search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add WhoUses, a program to determine which processes access a given file
[msysgit.git] / src / WhoUses / SystemInfo.cpp
blob1585cba5ed65c6d3c26360ea90b9d11beaf6562c
1 // Written by Zoltan Csizmadia, zoltan_csizmadia@yahoo.com
2 // For companies(Austin,TX): If you would like to get my resume, send an email.
3 //
4 // The source is free, but if you want to use it, mention my name and e-mail
5 // address
6 //
7 ///////////////////////////////////////////////////////////////////////////////
8 //
9 // SystemInfo.cpp v1.1
10 //
11 // History:
12 //
13 // Date Version Description
14 // ----------------------------------------------------------------------------
15 // 10/16/00 1.0 Initial version
16 // 11/09/00 1.1 NT4 doesn't like if we bother the System process fix :)
17 // SystemInfoUtils::GetDeviceFileName() fix (subst drives
18 // added)
19 // NT Major version added to INtDLL class
20 //
21 ///////////////////////////////////////////////////////////////////////////////
22
23 #include <windows.h>
24 #include <process.h>
25 #include <tchar.h>
26 #include "SystemInfo.h"
27
28
29 #include <sstream>
30 using std::stringstream;
31
32 #ifndef WINNT
33 #error You need Windows NT to use this source code. Define WINNT!
34 #endif
35
36 ///////////////////////////////////////////////////////////////////////////////
37 //
38 // SystemInfoUtils
39 //
40 ///////////////////////////////////////////////////////////////////////////////
41
42 // From wide char string to string
43 void SystemInfoUtils::LPCWSTR2string( LPCWSTR strW, string& str )
44 {
45 #ifdef UNICODE
46 // if it is already UNICODE, no problem
47 str = strW;
48 #else
49 str = _T("");
50
51 TCHAR* actChar = (TCHAR*)strW;
52
53 if ( actChar == _T('\0') )
54 return;
55
56 ULONG len = wcslen(strW) + 1;
57 TCHAR* pBuffer = new TCHAR[ len ];
58 TCHAR* pNewStr = pBuffer;
59
60 while ( len-- )
61 {
62 *(pNewStr++) = *actChar;
63 actChar += 2;
64 }
65
66 str = pBuffer;
67
68 delete [] pBuffer;
69 #endif
70 }
71
72 // From wide char string to unicode
73 void SystemInfoUtils::Unicode2string( UNICODE_STRING* strU, string& str )
74 {
75 if ( *(DWORD*)strU != 0 )
76 LPCWSTR2string( (LPCWSTR)strU->Buffer, str );
77 else
78 str = _T("");
79 }
80
81 // From device file name to DOS filename
82 BOOL SystemInfoUtils::GetFsFileName( LPCTSTR lpDeviceFileName,
83 string& fsFileName )
84 {
85 BOOL rc = FALSE;
86
87 TCHAR lpDeviceName[0x1000];
88 TCHAR lpDrive[3] = _T("A:");
89
90 // Iterating through the drive letters
91 for ( TCHAR actDrive = _T('A'); actDrive <= _T('Z'); actDrive++ ) {
92 lpDrive[0] = actDrive;
93
94 // Query the device for the drive letter
95 if ( QueryDosDevice( lpDrive, lpDeviceName, 0x1000 ) != 0 ) {
96 // Network drive?
97 if ( _tcsnicmp( _T("\\Device\\LanmanRedirector\\"),
98 lpDeviceName, 25 ) == 0 ) {
99 //Mapped network drive
100
101 char cDriveLetter;
102 DWORD dwParam;
103
104 TCHAR lpSharedName[0x1000];
105
106 if ( _stscanf( lpDeviceName,
107 _T("\\Device\\LanmanRedirector\\;%c:%d\\%s"),
108 &cDriveLetter,
109 &dwParam,
110 lpSharedName ) != 3 )
111 continue;
112
113 _tcscpy( lpDeviceName,
114 _T("\\Device\\LanmanRedirector\\") );
115 _tcscat( lpDeviceName, lpSharedName );
116 }
117
118 // Is this the drive letter we are looking for?
119 if ( _tcsnicmp( lpDeviceName, lpDeviceFileName,
120 _tcslen( lpDeviceName ) ) == 0 )
121 {
122 fsFileName = lpDrive;
123 fsFileName += (LPCTSTR)( lpDeviceFileName
124 + _tcslen( lpDeviceName ) );
125
126 rc = TRUE;
127
128 break;
129 }
130 }
131 }
132
133 return rc;
134 }
135
136 // From DOS file name to device file name
137 BOOL SystemInfoUtils::GetDeviceFileName( LPCTSTR lpFsFileName,
138 string& deviceFileName )
139 {
140 BOOL rc = FALSE;
141 TCHAR lpDrive[3];
142
143 // Get the drive letter
144 // unfortunetaly it works only with DOS file names
145 _tcsncpy( lpDrive, lpFsFileName, 2 );
146 lpDrive[2] = _T('\0');
147
148 TCHAR lpDeviceName[0x1000];
149
150 // Query the device for the drive letter
151 if ( QueryDosDevice( lpDrive, lpDeviceName, 0x1000 ) != 0 )
152 {
153 // Subst drive?
154 if ( _tcsnicmp( _T("\\??\\"), lpDeviceName, 4 ) == 0 )
155 {
156 deviceFileName = lpDeviceName + 4;
157 deviceFileName += lpFsFileName + 2;
158
159 return TRUE;
160 }
161 else
162 // Network drive?
163 if ( _tcsnicmp( _T("\\Device\\LanmanRedirector\\"),
164 lpDeviceName, 25 ) == 0 ) {
165 //Mapped network drive
166
167 char cDriveLetter;
168 DWORD dwParam;
169
170 TCHAR lpSharedName[0x1000];
171
172 if ( _stscanf( lpDeviceName,
173 _T("\\Device\\LanmanRedirector\\;%c:%d\\%s"),
174 &cDriveLetter,
175 &dwParam,
176 lpSharedName ) != 3 )
177 return FALSE;
178
179 _tcscpy( lpDeviceName,
180 _T("\\Device\\LanmanRedirector\\") );
181 _tcscat( lpDeviceName, lpSharedName );
182 }
183
184 _tcscat( lpDeviceName, lpFsFileName + 2 );
185
186 deviceFileName = lpDeviceName;
187
188 rc = TRUE;
189 }
190
191 return rc;
192 }
193
194 //Get NT version
195 DWORD SystemInfoUtils::GetNTMajorVersion()
196 {
197 OSVERSIONINFOEX osvi;
198 BOOL bOsVersionInfoEx;
199
200 // Try calling GetVersionEx using the OSVERSIONINFOEX structure,
201 // which is supported on Windows 2000.
202 //
203 // If that fails, try using the OSVERSIONINFO structure.
204
205 ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
206 osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
207
208 bOsVersionInfoEx = GetVersionEx ((OSVERSIONINFO *) &osvi);
209
210 if( bOsVersionInfoEx == 0 )
211 {
212 // If OSVERSIONINFOEX doesn't work, try OSVERSIONINFO.
213
214 osvi.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
215 if (! GetVersionEx ( (OSVERSIONINFO *) &osvi) )
216 return FALSE;
217 }
218
219 return osvi.dwMajorVersion;
220 }
221
222 ///////////////////////////////////////////////////////////////////////////////
223 //
224 // INtDll
225 //
226 ///////////////////////////////////////////////////////////////////////////////
227 INtDll::PNtQuerySystemInformation INtDll::NtQuerySystemInformation = NULL;
228 INtDll::PNtQueryObject INtDll::NtQueryObject = NULL;
229 INtDll::PNtQueryInformationThread INtDll::NtQueryInformationThread = NULL;
230 INtDll::PNtQueryInformationFile INtDll::NtQueryInformationFile = NULL;
231 INtDll::PNtQueryInformationProcess INtDll::NtQueryInformationProcess = NULL;
232 DWORD INtDll::dwNTMajorVersion = SystemInfoUtils::GetNTMajorVersion();
233
234 BOOL INtDll::NtDllStatus = INtDll::Init();
235
236 BOOL INtDll::Init()
237 {
238 // Get the NtDll function pointers
239 NtQuerySystemInformation = (PNtQuerySystemInformation)
240 GetProcAddress( GetModuleHandle( _T( "ntdll.dll" ) ),
241 _T("NtQuerySystemInformation") );
242
243 NtQueryObject = (PNtQueryObject)
244 GetProcAddress( GetModuleHandle( _T( "ntdll.dll" ) ),
245 _T("NtQueryObject") );
246
247 NtQueryInformationThread = (PNtQueryInformationThread)
248 GetProcAddress( GetModuleHandle( _T( "ntdll.dll" ) ),
249 _T("NtQueryInformationThread") );
250
251 NtQueryInformationFile = (PNtQueryInformationFile)
252 GetProcAddress( GetModuleHandle( _T( "ntdll.dll" ) ),
253 _T("NtQueryInformationFile") );
254
255 NtQueryInformationProcess = (PNtQueryInformationProcess)
256 GetProcAddress( GetModuleHandle( _T( "ntdll.dll" ) ),
257 _T("NtQueryInformationProcess") );
258
259 return NtQuerySystemInformation != NULL &&
260 NtQueryObject != NULL &&
261 NtQueryInformationThread != NULL &&
262 NtQueryInformationFile != NULL &&
263 NtQueryInformationProcess != NULL;
264 }
265
266 ///////////////////////////////////////////////////////////////////////////////
267 //
268 // SystemProcessInformation
269 //
270 ///////////////////////////////////////////////////////////////////////////////
271
272 SystemProcessInformation::SystemProcessInformation( BOOL bRefresh )
273 {
274 m_pBuffer = (UCHAR*)VirtualAlloc ((void*)0x100000,
275 BufferSize,
276 MEM_COMMIT,
277 PAGE_READWRITE);
278
279 if ( bRefresh )
280 Refresh();
281 }
282
283 SystemProcessInformation::~SystemProcessInformation()
284 {
285 VirtualFree( m_pBuffer, 0, MEM_RELEASE );
286 }
287
288 BOOL SystemProcessInformation::Refresh()
289 {
290 m_ProcessInfos.clear();
291 m_pCurrentProcessInfo = NULL;
292
293 if ( !NtDllStatus || m_pBuffer == NULL )
294 return FALSE;
295
296 // query the process information
297 if ( INtDll::NtQuerySystemInformation( 5, m_pBuffer, BufferSize, NULL )
298 != 0 )
299 return FALSE;
300
301 DWORD currentProcessID = GetCurrentProcessId(); //Current Process ID
302
303 SYSTEM_PROCESS_INFORMATION* pSysProcess =
304 (SYSTEM_PROCESS_INFORMATION*)m_pBuffer;
305 do
306 {
307 // fill the process information map
308 m_ProcessInfos[pSysProcess->dUniqueProcessId] = pSysProcess;
309
310 // we found this process
311 if ( pSysProcess->dUniqueProcessId == currentProcessID )
312 m_pCurrentProcessInfo = pSysProcess;
313
314 // get the next process information block
315 if ( pSysProcess->dNext != 0 )
316 pSysProcess = (SYSTEM_PROCESS_INFORMATION*)
317 ((UCHAR*)pSysProcess + pSysProcess->dNext);
318 else
319 pSysProcess = NULL;
320
321 } while ( pSysProcess != NULL );
322
323 return TRUE;
324 }
325
326 ///////////////////////////////////////////////////////////////////////////////
327 //
328 // SystemThreadInformation
329 //
330 ///////////////////////////////////////////////////////////////////////////////
331
332 SystemThreadInformation::SystemThreadInformation( DWORD pID, BOOL bRefresh )
333 {
334 m_processId = pID;
335
336 if ( bRefresh )
337 Refresh();
338 }
339
340 BOOL SystemThreadInformation::Refresh()
341 {
342 // Get the Thread objects ( set the filter to "Thread" )
343 SystemHandleInformation hi( m_processId );
344 BOOL rc = hi.SetFilter( _T("Thread"), TRUE );
345
346 m_ThreadInfos.clear();
347
348 if ( !rc )
349 return FALSE;
350
351 THREAD_INFORMATION ti;
352
353 // Iterating through the found Thread objects
354 for (list<SystemHandleInformation::SYSTEM_HANDLE>::iterator iter = hi.m_HandleInfos.begin(); iter != hi.m_HandleInfos.end(); iter++) {
355 SystemHandleInformation::SYSTEM_HANDLE& h = *iter;
356
357 ti.ProcessId = h.ProcessID;
358 ti.ThreadHandle = (HANDLE)h.HandleNumber;
359
360 // This is one of the threads we are lokking for
361 if ( SystemHandleInformation::GetThreadId( ti.ThreadHandle,
362 ti.ThreadId, ti.ProcessId ) )
363 m_ThreadInfos.push_back( ti );
364 }
365
366 return TRUE;
367 }
368
369 ///////////////////////////////////////////////////////////////////////////////
370 //
371 // SystemHandleInformation
372 //
373 ///////////////////////////////////////////////////////////////////////////////
374
375 SystemHandleInformation::SystemHandleInformation( DWORD pID, BOOL bRefresh,
376 LPCTSTR lpTypeFilter )
377 {
378 m_processId = pID;
379
380 // Set the filter
381 SetFilter( lpTypeFilter, bRefresh );
382 }
383
384 SystemHandleInformation::~SystemHandleInformation()
385 {
386 }
387
388 BOOL SystemHandleInformation::SetFilter( LPCTSTR lpTypeFilter, BOOL bRefresh )
389 {
390 // Set the filter ( default = all objects )
391 m_strTypeFilter = lpTypeFilter == NULL ? _T("") : lpTypeFilter;
392
393 return bRefresh ? Refresh() : TRUE;
394 }
395
396 const string& SystemHandleInformation::GetFilter()
397 {
398 return m_strTypeFilter;
399 }
400
401 BOOL SystemHandleInformation::IsSupportedHandle( SYSTEM_HANDLE& handle )
402 {
403 //Here you can filter the handles you don't want in the Handle list
404
405 // Windows 2000 supports everything :)
406 if ( dwNTMajorVersion >= 5 )
407 return TRUE;
408
409 //NT4 System process doesn't like if we bother his internal security :)
410 if ( handle.ProcessID == 2 && handle.HandleType == 16 )
411 return FALSE;
412
413 return TRUE;
414 }
415
416 BOOL SystemHandleInformation::Refresh()
417 {
418 DWORD size = 0x2000;
419 DWORD needed = 0;
420 DWORD i = 0;
421 BOOL ret = TRUE;
422 string strType;
423
424 m_HandleInfos.clear();
425
426 if ( !INtDll::NtDllStatus )
427 return FALSE;
428
429 // Allocate the memory for the buffer
430 SYSTEM_HANDLE_INFORMATION* pSysHandleInformation =
431 (SYSTEM_HANDLE_INFORMATION*)
432 VirtualAlloc( NULL, size, MEM_COMMIT, PAGE_READWRITE );
433
434 if ( pSysHandleInformation == NULL )
435 return FALSE;
436
437 // Query the needed buffer size for the objects ( system wide )
438 if ( INtDll::NtQuerySystemInformation( 16, pSysHandleInformation,
439 size, &needed ) != 0 )
440 {
441 if ( needed == 0 )
442 {
443 ret = FALSE;
444 goto cleanup;
445 }
446
447 // The size was not enough
448 VirtualFree( pSysHandleInformation, 0, MEM_RELEASE );
449
450 pSysHandleInformation = (SYSTEM_HANDLE_INFORMATION*)
451 VirtualAlloc( NULL, size = needed + 256,
452 MEM_COMMIT, PAGE_READWRITE );
453 }
454
455 if ( pSysHandleInformation == NULL )
456 return FALSE;
457
458 // Query the objects ( system wide )
459 if ( INtDll::NtQuerySystemInformation( 16, pSysHandleInformation,
460 size, NULL ) != 0 )
461 {
462 ret = FALSE;
463 goto cleanup;
464 }
465
466 // Iterating through the objects
467 for ( i = 0; i < pSysHandleInformation->Count; i++ )
468 {
469 if ( !IsSupportedHandle( pSysHandleInformation->Handles[i] ) )
470 continue;
471
472 // ProcessId filtering check
473 if ( pSysHandleInformation->Handles[i].ProcessID ==
474 m_processId || m_processId == (DWORD)-1 ) {
475 BOOL bAdd = FALSE;
476
477 if ( m_strTypeFilter == _T("") )
478 bAdd = TRUE;
479 else
480 {
481 // Type filtering
482 GetTypeToken( (HANDLE)pSysHandleInformation
483 ->Handles[i].HandleNumber,
484 strType,
485 pSysHandleInformation
486 ->Handles[i].ProcessID );
487
488 bAdd = strType == m_strTypeFilter;
489 }
490
491 // That's it. We found one.
492 if ( bAdd )
493 {
494 pSysHandleInformation->Handles[i].HandleType =
495 (WORD)(pSysHandleInformation
496 ->Handles[i].HandleType % 256);
497
498 m_HandleInfos.push_back( pSysHandleInformation
499 ->Handles[i] );
500
501 }
502 }
503 }
504
505 cleanup:
506
507 if ( pSysHandleInformation != NULL )
508 VirtualFree( pSysHandleInformation, 0, MEM_RELEASE );
509
510 return ret;
511 }
512
513 HANDLE SystemHandleInformation::OpenProcess( DWORD processId )
514 {
515 // Open the process for handle duplication
516 return ::OpenProcess( PROCESS_DUP_HANDLE, TRUE, processId );
517 }
518
519 HANDLE SystemHandleInformation::DuplicateHandle( HANDLE hProcess,
520 HANDLE hRemote )
521 {
522 HANDLE hDup = NULL;
523
524 // Duplicate the remote handle for our process
525 ::DuplicateHandle( hProcess, hRemote, GetCurrentProcess(), &hDup,
526 0, FALSE, DUPLICATE_SAME_ACCESS );
527
528 return hDup;
529 }
530
531 //Information functions
532 BOOL SystemHandleInformation::GetTypeToken( HANDLE h, string& str,
533 DWORD processId )
534 {
535 ULONG size = 0x2000;
536 UCHAR* lpBuffer = NULL;
537 BOOL ret = FALSE;
538
539 HANDLE handle;
540 HANDLE hRemoteProcess = NULL;
541 BOOL remote = processId != GetCurrentProcessId();
542
543 if ( !NtDllStatus )
544 return FALSE;
545
546 if ( remote )
547 {
548 // Open the remote process
549 hRemoteProcess = OpenProcess( processId );
550
551 if ( hRemoteProcess == NULL )
552 return FALSE;
553
554 // Duplicate the handle
555 handle = DuplicateHandle( hRemoteProcess, h );
556 }
557 else
558 handle = h;
559
560 // Query the info size
561 INtDll::NtQueryObject( handle, 2, NULL, 0, &size );
562
563 lpBuffer = new UCHAR[size];
564
565 // Query the info size ( type )
566 if ( INtDll::NtQueryObject( handle, 2, lpBuffer, size, NULL ) == 0 )
567 {
568 str = _T("");
569 SystemInfoUtils::LPCWSTR2string( (LPCWSTR)(lpBuffer+0x60),
570 str );
571
572 ret = TRUE;
573 }
574
575 if ( remote )
576 {
577 if ( hRemoteProcess != NULL )
578 CloseHandle( hRemoteProcess );
579
580 if ( handle != NULL )
581 CloseHandle( handle );
582 }
583
584 if ( lpBuffer != NULL )
585 delete [] lpBuffer;
586
587 return ret;
588 }
589
590 BOOL SystemHandleInformation::GetType( HANDLE h, WORD& type, DWORD processId )
591 {
592 string strType;
593
594 type = OB_TYPE_UNKNOWN;
595
596 if ( !GetTypeToken( h, strType, processId ) )
597 return FALSE;
598
599 return GetTypeFromTypeToken( strType.c_str(), type );
600 }
601
602 BOOL SystemHandleInformation::GetTypeFromTypeToken( LPCTSTR typeToken,
603 WORD& type )
604 {
605 const WORD count = 27;
606 string constStrTypes[count] = {
607 _T(""), _T(""), _T("Directory"), _T("SymbolicLink"),
608 _T("Token"), _T("Process"), _T("Thread"), _T("Unknown7"),
609 _T("Event"), _T("EventPair"), _T("Mutant"), _T("Unknown11"),
610 _T("Semaphore"), _T("Timer"), _T("Profile"),
611 _T("WindowStation"), _T("Desktop"), _T("Section"), _T("Key"),
612 _T("Port"), _T("WaitablePort"), _T("Unknown21"),
613 _T("Unknown22"), _T("Unknown23"), _T("Unknown24"),
614 _T("IoCompletion"), _T("File") };
615
616 type = OB_TYPE_UNKNOWN;
617
618 for ( WORD i = 1; i < count; i++ )
619 if ( constStrTypes[i] == typeToken )
620 {
621 type = i;
622 return TRUE;
623 }
624
625 return FALSE;
626 }
627
628 BOOL SystemHandleInformation::GetName( HANDLE handle, string& str, DWORD processId )
629 {
630 WORD type = 0;
631
632 if ( !GetType( handle, type, processId ) )
633 return FALSE;
634
635 return GetNameByType( handle, type, str, processId );
636 }
637
638 BOOL SystemHandleInformation::GetNameByType( HANDLE h, WORD type, string& str, DWORD processId )
639 {
640 ULONG size = 0x2000;
641 UCHAR* lpBuffer = NULL;
642 BOOL ret = FALSE;
643
644 HANDLE handle;
645 HANDLE hRemoteProcess = NULL;
646 BOOL remote = processId != GetCurrentProcessId();
647 DWORD dwId = 0;
648
649 if ( !NtDllStatus )
650 return FALSE;
651
652 if ( remote )
653 {
654 hRemoteProcess = OpenProcess( processId );
655
656 if ( hRemoteProcess == NULL )
657 return FALSE;
658
659 handle = DuplicateHandle( hRemoteProcess, h );
660 }
661 else
662 handle = h;
663
664 stringstream hex;
665 // let's be happy, handle is in our process space, so query the infos :)
666 switch( type )
667 {
668 case OB_TYPE_PROCESS:
669 GetProcessId( handle, dwId );
670
671 hex << "PID: 0x" << std::hex << dwId;
672 str = hex.str();
673
674 ret = TRUE;
675 goto cleanup;
676 break;
677
678 case OB_TYPE_THREAD:
679 GetThreadId( handle, dwId );
680
681 hex << "TID: 0x" << std::hex << dwId;
682
683 ret = TRUE;
684 goto cleanup;
685 break;
686
687 case OB_TYPE_FILE:
688 ret = GetFileName( handle, str );
689
690 // access denied :(
691 if ( ret && str == _T("") )
692 goto cleanup;
693 break;
694
695 };
696
697 INtDll::NtQueryObject ( handle, 1, NULL, 0, &size );
698
699 // let's try to use the default
700 if ( size == 0 )
701 size = 0x2000;
702
703 lpBuffer = new UCHAR[size];
704
705 if ( INtDll::NtQueryObject( handle, 1, lpBuffer, size, NULL ) == 0 )
706 {
707 SystemInfoUtils::Unicode2string( (UNICODE_STRING*)lpBuffer, str );
708 ret = TRUE;
709 }
710
711 cleanup:
712
713 if ( remote )
714 {
715 if ( hRemoteProcess != NULL )
716 CloseHandle( hRemoteProcess );
717
718 if ( handle != NULL )
719 CloseHandle( handle );
720 }
721
722 if ( lpBuffer != NULL )
723 delete [] lpBuffer;
724
725 return ret;
726 }
727
728 //Thread related functions
729 BOOL SystemHandleInformation::GetThreadId( HANDLE h, DWORD& threadID, DWORD processId )
730 {
731 SystemThreadInformation::BASIC_THREAD_INFORMATION ti;
732 HANDLE handle;
733 HANDLE hRemoteProcess = NULL;
734 BOOL remote = processId != GetCurrentProcessId();
735
736 if ( !NtDllStatus )
737 return FALSE;
738
739 if ( remote )
740 {
741 // Open process
742 hRemoteProcess = OpenProcess( processId );
743
744 if ( hRemoteProcess == NULL )
745 return FALSE;
746
747 // Duplicate handle
748 handle = DuplicateHandle( hRemoteProcess, h );
749 }
750 else
751 handle = h;
752
753 // Get the thread information
754 if ( INtDll::NtQueryInformationThread( handle, 0, &ti, sizeof(ti), NULL ) == 0 )
755 threadID = ti.ThreadId;
756
757 if ( remote )
758 {
759 if ( hRemoteProcess != NULL )
760 CloseHandle( hRemoteProcess );
761
762 if ( handle != NULL )
763 CloseHandle( handle );
764 }
765
766 return TRUE;
767 }
768
769 //Process related functions
770 BOOL SystemHandleInformation::GetProcessPath( HANDLE h, string& strPath, DWORD remoteProcessId )
771 {
772 h; strPath; remoteProcessId;
773
774 stringstream number;
775 number << remoteProcessId;
776 strPath = number.str();
777
778 return TRUE;
779 }
780
781 BOOL SystemHandleInformation::GetProcessId( HANDLE h, DWORD& processId, DWORD remoteProcessId )
782 {
783 BOOL ret = FALSE;
784 HANDLE handle;
785 HANDLE hRemoteProcess = NULL;
786 BOOL remote = remoteProcessId != GetCurrentProcessId();
787 SystemProcessInformation::PROCESS_BASIC_INFORMATION pi;
788
789 ZeroMemory( &pi, sizeof(pi) );
790 processId = 0;
791
792 if ( !NtDllStatus )
793 return FALSE;
794
795 if ( remote )
796 {
797 // Open process
798 hRemoteProcess = OpenProcess( remoteProcessId );
799
800 if ( hRemoteProcess == NULL )
801 return FALSE;
802
803 // Duplicate handle
804 handle = DuplicateHandle( hRemoteProcess, h );
805 }
806 else
807 handle = h;
808
809 // Get the process information
810 if ( INtDll::NtQueryInformationProcess( handle, 0, &pi, sizeof(pi), NULL) == 0 )
811 {
812 processId = pi.UniqueProcessId;
813 ret = TRUE;
814 }
815
816 if ( remote )
817 {
818 if ( hRemoteProcess != NULL )
819 CloseHandle( hRemoteProcess );
820
821 if ( handle != NULL )
822 CloseHandle( handle );
823 }
824
825 return ret;
826 }
827
828 //File related functions
829 void SystemHandleInformation::GetFileNameThread( PVOID pParam )
830 {
831 // This thread function for getting the filename
832 // if access denied, we hang up in this function,
833 // so if it times out we just kill this thread
834 GetFileNameThreadParam* p = (GetFileNameThreadParam*)pParam;
835
836 UCHAR lpBuffer[0x1000];
837 DWORD iob[2];
838
839 p->rc = INtDll::NtQueryInformationFile( p->hFile, iob, lpBuffer, sizeof(lpBuffer), 9 );
840
841 if ( p->rc == 0 )
842 *p->pName = (const char *)lpBuffer;
843 }
844
845 BOOL SystemHandleInformation::GetFileName( HANDLE h, string& str, DWORD processId )
846 {
847 BOOL ret= FALSE;
848 HANDLE hThread = NULL;
849 GetFileNameThreadParam tp;
850 HANDLE handle;
851 HANDLE hRemoteProcess = NULL;
852 BOOL remote = processId != GetCurrentProcessId();
853
854 if ( !NtDllStatus )
855 return FALSE;
856
857 if ( remote )
858 {
859 // Open process
860 hRemoteProcess = OpenProcess( processId );
861
862 if ( hRemoteProcess == NULL )
863 return FALSE;
864
865 // Duplicate handle
866 handle = DuplicateHandle( hRemoteProcess, h );
867 }
868 else
869 handle = h;
870
871 tp.hFile = handle;
872 tp.pName = &str;
873 tp.rc = 0;
874
875 // Let's start the thread to get the file name
876 hThread = (HANDLE)_beginthread( GetFileNameThread, 0, &tp );
877
878 if ( hThread == NULL )
879 {
880 ret = FALSE;
881 goto cleanup;
882 }
883
884 // Wait for finishing the thread
885 if ( WaitForSingleObject( hThread, 100 ) == WAIT_TIMEOUT )
886 {
887 // Access denied
888 // Terminate the thread
889 TerminateThread( hThread, 0 );
890
891 str = _T("");
892
893 ret = TRUE;
894 }
895 else
896 ret = ( tp.rc == 0 );
897
898 cleanup:
899
900 if ( remote )
901 {
902 if ( hRemoteProcess != NULL )
903 CloseHandle( hRemoteProcess );
904
905 if ( handle != NULL )
906 CloseHandle( handle );
907 }
908
909 return ret;
910 }
911
912 //////////////////////////////////////////////////////////////////////////////////////
913 //
914 // SystemModuleInformation
915 //
916 //////////////////////////////////////////////////////////////////////////////////////
917
918 SystemModuleInformation::SystemModuleInformation( DWORD pID, BOOL bRefresh )
919 {
920 m_processId = pID;
921
922 if ( bRefresh )
923 Refresh();
924 }
925
926 void SystemModuleInformation::GetModuleListForProcess( DWORD processID )
927 {
928 DWORD i = 0;
929 DWORD cbNeeded = 0;
930 HMODULE* hModules = NULL;
931 MODULE_INFO moduleInfo;
932
933 // Open process to read to query the module list
934 HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID );
935
936 if ( hProcess == NULL )
937 goto cleanup;
938
939 //Get the number of modules
940 if ( !(*m_EnumProcessModules)( hProcess, NULL, 0, &cbNeeded ) )
941 goto cleanup;
942
943 hModules = new HMODULE[ cbNeeded / sizeof( HMODULE ) ];
944
945 //Get module handles
946 if ( !(*m_EnumProcessModules)( hProcess, hModules, cbNeeded, &cbNeeded ) )
947 goto cleanup;
948
949 for ( i = 0; i < cbNeeded / sizeof( HMODULE ); i++ )
950 {
951 moduleInfo.ProcessId = processID;
952 moduleInfo.Handle = hModules[i];
953
954 //Get module full paths
955 if ( (*m_GetModuleFileNameEx)( hProcess, hModules[i], moduleInfo.FullPath, _MAX_PATH ) )
956 m_ModuleInfos.push_back( moduleInfo );
957 }
958
959 cleanup:
960 if ( hModules != NULL )
961 delete [] hModules;
962
963 if ( hProcess != NULL )
964 CloseHandle( hProcess );
965 }
966
967 BOOL SystemModuleInformation::Refresh()
968 {
969 BOOL rc = FALSE;
970 m_EnumProcessModules = NULL;
971 m_GetModuleFileNameEx = NULL;
972
973 m_ModuleInfos.clear();
974
975 //Load Psapi.dll
976 HINSTANCE hDll = LoadLibrary( "PSAPI.DLL" );
977
978 if ( hDll == NULL )
979 {
980 rc = FALSE;
981 goto cleanup;
982 }
983
984 //Get Psapi.dll functions
985 m_EnumProcessModules = (PEnumProcessModules)GetProcAddress( hDll, "EnumProcessModules" );
986
987 m_GetModuleFileNameEx = (PGetModuleFileNameEx)GetProcAddress( hDll,
988 #ifdef UNICODE
989 "GetModuleFileNameExW" );
990 #else
991 "GetModuleFileNameExA" );
992 #endif
993
994 if ( m_GetModuleFileNameEx == NULL || m_EnumProcessModules == NULL )
995 {
996 rc = FALSE;
997 goto cleanup;
998 }
999
1000 // Everey process or just a particular one
1001 if ( m_processId != -1 )
1002 // For a particular one
1003 GetModuleListForProcess( m_processId );
1004 else
1005 {
1006 // Get teh process list
1007 DWORD pID;
1008 SystemProcessInformation::SYSTEM_PROCESS_INFORMATION* p = NULL;
1009 SystemProcessInformation pi( TRUE );
1010
1011 if ( pi.m_ProcessInfos.empty() )
1012 {
1013 rc = FALSE;
1014 goto cleanup;
1015 }
1016
1017 // Iterating through the processes and get the module list
1018 for (map<DWORD, SystemProcessInformation::SYSTEM_PROCESS_INFORMATION *>::iterator iter = pi.m_ProcessInfos.begin(); iter != pi.m_ProcessInfos.end(); iter++) {
1019 pID = iter->first;
1020 p = iter->second;
1021 GetModuleListForProcess( pID );
1022 }
1023 }
1024
1025 rc = TRUE;
1026
1027 cleanup:
1028
1029 //Free psapi.dll
1030 if ( hDll != NULL )
1031 FreeLibrary( hDll );
1032
1033 return rc;
1034 }
1035
1036 //////////////////////////////////////////////////////////////////////////////////////
1037 //
1038 // SystemWindowInformation
1039 //
1040 //////////////////////////////////////////////////////////////////////////////////////
1041
1042 SystemWindowInformation::SystemWindowInformation( DWORD pID, BOOL bRefresh )
1043 {
1044 m_processId = pID;
1045
1046 if ( bRefresh )
1047 Refresh();
1048 }
1049
1050 BOOL SystemWindowInformation::Refresh()
1051 {
1052 m_WindowInfos.clear();
1053
1054 // Enumerating the windows
1055 EnumWindows( EnumerateWindows, (LPARAM)this );
1056
1057 return TRUE;
1058 }
1059
1060 BOOL CALLBACK SystemWindowInformation::EnumerateWindows( HWND hwnd, LPARAM lParam )
1061 {
1062 SystemWindowInformation* _this = (SystemWindowInformation*)lParam;
1063 WINDOW_INFO wi;
1064
1065 wi.hWnd = hwnd;
1066 GetWindowThreadProcessId(hwnd, &wi.ProcessId ) ;
1067
1068 // Filtering by process ID
1069 if ( _this->m_processId == -1 || _this->m_processId == wi.ProcessId )
1070 {
1071 GetWindowText( hwnd, wi.Caption, MaxCaptionSize );
1072
1073 // That is we are looking for
1074 if ( GetLastError() == 0 )
1075 _this->m_WindowInfos.push_back( wi );
1076 }
1077
1078 return TRUE;
1079 };
msysGit -- the development environment for 'Git for Windows'