////////////////////////////////////////////////////////////////////////////// // PopulateModules // // Populate the module list using PSAPI ////////////////////////////////////////////////////////////////////////////// BOOL CPsapiHandler::PopulateModules(CModuleInstance* pProcess) { BOOL bResult = TRUE; CModuleInstance *pDllModuleInstance = NULL; if (TRUE == Initialize()) { DWORD pidArray[1024]; DWORD cbNeeded; DWORD nProcesses; // EnumProcesses returns an array with process IDs if (m_pfnEnumProcesses(pidArray, sizeof(pidArray), &cbNeeded)) { // Determine number of processes nProcesses = cbNeeded / sizeof(DWORD); // Release the container pProcess->ReleaseModules(); for (DWORD i = 0; i < nProcesses; i++) { HMODULE hModuleArray[1024]; HANDLE hProcess; DWORD pid = pidArray[i]; DWORD nModules; // Let's open the process hProcess = ::OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); if (!hProcess) continue; if (static_cast<CExeModuleInstance*>(pProcess)->Get_ProcessId() != pid) { ::CloseHandle(hProcess); continue; } // EnumProcessModules function retrieves a handle for // each module in the specified process. if (!m_pfnEnumProcessModules( hProcess, hModuleArray, sizeof(hModuleArray), &cbNeeded)) { ::CloseHandle(hProcess); continue; } // Calculate number of modules in the process nModules = cbNeeded / sizeof(hModuleArray[0]); for (DWORD j = 0; j < nModules; j++) { HMODULE hModule = hModuleArray[j]; char szModuleName[MAX_PATH]; m_pfnGetModuleFileNameExA( hProcess, hModule, szModuleName, sizeof(szModuleName) ); if (0 == j) // First module is the EXE. { // Do nothing. } // if else // Not the first module. It's a DLL { pDllModuleInstance = new CModuleInstance( szModuleName, hModule ); pProcess->AddModule(pDllModuleInstance); } // else } // for ::CloseHandle(hProcess); // We're done with this process handle } // for bResult = TRUE; } // if else { bResult = FALSE; } } // if else { bResult = FALSE; } return bResult; }
////////////////////////////////////////////////////////////////////////////// // PopulateProcess // // Populate all modules of a single process // ////////////////////////////////////////////////////////////////////////////// BOOL CPsapiHandler::PopulateProcess(DWORD dwProcessId, BOOL bPopulateModules) { BOOL bResult = TRUE; CExeModuleInstance* pProcessInfo; if (TRUE == Initialize()) { m_pProcesses->ReleaseAll(); HMODULE hModuleArray[1024]; HANDLE hProcess; DWORD nModules; DWORD cbNeeded; hProcess = ::OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwProcessId ); if (hProcess) { if (!m_pfnEnumProcessModules( hProcess, hModuleArray, sizeof(hModuleArray), &cbNeeded )) ::CloseHandle(hProcess); else { // Calculate number of modules in the process nModules = cbNeeded / sizeof(hModuleArray[0]); for (DWORD j = 0; j < nModules; j++) { HMODULE hModule = hModuleArray[j]; char szModuleName[MAX_PATH]; m_pfnGetModuleFileNameExA( hProcess, hModule, szModuleName, sizeof(szModuleName) ); if (0 == j) // First module is the EXE. Just add it to the map { pProcessInfo = new CExeModuleInstance( this, szModuleName, hModule, dwProcessId ); m_pProcesses->Add(*pProcessInfo); if (bPopulateModules) pProcessInfo->PopulateModules(); break; } // if } // for ::CloseHandle(hProcess); } // if } // if } // if else { bResult = FALSE; } return bResult; }
BOOL CPsapiHandler::PopulateProcesses() { BOOL bResult = TRUE; CExeModuleInstance* pProcessInfo; if (TRUE == Initialize()) { DWORD pidArray[1024]; DWORD cbNeeded; DWORD nProcesses; if (m_pfnEnumProcesses(pidArray, sizeof(pidArray), &cbNeeded)) { // Determine number of processes nProcesses = cbNeeded / sizeof(DWORD); m_pProcesses->ReleaseAll(); for (DWORD i = 0; i < nProcesses; i++) { HMODULE hModuleArray[1024]; HANDLE hProcess; DWORD pid = pidArray[i]; DWORD nModules; hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); if (!hProcess) continue; if (!m_pfnEnumProcessModules(hProcess, hModuleArray, sizeof(hModuleArray), &cbNeeded)) { ::CloseHandle(hProcess); continue; } // Calculate number of modules in the process nModules = cbNeeded / sizeof(hModuleArray[0]); for (DWORD j = 0; j < nModules; j++) { HMODULE hModule = hModuleArray[j]; char szModuleName[MAX_PATH]; m_pfnGetModuleFileNameExA(hProcess, hModule, szModuleName, sizeof(szModuleName)); if (0 == j) // First module is the EXE. Just add it to the map { pProcessInfo = new CExeModuleInstance( szModuleName, hModule, pid); m_pProcesses->Add(*pProcessInfo); pProcessInfo->PopulateModules(this); break; } // if } // for ::CloseHandle(hProcess); } // for bResult = TRUE; } // if else { bResult = FALSE; } } // if else { bResult = FALSE; } return bResult; }