proclistwnd.c

一文件过滤与加密,系统监视以及控制的东东,自己看

	      
	    // I need confirmation before killing a process
	    n = MessageBox (hwnd, 
			    STR_DEF(_CONFIRM_KILL_PROCESS,g_szConfirmKillProcess),
			    TEXT(APPLICATION_NAME),
			    MB_ICONWARNING|MB_YESNO) ;	    
	    if( n!=IDYES ) return 0 ;
	      
	    // first try a user mode kill
	    bSuccess = SpySrv_KillProcess (nProcessAddress, FALSE) ;		
	    if( bSuccess ) return 0 ;
	    
	    // I need a second confirmation to kill a protected process
	    n = MessageBox (hwnd, 
			    STR_DEF(_CONFIRM_KILL_PROTECTED_PROCESS,g_szConfirmKillProtectedProcess),
			    TEXT(APPLICATION_NAME),
			    MB_ICONWARNING|MB_YESNO) ;
	    
	    if( n!=IDYES ) return 0 ;

	    // now try a kernel mode kill
	    bSuccess = SpySrv_KillProcess (nProcessAddress, TRUE) ;

	    if( !bSuccess )
	      MessageBox (hwnd,
			  STR_DEF(_FAILED_TO_KILL_PROCESS,g_szFailedToKillProcess),
			  TEXT(APPLICATION_NAME), MB_ICONERROR) ;	  
	  }
	  return 0 ; //  ======== 'Kill selected process' command ========
	}

      break ; // case WM_COMMAND:

    case WM_NOTIFY: // ============ 'notify' message on 'processes' window ==============
      {
        union {    
	  NMHDR			*header ;
	  NMITEMACTIVATE	*itemactivate ;
	  NMLISTVIEW		*listview ; 
	  NMTTDISPINFO		*getdispinfo ; 
	} pnm ;

	pnm.header = (NMHDR*)lParam ;
	
	switch( pnm.header->idFrom )
	  {
	  case IDC_PROCESSLIST:
	    
	    switch( pnm.header->code )
	      {
	      case LVN_ITEMCHANGED: // ======== Item changed on 'processes' list-view ========
		{
		  // selection changed
		  if( pnm.listview->uNewState & LVIS_SELECTED )
		    {
		      // get pid of selected process
		      g_nSelectedProcessAddr = pnm.listview->lParam ;
		    }			  
		}			      
		return 0 ; //  ======== Item changed on 'processes' list-view ========

	      case NM_RCLICK: //  ======== Right click on 'processes' list-view ======== 
		{
		  POINT		pt ;		  
		  BOOL		bCanKill = FALSE ;
		  BOOL		bCanHook = FALSE ;
		  BOOL		bCanUnhook = FALSE ;

		  if( g_nSelectedProcessAddr )
		    {
		      PROCSTRUCT	*pProc ;

		      ProcList_Lock () ;
		      
		      pProc = ProcList_Get (g_nSelectedProcessAddr) ;
		      
		      if( pProc ) 
			{
			  BOOL bIsCurProcess = pProc->nProcessId==GetCurrentProcessId() ;
		  
			  bCanKill = !bIsCurProcess ;
			  bCanHook = !bIsCurProcess && pProc->nState==PS_HOOK_DISABLED ;
			  bCanUnhook = !bIsCurProcess && pProc->nState!=PS_HOOK_DISABLED ;
			}
		      else
			TRACE_ERROR (TEXT("Process 0x%08X not in process list\n"), g_nSelectedProcessAddr) ;
		      
		      ProcList_Unlock () ;
		    }

		  // enable/disable 'hook' menu item
		  EnableMenuItem (g_hmenuProcess, IDM_PROCESS_HOOK, 
				  MF_BYCOMMAND|(bCanHook?MF_ENABLED:MF_GRAYED)) ;

		  // enable/disable 'unhook' menu item
		  EnableMenuItem (g_hmenuProcess, IDM_PROCESS_UNHOOK, 
				  MF_BYCOMMAND|(bCanUnhook?MF_ENABLED:MF_GRAYED)) ;

		  // enable/disable 'kill' menu item		  
		  EnableMenuItem (g_hmenuProcess, IDM_PROCESS_KILL, 
				  MF_BYCOMMAND|(bCanKill?MF_ENABLED:MF_GRAYED)) ;

		  // get mouse position
		  GetCursorPos (&pt) ;	
		  
		  // display menu
		  TrackPopupMenu (g_hmenuProcess, TPM_RIGHTBUTTON, pt.x, pt.y, 0, hwnd, NULL) ;		
		}
		return 0 ; //  ======== Right click on 'processes' list-view ======== 

	      case LVN_COLUMNCLICK: //  ======== Click on column header ======== 
		{
		  LVCOLUMN	lvc ;
		  int		i ;

		  if( g_nSortParam == pnm.listview->iSubItem )
		    g_nSortParam |= 0x80 ;
		  else
		    g_nSortParam = pnm.listview->iSubItem ;	
		  
		  ListView_SortItems (g_hwndList, _ProcListWnd_ItemCompare, g_nSortParam) ;
		  
		  for( i=0 ; i<4 ; i++ )
		    {
		      ZeroMemory (&lvc, sizeof(lvc)) ;

		      lvc.mask = LVCF_IMAGE ;
		      lvc.iImage = i!=pnm.listview->iSubItem ? -1 :
			g_nSortParam&0x80 ? 1 : 0 ;		   
		      
		      ListView_SetColumn (g_hwndList, i, &lvc) ;
		    }
		}
		return 0 ; //  ======== Click on column header ======== 
	      }
	  }
	}
         
      return 0 ; // ============ 'notify' message on 'processes' window ==============
    }

  return DefWindowProc (hwnd, message, wParam, lParam) ;
}


/******************************************************************/
/* Internal function :                                            */
/******************************************************************/

BOOL _ProcListWnd_AddProcess (void * pContext, PROCSTRUCT * pProc) 
{
  LVITEM lvi = { 0 } ;
  HWND hwndList = (HWND)pContext ;

  ASSERT (pProc!=NULL) ;

  lvi.mask = LVIF_PARAM ;
  lvi.iItem = ListView_GetItemCount (hwndList) ;
  lvi.iSubItem = 0 ;
  lvi.lParam = (LPARAM)pProc->nProcessAddress ;
  ListView_InsertItem (hwndList, &lvi) ;

  _ProcListWnd_UpdateProcess (hwndList, pProc) ;

  return TRUE ;
}

VOID _ProcListWnd_UpdateProcess (HWND hwndList, PROCSTRUCT *pProc) 
{
  LVFINDINFO	lvfi = { 0 } ;
  LVITEM	lvi = { 0 } ;
  TCHAR		szBuffer[16] ;
  int		iImage, i ;
  HICON		hIcon ;
  SHFILEINFO	sfi ;
  HIMAGELIST	hImageList = ListView_GetImageList (hwndList, LVSIL_SMALL) ;

  lvfi.flags = LVFI_PARAM ;
  lvfi.lParam = (LPARAM)pProc->nProcessAddress ;
  
  i = ListView_FindItem (hwndList,-1,&lvfi) ;

  if( i < 0 ) 
    {
      TRACE_ERROR (TEXT("Process 0x%08X not in list\n"), pProc->nProcessAddress) ;
      return ;
    }

  // get icon
  if( ! pProc->szPath[0] )
    hIcon = LoadIcon (NULL, IDI_WINLOGO) ;
  else if( SHGetFileInfo (pProc->szPath, 0, &sfi, sizeof(sfi), SHGFI_ICON|SHGFI_SMALLICON) )
    hIcon = sfi.hIcon ;  
  else if( pProc->szPath[0] )
    hIcon = LoadIcon (NULL, IDI_APPLICATION) ;
  iImage = ImageList_AddIcon (hImageList, hIcon) ;
  DestroyIcon (hIcon) ; 
    
  // set process name
  lvi.mask	= LVIF_TEXT | LVIF_PARAM | LVIF_IMAGE ;
  lvi.iItem	= i ;
  lvi.iSubItem	= COL_NAME ; 
  lvi.pszText	= pProc->szName ;
  lvi.lParam	= pProc->nProcessAddress ;
  lvi.iImage	= iImage ;
  ListView_SetItem (hwndList, &lvi) ;

  // set PID
  wsprintf (szBuffer, TEXT("%u"), pProc->nProcessId) ;
  lvi.mask	= LVIF_TEXT ;
  lvi.iSubItem	= COL_PID ;
  lvi.pszText	= szBuffer ;
  ListView_SetItem (hwndList, &lvi) ;

  // set state
  lvi.mask	= LVIF_TEXT | LVIF_IMAGE ;
  lvi.iSubItem	= COL_STATE ;
  if( pProc->nState==PS_HOOK_DISABLED ) {
    lvi.pszText = (LPTSTR) STR_DEF (_HOOK_DISABLED, TEXT("Not hooked (disabled)")) ;
    lvi.iImage	= 1 ;
  }
  else if( pProc->nState==PS_HOOKED_SINCE_BIRTH ) {
    lvi.pszText = (LPTSTR) STR_DEF (_HOOKED_SINCE_BIRTH, TEXT("Hooked (since birth)")) ;
    lvi.iImage	= 2 ;
  }
  else if( pProc->nState==PS_HOOKED_WHILE_RUNNING ) {
    lvi.pszText = (LPTSTR) STR_DEF (_HOOKED_WHILE_RUNNING, TEXT("Hooked (while running)")) ;
    lvi.iImage	= 2 ;
  }
  else {
    lvi.pszText = (LPTSTR) STR_DEF (_UNKNOWN_STATE, TEXT("Unknown")) ;
    lvi.iImage	= 0 ;
  }
  ListView_SetItem (hwndList, &lvi) ;

  // set path
  lvi.mask	= LVIF_TEXT ;
  lvi.iSubItem	= COL_PATH ;
  lvi.pszText	= pProc->szPath ;
  ListView_SetItem (hwndList, &lvi) ;
  
  return ;
}


/******************************************************************/
/* Internal function                                              */
/******************************************************************/

VOID _ProcListWnd_UpdateProcessId (HWND hwndList, PROCADDR nProcessAddress)
{
  PROCSTRUCT	*pProc ;
  TCHAR		szBuffer[16] ;
  LVFINDINFO	lvfi ;
  int		iCurrent ;
  LVITEM	lvi ;
  BOOL		bSuccess ;

  ProcList_Lock () ;
  pProc = ProcList_Get (nProcessAddress) ;		
  wsprintf (szBuffer, TEXT("%u"), pProc->nProcessId) ;
  ProcList_Unlock () ;

  memset (&lvfi, 0, sizeof(lvfi)) ;
  lvfi.flags	= LVFI_PARAM ;
  lvfi.lParam	= nProcessAddress ;
   
  iCurrent = ListView_FindItem (hwndList, -1, &lvfi) ;
  if( iCurrent==-1 ) {
    TRACE_ERROR (TEXT("Process 0x%08X not found in process window\n"), nProcessAddress) ;
    return ;
  }
  
  lvi.mask	= 0 ;
  lvi.iItem	= iCurrent ;
  lvi.iSubItem	= COL_PID ;      
  bSuccess = ListView_GetItem (hwndList, &lvi) ; 
  if( ! bSuccess ) {
    TRACE_ERROR (TEXT("ListView_GetItem failed\n")) ;
    return ;
  }
    
  lvi.mask = LVIF_TEXT ;
  lvi.pszText = szBuffer ;
  bSuccess = ListView_SetItem (hwndList, &lvi) ;
  if( ! bSuccess ) {
    TRACE_ERROR (TEXT("ListView_GetItem failed\n")) ;
    return ;
  }    
}


/******************************************************************/
/* Internal function                                              */
/******************************************************************/

VOID _ProcListWnd_RemProcess (HWND hwndList, PROCADDR nProcessAddress)
{
  LVFINDINFO	lvfi ;
  int iCurrent = -1 ;

  memset (&lvfi, 0, sizeof(lvfi)) ;
  lvfi.flags	= LVFI_PARAM ;
  lvfi.lParam	= nProcessAddress ;

  while(1) 
    {      
      iCurrent = ListView_FindItem (hwndList, iCurrent, &lvfi) ;

      if( iCurrent==-1 ) break ;

      if( ! ListView_DeleteItem (hwndList, iCurrent) )
	{
	  TRACE_ERROR (TEXT("ListView_DeleteItem failed (error=%u)\n"),
		       GetLastError()) ;
	  break ;
	}
    }

  TRACE_INFO (TEXT("Finished\n")) ;
}

/******************************************************************/
/* Internal function :                                            */
/******************************************************************/

int CALLBACK _ProcListWnd_ItemCompare (LPARAM lParam1, LPARAM lParam2, LPARAM lParamSort) 
{
  int		iResult ;
  PROCSTRUCT	*pProc1, *pProc2 ;

  ProcList_Lock () ;

  pProc1 = ProcList_Get (lParam1) ;
  pProc2 = ProcList_Get (lParam2) ;

  if( !pProc1 || !pProc2 ) {
    ProcList_Unlock () ;
    return 0 ;
  }
    
  switch( lParamSort & 0x7F )
    {
    case COL_NAME:
      iResult = _tcsicmp (pProc1->szName, pProc2->szName) ;
      break ;

    case COL_PID:            
      iResult = (int)pProc1->nProcessId - (int)pProc2->nProcessId ;
      break ;
      
    case COL_STATE:
      iResult = (int)pProc1->nState - (int)pProc2->nState ;
      break ;

    case COL_PATH:
      iResult = _tcsicmp (pProc1->szPath, pProc2->szPath) ;
      break ;

    default:
      iResult = 0 ;
    }

  ProcList_Unlock () ;

  if( lParamSort & 0x80 )
    iResult = -iResult ;

  return iResult ;
}