www.gusucode.com > HookAPI开发包(Win32 API函数截拦)源码程序 > HookAPI开发包(Win32 API函数截拦)源码程序/谷速代码-code/HookAPI1.7/DLL/ProcessModule.cpp
#include <windows.h> #include <string.h> #ifdef WINNT #include "psapi.h" #endif #include "ProcessModule.h" #include "util.h" CProcessModule::CProcessModule() { m_dwProcessCount =0; m_nModCount =0; /*#ifdef WINNT m_hProcess =NULL; m_hLib =NULL; m_pEnumProcesses =NULL; // api EnumProcesses() m_pEnumProcessModules =NULL; // api EnumProcessModules() m_pGetModuleBaseName =NULL; // api GetModuleBaseName() #else*/ memset(&m_mod_name, 0, sizeof(m_mod_name)); //#endif /*#ifdef WINNT m_hLib = LoadLibrary("psapi.dll"); if (m_hLib == NULL) return; m_pEnumProcesses = (ENUMPROCESSES_PROC)GetProcAddress(m_hLib, "EnumProcesses"); if (m_pEnumProcesses == NULL) { FreeLibrary(m_hLib); m_hLib =NULL; } m_pEnumProcessModules = (ENUMPROCESSMODULES_PROC)GetProcAddress(m_hLib, "EnumProcessModules"); if (m_pEnumProcessModules == NULL) { FreeLibrary(m_hLib); m_hLib =NULL; } m_pGetModuleBaseName = (GETMODULEBASENAME_PROC)GetProcAddress(m_hLib, "GetModuleBaseNameA"); if (m_pGetModuleBaseName == NULL) { FreeLibrary(m_hLib); m_hLib =NULL; } #else*/ HMODULE hModule = GetModuleHandle("kernel32.dll"); if (hModule == NULL) return; pCreateToolhelp32Snapshot = (CREATETOOLHELP32SNAPSHOT_PROC)GetProcAddress(hModule, "CreateToolhelp32Snapshot"); if (pCreateToolhelp32Snapshot == NULL) return; pProcess32First = (PROCESS32FIRST_PROC)GetProcAddress(hModule, "Process32First"); if (pProcess32First == NULL) return; pProcess32Next = (PROCESS32NEXT_PROC)GetProcAddress(hModule, "Process32Next"); if (pProcess32Next == NULL) return; pModule32First = (MODULE32FIRST_PROC)GetProcAddress(hModule, "Module32First"); if (pModule32First == NULL) return; pModule32Next = (MODULE32NEXT_PROC)GetProcAddress(hModule, "Module32Next"); if (pModule32Next == NULL) return; //#endif } CProcessModule::~CProcessModule() { /*#ifdef WINNT if(m_hLib) { FreeLibrary(m_hLib); m_hLib =NULL; } #endif*/ } int CProcessModule::EnumProcess() { m_dwProcessCount =0; /*#ifdef WINNT DWORD dwBytesNeeded; if(!m_pEnumProcesses(&m_dwProcessIDs[0], sizeof(m_dwProcessIDs), &dwBytesNeeded)) return -1; m_dwProcessCount = dwBytesNeeded / sizeof(DWORD); #else*/ HANDLE hSnapShot; PROCESSENTRY32 ProcessEntry32; //MODULEENTRY32 ModuleEntry32; BOOL Result; //char *pszExtension; hSnapShot = pCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hSnapShot == (HANDLE)-1) return false; ProcessEntry32.dwSize = sizeof(PROCESSENTRY32); Result = pProcess32First(hSnapShot, &ProcessEntry32); if (Result != TRUE) { CloseHandle(hSnapShot); return false; } do { //HMODULE hMod =GetModuleHandle(ProcessEntry32.szExeFile); //WriteLog("process:%s, id:%x, module id:%x", // ProcessEntry32.szExeFile, ProcessEntry32.th32ProcessID, // ProcessEntry32.th32ModuleID); m_dwProcessIDs[m_dwProcessCount] = ProcessEntry32.th32ProcessID; m_dwProcessCount ++; } while (pProcess32Next(hSnapShot, &ProcessEntry32) && m_dwProcessCount < MAX_PROCESS_COUNT); CloseHandle(hSnapShot); //#endif return m_dwProcessCount; } int CProcessModule::EnumProcessModules(DWORD process_id) { m_nModCount =0; /*#ifdef WINNT DWORD cbNeeded; if(m_hProcess) CloseHandle(m_hProcess); m_hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, process_id); if (m_hProcess == NULL) return -1; if(!m_pEnumProcessModules(m_hProcess, m_hMods, sizeof(m_hMods), &cbNeeded)) { char err_msg[256]; DWORD err=GetLastError(); GetErrString(err_msg, sizeof(err_msg), err); WriteLog("failed to EnumProcessModules, err=%d-%s", err, err_msg); CloseHandle(m_hProcess); return 0; } m_nModCount =cbNeeded / sizeof(HMODULE); #else*/ HANDLE hSnapShot; MODULEENTRY32 ModuleEntry32; BOOL Result; memset(m_mod_name, 0, sizeof(m_mod_name)); memset(m_mod_path, 0, sizeof(m_mod_path)); memset(m_hMods, 0, sizeof(m_hMods)); hSnapShot = pCreateToolhelp32Snapshot(TH32CS_SNAPMODULE, process_id); if (hSnapShot == (HANDLE)-1) { //WriteLog("create snapshot failed! %s", strerror(errno)); return -1; } ModuleEntry32.dwSize = sizeof(MODULEENTRY32); Result = pModule32First(hSnapShot, &ModuleEntry32); if (Result != TRUE) { //WriteLog("module first failed!"); CloseHandle(hSnapShot); return -1; } do { strcpy(m_mod_name[m_nModCount], ModuleEntry32.szModule); strcpy(m_mod_path[m_nModCount], ModuleEntry32.szExePath); m_hMods[m_nModCount] =ModuleEntry32.hModule; m_nModCount++; } while (pModule32Next(hSnapShot, &ModuleEntry32) && m_nModCount <MAX_MODULE_COUNT); CloseHandle(hSnapShot); //#endif return m_nModCount; } int CProcessModule::GetModuleBaseNameA(int num, char *mod_name) { /*#ifdef WINNT if ( m_pGetModuleBaseName( m_hProcess, m_hMods[num], mod_name,100)) return -1; #else*/ strcpy(mod_name, m_mod_name[num]); //#endif return 0; } void CProcessModule::EndEnumProcessModules() { /*#ifdef WINNT if(m_hProcess) CloseHandle(m_hProcess); m_hProcess =NULL; #endif*/ } HANDLE CProcessModule::GetProcessModuleHandle(DWORD process_id, char *mod_name) { int mod_count =EnumProcessModules(process_id); char mod_base_name[100]; for(int i =0; i<mod_count; i++) { GetModuleBaseNameA(i, mod_base_name); if(strcmpi(mod_base_name, mod_name) ==0) { EndEnumProcessModules(); return m_hMods[i]; } } EndEnumProcessModules(); return NULL; } DWORD CProcessModule::GetProcessID(char *exe_name) { strupr(exe_name); EnumProcess(); //WriteLog("GetProcessID m_dwProcessCount=%d...", m_dwProcessCount); for(int i =0; i<(int)m_dwProcessCount; i++) { int mod_count =EnumProcessModules(m_dwProcessIDs[i]); char mod_base_name[100]; //WriteLog("process num=%d, id=%d,mod_count:%d", i, m_dwProcessIDs[i], mod_count); for(int j =mod_count-1; j>=0; j--) { //GetModuleBaseNameA(j, mod_base_name); strcpy(mod_base_name, m_mod_name[j]); strupr(mod_base_name); if(strstr(mod_base_name, exe_name) !=NULL) { //WriteLog("found mod_base_name %s,pid:%d", mod_base_name, m_dwProcessIDs[i]); EndEnumProcessModules(); return m_dwProcessIDs[i]; } } //WriteLog("\r\n"); } EndEnumProcessModules(); return NULL; } #ifdef WINNT BOOL CProcessModule::ObtainSeDebugPrivilege(HANDLE hProcess) { BOOL Result; TOKEN_PRIVILEGES TokenPrivileges; TOKEN_PRIVILEGES PreviousTokenPrivileges; LUID luid; HANDLE hToken; DWORD dwPreviousTokenPrivilegesSize = sizeof(TOKEN_PRIVILEGES); Result = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken); if (Result == FALSE) return false; Result = LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid); if (Result == FALSE) return false; TokenPrivileges.PrivilegeCount = 1; TokenPrivileges.Privileges[0].Luid = luid; TokenPrivileges.Privileges[0].Attributes = 0; AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), &PreviousTokenPrivileges, &dwPreviousTokenPrivilegesSize); if (GetLastError() != ERROR_SUCCESS) return false; PreviousTokenPrivileges.PrivilegeCount = 1; PreviousTokenPrivileges.Privileges[0].Luid = luid; PreviousTokenPrivileges.Privileges[0].Attributes |= SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, FALSE, &PreviousTokenPrivileges, dwPreviousTokenPrivilegesSize, NULL, NULL); if (GetLastError() != ERROR_SUCCESS) return false; CloseHandle(hToken); return true; } #endif