int isThisProcessID( DWORD processID, const char * name )
{
CHAR szProcessName[MAX_PATH];
BOOL rc = 0;
DWORD len = MAX_PATH;
char * p = 0;
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID );
memset(szProcessName, 0, sizeof(szProcessName));
if (hProcess != NULL)
{
// Get the process name.
rc = GetProcessImageFileNameA(hProcess, szProcessName, len);
if (rc > 0)
{
//printf( "%s (PID: %u)\n", szProcessName, processID );
p = strstr(szProcessName, name);
if (p != NULL)
{
//printf("p: %s\n", p);
if( _stricmp(p, name) == 0)
{
CloseHandle( hProcess );
return 1;
}
}
}
}
// Release the handle to the process.
CloseHandle( hProcess );
return 0;
}
int APIENTRY WinMain( HINSTANCE, HINSTANCE, LPSTR, int )
{
// data
HANDLE hProc;
DWORD dwPID;
HANDLE hThread;
PBYTE pData;
PBYTE pCode;
InjData injData;
// prepare data to be injected
injData.fnCreateProcess = &CreateProcessA;
injData.fnGetAsyncKeyState = &GetAsyncKeyState;
injData.fnSleep = &Sleep;
injData.fnMessageBox = &MessageBoxA;
strcpy( injData.szCmd, PROCESS_COMMAND );
memset( &injData.si, 0, sizeof( injData.si ) );
injData.si.cb = sizeof( injData.si );
memset( &injData.pi, 0, sizeof( injData.pi ) );
// Step 1: Find and gain access to process
DWORD nProcesses;
DWORD processIDs[MAX_PROCESS_IDS];
EnumProcesses( processIDs, sizeof( processIDs ), &nProcesses );
nProcesses /= sizeof( DWORD );
for ( DWORD i = 0; i < nProcesses; ++i )
{
hProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, processIDs[i] );
if ( hProc )
{
char szProcName[MAX_PATH];
GetProcessImageFileNameA( hProc, szProcName, sizeof( szProcName ) );
if ( std::string( szProcName ).find( PROCESS_NAME ) != std::string::npos )
{
dwPID = i;
break;
}
}
}
// Step 2: Allocate block of memory for data in remote process
pData = (PBYTE)VirtualAllocEx( hProc, NULL, DATA_CHUNK_SIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
ASSERT( pData != NULL, "allocating memory for data failed =(" );
// Step 3: Copy data to remote process
ASSERT( WriteProcessMemory( hProc, pData, &injData, sizeof( InjData ), NULL ), "copying data to memory failed =(" );
// Step 4: Allocate block of memory for code in remote process
pCode = (PBYTE)VirtualAllocEx( hProc, NULL, CODE_CHUNK_SIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
ASSERT( pCode != NULL, "allocating memory for code failed =(" );
// Step 5: Copy function to remote process
#pragma warning( disable : 4311 )
ASSERT( WriteProcessMemory( hProc, pCode, &ThreadFunc, (SIZE_T)&DummyFunc - (SIZE_T)&ThreadFunc, NULL ), "copying function to memory failed =(" );
#pragma warning( default : 4311 )
// Step 6: Create remote thread!
hThread = CreateRemoteThread( hProc, NULL, 0, (LPTHREAD_START_ROUTINE)pCode, pData, 0, NULL );
ASSERT( hThread != NULL, "creating thread failed =(" )
return 0;
}
R_API char *r_sys_pid_to_path(int pid) {
#if __WINDOWS__
BOOL WINAPI (*QueryFullProcessImageNameA) (HANDLE, DWORD, LPTSTR, PDWORD);
DWORD WINAPI (*GetProcessImageFileNameA) (HANDLE, LPTSTR, DWORD);
HANDLE kernel32 = LoadLibrary ("Kernel32.dll");
if (!kernel32) {
eprintf ("Error getting the handle to Kernel32.dll\n");
return NULL;
}
QueryFullProcessImageNameA = GetProcAddress (kernel32, "QueryFullProcessImageNameA");
if (!QueryFullProcessImageNameA) {
// QueryFullProcessImageName does not exist before Vista, fallback to GetProcessImageFileName
HANDLE psapi = LoadLibrary ("Psapi.dll");
if (!psapi) {
eprintf ("Error getting the handle to Psapi.dll\n");
return NULL;
}
GetProcessImageFileNameA = GetProcAddress (psapi, "GetProcessImageFileNameA");
if (!GetProcessImageFileNameA) {
eprintf ("Error getting the address of GetProcessImageFileNameA\n");
return NULL;
}
}
HANDLE handle = NULL;
TCHAR filename[MAX_PATH];
DWORD maxlength = MAX_PATH;
handle = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (handle != NULL) {
if (QueryFullProcessImageNameA) {
if (QueryFullProcessImageNameA (handle, 0, filename, &maxlength) == 0) {
eprintf("Error calling QueryFullProcessImageNameA\n");
CloseHandle (handle);
return NULL;
}
} else {
if (GetProcessImageFileNameA (handle, filename, maxlength) == 0) {
eprintf("Error calling GetProcessImageFileNameA\n");
CloseHandle (handle);
return NULL;
}
}
CloseHandle (handle);
return strdup (filename);
}
return NULL;
#elif __APPLE__
char pathbuf[PROC_PIDPATHINFO_MAXSIZE];
pathbuf[0] = 0;
int ret = proc_pidpath (pid, pathbuf, sizeof (pathbuf));
if (ret <= 0)
return NULL;
return strdup (pathbuf);
#else
int ret;
char buf[128], pathbuf[1024];
#if __FreeBSD__
snprintf (buf, sizeof (buf), "/proc/%d/file", pid);
#else
snprintf (buf, sizeof (buf), "/proc/%d/exe", pid);
#endif
ret = readlink (buf, pathbuf, sizeof (pathbuf)-1);
if (ret<1)
return NULL;
pathbuf[ret] = 0;
return strdup (pathbuf);
#endif
}
BOOL
CProcessControl::Get(
__in BOOL bCurrentProc,
__in ULONG ulPid,
__out LPSTR lpOutBuf,
__in ULONG ulOutBufSizeCh
)
{
BOOL bRet = FALSE;
HANDLE hProc = NULL;
DWORD dwProcPathLenCh = 0;
CHAR chProcPathDev[MAX_PATH] = {0};
CHAR chVolNameDev[MAX_PATH] = {0};
CHAR chVolName[MAX_PATH] = {0};
__try
{
if (!lpOutBuf || !ulOutBufSizeCh || (!bCurrentProc && !ulPid))
{
printfPublic("input arguments error. %d %d 0x%p %d", bCurrentProc, ulPid, lpOutBuf, ulOutBufSizeCh);
__leave;
}
ZeroMemory(lpOutBuf, ulOutBufSizeCh * sizeof(CHAR));
if (bCurrentProc)
{
if (!CModulePath::Get(NULL, lpOutBuf, ulOutBufSizeCh))
{
printfPublic("Get failed");
__leave;
}
bRet = TRUE;
__leave;
}
hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, ulPid);
if (!hProc)
{
printfPublic("OpenProcess failed. (%d)", GetLastError());
__leave;
}
if (m_QueryFullProcessImageNameA)
{
dwProcPathLenCh = ulOutBufSizeCh;
if (!m_QueryFullProcessImageNameA(hProc, 0, lpOutBuf, &dwProcPathLenCh))
{
printfPublic("QueryFullProcessImageName failed. (%d)", GetLastError());
__leave;
}
bRet = TRUE;
__leave;
}
if (!GetProcessImageFileNameA(hProc, chProcPathDev, _countof(chProcPathDev)))
{
printfPublic("GetProcessImageFileName failed. (%d)", GetLastError());
__leave;
}
strcat_s(chVolName, _countof(chVolName), "A:");
for (; _T('Z') >= *chVolName; (*chVolName)++)
{
ZeroMemory(chVolNameDev, sizeof(chVolNameDev));
if (!QueryDosDeviceA(chVolName, chVolNameDev, _countof(chVolNameDev)))
{
if (2 == GetLastError())
continue;
else
{
printfPublic("QueryDosDevice failed. (%d)", GetLastError());
__leave;
}
}
if (0 == _strnicmp(chProcPathDev, chVolNameDev, strlen(chVolNameDev)))
{
bRet = TRUE;
break;
}
}
if (bRet)
{
strcat_s(lpOutBuf, ulOutBufSizeCh, chVolName);
strcat_s(lpOutBuf, ulOutBufSizeCh, chProcPathDev + strlen(chVolNameDev));
}
}
__finally
{
if (hProc)
{
CloseHandle(hProc);
hProc = NULL;
}
}
return bRet;
}
void Process::processNameEx(){
DWORD dwRtnCode = 0;
DWORD size = 1024; //Надеемся что влезет
_pName = (LPSTR)GlobalAlloc(
GMEM_FIXED,
size);
if (_pName == NULL) {
DWORD dwErrorCode = 0;
dwErrorCode = GetLastError();
throw(ProcessException("GlobalAlloc error = ",dwErrorCode));
}
dwRtnCode = GetProcessImageFileNameA(_handle,_pName,size);
if (dwRtnCode == 0){
DWORD error = GetLastError();
throw(ProcessException("GetProcesImageFileName error ",error));
}
}
