bool BruteforceProcessIds()
{
HANDLE hProcess = NULL;
DWORD dwExitCode = 0;
ULONG ulHiddenProcesses = 0, ulScannedProccesses = 0;
for ( DWORD dwProcessId = 0; dwProcessId < 0x83B8; dwProcessId += 4)
{
if ( dwProcessId == 0 || dwProcessId == 4 )
continue;
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwProcessId);
if ( hProcess == NULL )
{
if ( GetLastError() != ERROR_INVALID_PARAMETER )
{
// If the error code is other than
// ERROR_INVALID_PARAMETER that means this
// process exists but we are not able to open.
//check if this process is already discovered
//using standard API functions.
if( !ProcessExist(dwProcessId) )
{
printf("Hidden process found pid=%d\n", dwProcessId);
ulHiddenProcesses++;
}
}
continue;
}
ulScannedProccesses++;
dwExitCode = 0;
GetExitCodeProcess( hProcess, &dwExitCode );
// check if this is active process...
// only active process will return error
// code as ERROR_NO_MORE_ITEMS
if( dwExitCode == ERROR_NO_MORE_ITEMS )
{
//
// check if this process is already discovered
// process should not exist
//
if( !ProcessExist(dwProcessId) )
{
printf("Hidden process found pid=%d\n", dwProcessId);
ulHiddenProcesses++;
}
}
CloseHandle(hProcess);
}
return ulHiddenProcesses > 0 ? true : false;
}
void CALLBACK TimerProc( HWND hWnd, UINT uMsg, UINT_PTR idEvent, DWORD dwTime )
{
if( idEvent == TIMER )
{
if( checkConfig.checkProcess && !ProcessExist( TARGET_NAME ) )
{
DoShutdown( hWnd, 1 );
}
else if( checkConfig.checkNet && !ProcessTcpExist( TARGET_NAME ) )
{
DoShutdown( hWnd, 2 );
}
else
{
char info[512];
sprintf( info, "%sН§н┌н╦лл", TARGET_NAME );
SetWindowText( hWnd, info );
}
}
}
