ProcessScanner.h
资源名称:antinimda.zip [点击查看]
上传用户:leon2013
上传日期:2007-01-10
资源大小:186k
文件大小:3k
源码类别:
杀毒
开发平台:
Visual C++
- // ProcessScanner.h: interface for the CProcessScanner class.
- //
- //////////////////////////////////////////////////////////////////////
- #if !defined(AFX_PROCESSSCANNER_H__0E2262CA_D316_4A03_9F2A_FD36FAE5EC10__INCLUDED_)
- #define AFX_PROCESSSCANNER_H__0E2262CA_D316_4A03_9F2A_FD36FAE5EC10__INCLUDED_
- #if _MSC_VER > 1000
- #pragma once
- #endif // _MSC_VER > 1000
- #pragma warning(disable : 4786)
- #include "../src/VirusKiller.h"
- #include "ServiceThread.h"
- #include <map>
- #include <list>
- using namespace std;
- class CProcessScanner : public CServiceThread
- {
- public:
- CProcessScanner();
- virtual ~CProcessScanner();
- /* a collection of processes and thier names */
- typedef map<DWORD, CString> Processes;
- /* describes a loaded process module */
- class Module {
- public:
- Module(DWORD processid, LPCTSTR module_name, ULONG base_address, ULONG module_size) : processId(processid), baseAddress(base_address), Length(module_size)
- { ASSERT(module_name); if (module_name) moduleName=module_name; }
- Module(const Module& copy) : processId(copy.processId), moduleName(copy.moduleName), baseAddress(copy.baseAddress), Length(copy.Length)
- { }
- Module& operator=(const Module& copy)
- { processId=copy.processId; moduleName=copy.moduleName; baseAddress=copy.baseAddress; Length=copy.Length; return *this; }
- DWORD processId;
- CString moduleName;
- ULONG baseAddress;
- ULONG Length;
- };
- /* a collection of modules */
- typedef list<Module> Modules;
- /* scan statistics of current process */
- inline const CString& CurrentProcessName() const { return m_processname; }
- inline DWORD CurrentProcess() const { return m_processid; }
- inline DWORD CurrentProcessSize() const { return m_processsize; }
- inline DWORD CurrentProcessPosition() const { return m_processposition; }
- /* scan statistics of this scan (global statistics) */
- inline int Scanned() const { return m_scanned; }
- inline int Infections() const { return m_infections; }
- /* enumerates all processes into a collection */
- static Processes GetActiveProcesses();
- /* collection processes being scanned */
- Processes processes;
- /* notification methods */
- virtual VirusKiller::SCANRESULT OnInfectedProcess(HANDLE hprocess, const Module& module, VirusKiller& killer);
- protected:
- /* state of current process scan */
- CString m_processname;
- DWORD m_processid;
- DWORD m_processsize;
- DWORD m_processposition;
- /* global scan state */
- int m_scanned;
- int m_infections;
- DWORD m_bytesscanned;
- /* size of each process read in bytes */
- DWORD m_read_block_size;
- /* collection of virus killers */
- VirusKiller::Set m_killers;
- /* thread method */
- virtual void run();
- /* scans a single process */
- VirusKiller::SCANRESULT scanprocess(DWORD processid);
- /* scans a module loaded into a processes address space */
- VirusKiller::SCANRESULT scanprocessblock(HANDLE hprocess, const Module& module);
- /* returns a collection of modules loaded by specified process */
- Modules GetProcessModules(DWORD processid);
- Modules GetProcessModules(HANDLE process, DWORD processid);
- };
- #endif // !defined(AFX_PROCESSSCANNER_H__0E2262CA_D316_4A03_9F2A_FD36FAE5EC10__INCLUDED_)