int getProcessID(const char * name) { DWORD aProcesses[1024], cbNeeded, cProcesses; unsigned int i; memset(&aProcesses, 0, sizeof(aProcesses)); if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) { return 0; } // Calculate how many process identifiers were returned. cProcesses = cbNeeded / sizeof(DWORD); // Print the name and process identifier for each process. for ( i = 0; i < cProcesses; i++ ) { if( aProcesses[i] != 0 ) { if (isThisProcessID( aProcesses[i], name )) return aProcesses[i]; } } return 0; }
// Returns the process ID for each process object in the system. inline std::vector<DWORD> get_processes() { std::vector<DWORD> ids(512); const DWORD bytes = static_cast<DWORD>(ids.size()) * sizeof(DWORD); DWORD bytes_returned = 0; BOOL res = EnumProcesses(&ids[0], bytes, &bytes_returned); if (!res) { std::cerr << "could not retrieve process identifiers: " << system_error_string() << std::endl; } DWORD actual_proc_count = bytes_returned / sizeof(DWORD); while (actual_proc_count == ids.size()) { std::clog << "retry (process count: " << actual_proc_count << ")" << std::endl; ids.resize(10 * actual_proc_count); EnumProcesses(&ids[0], static_cast<DWORD>(ids.size()) * sizeof(DWORD), &bytes_returned); actual_proc_count = bytes_returned / sizeof(DWORD); } auto it = ids.begin(); std::advance(it, actual_proc_count); ids.erase(it, ids.end()); return ids; }
EnumProcessesResponse *getAllPids() { DWORD size = sizeof(DWORD) * 512; DWORD *aProcesses = NULL; DWORD cbNeeded, cProcesses; EnumProcessesResponse *res = calloc(1, sizeof(*res)); // EnumProcesses modifies cbNeeded, setting it to the amount of bytes // written into aProcesses. Thus, we need to check if cbNeeded is equal // to size. In that case, it means that the array was filled completely and // we need to use a bigger array because probably we left elements out. do { size *= 2; aProcesses = realloc(aProcesses, size); BOOL success = EnumProcesses(aProcesses, size, &cbNeeded); if (!success) { res->error = GetLastError(); free(aProcesses); return res; } } while(cbNeeded == size); res->error = 0; res->pids = aProcesses; res->length = cbNeeded/sizeof(DWORD); return res; }
void kill_process(string name) { #ifdef _WIN32 CHAR szProcBuff[101]; DWORD pIDs[300], dwBytesReturned; HANDLE hProcess; INT i, procCount; EnumProcesses(pIDs, sizeof(pIDs), &dwBytesReturned); procCount = dwBytesReturned / sizeof(DWORD); for (i = 0; i < procCount; i++) if (pIDs[i] != 0) { hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE, 0, pIDs[i]); GetModuleBaseName(hProcess, 0, szProcBuff, 100); if (strcmp(szProcBuff, name.c_str()) == 0) TerminateProcess(hProcess, EXIT_SUCCESS); CloseHandle(hProcess); } #elif __APPLE__ string command = "killall -kill " + name; system(command.c_str()); #endif while (process_running(name.c_str()) > 0) Sleep(1); }
int numberOfAkbashProcesses(char * name) { DWORD aProcesses[1024], cbNeeded, cProcesses; unsigned int i; int akbashCount = 0; memset(&aProcesses, 0, sizeof(aProcesses)); if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) { return 0; } // Calculate how many process identifiers were returned. cProcesses = cbNeeded / sizeof(DWORD); // Print the name and process identifier for each process. for ( i = 0; i < cProcesses; i++ ) { if( aProcesses[i] != 0 ) { if (isThisProcessID( aProcesses[i], name)) { akbashCount++; } } } return akbashCount; }
int GetProcessId(const char* file_name) { const int maximum_processes = 1024; LPDWORD process_ids; LPTSTR base_name; HANDLE process; DWORD i, processes, process_id = 0; process_ids = (LPDWORD)HeapAlloc(GetProcessHeap(), 0, maximum_processes * sizeof(DWORD)); if(process_ids != NULL) { if(EnumProcesses(process_ids, maximum_processes * sizeof(DWORD), &processes)) { base_name = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, MAX_PATH * sizeof(TCHAR)); if(base_name != NULL) { processes = processes / sizeof(DWORD); for(i = 0; i < processes; i++) { process = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, process_ids[i]); if(process != NULL) { if(GetModuleBaseName(process, NULL, base_name, MAX_PATH) > 0) { if(!lstrcmpi(base_name, file_name)) { process_id = process_ids[i]; CloseHandle(process); break; } } CloseHandle(process); } } HeapFree(GetProcessHeap(), 0, (LPVOID)base_name); } } HeapFree(GetProcessHeap(), 0, (LPVOID)process_ids); } return process_id; }
void startDaemonScan() { PVOID buffer = VirtualAlloc(NULL, 1024 * 1024, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); while (1) { DWORD procIDsBuffer[MAX_PROCESSES]; DWORD size_returned; EnumProcesses(procIDsBuffer, sizeof(procIDsBuffer), &size_returned); int numProc = size_returned / sizeof(DWORD); int i; TCHAR strBuffer[MAX_PATH]; for (i = 0; i < numProc; i++) { DWORD curr_pid = (int)procIDsBuffer[i]; HANDLE Handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, TRUE, curr_pid); GetModuleBaseName(Handle, NULL, strBuffer, MAX_PATH); if ((Handle) && isInFrobProcList(strBuffer)) reactToProcess(curr_pid, strBuffer); CloseHandle(Handle); } updateList(); } }
static BOOL ensure_not_running(LPCWSTR dest) { DWORD processes[4096], needed, num; unsigned int i; WCHAR name[4*MAX_PATH] = L"<unknown>"; HANDLE h; DWORD len; LPWSTR fname = NULL; if ( !EnumProcesses( processes, sizeof(processes), &needed ) ) { return true; } num = needed / sizeof(DWORD); for (i = 0; i < num; i++) { if (processes[i] == 0) continue; h = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, processes[i] ); if (h != NULL) { len = GetProcessImageFileNameW(h, name, 4*MAX_PATH); CloseHandle(h); if (len != 0) { name[len] = 0; fname = PathFindFileName(name); if (wcscmp(fname, L"calibre.exe") == 0) { show_error(L"Calibre appears to be running on your computer. Please quit it before trying to install Calibre Portable."); return false; } } } } return true; }
int main() { DWORD ProcessCount; DWORD cbNeeded; DWORD ProcessId[1024]; EnumProcesses(ProcessId,sizeof(ProcessId),&cbNeeded); ProcessCount = cbNeeded/sizeof(DWORD); HMODULE hModule; char szPath[MAX_PATH]; for(DWORD i = 0; i < ProcessCount; i ++) { HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,ProcessId[i]); if(hProcess) { EnumProcessModules(hProcess,&hModule,sizeof(hModule),&cbNeeded); GetModuleFileNameEx(hProcess,hModule,szPath,sizeof(szPath)); printf("PID:%d \t%s\n",ProcessId[i],szPath); } else continue; } return 0; }
bool DetectChrome(ChromeInfo* pPrevInfo, const TCHAR* tcChromeImageName, bool bRetry = false) { if(pPrevInfo && pPrevInfo->bValid) { pPrevInfo->bValid = MatcProcessImageName(pPrevInfo->dwProcId, tcChromeImageName, true); if(!(!pPrevInfo->bValid && bRetry)) return pPrevInfo->bValid; } DWORD runningProcessIds[1024], dwRetCount; int nProcCount; if(!EnumProcesses( runningProcessIds, sizeof(runningProcessIds), &dwRetCount )) return false; nProcCount = dwRetCount/sizeof(DWORD); for (int i = nProcCount; i > 0; --i ) { DWORD dwCurrentProcId = runningProcessIds[i]; if(0 != dwCurrentProcId) { if(MatcProcessImageName(dwCurrentProcId, tcChromeImageName)){ DWORD dwChromePid = dwCurrentProcId; DWORD dwParent = GetProcessParentPid(dwChromePid); if(NULL != dwParent && MatcProcessImageName(dwParent, tcChromeImageName, true)){ dwChromePid = dwParent; } if (pPrevInfo) { pPrevInfo->bValid = true; pPrevInfo->dwProcId = dwChromePid; } return true; } } } return false; }
/* FIXME */ g_val_t proc_run_func( void ) { DWORD aProcesses[MAXPROCESSES], cbNeeded, cProcesses; unsigned int i, running = 0; HANDLE hProcess; BOOL bResult; g_val_t val; if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) { cProcesses = 0; } else { cProcesses = cbNeeded / sizeof(DWORD); } #if (_WIN32_WINNT >= 0x0501) /* Only for XP or newer */ for (i = 0; i < cProcesses; i++) if (aProcesses[i] != 0) { hProcess = OpenProcess (PROCESS_QUERY_INFORMATION, FALSE, aProcesses[i]); if (hProcess != NULL) { if (IsProcessInJob(hProcess, NULL, &bResult)) { if (bResult) running++; } CloseHandle(hProcess); } } #endif val.uint32 = running; return val; }
ULONG GetProcessID(LPCSTR TargetProcessName) { DWORD nSize = MAX_PATH; HANDLE hCurrentProcess; CHAR BaseName[MAX_PATH]; DWORD aProcesses[1024], cbNeeded; unsigned int i; if (!EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded)) return FALSE; // NumberProcesses = nSize = cbNeeded / sizeof(DWORD); for (i = 0; i <= nSize; i++) { if(NULL != (hCurrentProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, aProcesses[i]))) { GetModuleBaseName(hCurrentProcess, NULL, BaseName, sizeof(BaseName)); if(0 == stricmp(BaseName, TargetProcessName)) { CloseHandle(hCurrentProcess); return aProcesses[i]; } } CloseHandle(hCurrentProcess); } return FALSE; }
// Determine le nombre de processus du nom de "monProcess" en cours d'éxécution int test_exist_process(const char* monProcess) { int nombreTrouves = 0; DWORD processes[MAX_TAB], nb_processes; char process_name[MAX_TAB]; int i; HANDLE hprocess; EnumProcesses(processes, sizeof(processes), &nb_processes); //On teste tous les processus pour voir si leur nom correspond for(i = 0 ; i < nb_processes / sizeof(DWORD) ; i++) { hprocess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processes[i]); //Prend le nom du processus et le met dans process_name GetModuleBaseName(hprocess, NULL, process_name, sizeof(process_name)); CloseHandle(hprocess); if(strcmp(process_name, monProcess) == 0) { nombreTrouves++; } } return nombreTrouves; }
//Open a thread to get the processID and control the process DWORD WINAPI Thread_1 (LPVOID lpParam) { DWORD pProcessIds[1024],cbReturned,cProcesses; DWORD pProcessIdWanted = 0; TCHAR sProcessName[MAX_PATH] = TEXT("minesweeper.exe"); unsigned int i; if(!EnumProcesses(pProcessIds,sizeof(pProcessIds),&cbReturned)) { return 1; } //Number of Processes returned from Enum from Byte to # cProcesses = cbReturned / sizeof(DWORD); for(i=0;i<cProcesses;i++) { if(pProcessIds[i] != 0) { pProcessIdWanted = GetProcessIdByName(pProcessIds[i], sProcessName); if(pProcessIdWanted != 0) break; } } pProcessIdWanted ? cout<< pProcessIdWanted <<endl : cout<<"Process Not Found" << endl; GetProcessBaseAddr(pProcessIdWanted); return 0; }
int Monitor::EnumProc(DWORD *pArr) { DWORD i = 0; if (!EnumProcesses(pArr, sizeof(pArr), &i)) return -1; return i / sizeof(DWORD); }
DWORD find_process( char *pattern ) { DWORD aProcesses[1024], cbNeeded, cProcesses, mcbNeeded; unsigned int i; HMODULE hMods[1024]; HANDLE hProcess; char szModName[MAX_PATH]; if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) { deb("failed enumprocesses: %s", strerror(NULL)); return NULL; } cProcesses = cbNeeded / sizeof(DWORD); for ( i = 0; i < cProcesses; i++ ) { hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i] ); if (NULL == hProcess || !EnumProcessModules(hProcess, hMods, sizeof(hMods), &mcbNeeded)) continue; if ( GetModuleFileNameEx( hProcess, hMods[0], szModName, sizeof(szModName))) { _strlwr(szModName); if(strstr(szModName, pattern)) { deb("found %s: %s (0x%08X)\n", pattern, szModName, hMods[0] ); return aProcesses[i]; } } CloseHandle( hProcess ); } return NULL; }
bool IsExeRunning(char* pName) { unsigned long aProcesses[1024], cbNeeded, cProcesses; if(!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) return false; unsigned long curPID = GetCurrentProcessId(); cProcesses = cbNeeded / sizeof(unsigned long); for (unsigned int i = 0; i < cProcesses; i++) { if(aProcesses[i] == 0) continue; if (aProcesses[i] == curPID) continue; HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, aProcesses[i]); if (!hProcess) continue; char buffer[50] = {0}; GetModuleBaseName(hProcess, 0, buffer, 50); CloseHandle(hProcess); if(strcmp(pName, buffer)==0) return true; } return false; }
BOOL CSelectProcessDlg::OnInitDialog(void) { CDialog::OnInitDialog(); // initialization DWORD cbNeeded; EnumProcesses(procs, sizeof(procs), &cbNeeded); numprocs = cbNeeded / sizeof(DWORD); HANDLE hProcess; HMODULE hMod; wchar_t str[255]; for (int i = 0; i < numprocs; i++) { hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, procs[i]); if (hProcess) { if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { GetModuleBaseName(hProcess, hMod, str, 255); m_cmbProcesses.AddString(str); m_cmbProcesses.SetItemDataPtr(m_cmbProcesses.GetCount() - 1, (void*)&procs[i]); } CloseHandle(hProcess); } } return TRUE; }
HANDLE GetProcessByName(const String &strProcName) { DWORD aProcesses[1024], cbNeeded, cProcesses; HANDLE hProcess; unsigned int i; if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) { tcout << "Error reading processes, are our permissions gimped?" << endl; exit(-1); } cProcesses = cbNeeded / sizeof(DWORD); for (i = 0; i < cProcesses; i++) { if (aProcesses[i] != 0) { hProcess = GetProcessByPid(aProcesses[i]); if (hProcess == NULL) continue; String name = GetProcessNameByHandle(hProcess); if (name == strProcName) { return hProcess; } CloseHandle(hProcess); } } tcout << "Error no process found with name: " << strProcName << endl; exit(-1); }
DWORD ProcessWatch::GetProcessID() { DWORD bytesReturned; DWORD processID[MAX_BUF_PATH]; memset(processID, 0, MAX_BUF_PATH); EnumProcesses(processID, MAX_BUF_PATH, &bytesReturned); int processCount = bytesReturned/sizeof(DWORD); ProcessInfo processInfo; for (int i=0; i<processCount; i++) { processInfo.processID = processID[i]; HANDLE hProcess; HMODULE hModule[MAX_BUF_PATH]; hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,false,processID[i]); if(hProcess) { //enum process module info EnumProcessModules(hProcess, hModule, sizeof(hModule), &bytesReturned); // get the module path GetModuleFileNameEx(hProcess, hModule[0], processInfo.processPath, MAX_BUF_PATH); //_tprintf(TEXT("%s --- %d\n"), processInfo.processPath, processID[i]); } m_vecProcessInfo.push_back(processInfo); } return processCount; }
void *CHook::Run() { char *szProcName="taskmgr.exe"; HANDLE hProcess; DWORD aProcesses[1024], cbNeeded, cProcesses; while(true) { unsigned int i; char szProcessName[MAX_PATH]; HMODULE hMod; if(!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) return false; cProcesses=cbNeeded/sizeof(DWORD); for(i=0; i<cProcesses; i++) { strcpy(szProcessName, "unknown"); hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, aProcesses[i]); if(hProcess) { if(EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName)); if(!stricmp(szProcessName, szProcName)) { Hook(hProcess); Sleep(60000); } } CloseHandle(hProcess); } } Sleep(250); } return NULL; }
void Platform::EnumerateProcesses( bool allUsers, UserId const &uid, std::function<void(ProcessInfo const &info)> const &cb) { std::vector<DWORD> processes; DWORD bytesReturned; processes.resize(32); do { processes.resize(2 * processes.size()); int rc = EnumProcesses(processes.data(), processes.size() * sizeof(DWORD), &bytesReturned); if (!rc) return; } while (bytesReturned == processes.size() * sizeof(DWORD)); processes.resize(bytesReturned / sizeof(DWORD)); for (auto const &e : processes) { ProcessInfo info; if (!GetProcessInfo(e, info)) continue; cb(info); } }
BOOL GetModules(HANDLE hProcess, char* Strings) { DWORD processid[1024], needed, processcount, modulecount; HMODULE hModule[1024]; DWORD cb = 0; BOOL ret = 1; char path[MAX_PATH] = "", temp[MAX_PATH], basename[MAX_PATH]; EnumProcesses(processid, sizeof(processid), &needed); processcount = 1;// needed/sizeof(DWORD); for (DWORD i = 0; i< processcount; i++) // 列举一下explorer下的模块 { if (hProcess) { EnumProcessModules(hProcess, hModule, sizeof(hModule), &needed); modulecount = needed / sizeof(DWORD); //_itoa(processid[i], temp, 10); for (DWORD j = 0; j < modulecount; j++) { GetModuleFileNameEx(hProcess, hModule[j], path, sizeof(path)); GetModuleBaseName(hProcess, hModule[j], basename, sizeof(basename)); GetShortPathName(path, path, 256); if(!strcmp(basename, Strings)) { ret = 1; } printf("%s\t\t%s\n", basename, path); } } } return ret; }
int PROC_NUM(AGENT_REQUEST *request, AGENT_RESULT *result) { HANDLE hProcess; DWORD procList[MAX_PROCESSES], dwSize; int i, proccount, max_proc_cnt, proc_ok = 0, user_ok = 0; char *procName, *userName, baseName[MAX_PATH], uname[MAX_NAME]; if (2 < request->nparam) return SYSINFO_RET_FAIL; procName = get_rparam(request, 0); userName = get_rparam(request, 1); if (0 == EnumProcesses(procList, sizeof(DWORD) * MAX_PROCESSES, &dwSize)) return SYSINFO_RET_FAIL; max_proc_cnt = dwSize / sizeof(DWORD); proccount = 0; for (i = 0; i < max_proc_cnt; i++) { proc_ok = 0; user_ok = 0; if (NULL != (hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, procList[i]))) { if (NULL != procName && '\0' != *procName) { if (SUCCEED == zbx_get_processname(hProcess, baseName)) if (0 == stricmp(baseName, procName)) proc_ok = 1; } else proc_ok = 1; if (0 != proc_ok && NULL != userName && '\0' != *userName) { if (SUCCEED == zbx_get_process_username(hProcess, uname)) if (0 == stricmp(uname, userName)) user_ok = 1; } else user_ok = 1; if (0 != user_ok && 0 != proc_ok) proccount++; CloseHandle(hProcess); } } SET_UI64_RESULT(result, proccount); return SYSINFO_RET_OK; }
void CTKLauncherDlg::KillProcess(const char* process) { DWORD ids[1000]; HMODULE modules[1000]; DWORD count; EnumProcesses(ids,sizeof(DWORD)*1000,&count); count/=(sizeof(DWORD)); HANDLE handle; for(int i=0;i<(int)count;i++) { //for each of the processes DWORD nmod; handle=OpenProcess(PROCESS_ALL_ACCESS,FALSE,(DWORD)ids[i]); EnumProcessModules(handle,modules,sizeof(HMODULE)*1000,&nmod); nmod/=(sizeof(HMODULE)); if(nmod>0) { char name[100]; GetModuleBaseName(handle,modules[0],name,99); if(stricmp(process,name)==0) { TerminateProcess(handle,1); CloseHandle(handle); break; } } CloseHandle(handle); } }
/* retrieve a handle to lsass.exe */ HANDLE GetLsassHandle() { DWORD dwProcessList[1024]; DWORD dwProcessListSize; HANDLE hProcess; char szProcessName[10]; DWORD dwCount; /* enumerate all pids on the system */ if (EnumProcesses(dwProcessList, sizeof(dwProcessList), &dwProcessListSize)) { /* only look in the first 256 process ids for lsass.exe */ if (dwProcessListSize > sizeof(dwProcessList)) dwProcessListSize = sizeof(dwProcessList); /* iterate through all pids, retrieve the executable name, and match to lsass.exe */ for (dwCount = 0; dwCount < dwProcessListSize; dwCount++) { if (hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessList[dwCount])) { if (GetModuleBaseName(hProcess, NULL, szProcessName, sizeof(szProcessName))) { if (strcmp(szProcessName, "lsass.exe") == 0) { return hProcess; } } CloseHandle(hProcess); } } } return 0; }
// 查找指定名称的进程 BOOL GetProcessByName(TCHAR* pszProcessName) { //看看进程是否已存在 DWORD aProcesses[1024], cbNeeded, cProcesses; if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) return FALSE; cProcesses = cbNeeded / sizeof(DWORD); TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); HANDLE hProcess; for (unsigned int i = 0; i < cProcesses; i++) { hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i]); if (NULL != hProcess) { HMODULE hMod; DWORD cbNeeded; if (::EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { ::GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName) / sizeof(TCHAR)); if (_tcscmp(szProcessName, pszProcessName) == 0) { CloseHandle(hProcess); return TRUE; } } CloseHandle(hProcess); } } return FALSE; }
/* * Get current date */ QDate mixp_get_current_date(void) { const DWORD MAX_PROC = 1024; DWORD *processes = new DWORD[MAX_PROC]; DWORD bytesReturned = 0; if(!EnumProcesses(processes, sizeof(DWORD) * MAX_PROC, &bytesReturned)) { MIXP_DELETE_ARR(processes); return QDate::currentDate(); } const DWORD procCount = bytesReturned / sizeof(DWORD); ULARGE_INTEGER lastStartTime; memset(&lastStartTime, 0, sizeof(ULARGE_INTEGER)); for(DWORD i = 0; i < procCount; i++) { HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, processes[i]); if(hProc) { FILETIME processTime[4]; if(GetProcessTimes(hProc, &processTime[0], &processTime[1], &processTime[2], &processTime[3])) { ULARGE_INTEGER timeCreation; timeCreation.LowPart = processTime[0].dwLowDateTime; timeCreation.HighPart = processTime[0].dwHighDateTime; if(timeCreation.QuadPart > lastStartTime.QuadPart) { lastStartTime.QuadPart = timeCreation.QuadPart; } } CloseHandle(hProc); } } MIXP_DELETE_ARR(processes); FILETIME lastStartTime_fileTime; lastStartTime_fileTime.dwHighDateTime = lastStartTime.HighPart; lastStartTime_fileTime.dwLowDateTime = lastStartTime.LowPart; FILETIME lastStartTime_localTime; if(!FileTimeToLocalFileTime(&lastStartTime_fileTime, &lastStartTime_localTime)) { memcpy(&lastStartTime_localTime, &lastStartTime_fileTime, sizeof(FILETIME)); } SYSTEMTIME lastStartTime_system; if(!FileTimeToSystemTime(&lastStartTime_localTime, &lastStartTime_system)) { memset(&lastStartTime_system, 0, sizeof(SYSTEMTIME)); lastStartTime_system.wYear = 1970; lastStartTime_system.wMonth = lastStartTime_system.wDay = 1; } const QDate currentDate = QDate::currentDate(); const QDate processDate = QDate(lastStartTime_system.wYear, lastStartTime_system.wMonth, lastStartTime_system.wDay); return (currentDate >= processDate) ? currentDate : processDate; }
BOOL stopProgram(const TCHAR *name) { char szProcessName[MAX_PATH] = "unknown"; // Get the list of process identifiers. DWORD aProcesses[1024], cbNeeded, cProcesses; unsigned int i = 0; if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) return FALSE; // Calculate how many process identifiers were returned. cProcesses = cbNeeded / sizeof(DWORD); // Print the name and process identifier for each process. for ( i = 0; i < cProcesses; i++ ) { if( aProcesses[i] != 0 ) { // HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE, FALSE, aProcesses[i]); // if ( NULL != hProcess ) { HMODULE hMod; DWORD cbNeeded; if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName)); } else { continue; } } else { continue; } if (lstrcmpi(name, szProcessName) == 0) { ::TerminateProcess(hProcess,0); } else { ::CloseHandle(hProcess); } } } return FALSE; }
void CProcessWatchThread::UnLoadLibrary() { DWORD aProcessIds[2048] = {0}; DWORD dwProcessCount = 0; DWORD hDll = 0, dwWritten = 0; LPVOID lpFun = NULL; LPVOID lpBuf = NULL; HANDLE tThread = NULL; DWORD dwSize = lstrlen(strDLL) * sizeof(TCHAR) + sizeof(TCHAR); if (EnumProcesses(aProcessIds, 2048, &dwProcessCount)) { for (DWORD i = 0; i < dwProcessCount; ++i) { HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | SYNCHRONIZE, FALSE, aProcessIds[i]); if (hProcess) { TCHAR cExeName[MAX_PATH] = {0}; if (GetModuleBaseName(hProcess, NULL, cExeName, MAX_PATH)) if (_tcsicmp(cExeName, strEXE) == 0) { do { lpBuf = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE); WriteProcessMemory(hProcess, lpBuf, (LPVOID)strDLL.GetBuffer(strDLL.GetLength()), dwSize, &dwWritten); if( sizeof(TCHAR) == 2 ) lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "GetModuleHandleW" ); else lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "GetModuleHandleA" ); tThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFun, lpBuf, 0, 0); if (tThread) { WaitForSingleObject(tThread, INFINITE); GetExitCodeThread(tThread, &hDll); VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT); CloseHandle(tThread); if( ! hDll ) { CloseHandle(hProcess); return; } lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "FreeLibraryAndExitThread" ); if (lpFun) { tThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFun, (LPVOID)hDll, 0, NULL); if (tThread) { WaitForSingleObject(tThread, INFINITE); CloseHandle(tThread); } } } } while(hDll); } CloseHandle(hProcess); } } } }