//////////////////////////////////////////////////////////////////////////////
// PopulateModules
//
// Populate the module list using PSAPI
//////////////////////////////////////////////////////////////////////////////
BOOL CPsapiHandler::PopulateModules(CModuleInstance* pProcess)
{
BOOL bResult = TRUE;
CModuleInstance *pDllModuleInstance = NULL;
if (TRUE == Initialize())
{
DWORD pidArray[1024];
DWORD cbNeeded;
DWORD nProcesses;
// EnumProcesses returns an array with process IDs
if (m_pfnEnumProcesses(pidArray, sizeof(pidArray), &cbNeeded))
{
// Determine number of processes
nProcesses = cbNeeded / sizeof(DWORD);
// Release the container
pProcess->ReleaseModules();
for (DWORD i = 0; i < nProcesses; i++)
{
HMODULE hModuleArray[1024];
HANDLE hProcess;
DWORD pid = pidArray[i];
DWORD nModules;
// Let's open the process
hProcess = ::OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, pid);
if (!hProcess)
continue;
if (static_cast<CExeModuleInstance*>(pProcess)->Get_ProcessId() != pid)
{
::CloseHandle(hProcess);
continue;
}
// EnumProcessModules function retrieves a handle for
// each module in the specified process.
if (!m_pfnEnumProcessModules(
hProcess, hModuleArray,
sizeof(hModuleArray), &cbNeeded))
{
::CloseHandle(hProcess);
continue;
}
// Calculate number of modules in the process
nModules = cbNeeded / sizeof(hModuleArray[0]);
for (DWORD j = 0; j < nModules; j++)
{
HMODULE hModule = hModuleArray[j];
char szModuleName[MAX_PATH];
m_pfnGetModuleFileNameExA(
hProcess,
hModule,
szModuleName,
sizeof(szModuleName)
);
if (0 == j) // First module is the EXE.
{
// Do nothing.
} // if
else // Not the first module. It's a DLL
{
pDllModuleInstance = new CModuleInstance(
szModuleName,
hModule
);
pProcess->AddModule(pDllModuleInstance);
} // else
} // for
::CloseHandle(hProcess); // We're done with this process handle
} // for
bResult = TRUE;
} // if
else
{
bResult = FALSE;
}
} // if
else
{
bResult = FALSE;
}
return bResult;
}
//////////////////////////////////////////////////////////////////////////////
// PopulateProcess
//
// Populate all modules of a single process
//
//////////////////////////////////////////////////////////////////////////////
BOOL CPsapiHandler::PopulateProcess(DWORD dwProcessId, BOOL bPopulateModules)
{
BOOL bResult = TRUE;
CExeModuleInstance* pProcessInfo;
if (TRUE == Initialize())
{
m_pProcesses->ReleaseAll();
HMODULE hModuleArray[1024];
HANDLE hProcess;
DWORD nModules;
DWORD cbNeeded;
hProcess = ::OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE,
dwProcessId
);
if (hProcess)
{
if (!m_pfnEnumProcessModules(
hProcess,
hModuleArray,
sizeof(hModuleArray),
&cbNeeded
))
::CloseHandle(hProcess);
else
{
// Calculate number of modules in the process
nModules = cbNeeded / sizeof(hModuleArray[0]);
for (DWORD j = 0; j < nModules; j++)
{
HMODULE hModule = hModuleArray[j];
char szModuleName[MAX_PATH];
m_pfnGetModuleFileNameExA(
hProcess,
hModule,
szModuleName,
sizeof(szModuleName)
);
if (0 == j) // First module is the EXE. Just add it to the map
{
pProcessInfo = new CExeModuleInstance(
this,
szModuleName,
hModule,
dwProcessId
);
m_pProcesses->Add(*pProcessInfo);
if (bPopulateModules)
pProcessInfo->PopulateModules();
break;
} // if
} // for
::CloseHandle(hProcess);
} // if
} // if
} // if
else
{
bResult = FALSE;
}
return bResult;
}
BOOL CPsapiHandler::PopulateProcesses()
{
BOOL bResult = TRUE;
CExeModuleInstance* pProcessInfo;
if (TRUE == Initialize())
{
DWORD pidArray[1024];
DWORD cbNeeded;
DWORD nProcesses;
if (m_pfnEnumProcesses(pidArray, sizeof(pidArray), &cbNeeded))
{
// Determine number of processes
nProcesses = cbNeeded / sizeof(DWORD);
m_pProcesses->ReleaseAll();
for (DWORD i = 0; i < nProcesses; i++)
{
HMODULE hModuleArray[1024];
HANDLE hProcess;
DWORD pid = pidArray[i];
DWORD nModules;
hProcess = OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, pid);
if (!hProcess)
continue;
if (!m_pfnEnumProcessModules(hProcess, hModuleArray,
sizeof(hModuleArray), &cbNeeded))
{
::CloseHandle(hProcess);
continue;
}
// Calculate number of modules in the process
nModules = cbNeeded / sizeof(hModuleArray[0]);
for (DWORD j = 0; j < nModules; j++)
{
HMODULE hModule = hModuleArray[j];
char szModuleName[MAX_PATH];
m_pfnGetModuleFileNameExA(hProcess, hModule,
szModuleName, sizeof(szModuleName));
if (0 == j) // First module is the EXE. Just add it to the map
{
pProcessInfo = new CExeModuleInstance(
szModuleName, hModule, pid);
m_pProcesses->Add(*pProcessInfo);
pProcessInfo->PopulateModules(this);
break;
} // if
} // for
::CloseHandle(hProcess);
} // for
bResult = TRUE;
} // if
else
{
bResult = FALSE;
}
} // if
else
{
bResult = FALSE;
}
return bResult;
}
