Exemplos de CheckProcess em C++ (Cpp)

Exemplo n.º 1

Arquivo: processproxy.cpp Projeto: yzx65/AppParser

ProcessProxy::ProcessProxy(QString procPath)
	: m_procPath(procPath)
	, m_process(0)
{
	connect(&m_check, SIGNAL(timeout()), this, SLOT(CheckProcess()));
	m_check.start(100);
}

Exemplo n.º 2

Arquivo: PEB.cpp Projeto: Artorios/PEB

PEB32 PEBUtils::GetProcessPEB32(LPWSTR &procName)
{        
	hProcess = OpenProcess(procName);
	if(!CheckProcess(hProcess))
	{
		printf("Remote Process is 64 bit but using GetProcesPeb32\n");
		exit(EXIT_FAILURE);
	}
    status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, &pbi, sizeof(PROCESS_BASIC_INFORMATION), &dwLength);
    
    if(status != 0x0)
    {
        printf("NtQueryInformationProcess Error  0x%x\n", status);
		exit(EXIT_FAILURE);
    }
    
    printf("PEB address : 0x%x\n", pbi.PebBaseAddress);

	SIZE_T dwBytesRead = 0x0;
	/*SIZE_T oldP = 0;
	MEMORY_BASIC_INFORMATION mb;
	VirtualQueryEx(hProcess,(void*)pbi.PebBaseAddress,&mb,sizeof(mb));
	if(!VirtualProtectEx(hProcess, (void*)pbi.PebBaseAddress, mb.RegionSize, PAGE_READONLY, &oldP))
	{
	   printf("VirtualProtect Error 0x%x", GetLastError());
	   exit(EXIT_FAILURE);
	}*/
	ReadPEB(dwBytesRead);

    return peb32;
}

Exemplo n.º 3

Arquivo: processes.hpp Projeto: jackpf/jackpf.co.uk

    bool IsProcessRunning()
    {
        DWORD dwPIDArray[MAX_PROCESSES]; //array of Process IDs
        DWORD dwNoProcesses; //Number of PIDs

        //Load the PSAPI library (WinNT, 2k, XP only)
        HMODULE hLib = LoadLibrary("C:\\WINDOWS\\system32\\PSAPI.dll");
        if(!hLib)
        {
            //std::cout << "Unable to load PSAPI" << std::endl;
            return false;
        }

        //__try
        //{
            //find the 3 functions we need for this code

            lpfEnumProcesses = reinterpret_cast<ENUMPROCESSES>(GetProcAddress(hLib,"EnumProcesses"));
            if(!lpfEnumProcesses)
            {
                //std::cout << "Unable to find EnumProcesses Func!" << std::endl;
                return false;
            }

            lpfEnumProcessModules = reinterpret_cast<ENUMPROCESSMODULES>(GetProcAddress(hLib,"EnumProcessModules"));
            if(!lpfEnumProcessModules)
            {
                //std::cout << "Unable to find EnumProcessModules Func!" << std::endl;
                return false;
            }

            lpfGetModuleBaseName = reinterpret_cast<GETMODULEBASENAME>(GetProcAddress(hLib,"GetModuleBaseNameA"));
            if(!lpfGetModuleBaseName )
            {
                //std::cout << "Unable to find GetModuleBaseName Func!" << std::endl;
                return false;
            }


            //Now enumerate all processes on system
            if(!lpfEnumProcesses(dwPIDArray, sizeof(dwPIDArray), &dwNoProcesses))
            {
                //std::cout << "Unable to enumerate Processes!" << std::endl;
                return false;
            }

            for(unsigned int i = 0; i < dwNoProcesses / sizeof(DWORD); i++)
            {
                HANDLE hProc = CheckProcess(dwPIDArray[i]); //examine process
                if(hProc > 0)
                    return true;
            }
        //}
        //__finally
        //{
            FreeLibrary(hLib); //release the library
        //}
        return false;
    }

Exemplo n.º 4

Arquivo: PEB.cpp Projeto: Artorios/PEB

void PEBUtils::Init()
{
	HANDLE curProc = GetCurrentProcess();
	if(CheckProcess(curProc))
	{
		printf("Wow64 present..\n");
	}
	hModule = GetModuleHandleA("ntdll.dll");
    if(hModule == NULL)
    {
               printf("GetModuleHandle Error\n");
               exit(EXIT_FAILURE);
    }
    
    NtQueryInformationProcess = (lpfNtQueryInformationProcess)GetProcAddress(hModule, "NtQueryInformationProcess");

    if(NtQueryInformationProcess == NULL)
    {
        printf("GetProcAddress Error\n");
		exit(EXIT_FAILURE);
    }

}

Exemplo n.º 5

Arquivo: PEB.cpp Projeto: Artorios/PEB

PEB64 PEBUtils::GetProcessPEB64(LPWSTR &procName)
{    
	hProcess = OpenProcess(procName);
	if(CheckProcess(hProcess))
	{
		printf("Remote Process is 32 bit but using GetProcesPeb64\n");
		exit(EXIT_FAILURE);
	}
    status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, &pbi, sizeof(PROCESS_BASIC_INFORMATION), &dwLength);
    
    if(status != 0x0)
    {
        printf("NtQueryInformationProcess Error  0x%x\n", status);
		exit(EXIT_FAILURE);
    }
    
    printf("PEB address : 0x%x\n", pbi.PebBaseAddress);

    SIZE_T dwBytesRead = 0x0;
	ReadPEB64(dwBytesRead);

    return peb64;
}

Exemplo n.º 6

Arquivo: ScanProcess.cpp Projeto: 91D2/D2AntiBot

void ScanQMarco()
{
	CheckModule();
	CheckProcess();
	//KillMe();
}