BOOL CToolhelpHandler::PopulateProcesses()
{
BOOL bResult = FALSE;
CExeModuleInstance* pProcessInfo;
HANDLE hSnapshot = INVALID_HANDLE_VALUE;
if (TRUE == Initialize())
{
hSnapshot = m_pfnCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
PROCESSENTRY32 pe32 = { sizeof(pe32) };
for (BOOL fOk = ProcessFirst(hSnapshot, &pe32); fOk; fOk = ProcessNext(hSnapshot, &pe32))
{
pProcessInfo = new CExeModuleInstance(
pe32.szExeFile, (HINSTANCE)pe32.th32ModuleID, pe32.th32ProcessID);
m_pProcesses->Add(*pProcessInfo);
pProcessInfo->PopulateModules(this);
} // for
if (hSnapshot != INVALID_HANDLE_VALUE)
::CloseHandle(hSnapshot);
bResult = TRUE;
}
return bResult;
}
BOOL CHookedFunction::ReplaceInAllModules(
BOOL bHookOrRestore,
PCSTR pszCalleeModName,
PROC pfnCurrent,
PROC pfnNew
)
{
BOOL bResult = FALSE;
if ((NULL != pfnCurrent) && (NULL != pfnNew))
{
BOOL bReplace = FALSE;
CExeModuleInstance *pProcess = NULL;
CTaskManager taskManager;
CModuleInstance *pModule;
//
// Retrieves information about current process and modules.
// The taskManager dynamically decides whether to use ToolHelp
// library or PSAPI
//
taskManager.PopulateProcess(::GetCurrentProcessId(), TRUE);
pProcess = taskManager.GetProcessById(::GetCurrentProcessId());
if (NULL != pProcess)
{
// Enumerates all modules loaded by (pProcess) process
for (int i = 0; i < pProcess->GetModuleCount(); i++)
{
pModule = pProcess->GetModuleByIndex(i);
bReplace =
(pModule->Get_Module() != ModuleFromAddress(CApiHookMgr::MyLoadLibraryA));
// We don't hook functions in our own modules
if (bReplace)
// Hook this function in this module
bResult = ReplaceInOneModule(
pszCalleeModName,
pfnCurrent,
pfnNew,
pModule->Get_Module()
) || bResult;
} // for
// Hook this function in the executable as well
bResult = ReplaceInOneModule(
pszCalleeModName,
pfnCurrent,
pfnNew,
pProcess->Get_Module()
) || bResult;
} // if
} // if
return bResult;
}
CExeModuleInstance* CRunningProcesses::GetProcessById(DWORD dwProcessId)
{
CExeModuleInstance* pResult = NULL;
CExeModuleInstance* pProcess;
for (DWORD i = 0; i < GetCount(); i++)
{
pProcess = static_cast<CExeModuleInstance*>( GetModule(i) );
if (pProcess->Get_ProcessId() == dwProcessId)
{
pResult = pProcess;
break;
} // if
} // for
return pResult;
}
//////////////////////////////////////////////////////////////////////////////
// PopulateProcess
//
// Populate all modules of a single process
//
//////////////////////////////////////////////////////////////////////////////
BOOL CToolhelpHandler::PopulateProcess(DWORD dwProcessId, BOOL bPopulateModules)
{
BOOL bResult = FALSE;
CExeModuleInstance* pProcessInfo;
HANDLE hSnapshot = INVALID_HANDLE_VALUE;
if (TRUE == Initialize())
{
hSnapshot = m_pfnCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, dwProcessId);
PROCESSENTRY32 pe32 = { sizeof(pe32) };
for (BOOL bOk = ProcessFirst(hSnapshot, &pe32); bOk; bOk = ProcessNext(hSnapshot, &pe32))
{
if ( (dwProcessId != NULL) && (dwProcessId != pe32.th32ProcessID) )
continue;
pProcessInfo = new CExeModuleInstance(
this,
pe32.szExeFile,
NULL, // We will fix up later this value
pe32.th32ProcessID
);
m_pProcesses->Add(*pProcessInfo);
if (bPopulateModules)
pProcessInfo->PopulateModules();
if (dwProcessId != NULL)
break;
} // for
if (hSnapshot != INVALID_HANDLE_VALUE)
::CloseHandle(hSnapshot);
bResult = TRUE;
}
return bResult;
}
//////////////////////////////////////////////////////////////////////////////
// PopulateProcess
//
// Populate all modules of a single process
//
//////////////////////////////////////////////////////////////////////////////
BOOL CPsapiHandler::PopulateProcess(DWORD dwProcessId, BOOL bPopulateModules)
{
BOOL bResult = TRUE;
CExeModuleInstance* pProcessInfo;
if (TRUE == Initialize())
{
m_pProcesses->ReleaseAll();
HMODULE hModuleArray[1024];
HANDLE hProcess;
DWORD nModules;
DWORD cbNeeded;
hProcess = ::OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE,
dwProcessId
);
if (hProcess)
{
if (!m_pfnEnumProcessModules(
hProcess,
hModuleArray,
sizeof(hModuleArray),
&cbNeeded
))
::CloseHandle(hProcess);
else
{
// Calculate number of modules in the process
nModules = cbNeeded / sizeof(hModuleArray[0]);
for (DWORD j = 0; j < nModules; j++)
{
HMODULE hModule = hModuleArray[j];
char szModuleName[MAX_PATH];
m_pfnGetModuleFileNameExA(
hProcess,
hModule,
szModuleName,
sizeof(szModuleName)
);
if (0 == j) // First module is the EXE. Just add it to the map
{
pProcessInfo = new CExeModuleInstance(
this,
szModuleName,
hModule,
dwProcessId
);
m_pProcesses->Add(*pProcessInfo);
if (bPopulateModules)
pProcessInfo->PopulateModules();
break;
} // if
} // for
::CloseHandle(hProcess);
} // if
} // if
} // if
else
{
bResult = FALSE;
}
return bResult;
}
BOOL CPsapiHandler::PopulateProcesses()
{
BOOL bResult = TRUE;
CExeModuleInstance* pProcessInfo;
if (TRUE == Initialize())
{
DWORD pidArray[1024];
DWORD cbNeeded;
DWORD nProcesses;
if (m_pfnEnumProcesses(pidArray, sizeof(pidArray), &cbNeeded))
{
// Determine number of processes
nProcesses = cbNeeded / sizeof(DWORD);
m_pProcesses->ReleaseAll();
for (DWORD i = 0; i < nProcesses; i++)
{
HMODULE hModuleArray[1024];
HANDLE hProcess;
DWORD pid = pidArray[i];
DWORD nModules;
hProcess = OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, pid);
if (!hProcess)
continue;
if (!m_pfnEnumProcessModules(hProcess, hModuleArray,
sizeof(hModuleArray), &cbNeeded))
{
::CloseHandle(hProcess);
continue;
}
// Calculate number of modules in the process
nModules = cbNeeded / sizeof(hModuleArray[0]);
for (DWORD j = 0; j < nModules; j++)
{
HMODULE hModule = hModuleArray[j];
char szModuleName[MAX_PATH];
m_pfnGetModuleFileNameExA(hProcess, hModule,
szModuleName, sizeof(szModuleName));
if (0 == j) // First module is the EXE. Just add it to the map
{
pProcessInfo = new CExeModuleInstance(
szModuleName, hModule, pid);
m_pProcesses->Add(*pProcessInfo);
pProcessInfo->PopulateModules(this);
break;
} // if
} // for
::CloseHandle(hProcess);
} // for
bResult = TRUE;
} // if
else
{
bResult = FALSE;
}
} // if
else
{
bResult = FALSE;
}
return bResult;
}