void startDaemonScan(BOOL InjectALL)
{
//ironicaly, it's the most reliable way to get processes list
PNtQueryFunc NtQuerySystemInformation = (PNtQueryFunc)GetProcAddress(LoadLibrary(L"ntdll.dll"), "NtQuerySystemInformation");
while (1)
{
PSYSTEM_PROCESS_INFORMATION pspi = NULL;
ULONG info_length = 0;
NTSTATUS result = NtQuerySystemInformation(SystemProcessInformation, NULL, 0, &info_length);
//go through the results
pspi = (PSYSTEM_PROCESS_INFORMATION)malloc(info_length);
result = NtQuerySystemInformation(SystemProcessInformation, pspi, info_length, &info_length);
if (result <0) continue;
PSYSTEM_PROCESS_INFO pCurrent = NULL;
PSYSTEM_PROCESS_INFO pNext = (PSYSTEM_PROCESS_INFO)pspi;
do
{
pCurrent = pNext;
pNext = (PSYSTEM_PROCESS_INFO)((PUCHAR)pCurrent + pCurrent->NextEntryOffset);
if (isInFrobProcList(pCurrent->ImageName.Buffer))
reactToProcess((DWORD) pCurrent->ProcessId, pCurrent->ImageName.Buffer);
} while (pCurrent->NextEntryOffset != 0);
free(pspi);
updateList();
}
}
void startDaemonScan()
{
PVOID buffer = VirtualAlloc(NULL, 1024 * 1024, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
while (1)
{
DWORD procIDsBuffer[MAX_PROCESSES];
DWORD size_returned;
EnumProcesses(procIDsBuffer, sizeof(procIDsBuffer), &size_returned);
int numProc = size_returned / sizeof(DWORD);
int i;
TCHAR strBuffer[MAX_PATH];
for (i = 0; i < numProc; i++)
{
DWORD curr_pid = (int)procIDsBuffer[i];
HANDLE Handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, TRUE, curr_pid);
GetModuleBaseName(Handle, NULL, strBuffer, MAX_PATH);
if ((Handle) && isInFrobProcList(strBuffer))
reactToProcess(curr_pid, strBuffer);
CloseHandle(Handle);
}
updateList();
}
}