1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
12 #include "rootcheck.h"
18 /* Set Debug privilege
19 * See: "How to obtain a handle to any process with SeDebugPrivilege"
20 * http://support.microsoft.com/kb/131065/en-us
22 int os_win32_setdebugpriv(HANDLE h, int en)
25 TOKEN_PRIVILEGES tpPrevious;
27 DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES);
29 if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {
33 tp.PrivilegeCount = 1;
34 tp.Privileges[0].Luid = luid;
35 tp.Privileges[0].Attributes = 0;
37 AdjustTokenPrivileges(h, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),
38 &tpPrevious, &cbPrevious);
40 if (GetLastError() != ERROR_SUCCESS) {
44 tpPrevious.PrivilegeCount = 1;
45 tpPrevious.Privileges[0].Luid = luid;
47 /* If en is set to true, we enable the privilege */
49 tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
51 tpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED &
52 tpPrevious.Privileges[0].Attributes);
55 AdjustTokenPrivileges(h, FALSE, &tpPrevious, cbPrevious, NULL, NULL);
56 if (GetLastError() != ERROR_SUCCESS) {
63 /* Get list of win32 processes */
64 OSList *os_get_process_list()
66 OSList *p_list = NULL;
69 PROCESSENTRY32 p_entry;
70 p_entry.dwSize = sizeof(PROCESSENTRY32);
72 /* Get token to enable Debug privilege */
73 if (!OpenThreadToken(GetCurrentThread(),
74 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &hpriv)) {
75 if (GetLastError() == ERROR_NO_TOKEN) {
76 if (!ImpersonateSelf(SecurityImpersonation)) {
77 merror("%s: ERROR: os_get_win32_process_list -> "
78 "ImpersonateSelf", ARGV0);
82 if (!OpenThreadToken(GetCurrentThread(),
83 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
85 merror("%s: ERROR: os_get_win32_process_list -> "
90 merror("%s: ERROR: os_get_win32_process_list -> OpenThread", ARGV0);
95 /* Enable debug privilege */
96 if (!os_win32_setdebugpriv(hpriv, 1)) {
97 merror("%s: ERROR: os_win32_setdebugpriv", ARGV0);
102 /* Make a snapshot of every process */
103 hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
104 if (hsnap == INVALID_HANDLE_VALUE) {
105 merror("%s: ERROR: CreateToolhelp32Snapshot", ARGV0);
109 /* Get first and second processes -- system entries */
110 if (!Process32First(hsnap, &p_entry) && !Process32Next(hsnap, &p_entry )) {
111 merror("%s: ERROR: Process32First", ARGV0);
116 /* Create process list */
117 p_list = OSList_Create();
120 merror(LIST_ERROR, ARGV0);
124 /* Get each process name and path */
125 while (Process32Next( hsnap, &p_entry)) {
130 /* Set process name */
131 os_strdup(p_entry.szExeFile, p_name);
133 /* Get additional information from modules */
134 HANDLE hmod = INVALID_HANDLE_VALUE;
135 MODULEENTRY32 m_entry;
136 m_entry.dwSize = sizeof(MODULEENTRY32);
138 /* Snapshot of the process */
139 hmod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, p_entry.th32ProcessID);
141 if (hmod == INVALID_HANDLE_VALUE) {
142 os_strdup(p_name, p_path);
143 } else if (!Module32First(hmod, &m_entry)) {
144 /* Get executable path (first entry in the module list) */
146 os_strdup(p_name, p_path);
148 os_strdup(m_entry.szExePath, p_path);
152 os_calloc(1, sizeof(Proc_Info), p_info);
153 p_info->p_name = p_name;
154 p_info->p_path = p_path;
155 OSList_AddData(p_list, p_info);
158 /* Remove debug privileges */
159 os_win32_setdebugpriv(hpriv, 0);