void closer (t_Tracer_OpenTr *open)
{
Debugger *c;
PROCESS_INFORMATION ProcInfo;
char bla[30];
if (open->Definition->Name == "CreateProcessA")
{
printf("MAIN: Process created (CreateProcessA)\n");
if (!ReadProcessMemory(dbg.getProcessHandle(),
(LPCVOID)(open->OutArgs[9].data.address),
&ProcInfo,
sizeof(ProcInfo),
NULL))
{
printf("Failed to read process memory at %08X\n", open->OutArgs[9].data.address);
}
else
{
c = new (Debugger);
sprintf(bla,"Child %u",ProcInfo.dwProcessId);
c->attach(ProcInfo.dwProcessId);
c->log.Name= bla;
Children.push_back(c);
}
}
else if (open->Definition->Name == "CreateProcessAsUserA")
{
printf("MAIN: Process created (CreateProcessAsUserA)\n");
if (!ReadProcessMemory(dbg.getProcessHandle(),
(LPCVOID)(open->OutArgs[10].data.address),
&ProcInfo,
sizeof(ProcInfo),
NULL))
{
printf("Failed to read process memory at %08X\n", open->OutArgs[10].data.address);
}
else
{
c = new (Debugger);
sprintf(bla,"Child %u",ProcInfo.dwProcessId);
c->attach(ProcInfo.dwProcessId);
c->log.Name= bla;
Children.push_back(c);
}
}
}
