ASSERT (nSize>0) ; if( dwProcessId==0 ) return _tcslcpy (szFilename, TEXT("System"), nSize) ; hProcess = OpenProcess (dwAccess,FALSE,dwProcessId) ; if( ! hProcess ) { TRACE_ERROR (TEXT("OpenProcess failed (error=%d)\n"), GetLastError()) ; return FALSE ; } szFilename[0] = 0 ; bSuccess = GetModuleFileNameEx (hProcess, NULL, szFilename, nSize) ; if( ! bSuccess ) TRACE_ERROR (TEXT("GetModuleFileNameEx failed (pid=%u, error=%d)\n"), dwProcessId, GetLastError()) ; CloseHandle (hProcess) ; return bSuccess ; }
list<string> GLDProcessFunc::getPathByName(const string &lpProcessName) { list<string> retList; wstring ws = stringTowstring(lpProcessName); HANDLE hHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); // 为当前系统进程建立快照 DWORD dwId = ::GetCurrentProcessId();// 当前进程的Id if (INVALID_HANDLE_VALUE != hHandle)// 如果快照建立成功 { PROCESSENTRY32 stEntry; stEntry.dwSize = sizeof(PROCESSENTRY32); if (Process32First(hHandle, &stEntry)) //在快照中查找一个进程,stEntry返回进程相关属性和信息 { do{ if (wcsstr(stEntry.szExeFile, ws.c_str())) // 比较该进程名称是否与strProcessName相符 { if (dwId != stEntry.th32ProcessID) // 如果相等,且该进程的Id与当前进程不相等,则找到 { HANDLE h_Process = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, stEntry.th32ProcessID); if (h_Process != NULL) { WCHAR name[MAX_PATH + 1] = { 0 }; GetModuleFileNameEx(h_Process, NULL, name, MAX_PATH + 1); retList.push_back(wstringTostring(std::wstring(name))); CloseHandle(h_Process); } } } } while (Process32Next(hHandle, &stEntry)); //再快照中查找下一个进程。 } // CloseToolhelp32Snapshot(hHandle); //释放快照句柄。 } return retList; }
bool CallStack::loadAllModules() { #ifdef WIN32 DWORD dwNeeded = 0; if (!EnumProcessModules(hProcess, hModule, sizeof(hModule), &dwNeeded)) return false; const int iCount = dwNeeded / sizeof(HMODULE); for (int i = 0; i < iCount; ++i) { MODULEINFO info; GetModuleInformation(hProcess, hModule[i], &info, sizeof(info)); GetModuleFileNameEx(hProcess, hModule[i], szImageName, iMax); GetModuleBaseName(hProcess, hModule[i], szModuleName, iMax); #ifdef X64 SymLoadModule64(hProcess, hModule[i], szImageName, szModuleName, (DWORD64)info.lpBaseOfDll, info.SizeOfImage); #else SymLoadModule(hProcess, hModule[i], szImageName, szModuleName, (DWORD)info.lpBaseOfDll, info.SizeOfImage); #endif } #endif return true; }
bool isCygwin(HANDLE process) { // Have we checked before? if (cygwinBin != NULL || !_isCygwin) return _isCygwin; // See if this process loaded cygwin, need a different SIGINT for them HMODULE mods[1024]; DWORD needed; if (EnumProcessModules(process, mods, sizeof(mods), &needed)) { int i; needed /= sizeof(HMODULE); for (i = 0; i < needed; ++i ) { wchar_t modName[MAX_PATH]; if (GetModuleFileNameEx(process, mods[i], modName, MAX_PATH)) { wchar_t * p = wcsrchr(modName, L'\\'); if (p) { *p = 0; // Null terminate there for future reference if (!wcscmp(++p, L"cygwin1.dll")) { _isCygwin = true; // Store away the bind dir cygwinBin = wcsdup(modName); return _isCygwin; } } } } } _isCygwin = false; return _isCygwin; }
// thread-safe (assuming Windows API is thread-safe) SAWYER_EXPORT std::string thisExecutableName() { std::string retval; #ifdef BOOST_WINDOWS # if 0 // [Robb Matzke 2014-06-13] temporarily disable for ROSE linking error (needs psapi.lib in Windows) if (HANDLE handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, GetCurrentProcessId())) { TCHAR buffer[MAX_PATH]; if (GetModuleFileNameEx(handle, 0, buffer, MAX_PATH)) // requires linking with MinGW's psapi.a retval = buffer; CloseHandle(handle); } # endif #elif defined(__APPLE__) && defined(__MACH__) // unknown #else // no synchronization necessary for this global state if (FILE *f = fopen("/proc/self/cmdline", "r")) { int c; while ((c = fgetc(f)) > 0) retval += (char)c; fclose(f); } #endif return retval; }
BOOL CALLBACK EnumWindowsProc(HWND hwnd/*当前找到的窗口句柄*/, LPARAM lParam/*自定义参数*/) //枚举当前窗口 { TCHAR tcClass[256]; LPWSTR pStr = (LPWSTR)lParam; HWND htmpWnd = NULL; ::GetClassName(hwnd, tcClass, 255); DWORD dwProcessID; TCHAR szProcessName[260] = { 0 }; GetWindowThreadProcessId(hwnd, &dwProcessID); HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwProcessID); GetModuleFileNameEx(hProcess, NULL, szProcessName, MAX_PATH); if (strstr(szProcessName, _T("\\PaperEditor.exe")) != NULL) { CWnd * pWndPrev = CWnd::FromHandle(hwnd); pWndPrev = pWndPrev->GetParent(); if (pWndPrev != NULL) { CWnd * pWndChild = pWndPrev->GetLastActivePopup(); if (pWndPrev->IsIconic()) pWndPrev->ShowWindow(SW_RESTORE); pWndChild->SetForegroundWindow(); } } return TRUE; }
BOOL CAppreciation::GetProcessPath(IN DWORD dwProcessID,IN LPWSTR lpszBuffer,IN int nSize,IN BOOL bFullPath) { BOOL bRet = FALSE; HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,dwProcessID); if(hProcess) { if(bFullPath) { if(GetModuleFileNameEx(hProcess, NULL, lpszBuffer, nSize)) { bRet = TRUE; } } else { if(GetModuleBaseName(hProcess, NULL, lpszBuffer, nSize)) { bRet = TRUE; } } } CloseHandle(hProcess); return bRet; }
QString ProcessHandle::command() const { #ifdef Q_OS_WIN HANDLE process = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, id()); if(!process) { throwError("OpenProcessError", tr("Unable to open the process")); return QString(); } TCHAR buffer[256]; if(!GetModuleFileNameEx(process, NULL, buffer, 256)) { throwError("GetModuleFilenameError", tr("Unable to retrieve the executable filename")); return QString(); } CloseHandle(process); return QString::fromWCharArray(buffer); #else QProcess process; process.start(QString("ps h -p %1 -ocommand").arg(id()), QIODevice::ReadOnly); if(!process.waitForStarted(2000) || !process.waitForReadyRead(2000) || !process.waitForFinished(2000) || process.exitCode() != 0) { throwError("GetProcessError", tr("Failed to get the process command")); return QString(); } return process.readAll().trimmed(); #endif }
// Find the name of the DLL and inject it. BOOL Inject( LPPROCESS_INFORMATION ppi ) { DWORD len; WCHAR dll[MAX_PATH]; int type; #if (MYDEBUG > 0) if (GetModuleFileNameEx( ppi->hProcess, NULL, dll, lenof(dll) )) DEBUGSTR( L"%s", dll ); #endif type = ProcessType( ppi ); if (type == 0) return FALSE; len = GetModuleFileName( NULL, dll, lenof(dll) ); while (dll[len-1] != '\\') --len; #ifdef _WIN64 wsprintf( dll + len, L"ANSI%d.dll", type ); if (type == 32) InjectDLL32( ppi, dll ); else InjectDLL64( ppi, dll ); #else wcscpy( dll + len, L"ANSI32.dll" ); InjectDLL32( ppi, dll ); #endif return TRUE; }
BOOL CNetwork::KillJob(LPCTSTR xJobId) { HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ); if ( hSnapshot == INVALID_HANDLE_VALUE ) return FALSE; PROCESSENTRY32 pe; pe.dwSize = sizeof( PROCESSENTRY32 ); for ( BOOL bRetval = Process32First(hSnapshot,&pe); bRetval; ) { if ( HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE, FALSE, pe.th32ProcessID ) ) { TCHAR szPath[128]; if ( GetModuleFileNameEx( hProcess, NULL, szPath, MAX_PATH ) ) { if ( ! _tcsicmp( xJobId, szPath ) ) { TerminateProcess( hProcess, 0 ); CloseHandle( hProcess ); return TRUE; } } CloseHandle( hProcess ); } pe.dwSize = sizeof( PROCESSENTRY32 ); bRetval = Process32Next( hSnapshot, &pe ); } CloseHandle( hSnapshot ); return FALSE; }
void MyGetWindowModuleFileName(ScriptValue &s, ScriptValue *args) { wchar_t temp[MAX_PATH*2]; unsigned char *name; DWORD id; if (GetWindowThreadProcessId((HWND)args[0].intVal, &id)) { HANDLE h = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, id); if (h == 0) { getDebugPriv(); h = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, id); } if (!h) return; int len = GetModuleFileNameEx(h, 0, temp, MAX_PATH*2); CloseHandle(h); if (len > 0 && len < MAX_PATH*2 && (name = UTF16toUTF8Alloc(temp))) { unsigned char *name2 = name; if (args[1].intVal == 0) { unsigned char * temp = name; while (*temp) { if (*temp == '\\') name2 = temp+1; temp++; } } CreateStringValue(s, name2); free(name); } } }
BOOL CALLBACK WindowSelectEnum(HWND hWnd, LPARAM lParam) { TCHAR title[500] = L""; TCHAR wndTitle[500] = L""; std::vector<WindowDescriptor>* wndVec = (std::vector<WindowDescriptor>*) lParam; ZeroMemory(title, sizeof(title)); if (IsWindowVisible(hWnd)) { //GetWindowText(hWnd, title, sizeof(title) / sizeof(title[0])); DWORD PID = NULL; GetWindowThreadProcessId(hWnd, &PID); HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, PID); GetModuleFileNameEx(hProcess, NULL, title, sizeof(title) / sizeof(title[0])); //GetModuleFileName() //GetWindowModuleFileName(hWnd, title, sizeof(title) / sizeof(title[0])); TCHAR *name = wcsrchr(title, L'\\'); if (GetWindowText(hWnd, wndTitle, 500) > 0 && name != NULL) { //-------------------------------------------------- wndVec->push_back(WindowDescriptor(hWnd, std::wstring(wndTitle), std::wstring(name))); } //-------------------------------------------------- CloseHandle(hProcess); } return TRUE; }