HMODULE ChildProcessManager::GetChildProcessMainModule() const
{
HMODULE ret(NULL);
if (IsChildProcessCreated())
{
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE,
m_piProcInfo->dwProcessId
);
if (hProcess != INVALID_HANDLE_VALUE)
{
char lpBaseName[MAX_PATH];
CProcessModuleIterator pmi(m_piProcInfo->dwProcessId);
for (HMODULE hModule = pmi.First(); hModule; hModule = pmi.Next())
{
if (GetModuleBaseName(hProcess, hModule, lpBaseName, MAX_PATH))
{
std::string moduleName(lpBaseName);
if (moduleName.find(".exe") != std::string::npos)
{
ret = hModule;
break;
}
}
}
CloseHandle(hProcess);
}
}
return ret;
}
ULONG GetProcessID(LPCSTR TargetProcessName)
{
DWORD nSize = MAX_PATH;
HANDLE hCurrentProcess;
CHAR BaseName[MAX_PATH];
DWORD aProcesses[1024], cbNeeded;
unsigned int i;
if (!EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded))
return FALSE;
// NumberProcesses = nSize = cbNeeded / sizeof(DWORD);
for (i = 0; i <= nSize; i++)
{
if(NULL != (hCurrentProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, aProcesses[i])))
{
GetModuleBaseName(hCurrentProcess, NULL, BaseName, sizeof(BaseName));
if(0 == stricmp(BaseName, TargetProcessName))
{
CloseHandle(hCurrentProcess);
return aProcesses[i];
}
}
CloseHandle(hCurrentProcess);
}
return FALSE;
}
DWORD getModuleBase(const std::string& sModuleName, HANDLE hProc)
{
HMODULE *hModules = nullptr;
char buffer[64];
DWORD modules_size;
DWORD result = -1;
if (!EnumProcessModules(hProc, hModules, 0, &modules_size))
{
std::cout << "Error: EnumProcessModules failed: " << GetLastError() << std::endl;
return 0;
}
hModules = new HMODULE[modules_size / sizeof(HMODULE)];
if (EnumProcessModules(hProc, hModules, modules_size / sizeof(HMODULE), &modules_size))
{
for (unsigned int i = 0; i < modules_size / sizeof(HMODULE); i++)
{
if (GetModuleBaseName(hProc, hModules[i], buffer, sizeof(buffer)))
{
if (strcmp(sModuleName.c_str(), buffer) == 0)
{
result = (DWORD)hModules[i];
break;
}
}
}
}
delete[] hModules;
return result;
}
void PrintProcessNameAndID( DWORD processID )
{
char szProcessName[MAX_PATH] = "unknown";
// Get a handle to the process.
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
// Get the process name.
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
&cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, szProcessName,
sizeof(szProcessName) );
}
else return;
}
else return;
// Print the process name and identifier.
printf( "%s (Process ID: %u)\n", szProcessName, processID );
CloseHandle( hProcess );
}
void printProcessInfo(DWORD processID)
{
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
// Get a handle to the process.
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
// Get the process name.
if (NULL != hProcess) {
HMODULE hMod; // An array that receives the list of module handles.
DWORD cbNeeded; //The number of bytes required to store all module handles in the Module array
if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) {
GetModuleBaseName(hProcess, hMod, szProcessName,
sizeof(szProcessName)/sizeof(TCHAR));
}
}
// Print the process name and identifier of matching strings, ignoring case
_tprintf(TEXT("%s (PID: %u)\n"), szProcessName, processID);
// Release the handle to the process.
CloseHandle( hProcess );
}
int GetProcessId(const char* file_name)
{
const int maximum_processes = 1024;
LPDWORD process_ids;
LPTSTR base_name;
HANDLE process;
DWORD i, processes, process_id = 0;
process_ids = (LPDWORD)HeapAlloc(GetProcessHeap(), 0, maximum_processes * sizeof(DWORD));
if(process_ids != NULL) {
if(EnumProcesses(process_ids, maximum_processes * sizeof(DWORD), &processes)) {
base_name = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, MAX_PATH * sizeof(TCHAR));
if(base_name != NULL) {
processes = processes / sizeof(DWORD);
for(i = 0; i < processes; i++) {
process = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, process_ids[i]);
if(process != NULL) {
if(GetModuleBaseName(process, NULL, base_name, MAX_PATH) > 0) {
if(!lstrcmpi(base_name, file_name)) {
process_id = process_ids[i];
CloseHandle(process);
break;
}
}
CloseHandle(process);
}
}
HeapFree(GetProcessHeap(), 0, (LPVOID)base_name);
}
}
HeapFree(GetProcessHeap(), 0, (LPVOID)process_ids);
}
return process_id;
}
void startDaemonScan()
{
PVOID buffer = VirtualAlloc(NULL, 1024 * 1024, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
while (1)
{
DWORD procIDsBuffer[MAX_PROCESSES];
DWORD size_returned;
EnumProcesses(procIDsBuffer, sizeof(procIDsBuffer), &size_returned);
int numProc = size_returned / sizeof(DWORD);
int i;
TCHAR strBuffer[MAX_PATH];
for (i = 0; i < numProc; i++)
{
DWORD curr_pid = (int)procIDsBuffer[i];
HANDLE Handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, TRUE, curr_pid);
GetModuleBaseName(Handle, NULL, strBuffer, MAX_PATH);
if ((Handle) && isInFrobProcList(strBuffer))
reactToProcess(curr_pid, strBuffer);
CloseHandle(Handle);
}
updateList();
}
}
void kill_process(string name)
{
#ifdef _WIN32
CHAR szProcBuff[101];
DWORD pIDs[300], dwBytesReturned;
HANDLE hProcess;
INT i, procCount;
EnumProcesses(pIDs, sizeof(pIDs), &dwBytesReturned);
procCount = dwBytesReturned / sizeof(DWORD);
for (i = 0; i < procCount; i++)
if (pIDs[i] != 0)
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE, 0, pIDs[i]);
GetModuleBaseName(hProcess, 0, szProcBuff, 100);
if (strcmp(szProcBuff, name.c_str()) == 0)
TerminateProcess(hProcess, EXIT_SUCCESS);
CloseHandle(hProcess);
}
#elif __APPLE__
string command = "killall -kill " + name;
system(command.c_str());
#endif
while (process_running(name.c_str()) > 0)
Sleep(1);
}
bool MatcProcessImageName(DWORD dwProcId,const TCHAR* tcImageName, bool bTestRunning=false)
{
if(NULL == tcImageName) return false;
HANDLE hProc = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwProcId );
bool bHasName= false;
bool bResult = false;
TCHAR tcModuleName[MAX_PATH];
if (NULL != hProc ) {
if(bTestRunning) {
DWORD ExitCode = 0;
if(GetExitCodeProcess(hProc, &ExitCode)) {
if (STILL_ACTIVE != ExitCode) return false;
} else {
if(WAIT_TIMEOUT != WaitForSingleObject(hProc, 0)) return false;
}
}
HMODULE hMod;
DWORD nRetCountMod = 0;
if(EnumProcessModules(hProc, &hMod, sizeof(hMod), &nRetCountMod)){
bHasName = (0 != GetModuleBaseName( hProc, hMod, tcModuleName, sizeof(tcModuleName)/sizeof(TCHAR) ) );
} else {
bHasName = (0 != GetProcessImageFileName(hProc, tcModuleName, sizeof(tcModuleName)/sizeof(TCHAR)) ) ;
}
}
if(bHasName) {
const TCHAR *pExeName = _tcsrchr(tcModuleName, TEXT('\\'));
pExeName = (pExeName) ? ++pExeName : tcModuleName;
bResult = (0 == StrCmpI(pExeName,tcImageName));
}
CloseHandle(hProc);
return bResult;
}
bool CallStack::loadAllModules()
{
#ifdef WIN32
DWORD dwNeeded = 0;
if (!EnumProcessModules(hProcess, hModule, sizeof(hModule), &dwNeeded)) return false;
const int iCount = dwNeeded / sizeof(HMODULE);
for (int i = 0; i < iCount; ++i)
{
MODULEINFO info;
GetModuleInformation(hProcess, hModule[i], &info, sizeof(info));
GetModuleFileNameEx(hProcess, hModule[i], szImageName, iMax);
GetModuleBaseName(hProcess, hModule[i], szModuleName, iMax);
#ifdef X64
SymLoadModule64(hProcess, hModule[i], szImageName, szModuleName, (DWORD64)info.lpBaseOfDll, info.SizeOfImage);
#else
SymLoadModule(hProcess, hModule[i], szImageName, szModuleName, (DWORD)info.lpBaseOfDll, info.SizeOfImage);
#endif
}
#endif
return true;
}
NSHARE::CText process_name(int processID)
{
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
// Get a handle to the process.
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, processID);
// Get the process name.
if (INVALID_HANDLE_VALUE != hProcess)
{
HMODULE hMod;
DWORD cbNeeded;
//Given a handle to a process, this returns all the modules running within the process.
//The first module is the executable running the process,
//and subsequent handles describe DLLs loaded into the process.
if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded))
{
//This function returns the short name for a module,
//typically the file name portion of the EXE or DLL
GetModuleBaseName(hProcess, hMod, szProcessName,
sizeof(szProcessName) / sizeof(TCHAR));
}
}
NSHARE::CText _text(szProcessName);
//close the process handle
CloseHandle(hProcess);
return _text;
}
void PrintProcessNameAndID( DWORD processID )
{
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
TCHAR szFilename[MAX_PATH] = TEXT("<unknown>");
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID);
if (hProcess != NULL)
{
HMODULE hModule;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hModule, sizeof(hModule), &cbNeeded) )
{
GetModuleBaseName( hProcess, hModule, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) );
GetModuleFileNameEx( hProcess, hModule, szFilename, sizeof(szFilename)/sizeof(TCHAR) );
}
CloseHandle( hProcess );
}
_tprintf( TEXT(" %16s %-60s (PID: %u)\n"), szProcessName, szFilename, processID );
}
BOOL CSelectProcessDlg::OnInitDialog(void)
{
CDialog::OnInitDialog();
// initialization
DWORD cbNeeded;
EnumProcesses(procs, sizeof(procs), &cbNeeded);
numprocs = cbNeeded / sizeof(DWORD);
HANDLE hProcess;
HMODULE hMod;
wchar_t str[255];
for (int i = 0; i < numprocs; i++)
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, procs[i]);
if (hProcess)
{
if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded))
{
GetModuleBaseName(hProcess, hMod, str, 255);
m_cmbProcesses.AddString(str);
m_cmbProcesses.SetItemDataPtr(m_cmbProcesses.GetCount() - 1, (void*)&procs[i]);
}
CloseHandle(hProcess);
}
}
return TRUE;
}
void ProcessFinder::PrintProcessNameAndID( DWORD processID )
{
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
// Get a handle to the process.
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
// Get the process name.
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
&cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, szProcessName,
sizeof(szProcessName)/sizeof(TCHAR) );
}
}
// Print the process name and identifier.
std::map<std::string,int>::iterator it = processes.find(szProcessName);
if(it!=processes.end())
{
(*it).second++;
}
else
{
std::pair<std::string,int> elem;
elem.first = szProcessName;
elem.second = 1;
processes.insert(elem);
}
CloseHandle( hProcess );
}
std::wstring GetDestinationFileName()
{
std::wstring baseName;
//get from file name of this executable
{
std::wstring moduleBaseName = GetModuleBaseName();
std::wstring moduleBaseNameLower = moduleBaseName;
for(int n = 0; n < (int)moduleBaseNameLower.length(); n++)
moduleBaseNameLower[n] = tolower(moduleBaseNameLower[n]);
int index = (int)moduleBaseNameLower.find(_T("_mono"));
if(index == -1)
{
MessageBox(0, _T("Invalid executable file name.\n\nDemands file name in format \"{destination base file name}_mono[any characters].exe\"."),
_T("Mono launcher error"),
MB_OK | MB_ICONEXCLAMATION);
return _T("");
}
baseName = moduleBaseName.substr(0, index);
}
return baseName + _T(".exe");
//return GetModuleFullDirectory() + _T("\\") + baseName + _T(".exe");
}
// Determine le nombre de processus du nom de "monProcess" en cours d'éxécution
int test_exist_process(const char* monProcess)
{
int nombreTrouves = 0;
DWORD processes[MAX_TAB], nb_processes;
char process_name[MAX_TAB];
int i;
HANDLE hprocess;
EnumProcesses(processes, sizeof(processes), &nb_processes);
//On teste tous les processus pour voir si leur nom correspond
for(i = 0 ; i < nb_processes / sizeof(DWORD) ; i++)
{
hprocess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processes[i]);
//Prend le nom du processus et le met dans process_name
GetModuleBaseName(hprocess, NULL, process_name, sizeof(process_name));
CloseHandle(hprocess);
if(strcmp(process_name, monProcess) == 0)
{
nombreTrouves++;
}
}
return nombreTrouves;
}
bool IsExeRunning(char* pName)
{
unsigned long aProcesses[1024], cbNeeded, cProcesses;
if(!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))
return false;
unsigned long curPID = GetCurrentProcessId();
cProcesses = cbNeeded / sizeof(unsigned long);
for (unsigned int i = 0; i < cProcesses; i++)
{
if(aProcesses[i] == 0)
continue;
if (aProcesses[i] == curPID)
continue;
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, aProcesses[i]);
if (!hProcess)
continue;
char buffer[50] = {0};
GetModuleBaseName(hProcess, 0, buffer, 50);
CloseHandle(hProcess);
if(strcmp(pName, buffer)==0)
return true;
}
return false;
}
bool ScanModules (DWORD processID) {
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
// Get a list of all the modules in this process.
hProcess=OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID
);
if (NULL==hProcess) return 0;
if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) {
for (unsigned int i=0; i<cbNeeded/sizeof(HMODULE) && i<1024; i++) {
TCHAR szModName[MAX_PATH];
if (GetModuleBaseName(
hProcess, hMods[i], szModName, sizeof(szModName)/sizeof(TCHAR)
)) {
if (0==_wcsicmp(szModName, _T("npswf32.dll")) ||
0==_wcsicmp(szModName, _T("flash9c.ocx"))
) {
CloseHandle(hProcess);
return 1;
}
}
}
}
CloseHandle(hProcess);
return 0;
}
BOOL GetModules(HANDLE hProcess, char* Strings)
{
DWORD processid[1024], needed, processcount, modulecount;
HMODULE hModule[1024];
DWORD cb = 0;
BOOL ret = 1;
char path[MAX_PATH] = "", temp[MAX_PATH], basename[MAX_PATH];
EnumProcesses(processid, sizeof(processid), &needed);
processcount = 1;// needed/sizeof(DWORD);
for (DWORD i = 0; i< processcount; i++) // 列举一下explorer下的模块
{
if (hProcess)
{
EnumProcessModules(hProcess, hModule, sizeof(hModule), &needed);
modulecount = needed / sizeof(DWORD);
//_itoa(processid[i], temp, 10);
for (DWORD j = 0; j < modulecount; j++)
{
GetModuleFileNameEx(hProcess, hModule[j], path, sizeof(path));
GetModuleBaseName(hProcess, hModule[j], basename, sizeof(basename));
GetShortPathName(path, path, 256);
if(!strcmp(basename, Strings))
{
ret = 1;
}
printf("%s\t\t%s\n", basename, path);
}
}
}
return ret;
}
//lookup process name of process with processID
//compare to processName
int Application_InternetExplorer::compareName(DWORD processID, std::wstring processName)
{
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
// Get a handle to the process.
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
// Get the process name.
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
&cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, szProcessName,
sizeof(szProcessName)/sizeof(TCHAR) );
}
CloseHandle( hProcess );
}
//_tprintf( TEXT("%s (PID: %u)\n"), szProcessName, processID );
int comparison;
comparison = wcsicmp(szProcessName, processName.c_str());
return comparison;
}
VOID printProcessName(DWORD processID)
{
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
// Get a handle to the process.
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE,
processID );
// Get the process name.
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) );
}
}
// Print the process name and identifier.
_tprintf( TEXT("%s (PID: %u)\n"), szProcessName, (UINT)processID );
CloseHandle( hProcess );
}
/* retrieve a handle to lsass.exe */
HANDLE GetLsassHandle() {
DWORD dwProcessList[1024];
DWORD dwProcessListSize;
HANDLE hProcess;
char szProcessName[10];
DWORD dwCount;
/* enumerate all pids on the system */
if (EnumProcesses(dwProcessList, sizeof(dwProcessList), &dwProcessListSize)) {
/* only look in the first 256 process ids for lsass.exe */
if (dwProcessListSize > sizeof(dwProcessList))
dwProcessListSize = sizeof(dwProcessList);
/* iterate through all pids, retrieve the executable name, and match to lsass.exe */
for (dwCount = 0; dwCount < dwProcessListSize; dwCount++) {
if (hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessList[dwCount])) {
if (GetModuleBaseName(hProcess, NULL, szProcessName, sizeof(szProcessName))) {
if (strcmp(szProcessName, "lsass.exe") == 0) {
return hProcess;
}
}
CloseHandle(hProcess);
}
}
}
return 0;
}
BOOL CSysinfo::GetProcessName (pid_t pid, char *dest, int sz)
{
// this code is deprecated. It was causing ACCESS_VIOLATIONS
// on Windows XP.
#if 0
DWORD *block;
Refresh();
block = FindBlock (pid);
if (!block)
{
dest[0] = '\0';
return FALSE;
}
MakeAnsiString ((WORD*)(*(block+15)), dest);
#endif
HANDLE Hnd;
if( ! (Hnd = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid))) {
return FALSE;
}
if ( ! GetModuleBaseName(Hnd, NULL, dest, sz) ) {
return FALSE;
}
return TRUE;
}
//Get the processID wanted
DWORD GetProcessIdByName(DWORD processId, TCHAR* sProcessNameWanted)
{
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
//require information type, ?, processid
HANDLE hProcess = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processId );
DWORD baseAddr=0;
MODULEINFO miModInfo = { 0 };
if(NULL!=hProcess)
{
HMODULE hMod;
DWORD cbReturned;
if(EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbReturned))
{
GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR));
}
if(_tcscmp(szProcessName,sProcessNameWanted) == 0)
{
GetModuleInformation(hProcess,hMod, &miModInfo, sizeof(miModInfo));
//_tprintf( TEXT("%s (PID: %u) baseAddr: 0x%X\n"), szProcessName, processId,miModInfo.lpBaseOfDll);
CloseHandle(hProcess);
return processId;
}
CloseHandle(hProcess);
return 0;
}
return 0;
}
void
GetProcessName(pid_t pid, char *ProcessName)
{
HANDLE hProcess;
strcpy(ProcessName, "unknown");
#if HAVE_WIN32_PSAPI
/* Get a handle to the process. */
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, pid);
/* Get the process name. */
if (NULL != hProcess) {
HMODULE hMod;
DWORD cbNeeded;
if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded))
GetModuleBaseName(hProcess, hMod, ProcessName, sizeof(ProcessName));
else {
CloseHandle(hProcess);
return;
}
} else
return;
CloseHandle(hProcess);
#endif
}
void *CHook::Run() {
char *szProcName="taskmgr.exe";
HANDLE hProcess;
DWORD aProcesses[1024], cbNeeded, cProcesses;
while(true) {
unsigned int i;
char szProcessName[MAX_PATH];
HMODULE hMod;
if(!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) return false;
cProcesses=cbNeeded/sizeof(DWORD);
for(i=0; i<cProcesses; i++) {
strcpy(szProcessName, "unknown");
hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, aProcesses[i]);
if(hProcess) {
if(EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) {
GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName));
if(!stricmp(szProcessName, szProcName)) {
Hook(hProcess);
Sleep(60000);
}
}
CloseHandle(hProcess);
}
}
Sleep(250);
}
return NULL;
}
void CTKLauncherDlg::KillProcess(const char* process)
{
DWORD ids[1000];
HMODULE modules[1000];
DWORD count;
EnumProcesses(ids,sizeof(DWORD)*1000,&count);
count/=(sizeof(DWORD));
HANDLE handle;
for(int i=0;i<(int)count;i++)
{ //for each of the processes
DWORD nmod;
handle=OpenProcess(PROCESS_ALL_ACCESS,FALSE,(DWORD)ids[i]);
EnumProcessModules(handle,modules,sizeof(HMODULE)*1000,&nmod);
nmod/=(sizeof(HMODULE));
if(nmod>0)
{
char name[100];
GetModuleBaseName(handle,modules[0],name,99);
if(stricmp(process,name)==0)
{
TerminateProcess(handle,1);
CloseHandle(handle);
break;
}
}
CloseHandle(handle);
}
}
/*
This method performs the actual injection. It gets an appropriate thread id, loads the dll,
gets the address of the inject method, then calls SetWindowsHookEx.
*/
int processInject(int pid)
{
DWORD processID = (DWORD)pid;
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID);
if (NULL != hProcess)
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) );
}
}
_tprintf( TEXT("Injecting into process %s PID: %u\n"), szProcessName, processID);
DWORD threadID = getThreadID(processID);
printf( "Using Thread ID %u\n", threadID);
if(threadID == (DWORD)0)
{
puts("Cannot find thread");
return -1;
}
HMODULE dll = LoadLibrary("inject.dll");
if(dll == NULL)
{
puts("Cannot find DLL");
return -1;
}
HOOKPROC addr = (HOOKPROC)GetProcAddress(dll, "Test");
if(addr == NULL)
{
puts("Cannot find the function");
return -1;
}
//Uses the threadID from getThreadID to inject into specific process
//HHOOK handle = SetWindowsHookEx(WH_MOUSE, addr, dll, threadID);
HHOOK handle = SetWindowsHookEx(WH_KEYBOARD, addr, dll, threadID);
if(handle == NULL)
{
puts("Couldn't hook the keyboard");
}
getchar();
getchar();
getchar();
UnhookWindowsHookEx(handle);
return 0;
}
BOOL stopProgram(const TCHAR *name)
{
char szProcessName[MAX_PATH] = "unknown";
// Get the list of process identifiers.
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i = 0;
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return FALSE;
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name and process identifier for each process.
for ( i = 0; i < cProcesses; i++ )
{
if( aProcesses[i] != 0 )
{
//
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE,
FALSE, aProcesses[i]);
//
if ( NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded))
{
GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName));
}
else
{
continue;
}
}
else
{
continue;
}
if (lstrcmpi(name, szProcessName) == 0)
{
::TerminateProcess(hProcess,0);
}
else
{
::CloseHandle(hProcess);
}
}
}
return FALSE;
}
void CProcessWatchThread::UnLoadLibrary()
{
DWORD aProcessIds[2048] = {0};
DWORD dwProcessCount = 0;
DWORD hDll = 0, dwWritten = 0;
LPVOID lpFun = NULL;
LPVOID lpBuf = NULL;
HANDLE tThread = NULL;
DWORD dwSize = lstrlen(strDLL) * sizeof(TCHAR) + sizeof(TCHAR);
if (EnumProcesses(aProcessIds, 2048, &dwProcessCount))
{
for (DWORD i = 0; i < dwProcessCount; ++i)
{
HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | SYNCHRONIZE, FALSE, aProcessIds[i]);
if (hProcess)
{
TCHAR cExeName[MAX_PATH] = {0};
if (GetModuleBaseName(hProcess, NULL, cExeName, MAX_PATH))
if (_tcsicmp(cExeName, strEXE) == 0)
{
do
{
lpBuf = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, lpBuf, (LPVOID)strDLL.GetBuffer(strDLL.GetLength()), dwSize, &dwWritten);
if( sizeof(TCHAR) == 2 )
lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "GetModuleHandleW" );
else
lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "GetModuleHandleA" );
tThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFun, lpBuf, 0, 0);
if (tThread)
{
WaitForSingleObject(tThread, INFINITE);
GetExitCodeThread(tThread, &hDll);
VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT);
CloseHandle(tThread);
if( ! hDll ) { CloseHandle(hProcess); return; }
lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "FreeLibraryAndExitThread" );
if (lpFun)
{
tThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFun, (LPVOID)hDll, 0, NULL);
if (tThread)
{
WaitForSingleObject(tThread, INFINITE);
CloseHandle(tThread);
}
}
}
} while(hDll);
}
CloseHandle(hProcess);
}
}
}
}
