bool BruteforceProcessIds() { HANDLE hProcess = NULL; DWORD dwExitCode = 0; ULONG ulHiddenProcesses = 0, ulScannedProccesses = 0; for ( DWORD dwProcessId = 0; dwProcessId < 0x83B8; dwProcessId += 4) { if ( dwProcessId == 0 || dwProcessId == 4 ) continue; hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwProcessId); if ( hProcess == NULL ) { if ( GetLastError() != ERROR_INVALID_PARAMETER ) { // If the error code is other than // ERROR_INVALID_PARAMETER that means this // process exists but we are not able to open. //check if this process is already discovered //using standard API functions. if( !ProcessExist(dwProcessId) ) { printf("Hidden process found pid=%d\n", dwProcessId); ulHiddenProcesses++; } } continue; } ulScannedProccesses++; dwExitCode = 0; GetExitCodeProcess( hProcess, &dwExitCode ); // check if this is active process... // only active process will return error // code as ERROR_NO_MORE_ITEMS if( dwExitCode == ERROR_NO_MORE_ITEMS ) { // // check if this process is already discovered // process should not exist // if( !ProcessExist(dwProcessId) ) { printf("Hidden process found pid=%d\n", dwProcessId); ulHiddenProcesses++; } } CloseHandle(hProcess); } return ulHiddenProcesses > 0 ? true : false; }
void CALLBACK TimerProc( HWND hWnd, UINT uMsg, UINT_PTR idEvent, DWORD dwTime ) { if( idEvent == TIMER ) { if( checkConfig.checkProcess && !ProcessExist( TARGET_NAME ) ) { DoShutdown( hWnd, 1 ); } else if( checkConfig.checkNet && !ProcessTcpExist( TARGET_NAME ) ) { DoShutdown( hWnd, 2 ); } else { char info[512]; sprintf( info, "%sН§н┌н╦лл", TARGET_NAME ); SetWindowText( hWnd, info ); } } }