#include "stdafx.h"
#include "ProcessForm.h"
#include "winioctl.h"
#include "DetectDriver_Ioctl.h"
#include "DriverWork.h"
#include "PackageParser.h"
#include <stdexcept>
#include <string>
#include <list>
IMPLEMENT_DYNCREATE(ProcessForm,ListForm)
ProcessForm::ProcessForm()
{}
enum ColumnTypes
{
PidColumn,
NameColumn,
ImagePathColumn
};
void ProcessForm::InitializeListCtrl(CListCtrl& listCtrl)
{
listCtrl.InsertColumn(PidColumn,_T("PID"),LVCFMT_LEFT,50,PidColumn);
listCtrl.InsertColumn(NameColumn,_T("Process name"),LVCFMT_LEFT,150,NameColumn);
listCtrl.InsertColumn(ImagePathColumn,_T("Image path"),LVCFMT_LEFT,170,ImagePathColumn);
}
struct HiddenProcess
{
std::wstring pid;
std::wstring name;
std::wstring imagePath;
};
typedef std::list<HiddenProcess> HiddenProcessList;
void ParseOutputString(wchar_t* buffer,
size_t bufSize,
HiddenProcessList* hiddenProcList)
{
std::wstring inputString(buffer,bufSize);
WStringList srtProcList;
utils::UnPackByEOL(inputString,&srtProcList);
WStringList::const_iterator it = srtProcList.begin();
for( ; it != srtProcList.end() ; ++it )
{
HiddenProcess hiddenProcess;
utils::UnPackThreeToOne(*it,
&hiddenProcess.pid,
&hiddenProcess.name ,
&hiddenProcess.imagePath);
hiddenProcList->push_back(hiddenProcess);
}
}
void QueryHiddenProcesses(HiddenProcessList* hiddenProcList)
{
std::vector<char> data;
utils::DriverWork::ExchangeWithExceptionTranslation(
_T("\\\\.\\DetectDriver"),
IOCTL_PROCESSES_QUERY_HIDEN,
&data);
ParseOutputString((wchar_t*)&data.front(),data.size()/2,hiddenProcList);
}
void InsertToList(CListCtrl& listCtrl,const HiddenProcessList& hiddenProcList)
{
HiddenProcessList::const_iterator it = hiddenProcList.begin();
for( ; it != hiddenProcList.end() ; ++it )
{
int nIndex = listCtrl.GetItemCount();
listCtrl.InsertItem(nIndex,it->pid.c_str());
listCtrl.SetItemText(nIndex,NameColumn,it->name.c_str());
listCtrl.SetItemText(nIndex,ImagePathColumn,it->imagePath.c_str());
}
}
void ProcessForm::OnButtonClick(CListCtrl& listCtrl)
{
listCtrl.DeleteAllItems();
HiddenProcessList hiddenProcList;
QueryHiddenProcesses(&hiddenProcList);
InsertToList(listCtrl,hiddenProcList);
}