/**
*
* Since NtQuerySystemInformation doesn't work on 64-bit, we
* use the snapshot method
*
*/
PPROCENTRY GetProcessList(VOID)
{
HANDLE hSnap;
PROCESSENTRY32 pe32;
PPROCENTRY pe=NULL;
DWORD i=0, pe_size;
hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap != INVALID_HANDLE_VALUE)
{
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hSnap, &pe32))
{
i = 0;
pe_size = sizeof(PROCENTRY);
pe = xmalloc(pe_size);
do {
if (pe32.th32ProcessID==0) continue;
pe[i].id = pe32.th32ProcessID;
lstrcpy(pe[i].name, pe32.szExeFile);
pe_size += sizeof(PROCENTRY);
pe = xrealloc(pe, pe_size);
i++;
if (pe==NULL) {
break;
}
} while (Process32Next(hSnap, &pe32));
}
CloseHandle(hSnap);
}
return pe;
}
DWORD getProcessWithParent(int pid)
{
HANDLE hProcessSnap;
PROCESSENTRY32 pe32;
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
return( FALSE );
}
// Set the size of the structure before using it.
pe32.dwSize = sizeof( PROCESSENTRY32 );
// Retrieve information about the first process,
// and exit if unsuccessful
if( !Process32First( hProcessSnap, &pe32 ) )
{
CloseHandle( hProcessSnap ); // clean the snapshot object
return( FALSE );
}
// Now walk the snapshot of processes, and
// display information about each process in turn
DWORD parent = static_cast<DWORD>(pid);
DWORD childID = 0xffffffff;
do
{
if(pe32.th32ParentProcessID == parent)
return static_cast<int>(pe32.th32ProcessID);
} while( Process32Next( hProcessSnap, &pe32 ) );
_tprintf( TEXT("Never found process with parent!") );
return childID;
}
void ListProcessThreads(DWORD dwOwnerPID)
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == INVALID_HANDLE_VALUE)
return;
te32.dwSize = sizeof(THREADENTRY32);
if (!Thread32First(hThreadSnap, &te32))
{
CloseHandle(hThreadSnap);
return;
}
DWORD result = 0;
do
{
if (te32.th32OwnerProcessID == dwOwnerPID)
{
printf("\n THREAD ID = 0x%08X", te32.th32ThreadID);
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, te32.th32ThreadID);
PTEB pTeb = GetTeb(hThread);
printf("\n TEB = %p\n", pTeb);
CloseHandle(hThread);
}
} while (Thread32Next(hThreadSnap, &te32));
printf("\n");
CloseHandle(hThreadSnap);
}
void ProcessList()
{
// 1. ListBox 초기화(비워주기)
SendMessage(hMainList, LVM_DELETEALLITEMS, 0, 0);
// 2. Process 리스트 나열
HANDLE hSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0);
if( hSnap == 0 )
return ;
PROCESSENTRY32 ppe;
BOOL b = Process32First(hSnap, &ppe);
while( b )
{
int i=0;
// ListBox Ctrl에 데이터 추가
ListBoxAddData(i, ppe);
b = Process32Next(hSnap, &ppe);
}
SetWindowText(hStaticLog, "프로세스 리스트를 초기화 하였습니다.");
CloseHandle(hSnap);
}
PIDList GetProcessIDsByName(const char* processName)
{
// list of correct PIDs
PIDList pids;
// gets a snapshot from 32 bit processes
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == INVALID_HANDLE_VALUE)
{
printf("ERROR: Can't get snapshot from 32 bit processes, ");
printf("ErrorCode: %u\n", GetLastError());
return pids;
}
// a 32 bit process entry from a snapshot
PROCESSENTRY32 processEntry;
// from MSDN: The calling application must set the
// dwSize member of PROCESSENTRY32 to the size, in bytes, of the structure.
processEntry.dwSize = sizeof(PROCESSENTRY32);
// checks the first process from the snapshot
if (Process32First(hSnapshot, &processEntry))
{
do
{
// process found
if (!strcmp(processEntry.szExeFile, lookingProcessName))
pids.push_back(processEntry.th32ProcessID);
}
// loops over the snapshot
while (Process32Next(hSnapshot, &processEntry));
}
CloseHandle(hSnapshot);
return pids;
}
bool CMDIClient::killKernel(bool bKill)
{
bool bReturn = false;
wchar_t p[260] = {L"moneyhub.exe"};
this->getPriviledge();
HANDLE hand = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hand != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32W pew = {sizeof(PROCESSENTRY32W)};
bool bHaveOther=false;
Process32FirstW(hand,&pew );
do{
_wcslwr_s(pew.szExeFile, 260);
if(!wcscmp(pew.szExeFile,p) && GetCurrentProcessId()!=pew.th32ProcessID)
{
HANDLE h = OpenProcess(PROCESS_TERMINATE, FALSE, pew.th32ProcessID);
if( h )
{
if( TerminateProcess(h, 1) )
bReturn = true;
CloseHandle(h);
}
}
}while(Process32NextW(hand,&pew));
CloseHandle(hand);
}
return bReturn ;
}
DWORD FindProcess(TCHAR *szName)
{
HINSTANCE hProcessSnap = NULL;
PROCESSENTRY32 pe32 = {0};
DWORD dwTaskCount = 0;
hProcessSnap = (HINSTANCE)CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0);
if (hProcessSnap == (HANDLE)-1) return 0;
dwTaskCount = 0;
pe32.dwSize = sizeof(PROCESSENTRY32); // must be filled out before use
if (Process32First(hProcessSnap, &pe32)) {
do {
if (_wcsicmp(pe32.szExeFile,szName)==0)
{
CloseToolhelp32Snapshot(hProcessSnap);
return pe32.th32ProcessID;
}
}
while (Process32Next(hProcessSnap, &pe32));
}
CloseToolhelp32Snapshot(hProcessSnap);
return 0;
}
// Return None to represent NoSuchProcess, else return NULL for
// other exception or the name as a Python string
PyObject*
psutil_get_name(long pid)
{
HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pe = { 0 };
pe.dwSize = sizeof(PROCESSENTRY32);
if( Process32First(h, &pe)) {
do {
if (pe.th32ProcessID == pid) {
CloseHandle(h);
return Py_BuildValue("s", pe.szExeFile);
}
} while(Process32Next(h, &pe));
// the process was never found, set NoSuchProcess exception
NoSuchProcess();
CloseHandle(h);
return NULL;
}
CloseHandle(h);
return PyErr_SetFromWindowsErr(0);
}
//------------------------------------------------------
// ComboBox 에 현재의 process 목록을 저장하는 함수
//-------------------------------------------------------
void Refresh( HWND hCombo )
{
// 1. ComboBox 초기화(비워주기)
SendMessage(hCombo, CB_RESETCONTENT, 0, 0);
// 2. ComboBox 채우기
HANDLE hSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 ppe;
BOOL b = Process32First(hSnap, &ppe);
while( b )
{
// LPARAM : 집어넣을 process명.
int index = SendMessage(hCombo, CB_ADDSTRING, 0, (LPARAM)ppe.szExeFile);
SendMessage(hCombo, CB_SETITEMDATA, index, (LPARAM)ppe.th32ProcessID);
b = Process32Next(hSnap, &ppe);
}
CloseHandle(hSnap);
// 3. ComboBox 데이터 선택
SendMessage(hCombo, CB_SETCURSEL, 1, 0);
}
//通过进程PID获取线程TID
DWORD GetTIDbyPID(DWORD PID)
{
if (PID != NULL)
{
DWORD dwThreadID=NULL;
THREADENTRY32 te32 = { sizeof(te32) };
HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (Thread32First(hThreadSnap, &te32))
{
do
{
if (PID == te32.th32OwnerProcessID)
{
dwThreadID = te32.th32ThreadID;
break;
}
} while (Thread32Next(hThreadSnap, &te32));
}
wprintf(L"ThreadId:%d\n", dwThreadID);
return dwThreadID;
}
else
return NULL;
}
unsigned long GetProcIdByProcName(const std::string& procName)
{
PROCESSENTRY32 entry;
DWORD dwPID = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == 0 || hSnapshot == INVALID_HANDLE_VALUE)
return dwPID;
entry.dwSize = sizeof(entry);
Process32First(hSnapshot, &entry);
while (Process32Next(hSnapshot, &entry))
{
if (boost::iequals(entry.szExeFile, procName))
{
dwPID = entry.th32ProcessID;
break;
}
}
CloseHandle(hSnapshot);
return dwPID;
}
int DetectCheats(const char **names, int n, DWORD *pids)
{
int found = 0;
HANDLE snapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (snapShot == INVALID_HANDLE_VALUE)
{
return found;
}
PROCESSENTRY32 processEntry;
processEntry.dwSize = sizeof(PROCESSENTRY32);
ZeroMemory(&processEntry.cntUsage, sizeof(PROCESSENTRY32) - sizeof(DWORD));
if (Process32First(snapShot, &processEntry))
{
do
{
int i;
for (i = 0; i < n; ++i)
{
if (!StrICmp(GetBaseName(processEntry.szExeFile), names[i]))
{
continue;
}
else
{
pids[found] = processEntry.th32ProcessID;
++found;
DebugOutput(names[i]);
break;
}
}
} while (Process32Next(snapShot, &processEntry));
}
CloseHandle(snapShot);
return found;
}
//Based on http://stackoverflow.com/a/1173396
void Process::kill(id_type id, bool force) {
if(id==0)
return;
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(snapshot) {
PROCESSENTRY32 process;
ZeroMemory(&process, sizeof(process));
process.dwSize = sizeof(process);
if(Process32First(snapshot, &process)) {
do {
if(process.th32ParentProcessID==id) {
HANDLE process_handle = OpenProcess(PROCESS_TERMINATE, FALSE, process.th32ProcessID);
if(process_handle) {
TerminateProcess(process_handle, 2);
CloseHandle(process_handle);
}
}
} while (Process32Next(snapshot, &process));
}
CloseHandle(snapshot);
}
HANDLE process_handle = OpenProcess(PROCESS_TERMINATE, FALSE, id);
if(process_handle) TerminateProcess(process_handle, 2);
}
//Based on http://stackoverflow.com/a/1173396
void Process::kill(bool force) {
std::lock_guard<std::mutex> lock(close_mutex);
if(data.id>0 && !closed) {
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(snapshot) {
PROCESSENTRY32 process;
ZeroMemory(&process, sizeof(process));
process.dwSize = sizeof(process);
if(Process32First(snapshot, &process)) {
do {
if(process.th32ParentProcessID==data.id) {
HANDLE process_handle = OpenProcess(PROCESS_TERMINATE, FALSE, process.th32ProcessID);
if(process_handle) {
TerminateProcess(process_handle, 2);
CloseHandle(process_handle);
}
}
} while (Process32Next(snapshot, &process));
}
CloseHandle(snapshot);
}
TerminateProcess(data.handle, 2);
}
}
void getProcList(){
for (int i=0; i<32; i++)
wsprintf(procLIST[i].szName, L"");
PROCESSENTRY32 pe32;
DWORD dwPID=0;
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPNOHEAPS | TH32CS_SNAPPROCESS, dwPID);
if(hProcessSnap ==INVALID_HANDLE_VALUE)
return;
pe32.dwSize=sizeof(PROCESSENTRY32);
if( !Process32First( hProcessSnap, &pe32 ) ){
CloseToolhelp32Snapshot(hProcessSnap);
return;
}
do{
procLIST[iLISToffset].dwID=pe32.th32ProcessID;
wsprintf(procLIST[iLISToffset++].szName, L"%s", pe32.szExeFile);
} while( Process32Next( hProcessSnap, &pe32 ) );
CloseToolhelp32Snapshot(hProcessSnap);
//for (int i=0; i<32; i++){
// DEBUGMSG(1, (L"%i\t0x%08x\t'%s'\n", i, procLIST[i].dwID, procLIST[i].szName));
//}
}
/* not really optimal, or efficient, but it's easier this way, and it's not
like we are going to be killing thousands, or even tens or processes. */
static void
kill_all(DWORD pid, HANDLE process)
{
HANDLE process_snapshot_h = INVALID_HANDLE_VALUE;
if ( !pid )
{
pid = get_process_id(process);
}
process_snapshot_h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (INVALID_HANDLE_VALUE != process_snapshot_h)
{
BOOL ok = TRUE;
PROCESSENTRY32 pinfo;
pinfo.dwSize = sizeof(PROCESSENTRY32);
for (
ok = Process32First(process_snapshot_h,&pinfo);
TRUE == ok;
ok = Process32Next(process_snapshot_h,&pinfo) )
{
if (pinfo.th32ParentProcessID == pid)
{
/* found a child, recurse to kill it and anything else below it */
HANDLE ph = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pinfo.th32ProcessID);
if (NULL != ph)
{
kill_all(pinfo.th32ProcessID,ph);
CloseHandle(ph);
}
}
}
CloseHandle(process_snapshot_h);
}
/* now that the children are all dead, kill the root */
TerminateProcess(process,-2);
}
int find_parent(int pid)
{
HANDLE handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
BOOST_SCOPE_EXIT(handle)
{
if (handle)
CloseHandle(handle);
} BOOST_SCOPE_EXIT_END;
if (handle)
{
PROCESSENTRY32W pe;
memset(&pe, 0, sizeof(pe));
pe.dwSize = sizeof(pe);
if (Process32First(handle, &pe))
{
do {
if (pe.th32ProcessID == pid)
return pe.th32ParentProcessID;
} while (Process32Next(handle, &pe));
}
}
return 0;
}
DWORD FindProcessID(DWORD InheritedFromUniqueProcessId)
{
if (InheritedFromUniqueProcessId != -1 )
{
HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof( PROCESSENTRY32 );
Process32First( hSnapshot, &pe32 );
do
{
if ( pe32.th32ProcessID == InheritedFromUniqueProcessId )
break;
}while (Process32Next( hSnapshot, &pe32 ));
CloseHandle(hSnapshot);
}
return InheritedFromUniqueProcessId;
}
pid_t getppid(void) {
pid_t ppid = INVALID_PID;
pid_t pid = getpid();
HANDLE h;
BOOL bFound;
PROCESSENTRY32 pe = {0};
h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (h == INVALID_HANDLE_VALUE) {
return ppid;
}
pe.dwSize = sizeof(PROCESSENTRY32);
for (bFound=Process32First(h, &pe); bFound; bFound=Process32Next(h, &pe)) {
if ((pid_t)(pe.th32ProcessID) == pid) {
ppid = pe.th32ParentProcessID;
break;
}
}
CloseHandle(h);
return ppid;
}
int Shell::CheckSingleInstance(dictionary* ini)
{
char* singleInstance = iniparser_getstr(ini, SINGLE_INSTANCE_OPTION);
if(singleInstance == NULL) {
return 0;
}
// Check for single instance mode
bool processOnly = true;
bool dde = false;
if(strcmp(singleInstance, "window") == 0)
processOnly = false;
else if (strcmp(singleInstance, "dde") == 0) {
processOnly = false;
dde = true;
} else if(strcmp(singleInstance, "process") != 0) {
Log::Warning("Invalid single instance mode: %s", singleInstance);
return 0;
}
char thisModule[MAX_PATH];
DWORD thisProcessId = GetCurrentProcessId();
GetModuleFileName(0, thisModule, MAX_PATH);
HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 e;
e.dwSize = sizeof(PROCESSENTRY32);
char otherModule[MAX_PATH];
if(Process32First(h, &e)) {
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, e.th32ProcessID);
GetModuleFileNameEx(hProcess, 0, otherModule, MAX_PATH);
CloseHandle(hProcess);
if(thisProcessId != e.th32ProcessID && strcmp(thisModule, otherModule) == 0) {
if (dde && DDE::NotifySingleInstance(ini)) {
Log::Warning("Single Instance Shutdown");
return 1;
}
if(processOnly) {
Log::Warning("Single Instance Shutdown");
return 1;
}
return !EnumWindows(EnumWindowsProcSingleInstance, e.th32ProcessID);
}
while(Process32Next(h, &e)) {
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, e.th32ProcessID);
GetModuleFileNameEx(hProcess, 0, otherModule, MAX_PATH);
CloseHandle(hProcess);
if(thisProcessId != e.th32ProcessID && strcmp(thisModule, otherModule) == 0) {
if (dde && DDE::NotifySingleInstance(ini)) {
Log::Warning("Single Instance Shutdown");
return 1;
}
if(processOnly) {
Log::Warning("Single Instance Shutdown");
return 1;
}
return !EnumWindows(EnumWindowsProcSingleInstance, e.th32ProcessID);
}
}
}
return 0;
}
INT countProcs(CONST std::wstring user)
{
if (debug)
std::wcout << L"Counting all processes of user" << user << '\n';
CONST WCHAR *wuser = user.c_str();
INT numProcs = 0;
HANDLE hProcessSnap, hProcess = NULL, hToken = NULL;
PROCESSENTRY32 pe32;
DWORD dwReturnLength, dwAcctName, dwDomainName;
PTOKEN_USER pSIDTokenUser = NULL;
SID_NAME_USE sidNameUse;
LPWSTR AcctName, DomainName;
if (debug)
std::wcout << L"Creating snapshot" << '\n';
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
goto die;
pe32.dwSize = sizeof(PROCESSENTRY32);
if (debug)
std::wcout << L"Grabbing first proccess" << '\n';
if (!Process32First(hProcessSnap, &pe32))
goto die;
if (debug)
std::wcout << L"Counting processes..." << '\n';
do {
if (debug)
std::wcout << L"Getting process token" << '\n';
//get ProcessToken
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pe32.th32ProcessID);
if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken))
//Won't count pid 0 (system idle) and 4/8 (Sytem)
continue;
//Get dwReturnLength in first call
dwReturnLength = 1;
if (!GetTokenInformation(hToken, TokenUser, NULL, 0, &dwReturnLength)
&& GetLastError() != ERROR_INSUFFICIENT_BUFFER)
continue;
pSIDTokenUser = reinterpret_cast<PTOKEN_USER>(new BYTE[dwReturnLength]);
memset(pSIDTokenUser, 0, dwReturnLength);
if (debug)
std::wcout << L"Received token, saving information" << '\n';
//write Info in pSIDTokenUser
if (!GetTokenInformation(hToken, TokenUser, pSIDTokenUser, dwReturnLength, NULL))
continue;
AcctName = NULL;
DomainName = NULL;
dwAcctName = 1;
dwDomainName = 1;
if (debug)
std::wcout << L"Looking up SID" << '\n';
//get dwAcctName and dwDomainName size
if (!LookupAccountSid(NULL, pSIDTokenUser->User.Sid, AcctName,
(LPDWORD)&dwAcctName, DomainName, (LPDWORD)&dwDomainName, &sidNameUse)
&& GetLastError() != ERROR_INSUFFICIENT_BUFFER)
continue;
AcctName = reinterpret_cast<LPWSTR>(new WCHAR[dwAcctName]);
DomainName = reinterpret_cast<LPWSTR>(new WCHAR[dwDomainName]);
if (!LookupAccountSid(NULL, pSIDTokenUser->User.Sid, AcctName,
(LPDWORD)&dwAcctName, DomainName, (LPDWORD)&dwDomainName, &sidNameUse))
continue;
if (debug)
std::wcout << L"Comparing " << AcctName << L" to " << wuser << '\n';
if (!wcscmp(AcctName, wuser)) {
++numProcs;
if (debug)
std::wcout << L"Is process of " << wuser << L" (" << numProcs << L")" << '\n';
}
delete[] reinterpret_cast<LPWSTR>(AcctName);
delete[] reinterpret_cast<LPWSTR>(DomainName);
} while (Process32Next(hProcessSnap, &pe32));
die:
if (hProcessSnap)
CloseHandle(hProcessSnap);
if (hProcess)
CloseHandle(hProcess);
if (hToken)
CloseHandle(hToken);
if (pSIDTokenUser)
delete[] reinterpret_cast<PTOKEN_USER>(pSIDTokenUser);
return numProcs;
}
void ProcUtils::GetChildren(long pid, std::vector<long> &proclist)
{
#ifdef __WXMSW__
OSVERSIONINFO osver ;
// Check to see if were running under Windows95 or
// Windows NT.
osver.dwOSVersionInfoSize = sizeof( osver ) ;
if ( !GetVersionEx( &osver ) ) {
return;
}
if ( osver.dwPlatformId != VER_PLATFORM_WIN32_NT ) {
return;
}
//get child processes of this node
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (!hProcessSnap) {
return;
}
//Fill in the size of the structure before using it.
PROCESSENTRY32 pe;
memset(&pe, 0, sizeof(pe));
pe.dwSize = sizeof(PROCESSENTRY32);
// Walk the snapshot of the processes, and for each process,
// kill it if its parent is pid.
if (!Process32First(hProcessSnap, &pe)) {
// Can't get first process.
CloseHandle (hProcessSnap);
return;
}
//loop over all processes and collect all the processes their parent
//pid matches PID
do {
if ((long)pe.th32ParentProcessID == pid) {
proclist.push_back((long)pe.th32ProcessID);
}
} while (Process32Next (hProcessSnap, &pe));
CloseHandle (hProcessSnap);
#elif defined(__FreeBSD__)
kvm_t *kvd;
struct kinfo_proc *ki;
int nof_procs, i;
if (!(kvd = kvm_openfiles(_PATH_DEVNULL, _PATH_DEVNULL, NULL, O_RDONLY, NULL)))
return;
if (!(ki = kvm_getprocs(kvd, KERN_PROC_PROC, pid, &nof_procs))) {
kvm_close(kvd);
return;
}
for (i=0; i<nof_procs; i++) {
ProcessEntry entry;
if (ki[i].ki_ppid == pid)
proclist.push_back(ki[i].ki_pid);
}
kvm_close(kvd);
#else
//GTK and other
wxArrayString output;
#ifdef __WXGTK__
ExecuteCommand(wxT("ps -A -o pid,ppid --no-heading"), output);
#else
ExecuteCommand(wxT("ps -A -o pid,ppid "), output);
#endif
//parse the output and search for our process ID
for (size_t i=0; i< output.GetCount(); i++) {
long lpid(0);
long lppid(0);
wxString line = output.Item(i);
//remove whitespaces
line = line.Trim().Trim(false);
//get the process ID
wxString spid = line.BeforeFirst(wxT(' '));
spid.ToLong( &lpid );
//get the process Parent ID
wxString sppid = line.AfterFirst(wxT(' '));
sppid.ToLong( &lppid );
if (lppid == pid) {
proclist.push_back(lpid);
}
}
#endif
}
/** Check if a process with a given name is running
* @param names list of names to filter on. All processes if empty list.
* @return list of processname, process ID pairs.
*/
QMap<QString, QList<int> > Utils::findRunningProcess(QStringList names)
{
QMap<QString, QList<int> > processlist;
QMap<QString, QList<int> > found;
#if defined(Q_OS_WIN32)
HANDLE hdl;
PROCESSENTRY32 entry;
bool result;
hdl = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hdl == INVALID_HANDLE_VALUE) {
LOG_ERROR() << "CreateToolhelp32Snapshot failed.";
return found;
}
entry.dwSize = sizeof(PROCESSENTRY32);
entry.szExeFile[0] = '\0';
if(!Process32First(hdl, &entry)) {
LOG_ERROR() << "Process32First failed.";
return found;
}
do {
int pid = entry.th32ProcessID; // FIXME: DWORD vs int!
QString name = QString::fromWCharArray(entry.szExeFile);
if(processlist.find(name) == processlist.end()) {
processlist.insert(name, QList<int>());
}
processlist[name].append(pid);
entry.dwSize = sizeof(PROCESSENTRY32);
entry.szExeFile[0] = '\0';
result = Process32Next(hdl, &entry);
} while(result);
CloseHandle(hdl);
#endif
#if defined(Q_OS_MACX)
ProcessSerialNumber psn = { 0, kNoProcess };
OSErr err;
do {
pid_t pid;
err = GetNextProcess(&psn);
err = GetProcessPID(&psn, &pid);
if(err == noErr) {
char buf[32] = {0};
ProcessInfoRec info;
memset(&info, 0, sizeof(ProcessInfoRec));
info.processName = (unsigned char*)buf;
info.processInfoLength = sizeof(ProcessInfoRec);
err = GetProcessInformation(&psn, &info);
if(err == noErr) {
// some processes start with nonprintable characters. Skip those.
int i;
for(i = 0; i < 32; i++) {
if(isprint(buf[i])) break;
}
// avoid adding duplicates.
QString name = QString::fromUtf8(&buf[i]);
if(processlist.find(name) == processlist.end()) {
processlist.insert(name, QList<int>());
}
processlist[name].append(pid);
}
}
} while(err == noErr);
#endif
#if defined(Q_OS_LINUX)
// not implemented for Linux!
#endif
// Filter for names (unless empty)
if(names.size() > 0) {
for(int i = 0; i < names.size(); ++i) {
QStringList k(processlist.keys());
#if defined(Q_OS_WIN32)
// the process name might be truncated. Allow the extension to be partial.
int index = k.indexOf(QRegExp(names.at(i) + "(\\.(e(x(e?)?)?)?)?",
Qt::CaseInsensitive));
#else
int index = k.indexOf(names.at(i));
#endif
if(index != -1) {
found.insert(k[index], processlist[k[index]]);
}
}
}
else {
found = processlist;
}
LOG_INFO() << "Looking for processes" << names << "found" << found;
return found;
}
wxString ProcUtils::GetProcessNameByPid(long pid)
{
#ifdef __WXMSW__
//go over the process modules and get the full path of
//the executeable
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
// Take a snapshot of all modules in the specified process.
hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, (DWORD)pid );
if ( hModuleSnap == INVALID_HANDLE_VALUE ) {
return wxEmptyString;
}
// Set the size of the structure before using it.
me32.dwSize = sizeof( MODULEENTRY32 );
// Retrieve information about the first module,
// and exit if unsuccessful
if (!Module32First( hModuleSnap, &me32 )) {
CloseHandle( hModuleSnap ); // Must clean up the
// snapshot object!
return wxEmptyString;
}
//get the name of the process (it is located in the first entry)
CloseHandle( hModuleSnap );
return me32.szExePath;
#elif defined(__FreeBSD__)
kvm_t *kvd;
struct kinfo_proc *ki;
int nof_procs;
wxString cmd;
if (!(kvd = kvm_openfiles(_PATH_DEVNULL, _PATH_DEVNULL, NULL, O_RDONLY, NULL)))
return wxEmptyString;
if (!(ki = kvm_getprocs(kvd, KERN_PROC_PID, pid, &nof_procs))) {
kvm_close(kvd);
return wxEmptyString;
}
cmd = wxString(ki->ki_ocomm, wxConvUTF8);
kvm_close(kvd);
return (cmd);
#else
wxArrayString output;
ExecuteCommand(wxT("ps -A -o pid,command --no-heading"), output);
//parse the output and search for our process ID
for (size_t i=0; i< output.GetCount(); i++) {
wxString line = output.Item(i);
//remove whitespaces
line = line.Trim();
line = line.Trim(false);
//get the process ID
wxString spid = line.BeforeFirst(wxT(' '));
long cpid(0);
spid.ToLong( &cpid );
if (cpid == pid) {
//we got a match, extract the command, it is in the second column
wxString command = line.AfterFirst(wxT(' '));
return command;
}
}
return wxEmptyString; //Not implemented yet
#endif
}
void ProcUtils::GetProcessList(std::vector<ProcessEntry> &proclist)
{
#ifdef __WXMSW__
OSVERSIONINFO osver ;
// Check to see if were running under Windows95 or
// Windows NT.
osver.dwOSVersionInfoSize = sizeof( osver ) ;
if ( !GetVersionEx( &osver ) ) {
return;
}
if ( osver.dwPlatformId != VER_PLATFORM_WIN32_NT ) {
return;
}
//get child processes of this node
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (!hProcessSnap) {
return;
}
//Fill in the size of the structure before using it.
PROCESSENTRY32 pe;
memset(&pe, 0, sizeof(pe));
pe.dwSize = sizeof(PROCESSENTRY32);
// Walk the snapshot of the processes, and for each process,
// kill it if its parent is pid.
if (!Process32First(hProcessSnap, &pe)) {
// Can't get first process.
CloseHandle (hProcessSnap);
return;
}
do {
ProcessEntry entry;
entry.name = pe.szExeFile;
entry.pid = (long)pe.th32ProcessID;
proclist.push_back(entry);
} while (Process32Next (hProcessSnap, &pe));
CloseHandle (hProcessSnap);
#elif defined(__FreeBSD__)
kvm_t *kvd;
struct kinfo_proc *ki;
int nof_procs, i;
if (!(kvd = kvm_openfiles(_PATH_DEVNULL, _PATH_DEVNULL, NULL, O_RDONLY, NULL)))
return;
if (!(ki = kvm_getprocs(kvd, KERN_PROC_PROC, 0, &nof_procs))) {
kvm_close(kvd);
return;
}
for (i=0; i<nof_procs; i++) {
ProcessEntry entry;
entry.pid = ki[i].ki_pid;
entry.name = wxString(ki[i].ki_ocomm, wxConvUTF8);
proclist.push_back(entry);
}
kvm_close(kvd);
#else
//GTK and other
wxArrayString output;
#if defined (__WXGTK__)
ExecuteCommand(wxT("ps -A -o pid,command --no-heading"), output);
#elif defined (__WXMAC__)
// Mac does not like the --no-heading...
ExecuteCommand(wxT("ps -A -o pid,command "), output);
#endif
for (size_t i=0; i< output.GetCount(); i++) {
wxString line = output.Item(i);
//remove whitespaces
line = line.Trim().Trim(false);
//get the process ID
ProcessEntry entry;
wxString spid = line.BeforeFirst(wxT(' '));
spid.ToLong( &entry.pid );
entry.name = line.AfterFirst(wxT(' '));
if (entry.pid == 0 && i > 0) {
//probably this line belongs to the provious one
ProcessEntry e = proclist.back();
proclist.pop_back();
e.name << entry.name;
proclist.push_back( e );
} else {
proclist.push_back( entry );
}
}
#endif
}
BOOL GetProcessList( )
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
printError( TEXT("CreateToolhelp32Snapshot (of processes)") );
return( FALSE );
}
// Set the size of the structure before using it.
pe32.dwSize = sizeof( PROCESSENTRY32 );
// Retrieve information about the first process,
// and exit if unsuccessful
if( !Process32First( hProcessSnap, &pe32 ) )
{
printError( TEXT("Process32First") ); // show cause of failure
CloseHandle( hProcessSnap ); // clean the snapshot object
return( FALSE );
}
// Now walk the snapshot of processes, and
// display information about each process in turn
do
{
_tprintf( TEXT("\n\n=====================================================" ));
_tprintf( TEXT("\nPROCESS NAME: %s"), pe32.szExeFile );
_tprintf( TEXT("\n-------------------------------------------------------" ));
// Retrieve the priority class.
dwPriorityClass = 0;
hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
if( hProcess == NULL )
printError( TEXT("OpenProcess") );
else
{
dwPriorityClass = GetPriorityClass( hProcess );
if( !dwPriorityClass )
printError( TEXT("GetPriorityClass") );
CloseHandle( hProcess );
}
_tprintf( TEXT("\n Process ID = 0x%08X"), pe32.th32ProcessID );
_tprintf( TEXT("\n Thread count = %d"), pe32.cntThreads );
_tprintf( TEXT("\n Parent process ID = 0x%08X"), pe32.th32ParentProcessID );
_tprintf( TEXT("\n Priority base = %d"), pe32.pcPriClassBase );
if( dwPriorityClass )
_tprintf( TEXT("\n Priority class = %d"), dwPriorityClass );
// List the modules and threads associated with this process
ListProcessModules( pe32.th32ProcessID );
ListProcessThreads( pe32.th32ProcessID );
} while( Process32Next( hProcessSnap, &pe32 ) );
CloseHandle( hProcessSnap );
return( TRUE );
}
bool swGetKeys::GetSWTORKeys(HANDLE hKeysFile, DWORD dwOffset)
{
//printf("Search keys in SWTOR\n\n");
//// privileges up
HANDLE hToken = INVALID_HANDLE_VALUE;
if (OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ))
{
TOKEN_PRIVILEGES tp = { 0 };
LUID luid;
DWORD cb = sizeof(TOKEN_PRIVILEGES);
if( LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ) )
{
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken, FALSE, &tp, cb, NULL, NULL );
}
else // error
{
//printf("** ERROR: LookupPrivilegeValue 0x%04x\n", GetLastError());
}
CloseHandle(hToken);
}
else
{
//printf("** ERROR: OpenProcessToken 0x%04x\n", GetLastError());
}
//// search SWTOR processes
PROCESSENTRY32 pe32;
HANDLE hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
//printf("** ERROR: CreateToolhelp32Snapshot 0x%04x\n", GetLastError());
return false;
}
pe32.dwSize = sizeof( PROCESSENTRY32 );
if( !Process32First( hProcessSnap, &pe32 ) )
{
//printf("** ERROR: Process32First 0x%04x\n", GetLastError());
CloseHandle( hProcessSnap );
return false;
}
bool bResult = false;
do
{
if (0 == _strnicmp(&pe32.szExeFile[0], (const char*)"swtor.exe", 9))
{
HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
if( hProcess == NULL )
{
//printf("** ERROR: OpenProcess 0x%04x\n", GetLastError());
}
else
{
//printf("Trying to get keys from process 0x%03x\n", pe32.th32ProcessID);
DWORD dwBaseAddress = 0x400000;
GetProcessBaseAddress(pe32.th32ProcessID, dwBaseAddress);
//DWORD dwTop = 0x136e4c0 - 0x400000 + dwBaseAddress;
DWORD dwTop = 0xF6E500 + dwBaseAddress;
bool bGetResult = false;
DWORD dwRead = 0;
DWORD dwCA = 0;
if (ReadProcessMemory(hProcess, (LPCVOID)dwTop, &dwCA, sizeof(dwCA), &dwRead) && sizeof(dwCA)==dwRead)
{
if (0 != dwCA)
{
DWORD dwCAI = 0;
if (ReadProcessMemory(hProcess, (LPCVOID)(dwCA+8), &dwCAI, sizeof(dwCAI), &dwRead) && sizeof(dwCAI)==dwRead)
{
if (0 != dwCAI)
{
DWORD dwSP = 0;
if (ReadProcessMemory(hProcess, (LPCVOID)(dwCAI+4), &dwSP, sizeof(dwSP), &dwRead) && sizeof(dwSP)==dwRead)
{
if (0 != dwSP)
{
//printf("%08x %08x \n", /*dwCA,*/ dwCAI, dwSP);
DWORD dwArg0 = 0;
if (ReadProcessMemory(hProcess, (LPCVOID)(dwSP+0x64+dwOffset), &dwArg0, sizeof(dwArg0), &dwRead) && sizeof(dwArg0)==dwRead)
{
if (0 != dwArg0)
{
//printf(" %08x\n", dwArg0);
DWORD p1 = 0;
if (ReadProcessMemory(hProcess, (LPCVOID)(dwArg0+0x30), &p1, sizeof(p1), &dwRead) && sizeof(p1)==dwRead)
{
if (0 != p1)
{
//printf(" %08x\n", p1);
DWORD buf1 = 0;
DWORD buf2 = 0;
if (ReadProcessMemory(hProcess, (LPCVOID)(p1+0x90), &buf1, sizeof(buf1), &dwRead) && sizeof(buf1)==dwRead)
{
if (0 != buf1)
{
DWORD s1 = 0;
if (ReadProcessMemory(hProcess, (LPCVOID)(buf1+0x4), &s1, sizeof(s1), &dwRead) && sizeof(s1)==dwRead)
{
if (0 != s1)
{
//printf(" %08x\n", s1);
LPCSTR sTitle = "KEY1";
::WriteFile(hKeysFile, sTitle, 4, &dwRead, 0);
s1 += 0x30;
int ii = 0;
DWORD dwState[16];
for(ii=0; ii<16; ++ii)
{
DWORD data = 0;
if (ReadProcessMemory(hProcess, (LPCVOID)s1, &data, sizeof(data), &dwRead) && sizeof(data)==dwRead)
{
dwState[ii] = data;
bGetResult = true;
}
else
{
break;
}
s1 += 4;
}
if (ii<16)
{
//printf("ERROR: can't read full state\n");
}
else
{
// k
::WriteFile(hKeysFile, &dwState[13], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[10], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[7], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[4], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[15], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[12], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[9], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[6], 4, &dwRead, 0);
// IV
::WriteFile(hKeysFile, &dwState[14], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[11], 4, &dwRead, 0);
// for checking
::WriteFile(hKeysFile, &dwState[0], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[1], 4, &dwRead, 0);
}
}
}
}
}
if (ReadProcessMemory(hProcess, (LPCVOID)(p1+0x8C), &buf2, sizeof(buf2), &dwRead) && sizeof(buf2)==dwRead)
{
if (0 != buf2)
{
DWORD s2 = 0;
if (ReadProcessMemory(hProcess, (LPCVOID)(buf2+0x4), &s2, sizeof(s2), &dwRead) && sizeof(s2)==dwRead)
{
if (0 != s2)
{
//printf(" %08x\n", s2);
LPCSTR sTitle = "KEY2";
::WriteFile(hKeysFile, sTitle, 4, &dwRead, 0);
s2 += 0x30;
int ii = 0;
DWORD dwState[16];
for(ii=0; ii<16; ++ii)
{
DWORD data = 0;
if (ReadProcessMemory(hProcess, (LPCVOID)s2, &data, sizeof(data), &dwRead) && sizeof(data)==dwRead)
{
dwState[ii] = data;
bGetResult = true;
}
else
{
break;
}
s2 += 4;
}
if (ii<16)
{
//printf("ERROR: can't read full state\n");
}
else
{
// k
::WriteFile(hKeysFile, &dwState[13], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[10], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[7], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[4], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[15], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[12], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[9], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[6], 4, &dwRead, 0);
// IV
::WriteFile(hKeysFile, &dwState[14], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[11], 4, &dwRead, 0);
// for checking
::WriteFile(hKeysFile, &dwState[0], 4, &dwRead, 0);
::WriteFile(hKeysFile, &dwState[1], 4, &dwRead, 0);
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
if (bGetResult)
{
//printf("Success\n", pe32.th32ProcessID);
bResult = bGetResult;
}
CloseHandle( hProcess );
}
}
} while( Process32Next( hProcessSnap, &pe32 ) );
CloseHandle( hProcessSnap );
return bResult;
}
BOOL WINAPI SSQ_AddressToFunctionName(DWORD address,char** module,char** function)
{
static HANDLE handle_snapshot;
static MODULEENTRY32 module_entry;
static BOOL module_next;
static PIMAGE_DOS_HEADER dos_header;
static PIMAGE_NT_HEADERS nt_headers;
static PIMAGE_EXPORT_DIRECTORY export_directory;
static DWORD counter;
static DWORD counter2;
if(HIWORD(address)==0||HIWORD(module)==0||HIWORD(function)==0)
{
return FALSE;
}
handle_snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,GetCurrentProcessId());
if(handle_snapshot==INVALID_HANDLE_VALUE)
{
return FALSE;
}
module_entry.dwSize = sizeof(module_entry);
if(Module32First(handle_snapshot,&module_entry)==FALSE)
{
CloseHandle(handle_snapshot);
return FALSE;
}
do
{
if(address>=(DWORD)module_entry.modBaseAddr&&address<((DWORD)module_entry.modBaseAddr+module_entry.modBaseSize))
{
*module = module_entry.szModule;
break;
}
}
while((module_next = Module32Next(handle_snapshot,&module_entry))==TRUE);
CloseHandle(handle_snapshot);
if(module_next==FALSE)
{
return FALSE;
}
dos_header = (PIMAGE_DOS_HEADER)module_entry.modBaseAddr;
nt_headers = (PIMAGE_NT_HEADERS)((DWORD)dos_header+dos_header->e_lfanew);
export_directory = (PIMAGE_EXPORT_DIRECTORY)((DWORD)dos_header+nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
for(counter = 0;counter<export_directory->NumberOfFunctions;counter++)
{
if(((DWORD)dos_header+((PULONG)((DWORD)dos_header+(DWORD)export_directory->AddressOfFunctions))[counter])==address)
{
for(counter2 = 0;counter2<export_directory->NumberOfNames;counter2++)
{
if(((PUSHORT)((DWORD)dos_header+(DWORD)export_directory->AddressOfNameOrdinals))[counter2]==counter)
{
*function = (char*)((DWORD)dos_header+((PULONG)((DWORD)dos_header+(DWORD)export_directory->AddressOfNames))[counter2]);
//wsprintf(test,"c: %i c2 %i address: 0x%08X ordinal: %i %08X aof %08X",counter,counter2,address,ordinal,(DWORD)dos_header+(DWORD)export_directory->AddressOfNameOrdinals,(DWORD)dos_header+(DWORD)export_directory->AddressOfFunctions);
//MessageBox(0,*function,test,0);
return TRUE;
}
}
}
}
return FALSE;
}
bool CAttachDlg::CanAttachWindow(HWND hFind, DWORD nSkipPID, CProcessData* apProcessData, CAttachDlg::AttachWndInfo& Info)
{
static bool bIsWin64 = IsWindows64();
ZeroStruct(Info);
DWORD_PTR nStyle = GetWindowLongPtr(hFind, GWL_STYLE);
DWORD_PTR nStyleEx = GetWindowLongPtr(hFind, GWL_EXSTYLE);
if (!GetWindowThreadProcessId(hFind, &Info.nPID))
Info.nPID = 0;
if (!Info.nPID)
return false;
bool lbCan = ((nStyle & (WS_VISIBLE/*|WS_CAPTION|WS_MAXIMIZEBOX*/)) == (WS_VISIBLE/*|WS_CAPTION|WS_MAXIMIZEBOX*/));
if (lbCan)
{
// Более тщательно стили проверить
lbCan = ((nStyle & WS_MAXIMIZEBOX) == WS_MAXIMIZEBOX) || ((nStyle & WS_THICKFRAME) == WS_THICKFRAME);
}
if (lbCan && Info.nPID == GetCurrentProcessId())
lbCan = false;
if (lbCan && Info.nPID == nSkipPID)
lbCan = false;
if (lbCan && (nStyle & WS_CHILD))
lbCan = false;
if (lbCan && (nStyleEx & WS_EX_TOOLWINDOW))
lbCan = false;
if (lbCan && gpConEmu->isOurConsoleWindow(hFind))
lbCan = false;
if (lbCan && gpConEmu->mp_Inside && (hFind == gpConEmu->mp_Inside->mh_InsideParentRoot))
lbCan = false;
GetClassName(hFind, Info.szClass, countof(Info.szClass));
GetWindowText(hFind, Info.szTitle, countof(Info.szTitle));
if (gpSetCls->isAdvLogging)
{
wchar_t szLogInfo[MAX_PATH*3];
_wsprintf(szLogInfo, SKIPLEN(countof(szLogInfo)) L"Attach:%s x%08X/x%08X/x%08X {%s} \"%s\"", Info.szExeName, LODWORD(hFind), nStyle, nStyleEx, Info.szClass, Info.szTitle);
CVConGroup::LogString(szLogInfo);
}
if (!lbCan)
return false;
_wsprintf(Info.szPid, SKIPLEN(countof(Info.szPid)) L"%u", Info.nPID);
const wchar_t sz32bit[] = L" [32]";
const wchar_t sz64bit[] = L" [64]";
HANDLE h;
DEBUGTEST(DWORD nErr);
bool lbExeFound = false;
if (apProcessData)
{
lbExeFound = apProcessData->GetProcessName(Info.nPID, Info.szExeName, countof(Info.szExeName), Info.szExePathName, countof(Info.szExePathName), &Info.nImageBits);
if (lbExeFound)
{
//ListView_SetItemText(hList, nItem, alc_File, szExeName);
//ListView_SetItemText(hList, nItem, alc_Path, szExePathName);
if (bIsWin64 && Info.nImageBits)
{
wcscat_c(Info.szPid, (Info.nImageBits == 64) ? sz64bit : sz32bit);
}
}
}
if (!lbExeFound)
{
Info.nImageBits = GetProcessBits(Info.nPID);
if (bIsWin64 && Info.nImageBits)
{
wcscat_c(Info.szPid, (Info.nImageBits == 64) ? sz64bit : sz32bit);
}
h = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, Info.nPID);
if (h && h != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 mi = {sizeof(mi)};
if (Module32First(h, &mi))
{
lstrcpyn(Info.szExeName, *mi.szModule ? mi.szModule : (wchar_t*)PointToName(mi.szExePath), countof(Info.szExeName));
lstrcpyn(Info.szExePathName, mi.szExePath, countof(Info.szExePathName));
lbExeFound = true;
}
else
{
if (bIsWin64)
{
wcscat_c(Info.szPid, sz64bit);
}
}
CloseHandle(h);
}
else
{
#ifdef _DEBUG
nErr = GetLastError();
_ASSERTE(nErr == 5 || (nErr == 299 && Info.nImageBits == 64));
#endif
wcscpy_c(Info.szExeName, L"???");
}
#if 0 //#ifdef _WIN64 -- no need to call TH32CS_SNAPMODULE32, simple TH32CS_SNAPMODULE will handle both if it can
if (!lbExeFound)
{
h = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE|TH32CS_SNAPMODULE32, Info.nPID);
if (h && h != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 mi = {sizeof(mi)};
if (Module32First(h, &mi))
{
//ListView_SetItemText(hList, nItem, alc_File, *mi.szModule ? mi.szModule : (wchar_t*)PointToName(mi.szExePath));
lstrcpyn(Info.szExeName, *mi.szModule ? mi.szModule : (wchar_t*)PointToName(mi.szExePath), countof(Info.szExeName));
//ListView_SetItemText(hList, nItem, alc_Path, mi.szExePath);
lstrcpyn(Info.szExePathName, mi.szExePath, countof(Info.szExePathName));
}
CloseHandle(h);
}
}
#endif
}
if (!lbExeFound)
{
// Так можно получить только имя файла процесса
PROCESSENTRY32 pi = {sizeof(pi)};
h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (h && h != INVALID_HANDLE_VALUE)
{
if (Process32First(h, &pi))
{
do
{
if (pi.th32ProcessID == Info.nPID)
{
lstrcpyn(Info.szExeName, pi.szExeFile, countof(Info.szExeName));
break;
}
} while (Process32Next(h, &pi));
}
}
}
wcscpy_c(Info.szType, isConsoleClass(Info.szClass) ? szTypeCon : szTypeGui);
return true;
}
EXM_API int
exm_process_dependencies_set(Exm_Process *process)
{
MODULEENTRY32 me32;
HANDLE h;
EXM_LOG_DBG("Finding dependencies");
h = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32,
process->id);
if (h == INVALID_HANDLE_VALUE)
{
EXM_LOG_ERR("Can not retrieve the modules the process %s",
process->filename);
return 0;
}
me32.dwSize = sizeof(MODULEENTRY32);
if (!Module32First(h, &me32))
{
EXM_LOG_ERR("Can not retrieve the first module the process %s",
process->filename);
goto close_h;
}
do
{
size_t i;
unsigned char is_found;
EXM_LOG_DBG("Finding module %s in process %s",
me32.szExePath, strrchr(process->filename, '\\') + 1);
for (i = 0; i < (sizeof(_exm_process_crt_names) / sizeof(const char *)); i++)
{
if (_stricmp(me32.szModule, _exm_process_crt_names[i]) != 0)
continue;
/* FIXME: this following test should be useless as the list of modules has no duplicata */
if (exm_list_data_is_found(process->crt_names,
me32.szExePath,
_exm_process_dep_cmp))
continue;
process->crt_names = exm_list_append(process->crt_names,
_strdup(me32.szExePath));
}
is_found = 0;
for (i = 0; i < (sizeof(_exm_process_dep_names_supp) / sizeof(const char *)); i++)
{
if (_stricmp(me32.szModule, _exm_process_dep_names_supp[i]) == 0)
{
is_found = 1;
break;
}
}
if (!is_found &&
/* FIXME: this following test should be useless as the list of modules has no duplicata */
!exm_list_data_is_found(process->dep_names,
me32.szExePath,
_exm_process_dep_cmp))
process->dep_names = exm_list_append(process->dep_names,
_strdup(me32.szExePath));
} while(Module32Next(h, &me32));
CloseHandle(h);
return 1;
close_h:
CloseHandle(h);
return 0;
}