/////////////////////////////////////////////////////
// //
// GetActiveProcessInfo() //
// //
/////////////////////////////////////////////////////
//Description: searches the active process list for
// a process with the given name and then
// returns information about it.
//Returns: ArrayList (pid,ppid,threadcount)
/////////////////////////////////////////////////////
internal ArrayList GetActiveProcessInfo(string NameOfProcessToFind)
{
ArrayList returnArray = null;
//take a snapshot of all processes (0x00000002)
IntPtr hSnapshot = Win32Helper.CreateToolhelp32Snapshot(0x00000002, 0);
if (hSnapshot == (IntPtr)(-1))
{
MemoryHelperLog.AppendLine("ERROR: Could not create process snapshot!");
return null;
}
//before we do anything, we have to set the size of the list structure
Win32Helper.PROCESSENTRY32 procListHead = new Win32Helper.PROCESSENTRY32();
procListHead.dwSize = (uint)Marshal.SizeOf(typeof(Win32Helper.PROCESSENTRY32));
//retrieve a pointer to the first process in the list, so we can interate using that
if (!Win32Helper.Process32First(hSnapshot, ref procListHead))
{
MemoryHelperLog.AppendLine("ERROR: Could not obtain a pointer to the process list!");
MemoryHelperLog.AppendLine("ERROR: Error data = " + Win32Helper.GetLastError32());
Win32Helper.CloseHandle(hSnapshot);
return null;
}
MemoryHelperLog.AppendLine("SCAN: Process listing: ");
//search the process list for this process name
do
{
string processName = procListHead.szExeFile.ToString();
//log that we looked at this process name
MemoryHelperLog.Append(processName + ",");
if (processName.ToLower() == NameOfProcessToFind.ToLower())
{
uint pid = procListHead.th32ProcessID;
uint ppid = procListHead.th32ParentProcessID;
uint threadCount = procListHead.cntThreads;
returnArray = new ArrayList();
returnArray.Add(pid);
returnArray.Add(ppid);
returnArray.Add(threadCount);
break;
}
}
while (Win32Helper.Process32Next(hSnapshot, ref procListHead));
MemoryHelperLog.AppendLine("");
Win32Helper.CloseHandle(hSnapshot); //close the handle to snapshot of the process list
return returnArray;
}
/////////////////////////////////////////////////////
// //
// GetUserModeProcessListingToolHelp32() //
// //
/////////////////////////////////////////////////////
//Description: Uses toolhelp32 API to get a list of
// processes in user mode. The code in
// this function is very similar to what
// is found in MemoryHelper class.
//
//Returns: an ArrayList of PROCESSENTRY32 structs
/////////////////////////////////////////////////////
internal static ArrayList GetUserModeProcessListingToolHelp32()
{
//take a snapshot of all processes (0x00000002)
IntPtr hSnapshot = Win32Helper.CreateToolhelp32Snapshot(0x00000002, 0);
if (hSnapshot == (IntPtr)(-1))
{
AgentScanLog.AppendLine("GetUserModeProcessListingToolHelp32(): Could not create process snapshot!");
return null;
}
//before we do anything, we have to set the size of the list structure
Win32Helper.PROCESSENTRY32 procListHead = new Win32Helper.PROCESSENTRY32();
procListHead.dwSize = (uint)Marshal.SizeOf(typeof(Win32Helper.PROCESSENTRY32));
//retrieve a pointer to the first process in the list, so we can interate using that
if (!Win32Helper.Process32First(hSnapshot, ref procListHead))
{
AgentScanLog.AppendLine("GetUserModeProcessListingToolHelp32(): Could not obtain a pointer to the process list!");
AgentScanLog.AppendLine("GetUserModeProcessListingToolHelp32(): Error data = " + Win32Helper.GetLastError32());
Win32Helper.CloseHandle(hSnapshot);
return null;
}
ArrayList processes = new ArrayList();
//search the process list for this process name
do
{
processes.Add(procListHead);
}
while (Win32Helper.Process32Next(hSnapshot, ref procListHead));
Win32Helper.CloseHandle(hSnapshot); //close the handle to snapshot of the process list
return processes;
}
