/[ProcessMemoryDumper]/branches/pmd_18_x86/ProcessListDlg.cpp
ViewVC logotype

Contents of /branches/pmd_18_x86/ProcessListDlg.cpp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3 - (show annotations) (download)
Fri Aug 31 04:08:07 2012 UTC (7 years, 4 months ago) by william
File size: 29448 byte(s)
commit upstream branch code
1
2 // ProcessListDlg.cpp : implementation file
3 //
4
5 #include "stdafx.h"
6 #include "ProcessList.h"
7 #include "ProcessListDlg.h"
8 #include "memwalk.h"
9 #include <Windows.h>
10
11 #pragma comment(lib,"psapi")
12
13
14 DWORD transactionPID= NULL; //Global Var for PID Transport ;)
15 int itemSelection = NULL;
16
17 #ifdef _DEBUG
18 #define new DEBUG_NEW
19 #undef THIS_FILE
20 static char THIS_FILE[] = __FILE__;
21 #endif
22
23 /////////////////////////////////////////////////////////////////////////////
24 // CAboutDlg dialog used for App About
25
26 class CAboutDlg : public CDialog
27 {
28 public:
29 CAboutDlg();
30
31 // Dialog Data
32 //{{AFX_DATA(CAboutDlg)
33 enum { IDD = IDD_ABOUTBOX };
34 //}}AFX_DATA
35
36 // ClassWizard generated virtual function overrides
37 //{{AFX_VIRTUAL(CAboutDlg)
38 protected:
39 virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
40 //}}AFX_VIRTUAL
41
42 // Implementation
43 protected:
44 //{{AFX_MSG(CAboutDlg)
45 //}}AFX_MSG
46 DECLARE_MESSAGE_MAP()
47 };
48
49 CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
50 {
51 //{{AFX_DATA_INIT(CAboutDlg)
52 //}}AFX_DATA_INIT
53 }
54
55 void CAboutDlg::DoDataExchange(CDataExchange* pDX)
56 {
57 CDialog::DoDataExchange(pDX);
58 //{{AFX_DATA_MAP(CAboutDlg)
59 //}}AFX_DATA_MAP
60 }
61
62 BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
63 //{{AFX_MSG_MAP(CAboutDlg)
64 // No message handlers
65 //}}AFX_MSG_MAP
66 END_MESSAGE_MAP()
67
68 /////////////////////////////////////////////////////////////////////////////
69 // CProcessListDlg dialog
70
71 CProcessListDlg::CProcessListDlg(CWnd* pParent /*=NULL*/)
72 : CDialog(CProcessListDlg::IDD, pParent)
73 {
74 //{{AFX_DATA_INIT(CProcessListDlg)
75 // NOTE: the ClassWizard will add member initialization here
76 //}}AFX_DATA_INIT
77 // Note that LoadIcon does not require a subsequent DestroyIcon in Win32
78 m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
79 pModuleToTerminate = NULL;
80 }
81
82 void CProcessListDlg::DoDataExchange(CDataExchange* pDX)
83 {
84 CDialog::DoDataExchange(pDX);
85 //{{AFX_DATA_MAP(CProcessListDlg)
86 DDX_Control(pDX, IDC_LIST1, m_ListCtrl);
87 DDX_Control(pDX, IDC_TREE1, pCtrl);
88 //}}AFX_DATA_MAP
89 DDX_Control(pDX, IDC_LIST2, m_ListCtrl2);
90 DDX_Control(pDX, IDC_LIST3, m_List);
91 DDX_Control(pDX, IDC_LIST4, m_List4);
92 }
93
94 BEGIN_MESSAGE_MAP(CProcessListDlg, CDialog)
95 //{{AFX_MSG_MAP(CProcessListDlg)
96 ON_WM_SYSCOMMAND()
97 ON_WM_PAINT()
98 ON_WM_QUERYDRAGICON()
99 ON_NOTIFY(TVN_SELCHANGED, IDC_TREE1, OnSelchangedTree)
100 ON_BN_CLICKED(IDC_BUTTON1, OnButton1)
101 //}}AFX_MSG_MAP
102 ON_BN_CLICKED(IDC_BUTTON2, &CProcessListDlg::OnBnClickedButton2)
103 ON_BN_CLICKED(IDC_BUTTON3, &CProcessListDlg::OnBnClickedButton3)
104 ON_NOTIFY(LVN_ITEMCHANGED, IDC_LIST2, &CProcessListDlg::OnLvnItemchangedList2)
105 ON_NOTIFY(HDN_ITEMCLICK, 0, &CProcessListDlg::OnHdnItemclickList2)
106 ON_BN_CLICKED(IDC_BUTTON4, &CProcessListDlg::OnBnClickedButton4)
107 END_MESSAGE_MAP()
108
109 /////////////////////////////////////////////////////////////////////////////
110 // CProcessListDlg message handlers
111
112 BOOL CProcessListDlg::OnInitDialog()
113 {
114 CDialog::OnInitDialog();
115 ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
116 ASSERT(IDM_ABOUTBOX < 0xF000);
117
118 CMenu* pSysMenu = GetSystemMenu(FALSE);
119 if (pSysMenu != NULL)
120 {
121 CString strAboutMenu;
122 strAboutMenu.LoadString(IDS_ABOUTBOX);
123 if (!strAboutMenu.IsEmpty())
124 {
125 pSysMenu->AppendMenu(MF_SEPARATOR);
126 pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
127 }
128 }
129
130 SetIcon(m_hIcon, TRUE); // Set big icon
131 SetIcon(m_hIcon, FALSE); // Set small icon
132
133
134 m_ListCtrl.InsertColumn(0, "Text", LVCFMT_CENTER, 100);
135 m_ListCtrl.InsertColumn(1, "Description", LVCFMT_LEFT, 300);
136
137
138 m_ListCtrl2.InsertColumn(0,"Text",LVCFMT_CENTER,300);
139
140 m_List.InsertColumn(0,"Name",LVCFMT_CENTER,200);
141
142 m_List4.InsertColumn(0, "Text", LVCFMT_CENTER, 100);
143 m_List4.InsertColumn(1, "Description", LVCFMT_LEFT, 300);
144
145
146 VERIFY( m_ImageList.Create( GetSystemMetrics( SM_CXSMICON ),
147 GetSystemMetrics( SM_CYSMICON ),
148 ILC_COLOR32 | ILC_MASK,
149 0,
150 20 ));
151
152 pCtrl.SetImageList( &m_ImageList, TVSIL_NORMAL );
153 VERIFY( m_Bitmap.LoadBitmap( IDB_BITMAP1));
154 m_ImageList.Add( &m_Bitmap, RGB( 255, 0, 255 ));
155
156 LoadProcesses();
157 ShowWindow(SW_SHOWNORMAL);
158 return TRUE;
159 }
160
161 void CProcessListDlg::OnSysCommand(UINT nID, LPARAM lParam)
162 {
163 if ((nID & 0xFFF0) == IDM_ABOUTBOX)
164 {
165 CAboutDlg dlgAbout;
166 dlgAbout.DoModal();
167 }
168 else
169 {
170 CDialog::OnSysCommand(nID, lParam);
171 }
172 }
173
174
175 void CProcessListDlg::OnPaint()
176 {
177 if (IsIconic())
178 {
179 CPaintDC dc(this); // device context for painting
180
181 SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
182
183 // Center icon in client rectangle
184 int cxIcon = GetSystemMetrics(SM_CXICON);
185 int cyIcon = GetSystemMetrics(SM_CYICON);
186 CRect rect;
187 GetClientRect(&rect);
188 int x = (rect.Width() - cxIcon + 1) / 2;
189 int y = (rect.Height() - cyIcon + 1) / 2;
190
191 // Draw the icon
192 dc.DrawIcon(x, y, m_hIcon);
193 }
194 else
195 {
196 CDialog::OnPaint();
197 }
198 }
199
200
201 HCURSOR CProcessListDlg::OnQueryDragIcon()
202 {
203 return (HCURSOR) m_hIcon;
204 }
205
206 //BOOL CProcessListDlg::GetFileTimeAsString(LPFILETIME pFt, char * pszTime, unsigned cbIn)
207 //{
208 // FILETIME ftLocal;
209 // SYSTEMTIME st;
210 //
211 // if(!FileTimeToLocalFileTime( pFt, &ftLocal))
212 // return FALSE;
213 //
214 // if(!FileTimeToSystemTime( &ftLocal, &st))
215 // return FALSE;
216 //
217 // char szTemp[12];
218 //
219 // wsprintf(szTemp, "%02u:%02u:%02u", st.wHour, st.wMinute, st.wSecond);
220 // lstrcpyn(pszTime, szTemp, cbIn);
221 // return true;
222 //}
223 //
224 //BOOL CProcessListDlg::GetFileDateAsString(LPFILETIME pFt, char * pszDate, unsigned cbIn)
225 //{
226 // FILETIME ftLocal;
227 // SYSTEMTIME st;
228 //
229 // if(!FileTimeToLocalFileTime(pFt, &ftLocal))
230 // return FALSE;
231 //
232 // if(!FileTimeToSystemTime(&ftLocal, &st))
233 // return FALSE;
234 //
235 // char szTemp[12];
236 //
237 // wsprintf(szTemp, "%02u/%02u/%04u", st.wMonth, st.wDay, st.wYear);
238 // lstrcpyn(pszDate, szTemp, cbIn);
239 //
240 // return true;
241 //}
242
243
244 void CProcessListDlg::UpdateProcessTime(DWORD processID)
245 {
246 HANDLE hProcess;
247 FILETIME ftCreate, ftExit, ftKernel, ftUser;
248 SYSTEMTIME stKernel, stUser;
249 CString strName, strData;
250
251 hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE,processID);
252
253 if (hProcess == INVALID_HANDLE_VALUE)
254 {
255 AfxMessageBox("Unable to obtain the specified process handle");
256 return;
257 }
258
259 if(GetProcessTimes(hProcess,&ftCreate,&ftExit, &ftKernel,&ftUser))
260 {
261 COleDateTime timeNow = COleDateTime::GetTickCount();
262 COleDateTime timeCreation = ftCreate;
263 COleDateTimeSpan timeDifference = timeNow - timeCreation;
264
265 strData.Format("%02d/%02d/%d @ %02d:%02d:%02d",
266 timeCreation.GetMonth(),
267 timeCreation.GetDay(),
268 timeCreation.GetYear(),
269 timeCreation.GetHour(),
270 timeCreation.GetMinute(),
271 timeCreation.GetSecond());
272 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,16,"CreationTime:" + strData,0,LVIS_SELECTED,0,0); //Creation Time
273 m_ListCtrl.SetItemText(16,1,strData);
274
275 strData.Format("%ud %uh %um %us",
276 timeDifference.GetDays(),
277 timeDifference.GetHours(),
278 timeDifference.GetMinutes(),
279 timeDifference.GetSeconds());
280 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,17,"RunningTime:" + strData,0,LVIS_SELECTED,0,0); //Running Time
281 m_ListCtrl.SetItemText(17,1,strData);
282
283 FileTimeToSystemTime(&ftKernel,&stKernel);
284 strData.Format("%uh %um %us",
285 stKernel.wHour,
286 stKernel.wMinute,
287 stKernel.wSecond);
288 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,18,"KernelTime:" + strData,0,LVIS_SELECTED,0,0); //Kernel Time
289 m_ListCtrl.SetItemText(18,1,strData);
290
291 FileTimeToSystemTime(&ftUser,&stUser);
292 strData.Format("%uh %um %us",
293 stUser.wHour,
294 stUser.wMinute,
295 stUser.wSecond);
296 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,20,"UserTime" +strData,0,LVIS_SELECTED,0,0); // User Time
297 m_ListCtrl.SetItemText(19,1,strData);
298 }
299
300 else
301 {
302 AfxMessageBox("Unable to Get Process Timings!");
303 return;
304 }
305 }
306
307
308 // Catch here the selected process!!!
309 void CProcessListDlg::OnSelchangedTree(NMHDR* pNMHDR, LRESULT* pResult)
310 {
311 // Clear Items
312 m_ListCtrl.DeleteAllItems(); // General Process/Module Information
313 m_ListCtrl2.DeleteAllItems(); // Module Lister
314 m_List.DeleteAllItems(); // Functions Lister
315
316 pCtrl.SetRedraw(FALSE);
317 NM_TREEVIEW* pNMTreeView = (NM_TREEVIEW*)pNMHDR;
318 CModuleDetails *pModuleInfo = reinterpret_cast<CModuleDetails *> (pCtrl.GetItemData( pNMTreeView->itemNew.hItem ));
319 // *pModuleInfo2 = reinterpret_cast<CModuleDetails *> (pCtrl.GetItemData( pNMTreeView->itemNew.hItem ));
320 CString strText;
321
322 if(pModuleInfo) //Watch here to add modules to the Second List!
323 {
324 CEnumProcessList * m_listp = new CEnumProcessList(pModuleInfo->pProcessID);
325 for(POSITION modulePos1 = m_listp->GetHeadPosition();modulePos1!=NULL;)
326 {
327 CModuleDetails* pModuleData = new CModuleDetails;
328 pModuleData = m_listp->GetNext(modulePos1);
329 int nIndex = m_ImageList.Add(pModuleData->GetAssociatedIcon());
330 /*
331 nIndex = nIndex ? nIndex :20;
332 HTREEITEM hProcessModu = pCtrl.InsertItem(pModuleData->GetFullFileName(),nIndex,nIndex,pNMTreeView->itemNew.hItem);
333 pCtrl.SetItemData( hProcessModu, reinterpret_cast<DWORD>(pModuleData));
334 */
335 m_ListCtrl2.InsertItem(LVIF_TEXT|LVIF_STATE, nIndex,pModuleData->GetFullFileName(),0, LVIS_SELECTED,0, 0);
336 }
337
338
339 if(pModuleInfo->IsProcessTrue())
340 GetDlgItem(IDC_BUTTON1)->EnableWindow(TRUE);
341 else
342 GetDlgItem(IDC_BUTTON1)->EnableWindow(FALSE);
343 }
344
345 if(pModuleInfo)
346 {
347 m_ListCtrl.InsertItem(LVIF_TEXT|LVIF_STATE, 0,"Module Name",0, LVIS_SELECTED,0, 0);
348 m_ListCtrl.SetItemText(0, 1, pModuleInfo->GetModuleName());
349
350 transactionPID = pModuleInfo->pProcessID;
351
352 m_ListCtrl.InsertItem(LVIF_TEXT|LVIF_STATE, 1,"Module Path",0, LVIS_SELECTED,0, 0);
353 m_ListCtrl.SetItemText(1, 1, pModuleInfo->GetFullFileName());
354
355 m_ListCtrl.InsertItem(LVIF_TEXT|LVIF_STATE, 2,"Version",0, LVIS_SELECTED,0, 0);
356 m_ListCtrl.SetItemText(2, 1, pModuleInfo->GetFileVersion());
357
358 m_ListCtrl.InsertItem(LVIF_TEXT|LVIF_STATE, 3,"File Size",0, LVIS_SELECTED,0, 0);
359 CString strFileSize;
360 strFileSize.Format("%ld",pModuleInfo->GetFileSize());
361 m_ListCtrl.SetItemText(3, 1,strFileSize);
362
363 m_ListCtrl.InsertItem(LVIF_TEXT|LVIF_STATE, 4,"Company",0, LVIS_SELECTED,0, 0);
364 m_ListCtrl.SetItemText(4, 1, pModuleInfo->GetCompanyName());
365
366 m_ListCtrl.InsertItem(LVIF_TEXT|LVIF_STATE, 5,"Product Name",0, LVIS_SELECTED,0, 0);
367 m_ListCtrl.SetItemText(5, 1, pModuleInfo->GetProductName());
368
369 m_ListCtrl.InsertItem(LVIF_TEXT|LVIF_STATE, 6,"Description",0, LVIS_SELECTED,0, 0);
370 m_ListCtrl.SetItemText(6, 1, pModuleInfo->GetFileDescription());
371
372 m_ListCtrl.InsertItem(LVIF_TEXT|LVIF_STATE,7,"LegalCopyright",0,LVIS_SELECTED,0,0);
373 m_ListCtrl.SetItemText(7,1,pModuleInfo->GetLegalCopyright());
374
375 m_ListCtrl.InsertItem(LVIF_TEXT|LVIF_STATE,8,"LegalTradeMarks",0,LVIS_SELECTED,0,0);
376 m_ListCtrl.SetItemText(8,1,pModuleInfo->GetLegalTrademarks());
377
378 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,9,"PrivateBuild",0,LVIS_SELECTED,0,0);
379 m_ListCtrl.SetItemText(9,1,pModuleInfo->GetPrivateBuild());
380
381 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,10,"InternalFileName",0,LVIS_SELECTED,0,0);
382 m_ListCtrl.SetItemText(10,1,pModuleInfo->GetInternalName());
383
384 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,11,"OriginalFileName",0,LVIS_SELECTED,0,0);
385 m_ListCtrl.SetItemText(11,1,pModuleInfo->GetOriginalFilename());
386
387 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,12,"ProductVersion",0,LVIS_SELECTED,0,0);
388 m_ListCtrl.SetItemText(12,1,pModuleInfo->GetProductVersion());
389
390 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,13,"Comments",0,LVIS_SELECTED,0,0);
391 m_ListCtrl.SetItemText(13,1,pModuleInfo->GetComments());
392
393 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,15,"SpecialBuild",0,LVIS_SELECTED,0,0);
394 m_ListCtrl.SetItemText(15,1,pModuleInfo->GetSpecialBuild());
395
396
397 CString str;
398 str.Format(_T("%04X"),pModuleInfo->pProcessID);
399 m_ListCtrl.InsertItem(LVIF_STATE|LVIF_TEXT,20,"Pid: " + str,0,LVIS_SELECTED,0,0);
400 m_ListCtrl.SetItemText(20,1,str);
401
402
403 // Process Timings
404
405 UpdateProcessTime(pModuleInfo->pProcessID); // From Item 15 to 20
406 }
407
408 pCtrl.SetRedraw(TRUE);
409 *pResult = 0;
410 }
411
412
413 BOOL CProcessListDlg::LoadProcesses()
414 {
415 pCtrl.DeleteAllItems();
416 pCtrl.SetRedraw(FALSE);
417 int m_nInitialImageCount = 1;
418 const int nNewImageCount = m_ImageList.GetImageCount();
419 for( int nIndex = nNewImageCount; nIndex > m_nInitialImageCount; --nIndex )
420 {
421 VERIFY( m_ImageList.Remove( nIndex - 1 ));
422 }
423
424 HTREEITEM root = pCtrl.InsertItem(_T("Processes List"),0,0,NULL);
425 CEnumProcessList * m_listp = new CEnumProcessList;;
426
427 for(POSITION modulePos = m_listp->GetHeadPosition();modulePos!=NULL;)
428 {
429 CModuleDetails* pModuleData = new CModuleDetails;
430 pModuleData = m_listp->GetNext(modulePos);
431 int nIndex = m_ImageList.Add(pModuleData->GetAssociatedIcon());
432 nIndex = nIndex ? nIndex :20;
433 HTREEITEM hProcess = pCtrl.InsertItem(pModuleData->GetModuleName(),nIndex,nIndex,root);
434 pCtrl.SetItemData(hProcess, reinterpret_cast<DWORD>(pModuleData));
435 }
436 pCtrl.SetRedraw(TRUE);
437 pCtrl.Expand(root,TVE_EXPAND);
438
439
440
441
442 return TRUE;
443 }
444
445 void CProcessListDlg::OnButton1()
446 {
447 // START - Declarations for Process Memory Dumper Engine -
448 MEMORY_BASIC_INFORMATION mbi;
449 LPVMOBJECT lpList;
450 SYSTEM_INFO si;
451 LPVOID lpMem, lpUncommited, memStep;
452 LPVOID readBuff;
453 DWORD dwSize, dwIndex, dwBread, dwBwrite;
454 HANDLE hProcess;
455 HANDLE hFile;
456 // END - Declarations for Process Memory Dumper Engine -
457
458 HTREEITEM hItem = pCtrl.GetSelectedItem();
459
460 if(hItem == NULL)
461 {
462 AfxMessageBox("No Item Selected!");
463 return;
464 }
465
466 CModuleDetails *pModuleInfo = reinterpret_cast<CModuleDetails *> (pCtrl.GetItemData(hItem ));
467 if(pModuleInfo->IsProcessTrue())
468 {
469 GetDlgItem(IDC_BUTTON1)->EnableWindow(FALSE);
470 hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_OPERATION,
471 NULL, pModuleInfo->pProcessID);
472 if( hProcess == NULL)
473 {
474 AfxMessageBox("Failed to open the Process");
475 return;
476 }
477
478 CString fileName = pModuleInfo->GetModuleName();
479 fileName = fileName + ".dmp";
480 LPCSTR dumpFineName =(LPCSTR)(LPCTSTR) fileName;
481 hFile = CreateFileA(dumpFineName ,FILE_ALL_ACCESS, FILE_SHARE_WRITE, NULL,
482 OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
483
484 if(hFile == INVALID_HANDLE_VALUE)
485 {
486 AfxMessageBox("Can't Create Dump File");
487 return;
488 }
489
490 GetSystemInfo(&si);
491
492 dwSize = TOTALVMRESERVE;
493 memStep = VirtualAlloc(NULL, TOTALVMRESERVE, MEM_RESERVE, PAGE_NOACCESS);
494
495 if(memStep == NULL)
496 return;
497
498 lpList = (LPVMOBJECT)memStep;
499 lpUncommited = (LPVOID)memStep;
500
501 lpMem = 0;
502 dwIndex = 0;
503
504 while(lpMem < si.lpMaximumApplicationAddress)
505 {
506 if(((int)lpList + 4096) >= ((int)memStep + TOTALVMRESERVE))
507 return;
508
509 if(lpList + sizeof(VMOBJECT) >= lpUncommited )
510 {
511 if( VirtualAlloc(lpUncommited,4096,MEM_COMMIT,PAGE_READWRITE) == NULL)
512 {
513 AfxMessageBox("A problem occurred during Memory Walking");
514 return;
515 }
516
517 lpUncommited = (LPVOID)((DWORD)lpList+ (DWORD)4096);
518 }
519
520 *lpList->szObjType = 0;
521 *lpList->szModule = 0;
522 *lpList->szSection = 0;
523 lpList->bNew = 0;
524
525 VirtualQueryEx(hProcess,lpMem,&(lpList->mbi),sizeof(MEMORY_BASIC_INFORMATION));
526
527 lpMem = (LPVOID)((DWORD)lpList->mbi.BaseAddress +
528 (DWORD)lpList->mbi.RegionSize);
529
530 readBuff = VirtualAlloc(NULL,lpList->mbi.RegionSize,MEM_COMMIT,PAGE_READWRITE);
531
532 ReadProcessMemory(hProcess,lpList->mbi.BaseAddress,readBuff,
533 lpList->mbi.RegionSize,&dwBread);
534 WriteFile(hFile,readBuff,dwBread,&dwBwrite,NULL);
535 VirtualFree(readBuff,lpList->mbi.RegionSize, MEM_DECOMMIT);
536
537 lpList++;
538 ++dwIndex;
539 }
540
541 CloseHandle(hProcess);
542 CloseHandle(hFile);
543 AfxMessageBox("Process Dumped Correctly!!!");
544 //m_ListCtrl.DeleteAllItems();
545
546 LoadProcesses();
547 }
548
549 }
550
551
552 void CProcessListDlg::OnBnClickedButton2()
553 {
554 HTREEITEM hItem = pCtrl.GetSelectedItem();
555
556 if (hItem == NULL)
557 {
558 AfxMessageBox("No Item Selected!");
559 return;
560 }
561
562
563 CModuleDetails *pModuleInfo = reinterpret_cast<CModuleDetails *> (pCtrl.GetItemData(hItem ));
564 if(pModuleInfo->IsProcessTrue())
565 {
566 GetDlgItem(IDC_BUTTON1)->EnableWindow(FALSE);
567 pModuleInfo->TerminateProcess();
568 m_ListCtrl.DeleteAllItems();
569 AfxMessageBox("Process Terminated Reloading processes....");
570 LoadProcesses();
571 }
572 else
573 {
574 AfxMessageBox("Can not Process Terminated....");
575 }
576
577 }
578
579 void CProcessListDlg::OnBnClickedButton3() // Produce Logs
580 {
581 HANDLE hLog;
582 DWORD dWritten;
583 char Intestation1[] = "########################################\n";
584 char Intestation2[] = ".::PMD Generated Log ::.\n";
585 char Intestation3[] = "Process List:";
586 char Intestation4[] = "Process Information:"; //Use only in IF
587 char Intestation5[] = "Module List:";
588 char Intestation6[] = "Module Information:";
589 char Intestation7[] = "Module Exports:";
590 TCHAR szDllBuffer[2048] = {0};
591
592
593 //HTREEITEM hItem = pCtrl.GetSelectedItem();//Here you need to verify the empty selection
594 //CModuleDetails *pModuleInfo = reinterpret_cast<CModuleDetails *> (pCtrl.GetItemData(hItem));
595
596 if(transactionPID != NULL)
597 {
598 HTREEITEM hItem = pCtrl.GetSelectedItem();//Here you need to verify the empty selection
599 CModuleDetails *pModuleInfo = reinterpret_cast<CModuleDetails *> (pCtrl.GetItemData(hItem));
600 hLog = CreateFileA(pModuleInfo->GetModuleName() + ".log" ,
601 GENERIC_WRITE,
602 0,
603 NULL,
604 CREATE_ALWAYS,
605 FILE_ATTRIBUTE_NORMAL,
606 NULL);
607
608 if(hLog == INVALID_HANDLE_VALUE)
609 return;
610
611 WriteFile(hLog,Intestation1,(DWORD)strlen(Intestation1),&dWritten,NULL);
612 WriteFile(hLog,Intestation2,(DWORD)strlen(Intestation2),&dWritten,NULL);
613 WriteFile(hLog,Intestation1,(DWORD)strlen(Intestation1),&dWritten,NULL);
614 WriteFile(hLog,Intestation3,(DWORD)strlen(Intestation3),&dWritten,NULL);
615
616
617 CEnumProcessList * m_listp = new CEnumProcessList;
618 CModuleDetails* pModuleData = new CModuleDetails;
619 WriteFile(hLog,"\n",(DWORD)strlen("\n"),&dWritten,NULL);
620
621 for(POSITION modulePos = m_listp->GetHeadPosition();modulePos!=NULL;)
622 {
623 if ((pModuleData->GetFullFileName().GetLength()) != 0)
624 {
625 CString pID;
626 CString modName = pModuleData->GetFullFileName() + "\n";
627 pID.Format(_T("%04X"),pModuleData->pProcessID);
628 modName = modName + " PID: " + pID + " ";
629 WriteFile(hLog,modName,(DWORD)modName.GetLength(),&dWritten,NULL);
630 }
631
632 pModuleData = m_listp->GetNext(modulePos);
633 }
634
635 WriteFile(hLog,"\n\n",(DWORD)strlen("\n\n"),&dWritten,NULL);
636 WriteFile(hLog,Intestation4,(DWORD)strlen(Intestation4),&dWritten,NULL);
637 WriteFile(hLog,"\n\n",(DWORD)strlen("\n\n"),&dWritten,NULL);
638
639 for (int i = 0; i < 20 ;i++)
640 {
641 CString nameItem ;
642 CString valueItem;
643 if((i == 19) || (i == 20))
644 {
645 nameItem = m_ListCtrl.GetItemText(i,0) + ": ";
646 WriteFile(hLog,nameItem,(DWORD)nameItem.GetLength(),&dWritten,NULL);
647 }
648 else
649 {
650 nameItem = m_ListCtrl.GetItemText(i,0) + ": ";
651 valueItem = m_ListCtrl.GetItemText(i,1) + " \n";
652 WriteFile(hLog,nameItem,(DWORD)nameItem.GetLength(),&dWritten,NULL);
653 WriteFile(hLog,valueItem,(DWORD)valueItem.GetLength(),&dWritten,NULL);
654 }
655 }
656
657 WriteFile(hLog,"\n\n",(DWORD)strlen("\n\n"),&dWritten,NULL);
658 WriteFile(hLog,Intestation5,(DWORD)strlen(Intestation5),&dWritten,NULL);
659 WriteFile(hLog,"\n\n",(DWORD)strlen("\n\n"),&dWritten,NULL);
660
661 CEnumProcessList * m_listp1 = new CEnumProcessList(transactionPID);
662
663 for(POSITION modulePos1 = m_listp1->GetHeadPosition();modulePos1!=NULL;)
664 {
665 CModuleDetails* pModuleData1 = new CModuleDetails;
666 pModuleData = m_listp1->GetNext(modulePos1);
667 CString nameModulus = pModuleData->GetFullFileName();
668 WriteFile(hLog,"\n",(DWORD)strlen("\n"),&dWritten,NULL);
669 WriteFile(hLog,nameModulus,(DWORD)nameModulus.GetLength(),&dWritten,NULL);
670 }
671
672 m_ListCtrl2.GetItemText(itemSelection,0,szDllBuffer,sizeof(szDllBuffer));
673
674 if (strlen(szDllBuffer) != 0)
675 {
676 WriteFile(hLog,"\n\n",(DWORD)strlen("\n\n"),&dWritten,NULL);
677 WriteFile(hLog,Intestation6,(DWORD)strlen(Intestation6),&dWritten,NULL);
678 WriteFile(hLog,"\n\n",(DWORD)strlen("\n\n"),&dWritten,NULL);
679
680 for (int i = 0; i < 12 ;i++)
681 {
682 CString nameItem ;
683 CString valueItem;
684
685 nameItem = m_List4.GetItemText(i,0) + ": ";
686 valueItem = m_List4.GetItemText(i,1) + " \n";
687 WriteFile(hLog,nameItem,(DWORD)nameItem.GetLength(),&dWritten,NULL);
688 WriteFile(hLog,valueItem,(DWORD)valueItem.GetLength(),&dWritten,NULL);
689 }
690
691 WriteFile(hLog,"\n\n",(DWORD)strlen("\n\n"),&dWritten,NULL);
692 WriteFile(hLog,Intestation7,(DWORD)strlen(Intestation7),&dWritten,NULL);
693 WriteFile(hLog,"\n\n",(DWORD)strlen("\n\n"),&dWritten,NULL);
694
695 for (int i = 0; i < m_List.GetItemCount() ;i++)
696 {
697 CString nameItem ;
698
699 nameItem = m_List.GetItemText(i,0) + "\n";
700 WriteFile(hLog,nameItem,(DWORD)nameItem.GetLength(),&dWritten,NULL);
701 }
702
703
704
705 itemSelection = NULL;
706 }
707
708 else
709 {
710 AfxMessageBox("Log Written!");
711 CloseHandle(hLog);
712 return;
713 }
714
715 AfxMessageBox("Log Written!");
716 }
717
718 else
719 {
720 hLog = CreateFileA("BaseLog.log",
721 GENERIC_WRITE,
722 0,
723 NULL,
724 CREATE_ALWAYS,
725 FILE_ATTRIBUTE_NORMAL,
726 NULL);
727
728 if(hLog == INVALID_HANDLE_VALUE)
729 return;
730
731 WriteFile(hLog,Intestation1,(DWORD)strlen(Intestation1),&dWritten,NULL);
732 WriteFile(hLog,Intestation2,(DWORD)strlen(Intestation2),&dWritten,NULL);
733 WriteFile(hLog,Intestation1,(DWORD)strlen(Intestation1),&dWritten,NULL);
734 WriteFile(hLog,Intestation3,(DWORD)strlen(Intestation3),&dWritten,NULL);
735
736 CEnumProcessList * m_listp = new CEnumProcessList;
737 CModuleDetails* pModuleData = new CModuleDetails;
738
739 WriteFile(hLog,"\n\n",(DWORD)strlen("\n\n"),&dWritten,NULL);
740
741 for(POSITION modulePos = m_listp->GetHeadPosition();modulePos!=NULL;)
742 {
743 if ((pModuleData->GetFullFileName().GetLength()) != 0)
744 {
745 CString pID;
746 CString modName = pModuleData->GetFullFileName() + "\n";
747 pID.Format(_T("%04X"),pModuleData->pProcessID);
748 modName = modName + " PID: " + pID + " ";
749 WriteFile(hLog,modName,(DWORD)modName.GetLength(),&dWritten,NULL);
750 }
751
752 pModuleData = m_listp->GetNext(modulePos);
753 }
754
755 AfxMessageBox("Log Written!");
756
757 }
758
759 CloseHandle(hLog);
760
761 }
762
763 DWORD CProcessListDlg::RvaToOffset(IMAGE_NT_HEADERS *NT, DWORD Rva)
764 {
765 DWORD Offset = Rva, Limit;
766 IMAGE_SECTION_HEADER *Img;
767 WORD i;
768
769 Img = IMAGE_FIRST_SECTION(NT);
770
771 if (Rva < Img->PointerToRawData)
772 return Rva;
773
774 for (i = 0; i < NT->FileHeader.NumberOfSections; i++)
775 {
776 if (Img[i].SizeOfRawData)
777 Limit = Img[i].SizeOfRawData;
778 else
779 Limit = Img[i].Misc.VirtualSize;
780
781 if (Rva >= Img[i].VirtualAddress &&
782 Rva < (Img[i].VirtualAddress + Limit))
783 {
784 if (Img[i].PointerToRawData != 0)
785 {
786 Offset -= Img[i].VirtualAddress;
787 Offset += Img[i].PointerToRawData;
788 }
789
790 return Offset;
791 }
792 }
793
794 return NULL;
795 }
796
797 void CProcessListDlg::OnLvnItemchangedList2(NMHDR *pNMHDR, LRESULT *pResult)
798 {
799 LPNMLISTVIEW pNMLV = reinterpret_cast<LPNMLISTVIEW>(pNMHDR);
800 TCHAR szDllBuffer[2048] = {0};
801 HANDLE hFile;
802 BYTE *BaseAddress;
803 DWORD FileSize, BR, ET_Offset;
804 IMAGE_DOS_HEADER *ImageDosHeader;
805 IMAGE_NT_HEADERS *ImageNtHeaders;
806 IMAGE_EXPORT_DIRECTORY *ImageExportDir;
807 DWORD *Functions, *Names;
808 WORD *NameOrds, x, y;
809 char *Name, *FName;
810
811 int ItemSelected = pNMLV->iItem;
812 itemSelection = pNMLV->iItem;
813 m_ListCtrl2.GetItemText(ItemSelected,0,szDllBuffer,sizeof(szDllBuffer));
814 m_List4.DeleteAllItems();
815
816 //Carve Export List
817
818 hFile = CreateFileA(szDllBuffer,
819 GENERIC_READ,
820 FILE_SHARE_READ,
821 0,
822 OPEN_EXISTING,
823 FILE_ATTRIBUTE_NORMAL,
824 NULL);
825
826 if(hFile == INVALID_HANDLE_VALUE)
827 {
828 AfxMessageBox("Unable to Open the Specified DLL!");
829 return;
830 }
831
832 FileSize = GetFileSize(hFile, NULL);
833
834 BaseAddress = (BYTE *) malloc(FileSize);
835
836 if (!ReadFile(hFile, BaseAddress, FileSize, &BR, NULL))
837 {
838 free(BaseAddress);
839 CloseHandle(hFile);
840 }
841
842 ImageDosHeader = (IMAGE_DOS_HEADER *) BaseAddress;
843
844 ImageNtHeaders = (IMAGE_NT_HEADERS *)
845 (ImageDosHeader->e_lfanew + (DWORD) ImageDosHeader);
846
847 if (!ImageNtHeaders->OptionalHeader.DataDirectory
848 [IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress)
849 {
850 AfxMessageBox("This PE Doesn't contain an ET");
851 free(BaseAddress);
852 CloseHandle(hFile);
853 return;
854 }
855
856 ET_Offset = RvaToOffset(ImageNtHeaders,
857 ImageNtHeaders->OptionalHeader.DataDirectory
858 [IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
859
860 if (ET_Offset == NULL)
861 {
862 AfxMessageBox("This PE Doesn't contain an ET");
863 free(BaseAddress);
864 CloseHandle(hFile);
865 return;
866 }
867
868 ImageExportDir = (IMAGE_EXPORT_DIRECTORY *) (ET_Offset +
869 (DWORD) BaseAddress);
870
871 Name = (char *) (RvaToOffset(ImageNtHeaders,
872 ImageExportDir->Name) + (DWORD) BaseAddress);
873
874 Functions = (DWORD *) (RvaToOffset(ImageNtHeaders,
875 ImageExportDir->AddressOfFunctions) + (DWORD) BaseAddress);
876
877 Names = (DWORD *) (RvaToOffset(ImageNtHeaders,
878 ImageExportDir->AddressOfNames) + (DWORD) BaseAddress);
879
880 NameOrds = (WORD *) (RvaToOffset(ImageNtHeaders,
881 ImageExportDir->AddressOfNameOrdinals) + (DWORD) BaseAddress);
882
883 for (x = 0; x < ImageExportDir->NumberOfFunctions; x++)
884 {
885 if (Functions[x] == 0)
886 continue;
887
888 for (y = 0; y < ImageExportDir->NumberOfNames; y++)
889 {
890
891 if (NameOrds[y] == x)
892 {
893 FName = (char *) (RvaToOffset(ImageNtHeaders,
894 Names[y]) + (DWORD) BaseAddress);
895 m_List.InsertItem(LVIF_STATE|LVIF_TEXT,y,FName,0,LVIS_SELECTED,0,0);
896 break;
897 }
898 }
899 }
900
901 free(BaseAddress);
902 CloseHandle(hFile);
903 *pResult = 0;
904 //////////////////////////////////////////////////////////////////////////
905 ///Details For 'Details Per Module'
906 //////////////////////////////////////////////////////////////////////////
907
908 CEnumProcessList * m_listp = new CEnumProcessList(transactionPID);
909
910 for(POSITION modulePos1 = m_listp->GetHeadPosition();modulePos1!=NULL;)
911 {
912 CModuleDetails* pModuleData = new CModuleDetails;
913 pModuleData = m_listp->GetNext(modulePos1);
914 CString nameModulus = pModuleData->GetFullFileName();
915 if ((nameModulus.Compare(szDllBuffer) )== 0)
916 {
917 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 0,"FullFileName",0, LVIS_SELECTED,0, 0);
918 m_List4.SetItemText(0, 1, pModuleData->GetFullFileName());
919
920 CString strFileSize;
921 strFileSize.Format("%ld",pModuleData->GetFileSize());
922 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 1,"FileSize",0, LVIS_SELECTED,0, 0);
923 m_List4.SetItemText(1, 1, strFileSize);
924
925 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 2,"FileDescription",0, LVIS_SELECTED,0, 0);
926 m_List4.SetItemText(2, 1, pModuleData->GetFileDescription());
927
928 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 3,"CompanyName",0, LVIS_SELECTED,0, 0);
929 m_List4.SetItemText(3, 1, pModuleData->GetCompanyName());
930
931 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 4,"Comments",0, LVIS_SELECTED,0, 0);
932 m_List4.SetItemText(4, 1, pModuleData->GetComments());
933
934 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 5,"FileVersion",0, LVIS_SELECTED,0, 0);
935 m_List4.SetItemText(5, 1, pModuleData->GetFileVersion());
936
937 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 4,"InternalName",0, LVIS_SELECTED,0, 0);
938 m_List4.SetItemText(4, 1, pModuleData->GetInternalName());
939
940 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 5,"LegalCopyright ",0, LVIS_SELECTED,0, 0);
941 m_List4.SetItemText(5, 1, pModuleData->GetLegalCopyright());
942
943 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 6,"LegalTrademarks",0, LVIS_SELECTED,0, 0);
944 m_List4.SetItemText(6, 1, pModuleData->GetLegalTrademarks());
945
946 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 7,"OriginalFilename",0, LVIS_SELECTED,0, 0);
947 m_List4.SetItemText(7, 1, pModuleData->GetOriginalFilename());
948
949 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 9,"PrivateBuild",0, LVIS_SELECTED,0, 0);
950 m_List4.SetItemText(9, 1, pModuleData->GetPrivateBuild());
951
952 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 10,"ProductName",0, LVIS_SELECTED,0, 0);
953 m_List4.SetItemText(10, 1, pModuleData->GetProductName());
954
955 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 11,"ProductVersion",0, LVIS_SELECTED,0, 0);
956 m_List4.SetItemText(11, 1, pModuleData->GetProductVersion());
957
958 m_List4.InsertItem(LVIF_TEXT|LVIF_STATE, 12,"SpecialBuild",0, LVIS_SELECTED,0, 0);
959 m_List4.SetItemText(12 , 1, pModuleData->GetSpecialBuild());
960
961 break;
962 }
963
964 }
965 }
966
967 void CProcessListDlg::OnHdnItemclickList2(NMHDR *pNMHDR, LRESULT *pResult)
968 {
969 LPNMHEADER phdr = reinterpret_cast<LPNMHEADER>(pNMHDR);
970 *pResult = 0;
971 }
972
973 void CProcessListDlg::OnBnClickedButton4() //Refresh Process List
974 {
975 AfxMessageBox("Refreshing Process List..");
976 if (LoadProcesses() == FALSE)
977 AfxMessageBox("Unable To Refresh Process List");
978 }

  ViewVC Help
Powered by ViewVC 1.1.22