portmondoc.cpp

远程网络监视程序的源码

// PortMonDoc.cpp :  CPortMonDoc 类的实现
//

#include "stdafx.h"
#include "PortMon.h"

#include "prochelp.h"
#include "winsvc.h"
#include ".\portmondoc.h"
#include "portmonview.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#endif


// CPortMonDoc

IMPLEMENT_DYNCREATE(CPortMonDoc, CDocument)

BEGIN_MESSAGE_MAP(CPortMonDoc, CDocument)
END_MESSAGE_MAP()


// CPortMonDoc 构造/析构

CPortMonDoc::CPortMonDoc()
	: m_dwProcessID(0)
{
	// TODO: 在此添加一次性构造代码

}

CPortMonDoc::~CPortMonDoc()
{
}

BOOL CPortMonDoc::OnNewDocument()
{
	if (!CDocument::OnNewDocument())
		return FALSE;

	// TODO: 在此添加重新初始化代码
	// (SDI 文档将重用该文档)

	return TRUE;
}


// CPortMonDoc 序列化

void CPortMonDoc::Serialize(CArchive& ar)
{
	if (ar.IsStoring())
	{
		((CPortMonView *)m_viewList.GetHead())->SaveList(ar);
	}
	else
	{
		// TODO: 在此添加加载代码
	}
}


// CPortMonDoc 诊断

#ifdef _DEBUG
void CPortMonDoc::AssertValid() const
{
	CDocument::AssertValid();
}

void CPortMonDoc::Dump(CDumpContext& dc) const
{
	CDocument::Dump(dc);
}
#endif //_DEBUG


// CPortMonDoc 命令

void CPortMonDoc::SetCurProcess(DWORD dwPID)
{
	m_dwProcessID = dwPID;
	UpdateAllViews(NULL);
}

CString CPortMonDoc::GetSelParentName()
{
	CProcessHelp::EnableDebugPrivilege(TRUE);

	// using toolhelp snapshot
	CProcessHelp procHelp( TH32CS_SNAPPROCESS );
	PROCESSENTRY32 pe32 = {0};
	pe32.dwSize = sizeof(PROCESSENTRY32);

	CString sParentName = _T("父进程 ");
	CString sTemp = _T("");
	if( procHelp.ProcessFind( m_dwProcessID, &pe32 ) )
	{
		sTemp = GetProcessNameByID(pe32.th32ParentProcessID);
		if( sTemp.IsEmpty() )
		{
			sTemp.Format( "ID: %u", pe32.th32ParentProcessID );
		}
	}

	CProcessHelp::EnableDebugPrivilege(FALSE);

	sParentName += sTemp;
	return sParentName;
}

CString CPortMonDoc::GetProcessNameByID(DWORD pid)
{
	CString temp;

	// turn on debug privilege
	CProcessHelp::EnableDebugPrivilege(TRUE);

	// using toolhelp snapshot
	CProcessHelp procHelp( TH32CS_SNAPMODULE, pid );
	MODULEENTRY32 me32 = {0};
	me32.dwSize = sizeof(MODULEENTRY32);

	CString sTemp = _T("");
	if( procHelp.ModuleFirst(&me32) && (me32.th32ProcessID == pid) )
	{
		sTemp = me32.szExePath;
	}

	// turn off debug privilege
	CProcessHelp::EnableDebugPrivilege(FALSE);

	return sTemp;
}

DWORD CPortMonDoc::GetSelProcID(void)
{
	return m_dwProcessID;
}

BOOL CPortMonDoc::IsKernService(void)
{
	HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, m_dwProcessID );
	if (hProcess)
	{
		CloseHandle(hProcess);
		return FALSE;
	}
	else // null
	{
		CString sTemp = GetSelParentName();
		int nPos = sTemp.ReverseFind('\\');
		if( nPos > 0 )
		{
			sTemp = sTemp.Mid(nPos+1);
			if( sTemp.CompareNoCase(_T("services.exe")) == 0 )
			{
				return FALSE;
			}
		}
	}

	return TRUE;
}

BOOL CPortMonDoc::KillService(void)
{
	CString sTemp = GetProcessNameByID(m_dwProcessID);
	int nPos = sTemp.ReverseFind('\\');
	if( nPos > 0 )
	{
		sTemp = sTemp.Mid(nPos+1);
		int nPos2 = sTemp.Find('.');
		if( nPos2 > 0 )
		{
			sTemp = sTemp.Left(nPos2);
			return KillSvcByName(sTemp);
		}
	}

	return FALSE;
}

BOOL CPortMonDoc::KillSvcByName(LPCTSTR szSrvName)
{
	SC_HANDLE hSCMgr, hService;
	BOOL bRes = FALSE;

	if( !szSrvName )
	{
		return FALSE;
	}

	hSCMgr = OpenSCManager( NULL, NULL, SC_MANAGER_CONNECT );
	if( !hSCMgr )
	{
		return FALSE;
	}

	hService = OpenService(hSCMgr, szSrvName, SERVICE_ALL_ACCESS);
	if( hService )
	{
		SERVICE_STATUS serviceStatus;
		if( ControlService(hService, SERVICE_CONTROL_STOP, &serviceStatus) )
		{
			if( CloseServiceHandle(hService) )
			{
				bRes = TRUE;
			}
		}
	}

	CloseServiceHandle(hSCMgr);
	return bRes;
}