Click here to Skip to main content
15,881,709 members
Search within:


Articles / Programming Languages / VBScript
 

ProSysLib: Dissecting the Process

Rate me:
Please Sign up or sign in to vote.
4.84/5 (69 votes)
22 Nov 2010CPOL12 min read 127.9K   2.6K   174  
Access detailed information about the current process the easiest way.
 
#include "stdafx.h"
#include "SystemInfoAccessor.h"

CSystemInfoAccessor g_SIA;

CSystemInfoAccessor::CSystemInfoAccessor()
{
	m_pZwQuerySystemInformation = NULL;
	m_pZwReadVirtualMemory = NULL;
	m_pNtQueryInformationProcess = NULL;

	HMODULE hModule = ::GetModuleHandle(_T("ntdll.dll"));
	if(hModule)
	{
		m_pZwQuerySystemInformation = (ZwQuerySystemInformationType)::GetProcAddress(hModule, "ZwQuerySystemInformation");
		m_pZwReadVirtualMemory = (ZwReadVirtualMemoryType)::GetProcAddress(hModule, "ZwReadVirtualMemory");
		m_pNtQueryInformationProcess = (NtQueryInformationProcessType)::GetProcAddress(hModule, "NtQueryInformationProcess");
	}

	m_pGetProcessHandleCount = NULL;
	m_pCheckRemoteDebuggerPresent = NULL;

	hModule = ::GetModuleHandle(_T("kernel32.dll"));
	if(hModule)
	{
		m_pGetProcessHandleCount = (GetProcessHandleCountType)::GetProcAddress(hModule, "GetProcessHandleCount");
		m_pCheckRemoteDebuggerPresent = (CheckRemoteDebuggerPresentType)::GetProcAddress(hModule, "CheckRemoteDebuggerPresent");
	}
}

LONG CSystemInfoAccessor::ZwQuerySystemInformation(ULONG SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength)
{
	if(!g_SIA.m_pZwQuerySystemInformation)
		return 0;

	return g_SIA.m_pZwQuerySystemInformation(SystemInformationClass, SystemInformation, SystemInformationLength, ReturnLength);
}

LONG CSystemInfoAccessor::ZwReadVirtualMemory(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, ULONG BufferLength, PULONG ReturnLength)
{
	if(!g_SIA.m_pZwReadVirtualMemory)
		return 0;

	return g_SIA.m_pZwReadVirtualMemory(ProcessHandle, BaseAddress, Buffer, BufferLength, ReturnLength);
}

LONG CSystemInfoAccessor::NtQueryInformationProcess(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength)
{
	if(!g_SIA.m_pNtQueryInformationProcess)
		return 0;

	return g_SIA.m_pNtQueryInformationProcess(ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength);
}

BOOL CSystemInfoAccessor::GetProcessHandleCount(HANDLE hProcess, PDWORD pdwHandleCount)
{
	if(!g_SIA.m_pGetProcessHandleCount || !pdwHandleCount)
		return FALSE;

	return g_SIA.m_pGetProcessHandleCount(hProcess, pdwHandleCount);
}

BOOL CSystemInfoAccessor::CheckRemoteDebuggerPresent(HANDLE hProcess, PBOOL pbDebuggerPresent)
{
	if(!g_SIA.m_pCheckRemoteDebuggerPresent || !pbDebuggerPresent)
		return FALSE;

	return g_SIA.m_pCheckRemoteDebuggerPresent(hProcess, pbDebuggerPresent);
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Vitaly Tomilov
Software Developer (Senior) Sibedge IT
Ireland Ireland
My online CV: cv.vitalytomilov.com

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 12 Aug 2008

Article Copyright 2008 by Vitaly Tomilov
Everything else Copyright © CodeProject, 1999-2024

Web02 2.8:2024-04-02:1