File: ProcessListWindows.cpp

package info (click to toggle)
qnetstatview 1.5.8-2
  • links: PTS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 452 kB
  • sloc: cpp: 1,380; makefile: 4
file content (122 lines) | stat: -rw-r--r-- 3,063 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
#include "ProcessListWindows.h"


#if defined(Q_OS_WIN)
typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);

PROCNTQSIP NtQueryInformationProcess;
#endif


#if defined(Q_OS_WIN)
BOOL ProcessListWindows::GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen)
{
    LONG                      status;
    HANDLE                    hProcess;
    PROCESS_BASIC_INFORMATION pbi;
    PEB                       Peb;
    PROCESS_PARAMETERS        ProcParam;
    SIZE_T                    dwDummy;
    DWORD                     dwSize;
    LPVOID                    lpAddress;
    BOOL                      bRet = FALSE;

    // Get process handle
    hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,dwId);
    if (!hProcess)
       return FALSE;

    // Retrieve information
    status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, (PVOID)&pbi, sizeof(PROCESS_BASIC_INFORMATION), NULL);


    if (status)
       goto cleanup;

    if ( !ReadProcessMemory(hProcess, pbi.PebBaseAddress, &Peb, sizeof(PEB), &dwDummy) )
       goto cleanup;

    if ( !ReadProcessMemory(hProcess, Peb.ProcessParameters, &ProcParam, sizeof(PROCESS_PARAMETERS), &dwDummy) )
       goto cleanup;

    lpAddress = ProcParam.CommandLine.Buffer;
    dwSize = ProcParam.CommandLine.Length;

    if (dwBufLen<dwSize)
       goto cleanup;

    if ( !ReadProcessMemory(hProcess, lpAddress, wBuf, dwSize, &dwDummy) )
       goto cleanup;

    bRet = TRUE;

cleanup:
    CloseHandle (hProcess);

    return bRet;
}

#endif

ProcessListWindows::ProcessListWindows(QObject *parent) :    QObject(parent){

}

int ProcessListWindows::initProccessList(){
    return 1;
}

QString  ProcessListWindows::getProgram(QString pid){

    int iPID = pid.toInt();

#if defined(Q_OS_WIN)
    HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, iPID);
    if (hProcess==NULL) return "-";

    WCHAR szFilePath[MAX_PATH] = {0};
    GetModuleFileNameEx(hProcess, NULL, szFilePath, MAX_PATH);
    CloseHandle(hProcess);
    return QString::fromWCharArray(szFilePath);

#endif

return "";

}


QString  ProcessListWindows::getCmdline(QString pid){
    #if defined(Q_OS_WIN)
        NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress( GetModuleHandle((const WCHAR*)"NTDLL"), "NtQueryInformationProcess" );

        if (!NtQueryInformationProcess) return "";

        DWORD dwId;
        sscanf(pid.toStdString().c_str(),"%lu",&dwId);

        WCHAR wstr[255];

        if (GetProcessCmdLine(dwId,wstr,sizeof(wstr))){
           //wprintf(L"Command line for process %lu is:\n%s\n",dwId,wstr);
           return QString::fromWCharArray(wstr);
        }
           //wprintf(L"Could not get command line!");
    #endif

    return "";
}

QStringList ProcessListWindows::getSockets(QString pid){
    return QStringList();
}

sProccess ProcessListWindows::getProc(QString pid){
    sProccess proc;
    proc.pid=pid;
    //proc.sockets=getSockets(pid);
    proc.program=getProgram(pid);
    proc.cmdline=getCmdline(pid);

    return proc;
}