Page Menu
Home
desp's stash
Search
Configure Global Search
Log In
Files
F369262
ProcessLister.h
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
1 KB
Subscribers
None
ProcessLister.h
View Options
#pragma once
#include
<windows.h>
#include
<tlhelp32.h>
#include
<vector>
#include
<psapi.h>
#include
"NativeWinApi.h"
#include
"DeviceNameResolver.h"
typedef
BOOL
(
WINAPI
*
def_IsWow64Process
)(
HANDLE
hProcess
,
PBOOL
Wow64Process
);
class
Process
{
public
:
DWORD
PID
;
DWORD
sessionId
;
DWORD_PTR
imageBase
;
DWORD_PTR
pebAddress
;
DWORD
entryPoint
;
//RVA without imagebase
DWORD
imageSize
;
WCHAR
filename
[
MAX_PATH
];
WCHAR
fullPath
[
MAX_PATH
];
Process
()
{
PID
=
0
;
}
};
enum
ProcessType
{
PROCESS_UNKNOWN
,
PROCESS_MISSING_RIGHTS
,
PROCESS_32
,
PROCESS_64
};
class
ProcessLister
{
public
:
static
def_IsWow64Process
_IsWow64Process
;
ProcessLister
()
{
deviceNameResolver
=
new
DeviceNameResolver
();
_IsWow64Process
=
(
def_IsWow64Process
)
GetProcAddress
(
GetModuleHandle
(
L
"kernel32.dll"
),
"IsWow64Process"
);
}
~
ProcessLister
()
{
delete
deviceNameResolver
;
}
std
::
vector
<
Process
>&
getProcessList
();
static
bool
isWindows64
();
static
DWORD
setDebugPrivileges
();
std
::
vector
<
Process
>&
getProcessListSnapshotNative
();
static
void
getProcessImageInformation
(
HANDLE
hProcess
,
Process
*
process
);
private
:
std
::
vector
<
Process
>
processList
;
DeviceNameResolver
*
deviceNameResolver
;
ProcessType
checkIsProcess64
(
HANDLE
hProcess
);
bool
getAbsoluteFilePath
(
HANDLE
hProcess
,
Process
*
process
);
void
handleProcessInformationAndAddToList
(
PSYSTEM_PROCESS_INFORMATION
pProcess
);
DWORD_PTR
getPebAddressFromProcess
(
HANDLE
hProcess
);
};
File Metadata
Details
Attached
Mime Type
text/x-c++
Expires
Mon, Jul 7, 5:16 AM (1 d, 10 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
39/9a/8aad2f26fcce1ab87f4ec95f725c
Attached To
rSCY Scylla
Event Timeline
Log In to Comment