Page Menu
Home
desp's stash
Search
Configure Global Search
Log In
Files
F531026
ProcessLister.h
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
1 KB
Subscribers
None
ProcessLister.h
View Options
#pragma once
#include
<windows.h>
#include
<tlhelp32.h>
#include
<vector>
#include
<psapi.h>
#include
"DeviceNameResolver.h"
typedef
BOOL
(
WINAPI
*
def_IsWow64Process
)(
HANDLE
hProcess
,
PBOOL
Wow64Process
);
class
Process
{
public
:
DWORD
PID
;
DWORD_PTR
imageBase
;
DWORD
entryPoint
;
//without imagebase
DWORD
imageSize
;
WCHAR
filename
[
MAX_PATH
];
WCHAR
fullPath
[
MAX_PATH
];
Process
()
{
PID
=
0
;
}
};
enum
ProcessType
{
PROCESS_UNKNOWN
,
PROCESS_MISSING_RIGHTS
,
PROCESS_32
,
PROCESS_64
};
class
ProcessLister
{
public
:
static
def_IsWow64Process
_IsWow64Process
;
ProcessLister
()
{
deviceNameResolver
=
new
DeviceNameResolver
();
_IsWow64Process
=
(
def_IsWow64Process
)
GetProcAddress
(
GetModuleHandle
(
L
"kernel32.dll"
),
"IsWow64Process"
);
}
~
ProcessLister
()
{
delete
deviceNameResolver
;
}
std
::
vector
<
Process
>&
getProcessList
();
static
bool
isWindows64
();
static
DWORD
setDebugPrivileges
();
std
::
vector
<
Process
>&
ProcessLister
::
getProcessListSnapshot
();
private
:
std
::
vector
<
Process
>
processList
;
DeviceNameResolver
*
deviceNameResolver
;
ProcessType
checkIsProcess64
(
DWORD
dwPID
);
bool
getAbsoluteFilePath
(
Process
*
process
);
void
getAllModuleInformation
();
void
getModuleInformationByProcess
(
Process
*
process
);
};
File Metadata
Details
Attached
Mime Type
text/x-c++
Expires
Fri, Jan 9, 4:59 AM (16 h, 20 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
db/84/ca9afb5b4aa9cc4ca8f0fbc6848c
Attached To
rSCY Scylla
Event Timeline
Log In to Comment