1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include "Common.h"
BOOL findFilename(TCHAR *);
TCHAR *filename(TCHAR *);
BOOL WINAPI Enum16(DWORD, WORD, WORD, TCHAR *, TCHAR *, LPARAM);
// Globals
extern PROCESS_LIST ProcessList;
BOOL areThereProcessesRunning(void)
{
HANDLE hSnapShot = NULL;
LPDWORD lpdwPIDs = NULL;
PROCESSENTRY32 procentry;
BOOL bFlag;
if (!ProcessList.count) // Process list is empty
return FALSE;
// Get a handle to a Toolhelp snapshot of all processes.
if ((hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) == INVALID_HANDLE_VALUE)
return FALSE;
// While there are processes, keep looping.
for (procentry.dwSize=sizeof(PROCESSENTRY32), bFlag=Process32First(hSnapShot, &procentry); bFlag; procentry.dwSize=sizeof(PROCESSENTRY32), bFlag=Process32Next(hSnapShot, &procentry)) {
TCHAR *szFileNameAux = filename(procentry.szExeFile);
// Search szFileName in user-defined list
if (findFilename(szFileNameAux))
return TRUE;
// Did we just bump into an NTVDM?
if (!_wcsicmp(szFileNameAux, L"NTVDM.EXE")) {
BOOL bFound = FALSE;
// Enum the 16-bit stuff.
VDMEnumTaskWOWEx(procentry.th32ProcessID, (TASKENUMPROCEX)Enum16, (LPARAM)&bFound);
// Did we find any user-defined process?
if (bFound)
return TRUE;
}
}
return FALSE;
}
BOOL WINAPI Enum16(DWORD dwThreadId, WORD hMod16, WORD hTask16, TCHAR *szModName, TCHAR *szFileName, LPARAM lpUserDefined)
{
BOOL bRet;
BOOL *pbFound = (BOOL *)lpUserDefined;
if ((bRet = findFilename(filename(szFileName))))
*pbFound = TRUE;
return bRet;
}
BOOL findFilename(TCHAR *fileName)
{
for (int i=0; i < ProcessList.count; i++)
if (ProcessList.szFileName[i] && !_wcsicmp(ProcessList.szFileName[i], fileName))
return TRUE;
return FALSE;
}
TCHAR *filename(TCHAR *fullFileName)
{
TCHAR *str;
str = wcsrchr(fullFileName, '\\');
if (!str)
return fullFileName;
return ++str;
}
|
