static void remove_from_saved_permissions (const char *path, mode_t remove_mask) { GKeyFile *key_file; char *key_file_path; if (remove_mask == 0) return; key_file = g_key_file_new (); key_file_path = get_key_file_path (); if (g_key_file_load_from_file (key_file, key_file_path, 0, NULL)) { mode_t need_mask; mode_t remove_from_current_mask; char *str; need_mask = 0; /* NULL GError */ str = g_key_file_get_string (key_file, path, "need_mask", NULL); if (str) { guint i; if (sscanf (str, "%o", &i) == 1) /* octal */ need_mask = i; g_free (str); } remove_from_current_mask = need_mask & remove_mask; remove_permissions (path, remove_from_current_mask); need_mask &= ~remove_mask; if (need_mask == 0) { /* NULL GError */ g_key_file_remove_group (key_file, path, NULL); } else { char buf[50]; g_snprintf (buf, sizeof (buf), "%o", (guint) need_mask); /* octal */ g_key_file_set_string (key_file, path, "need_mask", buf); } save_key_file (key_file_path, key_file); } g_key_file_free (key_file); g_free (key_file_path); }
// constructor sets instance vars // args: pin: name of process to be scanned Memscan::Memscan(string pin, PROCESS_MODE process_mode) { if (pin.find(".exe") == string::npos) { pin.append(".exe"); } // appends '.exe' if extension not there processImageName = pin; // sets SIZE_SPECIFIED flag to false vector<SIZE_T> s; s.push_back(4); // default scan size is DWORD (4 bytes) setSizeSpecified(false, s); // sets BASEADDRESS and PROCESSHANDLE if (processImageName.length() == 0) { cerr << "Error: processImageName must be set." << endl; exit(1); } // number of processses DWORD num_processes = 100; // contains all process ids DWORD* process_ids = new DWORD[num_processes]; DWORD bytes_returned = 0; // loop retrieves all process ids into process_ids while (true) { if (0 == EnumProcesses(process_ids, num_processes*sizeof(DWORD), &bytes_returned)) { cerr << "Error: EnumProcesses() failed in " << basename(__FILE__) << ":" << __LINE__ << ". Last error: " << GetLastError() << "." << endl; exit(1); } if (bytes_returned < (num_processes*sizeof(DWORD))) { break; } num_processes *= 2; delete[] process_ids; process_ids = new DWORD[num_processes]; } num_processes = bytes_returned / 4; // contains handle of target process HANDLE process_handle; // virtual base address of target process (where .exe map begins) HMODULE base_address; // loops gets handle of process with specified image name for (int i = 0; i < num_processes; i++) { if (0 == process_ids[i]) { continue; } // ignore system process // gets handle to process from process id process_handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, process_ids[i]); if (NULL == process_handle) { if (ERROR_ACCESS_DENIED == GetLastError()) { continue; } // ignore idle processes and CSRSS processes cerr << "Error: OpenProcess() failed in " << basename(__FILE__) << ":" << __LINE__ << ". Last error: " << GetLastError() << "." << endl; exit(1); } DWORD temp_size = MAX_PATH; // process name wchar_t* temp_process_name = new wchar_t[temp_size]; // loop gets process name from process handle while (true) { if (0 == GetProcessImageFileName(process_handle, temp_process_name, temp_size)) { cerr << "Error: GetProcessImageFileName() failed in " << basename(__FILE__) << ":" << __LINE__ << ". Last error: " << GetLastError() << "." << endl; exit(1); } else if (wcslen(temp_process_name) == (temp_size-1)) { temp_size *= 2; delete[] temp_process_name; temp_process_name = new wchar_t[temp_size]; } else { break; } } // case insensitive name comparison if (to_upper(to_wstring(processImageName)) == to_upper(basename(temp_process_name))) { // if process name matches specified image name, get base address, then break (process handle will be closed later) base_address = get_base_address(process_handle, temp_process_name); if (NULL == base_address) { cerr << "Error: get_base_address() failed in " << basename(__FILE__) << ":" << __LINE__ << ". Last error: " << GetLastError() << "." << endl; exit(1); } delete[] temp_process_name; break; } else { // if process name does not match specified image name, close handle, and continue delete[] temp_process_name; CloseHandle(process_handle); process_handle = NULL; } } delete[] process_ids; if (NULL == process_handle) { cerr << "Error: Unable to find process with image name " << processImageName << "." << endl; exit(1); } else { processHandle = process_handle; baseAddress = base_address; } // default SCANATTRIBUTE is NONE scanAttribute = SCAN_ATTRIBUTE::NONE; // first scan RESCAN = false; // sets mode processMode = process_mode; // removes permissions from pages of process being scanned remove_permissions(processHandle, processMode); // sets VAS_MIN, VAS_MAX setVasBounds(); }