| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
 | /*
WinPopup Protocol plugin for Miranda IM.
Copyright (C) 2004-2006 Nikolay Raspopov
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/
typedef LONG NTSTATUS;
typedef LONG KPRIORITY;
typedef LONG SYSTEM_INFORMATION_CLASS;
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
#define SystemProcessesAndThreadsInformation 5
typedef struct _CLIENT_ID {
	DWORD UniqueProcess;
	DWORD UniqueThread;
} CLIENT_ID;
typedef struct _UNICODE_STRING {
	USHORT Length;
	USHORT MaximumLength;
	PWSTR Buffer;
} UNICODE_STRING;
typedef struct _VM_COUNTERS {
	SIZE_T PeakVirtualSize;
	SIZE_T VirtualSize;
	ULONG PageFaultCount;
	SIZE_T PeakWorkingSetSize;
	SIZE_T WorkingSetSize;
	SIZE_T QuotaPeakPagedPoolUsage;
	SIZE_T QuotaPagedPoolUsage;
	SIZE_T QuotaPeakNonPagedPoolUsage;
	SIZE_T QuotaNonPagedPoolUsage;
	SIZE_T PagefileUsage;
	SIZE_T PeakPagefileUsage;
} VM_COUNTERS;
typedef struct _SYSTEM_THREADS {
	LARGE_INTEGER KernelTime;
	LARGE_INTEGER UserTime;
	LARGE_INTEGER CreateTime;
	ULONG WaitTime;
	PVOID StartAddress;
	CLIENT_ID ClientId;
	KPRIORITY Priority;
	KPRIORITY BasePriority;
	ULONG ContextSwitchCount;
	LONG State;
	LONG WaitReason;
} SYSTEM_THREADS, * PSYSTEM_THREADS;
typedef struct _SYSTEM_PROCESSES {
	ULONG NextEntryDelta;
	ULONG ThreadCount;
	ULONG Reserved1[6];
	LARGE_INTEGER CreateTime;
	LARGE_INTEGER UserTime;
	LARGE_INTEGER KernelTime;
	UNICODE_STRING ProcessName;
	KPRIORITY BasePriority;
	ULONG ProcessId;
	ULONG InheritedFromProcessId;
	ULONG HandleCount;
	ULONG Reserved2[2];
	VM_COUNTERS VmCounters;
#if _WIN32_WINNT >= 0x500
	IO_COUNTERS IoCounters;
#endif
	SYSTEM_THREADS Threads[1];
} SYSTEM_PROCESSES, * PSYSTEM_PROCESSES;
//--------------------------------------------------------------------------------------------
// CProcessApi class - written by Elias Bachaalany.
// Check the implementation file for more information
//
class CProcessApi
{
public:
	typedef struct tProcessInfo
	{
		DWORD pid;
		TCHAR FileName[MAX_PATH];
	};
	typedef struct tModuleInfo
	{
		LPVOID ImageBase;
		DWORD  ImageSize;
		TCHAR  FileName[MAX_PATH];
	};
private:
	typedef CAtlArray <tProcessInfo> tProcessesList;
	typedef CAtlArray <tModuleInfo> tModulesList;
	typedef struct tProcessesData
	{
		DWORD Pos;
		tProcessesList *pl;
	};
	typedef struct tModulesData
	{
		DWORD Pos;
		tModulesList *ml;
	};
	// PSAPI.DLL functions prototype
	typedef BOOL (WINAPI *t_psapi_EnumProcesses)(
		DWORD *lpidProcess,  // array of process identifiers
		DWORD cb,            // size of array
		DWORD *cbNeeded      // number of bytes returned
	);
	typedef BOOL (WINAPI *t_psapi_EnumProcessModules)(
		HANDLE hProcess,      // handle to process
		HMODULE *lphModule,   // array of module handles
		DWORD cb,             // size of array
		LPDWORD lpcbNeeded    // number of bytes required
	);
	typedef DWORD (WINAPI *t_psapi_GetModuleFileNameEx)(
		HANDLE hProcess,    // handle to process
		HMODULE hModule,    // handle to module
		LPTSTR lpFilename,  // path buffer
		DWORD nSize         // maximum characters to retrieve
	);
	typedef BOOL (WINAPI *t_psapi_GetModuleInformation)(
		HANDLE hProcess,
		HMODULE hModule,
		LPMODULEINFO lpmodinfo,
		DWORD cb
	);
	// functions instances
	t_psapi_GetModuleFileNameEx       psapi_GetModuleFileNameEx;
	t_psapi_EnumProcessModules        psapi_EnumProcessModules;
	t_psapi_EnumProcesses             psapi_EnumProcesses;
	t_psapi_GetModuleInformation      psapi_GetModuleInformation;
	// TOOLHELP functions prototype
	typedef HANDLE (WINAPI *t_tlhlp_CreateToolhelp32Snapshot)(
		DWORD dwFlags,
		DWORD th32ProcessID
	);
	typedef BOOL (WINAPI *t_tlhlp_Process32First)(
		HANDLE hSnapshot,
		LPPROCESSENTRY32 lppe
	);
	typedef BOOL (WINAPI *t_tlhlp_Process32Next)(
		HANDLE hSnapshot,
		LPPROCESSENTRY32 lppe
	);
	typedef BOOL (WINAPI *t_tlhlp_Module32First)(
		HANDLE hSnapshot,
		LPMODULEENTRY32 lpme
	);
	typedef BOOL (WINAPI *t_tlhlp_Module32Next)(
		HANDLE hSnapshot,
		LPMODULEENTRY32 lpme
	);
	// functions instances
	t_tlhlp_CreateToolhelp32Snapshot	tlhlp_CreateToolhelp32Snapshot;
	t_tlhlp_Process32First				tlhlp_Process32First;
	t_tlhlp_Process32Next				tlhlp_Process32Next; 
	t_tlhlp_Module32First				tlhlp_Module32First;
	t_tlhlp_Module32Next				tlhlp_Module32Next;
	// NTDLL.DLL functions prototype
	typedef NTSTATUS (NTAPI *t_ntapi_ZwQuerySystemInformation)(
		SYSTEM_INFORMATION_CLASS SystemInformationClass,
		PVOID SystemInformation,
		ULONG SystemInformationLength,
		PULONG ReturnLength
	);
	// functions instances
	t_ntapi_ZwQuerySystemInformation	ntapi_ZwQuerySystemInformation;
	// Private member variables
	HMODULE   m_hPsApi;
	HMODULE   m_hTlHlp;
	HMODULE   m_hNtApi;
	bool      m_bPsApi;
	bool      m_bToolHelp;
	bool      m_bNtApi;
	bool Load_PsApi();
	bool Load_TlHlp();
	bool Load_NtApi();
	DWORD ProcessesPopulatePsApi(tProcessesData *pd);
	DWORD ProcessesPopulateToolHelp(tProcessesData *pd);
	DWORD ProcessesPopulateNtApi(tProcessesData *pd);
	DWORD ModulesPopulatePsApi(DWORD pid, tModulesData *md);
	DWORD ModulesPopulateToolHelp(DWORD pid, tModulesData *md);
	DWORD ModulesPopulateNtApi(DWORD pid, tModulesData *md);
public:
	// CProcessApi error enum
	enum
	{
		paeSuccess = 0,                     // No error
		paeNoApi,                           // No process API helper dll found
		paeNoEntryPoint,                    // One needed entrypoint not found in helper dll
		paeNoMem,                           // Not enough memory
		paeNoSnap,                          // Could not get a snapshot
		paeNoMore,                          // List contains no more items
		paeOutOfBounds,                     // Tried to access list w/ an invalid index
		paeYYY
	};
	DWORD LastError; // Holds the last error
	CProcessApi();
	~CProcessApi();
	bool Init (bool bNtApiFirst = false);
	DWORD ProcessesGetList();
	bool  ProcessesWalk(DWORD_PTR lid, tProcessInfo *pi, DWORD Pos = -1);
	DWORD ProcessesCount(DWORD_PTR lid) const;
	void  ProcessesFreeList(DWORD_PTR lid);
	DWORD ModulesGetList(DWORD ProcessID);
	bool  ModulesWalk(DWORD_PTR lid, tModuleInfo *mi, DWORD Pos = -1);
	DWORD ModulesCount(DWORD_PTR lid) const;
	void  ModulesFreeList(DWORD_PTR lid);
};
// Ïîëó÷åíèå PID çàïóùåííîãî ïðîöåññà ïî èìåíè åãî âûïîëíèìîãî ìîäóëÿ
DWORD GetProcessId (LPCTSTR name);
 |