int GetModules(DWORD processID)
{
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
unsigned int i;
processID = GetCurrentProcessId();
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID);
if (NULL == hProcess)
return 1;
if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
{
for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
{
TCHAR szModName[MAX_PATH];
wstring arr_w(szModName);
string arr_s(arr_w.begin(), arr_w.end());
if (GetModuleFileNameEx(hProcess, hMods[i], szModName,
sizeof(szModName) / sizeof(TCHAR)))
{
//_tprintf(TEXT("\\t%s (0x%08X)\\n"), szModName, hMods[i]);
transform(arr_s.begin(), arr_s.end(), arr_s.begin(), ::toupper);
if (arr_s.find("CUCKOOMON.DLL") != std::string::npos) {
createAndWriteFile("cuckoomondll.txt");
printf("Cuckoo detected (cuckoomon.dll)\n");
}
}
}
}
CloseHandle(hProcess);
return 0;
}
string Gesture::getForegroundFilename() {
string filename = "";
HWND hwnd = GetForegroundWindow();
DWORD result = 0;
DWORD processID = 0;
GetWindowThreadProcessId(hwnd, &processID);
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
unsigned int i;
// Get a handle to the process.
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID);
if (NULL == hProcess)
return false;
TCHAR szModName[MAX_PATH];
// Get the full path to the module's file.
if (GetModuleFileNameEx(hProcess, NULL, szModName, sizeof(szModName) / sizeof(TCHAR))) {
// Convert full filename to string
std::wstring arr_w(szModName);
std::string fullFilename(arr_w.begin(), arr_w.end());
// Get executable name only
vector<string> parts = explode(fullFilename, '\\');
if (parts.size() > 0)
filename = parts.back();
}
CloseHandle(hProcess);
return filename;
}
