bool CPunk::KillPid( DWORD pid )
{
HANDLE hProcess = NULL;
hProcess = OpenProcess( PROCESS_TERMINATE, FALSE, pid );
if ( isBadHandle( hProcess ) )
{
return false;
}
else
{
// kill process
if ( !TerminateProcess( hProcess, (DWORD) -1 ) )
{
return false;
}
else
{
return true;
}
// close handle
CloseHandle( hProcess );
}
return 0;
}
int main( int argc, char *argv[] )
{
int i, nPIDs, interactiveProcesses;
DWORD bufNeeded;
HANDLE hp;
DWORD *pid = NULL;
HINSTANCE hPsapi;
HMODULE hm;
char moduleName[MAX_PATH];
LARGE_INTEGER t0, t1, fr;
pfEnumProcesses pfEP;
pfEnumProcessModules pfEPM;
pfGetModuleBaseName pfGMBN;
if ( argc != 1 )
{
printf( "\nUsage: %s\n", argv[0] );
puts( "\nThis program iterates over all processes in the system" );
puts( "(using EnumProcesses(), tries to open their process tokens," );
puts( "and dumps the SIDs in those tokens." );
return 1;
}
// try to acquire SeDebugPrivilege, if fail, then do without
getPriv( SE_DEBUG_NAME );
hPsapi = LoadLibrary( "psapi.dll" );
if ( hPsapi == NULL )
{
printf( "LoadLibrary( \"psapi.dll\" ): gle = %lu\n", gle );
return 1;
}
pfEP = (pfEnumProcesses) GetProcAddress( hPsapi, "EnumProcesses" );
pfEPM = (pfEnumProcessModules) GetProcAddress( hPsapi, "EnumProcessModules" );
pfGMBN = (pfGetModuleBaseName) GetProcAddress( hPsapi, "GetModuleBaseNameA" );
if ( pfEP == NULL || pfEPM == NULL || pfGMBN == NULL )
{
printf( "GetProcAddress(): one or more PSAPI functions not found\n" );
return 1;
}
// here, we start with room for 16 DWORDS. If EnumProcesses() comes back
// and tells us that the space was _all_ used, we try again with more,
// until EP() doesn't fill all of it. That's when we know that we supplied
// enough.
QueryPerformanceCounter( &t0 );
interactiveProcesses = 0;
nPIDs = 0; // starts with one increment more, actually
pid = NULL;
do
{
nPIDs += 16;
free( pid );
pid = (DWORD *) malloc( nPIDs * sizeof DWORD );
if ( ! pfEP( pid, (DWORD) nPIDs * 4U, &bufNeeded ) )
{
printf( "EnumProcesses(): gle = %lu\n", gle );
return 1;
}
} while ( (int) ( (DWORD) nPIDs * 4U - bufNeeded ) <= 0 );
// The next line computes the _actual_ number of PIDs retrieved (doh!).
// Kudos to Chris Scheers <asi&airmail.net> for the bug report and this fix!
nPIDs = bufNeeded / sizeof DWORD;
if ( showInfo )
printf( "\n%d PIDs found.\n", nPIDs );
// for each PID:
for ( i = 0; i < nPIDs; i ++ )
{
// possibly attempt to add ourselves to the target's ACL?
// SeDebugPrivilege makes this wholly unnecessary for this sample
// open process
hp = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid[i] );
if ( isBadHandle( hp ) )
{
if ( showInfo )
printf( "\nOpenProcess( pid = %lu ): gle = %lu\n", pid[i], gle );
continue;
}
// we only want the first HMODULE
if ( showInfo && pfEPM( hp, &hm, sizeof hm, &bufNeeded ) )
{
if ( ! pfGMBN( hp, hm, moduleName, sizeof moduleName ) )
strcpy( moduleName, "--unknown--" ); // this means, module list OK but no name
}
else
strcpy( moduleName, "==unknown==" ); // this means, no module list
if ( showInfo )
printf( "\npid %lu [%s]:\n", pid[i], moduleName );
// now, to the meat of the matter
if ( dumpToken( hp, showInfo ) )
++ interactiveProcesses;
// close handle
CloseHandle( hp );
}
QueryPerformanceCounter( &t1 );
QueryPerformanceFrequency( &fr );
printf( "%d PIDs (of which %d are interactive) took %.3lf usec.\n",
nPIDs, interactiveProcesses,
1000.0 * (double) ( t1.QuadPart - t0.QuadPart ) / (double) fr.QuadPart );
delete [] pid;
FreeLibrary( hPsapi );
return 0;
}
