static void
remove_from_saved_permissions (const char *path, mode_t remove_mask)
{
GKeyFile *key_file;
char *key_file_path;
if (remove_mask == 0)
return;
key_file = g_key_file_new ();
key_file_path = get_key_file_path ();
if (g_key_file_load_from_file (key_file, key_file_path, 0, NULL))
{
mode_t need_mask;
mode_t remove_from_current_mask;
char *str;
need_mask = 0;
/* NULL GError */
str = g_key_file_get_string (key_file, path, "need_mask", NULL);
if (str)
{
guint i;
if (sscanf (str, "%o", &i) == 1) /* octal */
need_mask = i;
g_free (str);
}
remove_from_current_mask = need_mask & remove_mask;
remove_permissions (path, remove_from_current_mask);
need_mask &= ~remove_mask;
if (need_mask == 0)
{
/* NULL GError */
g_key_file_remove_group (key_file, path, NULL);
}
else
{
char buf[50];
g_snprintf (buf, sizeof (buf), "%o", (guint) need_mask); /* octal */
g_key_file_set_string (key_file, path, "need_mask", buf);
}
save_key_file (key_file_path, key_file);
}
g_key_file_free (key_file);
g_free (key_file_path);
}
// constructor sets instance vars
// args: pin: name of process to be scanned
Memscan::Memscan(string pin, PROCESS_MODE process_mode) {
if (pin.find(".exe") == string::npos) { pin.append(".exe"); } // appends '.exe' if extension not there
processImageName = pin;
// sets SIZE_SPECIFIED flag to false
vector<SIZE_T> s;
s.push_back(4); // default scan size is DWORD (4 bytes)
setSizeSpecified(false, s);
// sets BASEADDRESS and PROCESSHANDLE
if (processImageName.length() == 0) {
cerr << "Error: processImageName must be set." << endl;
exit(1);
}
// number of processses
DWORD num_processes = 100;
// contains all process ids
DWORD* process_ids = new DWORD[num_processes];
DWORD bytes_returned = 0;
// loop retrieves all process ids into process_ids
while (true) {
if (0 == EnumProcesses(process_ids, num_processes*sizeof(DWORD), &bytes_returned)) {
cerr << "Error: EnumProcesses() failed in " << basename(__FILE__) << ":" << __LINE__ << ". Last error: " << GetLastError() << "." << endl;
exit(1);
}
if (bytes_returned < (num_processes*sizeof(DWORD))) { break; }
num_processes *= 2;
delete[] process_ids;
process_ids = new DWORD[num_processes];
}
num_processes = bytes_returned / 4;
// contains handle of target process
HANDLE process_handle;
// virtual base address of target process (where .exe map begins)
HMODULE base_address;
// loops gets handle of process with specified image name
for (int i = 0; i < num_processes; i++) {
if (0 == process_ids[i]) { continue; } // ignore system process
// gets handle to process from process id
process_handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, process_ids[i]);
if (NULL == process_handle) {
if (ERROR_ACCESS_DENIED == GetLastError()) { continue; } // ignore idle processes and CSRSS processes
cerr << "Error: OpenProcess() failed in " << basename(__FILE__) << ":" << __LINE__ << ". Last error: " << GetLastError() << "." << endl;
exit(1);
}
DWORD temp_size = MAX_PATH;
// process name
wchar_t* temp_process_name = new wchar_t[temp_size];
// loop gets process name from process handle
while (true) {
if (0 == GetProcessImageFileName(process_handle, temp_process_name, temp_size)) {
cerr << "Error: GetProcessImageFileName() failed in " << basename(__FILE__) << ":" << __LINE__ << ". Last error: " << GetLastError() << "." << endl;
exit(1);
} else if (wcslen(temp_process_name) == (temp_size-1)) {
temp_size *= 2;
delete[] temp_process_name;
temp_process_name = new wchar_t[temp_size];
} else {
break;
}
}
// case insensitive name comparison
if (to_upper(to_wstring(processImageName)) == to_upper(basename(temp_process_name))) {
// if process name matches specified image name, get base address, then break (process handle will be closed later)
base_address = get_base_address(process_handle, temp_process_name);
if (NULL == base_address) {
cerr << "Error: get_base_address() failed in " << basename(__FILE__) << ":" << __LINE__ << ". Last error: " << GetLastError() << "." << endl;
exit(1);
}
delete[] temp_process_name;
break;
} else {
// if process name does not match specified image name, close handle, and continue
delete[] temp_process_name;
CloseHandle(process_handle);
process_handle = NULL;
}
}
delete[] process_ids;
if (NULL == process_handle) {
cerr << "Error: Unable to find process with image name " << processImageName << "." << endl;
exit(1);
} else {
processHandle = process_handle;
baseAddress = base_address;
}
// default SCANATTRIBUTE is NONE
scanAttribute = SCAN_ATTRIBUTE::NONE;
// first scan
RESCAN = false;
// sets mode
processMode = process_mode;
// removes permissions from pages of process being scanned
remove_permissions(processHandle, processMode);
// sets VAS_MIN, VAS_MAX
setVasBounds();
}
