VOID CProcessManager::FindTheHideProcess()
{
ULONG i = 0;
HANDLE hProcess = NULL;
BOOL bRet = FALSE;
DWORD dwReturn = 0;
int iHideProcessCount = 0;
EnableDebugPri();
for ( i= 4;i<100000;i+=4)
{
BOOL bHide = TRUE;
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,i);
if (hProcess!=0)
{
CloseHandle(hProcess);
for (vector <PROCESS_INFO>::iterator Iter = m_Vector.begin( );
Iter != m_Vector.end( );
Iter++ )
{
if (i==Iter->ulProcessID)
{
bHide = FALSE;
}
}
if(bHide==TRUE)
{
PROCESS_INFO ProcessInfor = {0} ;
bRet = DeviceIoControl(g_hDevice,IOCTL_ENUMHIDEPROCESSINFOR,
&i,
sizeof(ULONG),
&ProcessInfor,
sizeof(PROCESS_INFO),
&dwReturn,
NULL);
if(bRet&&wcslen(ProcessInfor.wzProcessName)!=0)
{
CString strTemp;
FixPath(ProcessInfor.wzProcessFileName);
strTemp = GetFileCompanyName(ProcessInfor.wzProcessFileName);
wcscpy(ProcessInfor.wzCompanyName,strTemp.GetBuffer());
m_Vector.push_back(ProcessInfor);
iHideProcessCount++;
}
}
}
}
g_HideProcessCount = iHideProcessCount;
}
UnicodeString TConfiguration::GetCompanyName() const
{
return GetFileCompanyName(L"");
}
VOID CProcessManager::EnumProcess()
{
g_ProcessCount = 0;
g_HideProcessCount = 0;
g_OpenProcessFailedCount = 0;
ULONG i = 0;
ULONG j = 0;
BOOL bRet = FALSE;
DWORD dwReturn = 0;
ULONG ulProcessCount = 0;
ULONG_PTR ulCount = 0x1000;
DWORD ulReturnSize = 0;
PRTL_PROCESS_INFORMATION PProcessInfor = NULL;
BOOL bOk = FALSE;
m_Vector.clear();
m_List.DeleteAllItems();
do
{
ULONG_PTR ulSize = 0;
if (PProcessInfor)
{
free(PProcessInfor);
PProcessInfor = NULL;
}
ulSize = sizeof(RTL_PROCESS_INFORMATION) + ulCount * sizeof(PROCESS_INFO);
PProcessInfor = (PRTL_PROCESS_INFORMATION)malloc(ulSize);
if (PProcessInfor==NULL)
{
break;
}
memset(PProcessInfor,0,ulSize);
bRet = DeviceIoControl(g_hDevice,IOCTL_ENUMPROCESSINFOR,
NULL,
0,
PProcessInfor,
ulSize,
&ulReturnSize,
NULL);
ulCount = PProcessInfor->NumberOfProcess + 1000;
} while (bRet == FALSE && GetLastError() == ERROR_INSUFFICIENT_BUFFER);
if (bRet && PProcessInfor)
{
for (ULONG i = 0; i < PProcessInfor->NumberOfProcess; i++)
{
CString strTemp;
FixPath(PProcessInfor->Process[i].wzProcessFileName);
strTemp = GetFileCompanyName(PProcessInfor->Process[i].wzProcessFileName);
wcscpy(PProcessInfor->Process[i].wzCompanyName,strTemp.GetBuffer());
m_Vector.push_back(PProcessInfor->Process[i]);
}
bOk = TRUE;
}
if (PProcessInfor)
{
free(PProcessInfor);
PProcessInfor = NULL;
}
FindTheHideProcess();
return ;
}
//---------------------------------------------------------------------------
UnicodeString __fastcall TConfiguration::GetCompanyName()
{
return GetFileCompanyName(L"");
}
