开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > 系统/网络安全 > 杀毒 > 查看源码
ProcessPage.cpp
资源名称:OurAntiEvilTools.rar [点击查看]
上传用户:shouhua
上传日期:2014-12-06
资源大小:5685k
文件大小:11k
源码类别:

杀毒

开发平台:

Visual C++

ProcessPage.cpp:源码内容
  1. // ProcessPage.cpp : implementation file
  2. //
  4. #include "stdafx.h"
  5. #include "AntiEvilTools.h"
  6. #include "ProcessPage.h"
  7. #include "ProcessModule.h"
  8. #ifdef _DEBUG
  9. #define new DEBUG_NEW
  10. #undef THIS_FILE
  11. static char THIS_FILE[] = __FILE__;
  12. #endif
  13. MyList   *Gogogo1;
  14. typedef  struct _PROCESS_INF
  15. {
  16. ULONG   pid;
  17. ULONG   ThreadId;
  18. ULONG   eprocess;
  19. }PROCESS_INF,*PPROCESS_INF;
  20. /////////////////////////////////////////////////////////////////////////////
  21. // CProcessPage property page
  23. IMPLEMENT_DYNCREATE(CProcessPage, CPropertyPage)
  24. typedef
  25. NTSTATUS
  26. (__stdcall*XXXZwOpenProcess )(
  27.   OUT PHANDLE  ProcessHandle,
  28.   IN ACCESS_MASK  DesiredAccess,
  29.   IN POBJECT_ATTRIBUTES  ObjectAttributes,
  30.   IN PCLIENT_ID  ClientId
  31.   );
  32. XXXZwOpenProcess NtOpenProcess=NULL;
  33. typedef
  34. NTSTATUS
  35. (__stdcall *XXXNtCreateJobObject) (
  36.    OUT PHANDLE JobHandle,
  37.    IN ACCESS_MASK DesiredAccess,
  38.    IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
  39.    );
  40. XXXNtCreateJobObject  NtCreateJobObject=NULL;
  41. typedef
  42. NTSTATUS
  43. (__stdcall *XXXNtAssignProcessToJobObject)(
  44.    IN HANDLE JobHandle,
  45.    IN HANDLE ProcessHandle
  46.    );
  47. XXXNtAssignProcessToJobObject NtAssignProcessToJobObject=NULL;
  48. typedef
  49. NTSTATUS
  50. (__stdcall *XXXZwTerminateProcess)(
  51.    IN HANDLE  ProcessHandle,
  52.    IN NTSTATUS  ExitStatus
  53.    );
  54. XXXZwTerminateProcess  ZwTerminateProcess=NULL;
  55. typedef
  56. NTSTATUS
  57. (__stdcall *XXXNtTerminateJobObject)(
  58.  IN HANDLE JobHandle,
  59.  IN NTSTATUS ExitStatus
  60.  );
  61. XXXNtTerminateJobObject  NtTerminateJobObject=NULL;
  62. typedef
  63. NTSTATUS
  64. (__stdcall *XXXNtDuplicateObject) (
  65.    IN HANDLE SourceProcessHandle,
  66.    IN HANDLE SourceHandle,
  67.    IN HANDLE TargetProcessHandle OPTIONAL,
  68.    OUT PHANDLE TargetHandle OPTIONAL,
  69.    IN ACCESS_MASK DesiredAccess,
  70.    IN ULONG HandleAttributes,
  71.    IN ULONG Options
  72.    );
  73. XXXNtDuplicateObject  ZwDuplicateObject=NULL;
  74. typedef
  75. NTSTATUS (__stdcall *XXXZwQueryInformationProcess)(
  76.    HANDLE ProcessHandle,
  77.    ULONG ProcessInformationClass,
  78.    PVOID ProcessInformation,
  79.    ULONG ProcessInformationLength,
  80.    PULONG ReturnLength
  81.    );
  82. XXXZwQueryInformationProcess   ZwQueryInformationProcess=NULL;
  83. typedef
  84. NTSTATUS 
  85. (__stdcall *XXXZwClose)(
  86. IN HANDLE  Handle
  87. );
  88. XXXZwClose  ZwClose=NULL;
  89. HANDLE
  90. CProcessPage::SDM_OpenProcess (
  91.  DWORD ProcessId
  92.  )                  
  93. {
  94. HANDLE      hProcessToRet;
  95. CLIENT_ID     cid;
  96.     OBJECT_ATTRIBUTES     attr;
  97.     attr.Length = sizeof(OBJECT_ATTRIBUTES);
  98.     attr.RootDirectory = 0;
  99.     attr.ObjectName = 0;
  100.     attr.Attributes = 0;
  101.     attr.SecurityDescriptor = 0;
  102. ULONG   OldPID=0;
  103.     attr.SecurityQualityOfService = 0;
  104. NTSTATUS  st;
  105. cid.UniqueProcess = (HANDLE)(ProcessId+1);
  106.     cid.UniqueThread = 0;
  107.     st=NtOpenProcess(&hProcessToRet, PROCESS_ALL_ACCESS, &attr, &cid);
  108. if(!NT_SUCCESS(st))
  109. {
  110. return   hProcessToRet;
  111. }
  112. return   hProcessToRet;
  113. }
  114. CProcessPage::CProcessPage() : CPropertyPage(CProcessPage::IDD)
  115. {
  116. //{{AFX_DATA_INIT(CProcessPage)
  117. hDevice=NULL;
  118. IsHide=false;
  119. // NOTE: the ClassWizard will add member initialization here
  120. //}}AFX_DATA_INIT
  121. }
  123. CProcessPage::~CProcessPage()
  124. {
  125. }
  127. void CProcessPage::DoDataExchange(CDataExchange* pDX)
  128. {
  129. CPropertyPage::DoDataExchange(pDX);
  130. //{{AFX_DATA_MAP(CProcessPage)
  131. DDX_Control(pDX, IDC_LIST_PROCESS, m_ctrlProcess);
  132. //}}AFX_DATA_MAP
  133. }
  136. BEGIN_MESSAGE_MAP(CProcessPage, CPropertyPage)
  137. //{{AFX_MSG_MAP(CProcessPage)
  138. ON_NOTIFY(NM_RCLICK, IDC_LIST_PROCESS, OnRclickProcessList)
  139. ON_COMMAND(ID_MENUITEM_PROCESS_REFRESH, OnMenuitemProcessRefresh)
  140. ON_COMMAND(ID_PROCESS_MODULE, OnProcessModule)
  141. ON_COMMAND(IDC_PROCESS_KILL, OnProcessKill)
  142. ON_COMMAND(ID_MENUITEM_SUPERKILL_PROCESS, OnMenuitemSuperkillProcess)
  143. ON_COMMAND(ID_MENUITEM_HIDE, OnMenuitemHide)
  144. //}}AFX_MSG_MAP
  145. END_MESSAGE_MAP()
  147. /////////////////////////////////////////////////////////////////////////////
  148. // CProcessPage message handlers
  149. BOOL CProcessPage::OnInitDialog()
  150. {
  151. CDialog::OnInitDialog();
  152. HANDLE hProcess = GetCurrentProcess();
  153. LUID luid;
  154. LookupPrivilegeValue(NULL, "SeDebugPrivilege", &luid);
  155. HANDLE hToken;
  156.     if(!OpenProcessToken(hProcess,  TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &hToken))
  157. MessageBox("OpenProcessToken");
  158. LUID_AND_ATTRIBUTES laa;
  159. laa.Luid = luid;
  160. laa.Attributes = SE_PRIVILEGE_ENABLED;
  161. TOKEN_PRIVILEGES token;
  162. memcpy(token.Privileges, &laa, sizeof(laa));
  163. token.PrivilegeCount = 1;
  164. if(!AdjustTokenPrivileges(hToken, FALSE, &token, NULL, NULL, 0))
  165. {
  166. MessageBox("AdjustTokenPrivileges");
  167. }
  168. m_pImage = new CImageList();
  169. NtOpenProcess = (XXXZwOpenProcess)GetProcAddress( GetModuleHandle("ntdll.dll"), "ZwOpenProcess");
  170. NtCreateJobObject=(XXXNtCreateJobObject)GetProcAddress( GetModuleHandle("ntdll.dll"), "ZwCreateJobObject");
  171. NtAssignProcessToJobObject=(XXXNtAssignProcessToJobObject)GetProcAddress( GetModuleHandle("ntdll.dll"), "ZwAssignProcessToJobObject");
  172. NtTerminateJobObject=(XXXNtTerminateJobObject)GetProcAddress( GetModuleHandle("ntdll.dll"), "ZwTerminateJobObject");
  173. ZwTerminateProcess=(XXXZwTerminateProcess)GetProcAddress( GetModuleHandle("ntdll.dll"), "ZwTerminateProcess");
  174. ASSERT(m_pImage != NULL);    // serious allocation failure checking
  175. m_ctrlProcess.SetImageList(m_pImage, LVSIL_SMALL);
  176. m_ctrlProcess.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES);
  177. Gogogo1->InitSystemImageLists(m_ctrlProcess.m_hWnd);
  178. int ret=m_ctrlProcess.InsertColumn(0,"进程映象名称",LVCFMT_RIGHT,120,0);
  179. m_ctrlProcess.InsertColumn(1,"进程ID号",LVCFMT_LEFT,80,1);
  180. m_ctrlProcess.InsertColumn(2,"父进程ID号",LVCFMT_LEFT,80,2);
  181. m_ctrlProcess.InsertColumn(3,"进程EPROCESS",LVCFMT_LEFT,120,3);
  182. m_ctrlProcess.InsertColumn(4,"进程路径",LVCFMT_LEFT,300,4);
  183. //m_ctrlProcess.SetTextBkColor(RGB(171,174,235));
  184. m_ctrlProcess.SetTextColor(RGB(255,0,235));
  185. m_ctrlProcess.SetExtendedStyle(LVS_EX_FULLROWSELECT);
  186. GetProcess();
  187. return   true;
  188. }
  189. void CProcessPage::GetProcess()
  190. {
  191. char lastPid[30] = {0};
  192. m_ctrlProcess.GetItemText(m_ctrlProcess.GetNextItem(-1, LVNI_SELECTED), 1, lastPid, 30);
  193. HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  194. if(hSnap == (HANDLE)-1)
  195. return ;
  196. PROCESSENTRY32 info;
  197. info.dwSize = sizeof(info);
  198. if(!Process32First(hSnap, &info))
  199. return ;
  200. m_ctrlProcess.DeleteAllItems();
  201. char strTemp[1024];
  202. int index = 0;
  203. ULONG  eprocess=0;
  204. CString  str;
  205. if(hDevice==NULL)
  206. {
  207. MessageBox("failed");
  208. }
  209. do
  210. {
  211. m_ctrlProcess.InsertItem(index, info.szExeFile);
  212. itoa(info.th32ProcessID, strTemp, 10);
  213. m_ctrlProcess.SetItemText(index, 1, strTemp);
  214. itoa(info.th32ParentProcessID, strTemp, 10);
  215. m_ctrlProcess.SetItemText(index, 2, strTemp);
  216. eprocess=GetEprocessById(info.th32ProcessID);
  217. str.Format("0x%08x",eprocess);
  218. m_ctrlProcess.SetItemText(index, 3, str);
  219. GetExeFilePath(info.szExeFile, strTemp, info.th32ProcessID);
  220. m_ctrlProcess.SetItemText(index, 4, strTemp);
  221. m_ctrlProcess.SetItem(index, 0, LVIF_TEXT | LVIF_IMAGE,info.szExeFile, 
  222. Gogogo1->GetFileIcon(strTemp), 0, 0, 0);
  223. m_ctrlProcess.SetItemData(index,eprocess);
  224. index++;
  225. }while(Process32Next(hSnap, &info));
  226. CloseHandle(hSnap);
  227. return ;
  228. }
  230. bool CProcessPage::GetExeFilePath(char pExeFileName[], char buffer[], DWORD pid)
  231. {
  232. bool flag = true;
  233. memset(buffer, 0, strlen(buffer));
  234. int result = (int)FindExecutable(pExeFileName, 0, buffer);
  235. if(result <= 32)
  236. {
  237. memset(buffer, 0, strlen(buffer));
  238. HANDLE hProcess;
  239. hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, pid);
  240. if(hProcess != NULL)
  241. {
  242. if(GetModuleFileNameEx(hProcess, 0, buffer, 1024) == 0)
  243. flag = false;
  244. }
  245. else
  246. {
  247. flag = false;
  248. }
  249. CloseHandle(hProcess);
  250. }
  251. if(!flag)
  252. {
  253. strcpy(buffer, "不知道");
  254. }
  255. return flag;
  256. }
  257. void CProcessPage::OnRclickProcessList(NMHDR* pNMHDR, LRESULT* pResult) 
  258. {
  259. iSelected = m_ctrlProcess.GetNextItem(-1, LVNI_SELECTED);
  260. POINT point;
  261. ::GetCursorPos(&point);
  262. CMenu menu;
  263. menu.LoadMenu(IDR_MENU_PROCESS);
  264. menu.GetSubMenu(0)->TrackPopupMenu(TPM_LEFTALIGN, point.x, point.y, this);
  265. *pResult = 0;
  266. }
  268. void CProcessPage::OnMenuitemProcessRefresh() 
  269. {
  270. // TODO: Add your command handler code here
  271. GetProcess();
  272. }
  274. void CProcessPage::OnProcessModule() 
  275. {
  276. // TODO: Add your command handler code here
  277. char strPid[20] = {0};
  278. m_ctrlProcess.GetItemText(iSelected, 1, strPid, 20);
  279. int pid = atoi(strPid);
  280. CProcessModule* pModule = new CProcessModule;
  281. pModule->Create(IDD_DIALOG_PROCESS_MODULE, GetDesktopWindow());
  282. pModule->SetPID(pid);
  283. pModule->Refresh();
  284. pModule->ShowWindow(SW_SHOW);
  285. }
  286. void CProcessPage::OnProcessKill() 
  287. {
  288. // TODO: Add your command handler code here
  289. if(iSelected < 0 || iSelected >= m_ctrlProcess.GetItemCount())
  290. return;
  291. char strPID[30] = {0};
  292. m_ctrlProcess.GetItemText(iSelected, 0, strPID, 30);
  293. CString s;
  294. s.Format("确定要关闭%s吗?", strPID);
  295. if(MessageBox(s,"提示", MB_OKCANCEL) != IDOK)
  296. return;
  297. m_ctrlProcess.GetItemText(iSelected, 1, strPID, 30);
  298. int pid = atoi(strPID);
  299. TerminateProcess(pid);
  300. GetProcess();
  301. }
  302. void CProcessPage::TerminateProcess(ULONG pid)
  303. {
  304. HANDLE hJob,handle;
  305. handle=SDM_OpenProcess(pid);
  306. OBJECT_ATTRIBUTES     attr;
  307. attr.Length = sizeof(OBJECT_ATTRIBUTES);
  308. NtCreateJobObject(&hJob,JOB_OBJECT_ALL_ACCESS,&attr);
  309. NtAssignProcessToJobObject(&hJob,handle);
  310. NtTerminateJobObject(&hJob,STATUS_SUCCESS);
  311. ZwTerminateProcess(handle,STATUS_SUCCESS);
  312. }
  314. void CProcessPage::SetHandle(HANDLE handle)
  315. {
  316.     hDevice=handle;
  317. }
  319. ULONG CProcessPage::GetEprocessById(ULONG pid)
  320. {
  321.     ULONG   bytesReturned,Pid;
  322.     Pid=pid;
  323. ULONG   eprocess;
  324. DeviceIoControl(hDevice,(DWORD)IOCTL_MT_GETEPROCESS,&Pid,sizeof(pid),&eprocess,sizeof(ULONG),&bytesReturned,NULL);
  325. return  eprocess;
  326. }
  328. void CProcessPage::OnMenuitemSuperkillProcess() 
  329. {
  330. // TODO: Add your command handler code here
  331. if(iSelected < 0 || iSelected >= m_ctrlProcess.GetItemCount())
  332. return;
  333. char strPID[30] = {0};
  334. m_ctrlProcess.GetItemText(iSelected, 0, strPID, 30);
  335. CString s;
  336. ULONG  bytesReturned;
  337. PROCESS_INF   ProcessInfo={0};
  338. s.Format("确定要关闭%s吗?", strPID);
  339. if(MessageBox(s,"提示", MB_OKCANCEL) != IDOK)
  340. return;
  341.     ProcessInfo.eprocess=m_ctrlProcess.GetItemData(iSelected);
  342.     m_ctrlProcess.GetItemText(iSelected, 1, strPID, 30);
  343. ULONG pid = atoi(strPID);
  344. ProcessInfo.pid=pid;
  345. THREADENTRY32    ThreadEntry32={0};
  346. HANDLE   hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
  347. ThreadEntry32.dwSize=sizeof(THREADENTRY32);
  348. if(Thread32First(hSnapshot,&ThreadEntry32))
  349. {
  350. do
  351. {
  352. if(ThreadEntry32.th32OwnerProcessID ==pid)
  353. {
  354.                 ProcessInfo.ThreadId=ThreadEntry32.th32ThreadID;
  355. break;
  356. }
  357. }
  358. while(Thread32Next(hSnapshot,&ThreadEntry32));
  359. }
  360. CloseHandle(hSnapshot);
  361. DeviceIoControl(hDevice,(DWORD)IOCTL_MT_SUPERKILL,&ProcessInfo,sizeof(ProcessInfo),NULL,0,&bytesReturned,NULL);
  362. Sleep(100);
  363. GetProcess();
  364. }
  366. void CProcessPage::OnMenuitemHide() 
  367. {
  368. // TODO: Add your command handler code here
  369. MessageBox("ok");
  370. if(IsHide)
  371. {
  372. SetDlgItemText(32798,"恢复自身");
  373. IsHide=false;
  374. }
  375. else
  376. {
  377. SetDlgItemText(32798,"隐藏自身");
  378. IsHide=true;
  379. }
  380. }