X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Frootcheck%2Fwin-process.c;fp=src%2Frootcheck%2Fwin-process.c;h=f6d50e761206b3e20797dadaef45dc13a05d8aeb;hp=5b3908f66483d78ea60d4b95d097629db8766df9;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/src/rootcheck/win-process.c b/src/rootcheck/win-process.c
index 5b3908f..f6d50e7 100644
--- a/src/rootcheck/win-process.c
+++ b/src/rootcheck/win-process.c
@@ -1,6 +1,3 @@
-/* @(#) $Id: ./src/rootcheck/win-process.c, 2011/09/08 dcid Exp $
- */
-
 /* Copyright (C) 2009 Trend Micro Inc.
  * All right reserved.
  *
@@ -18,10 +15,10 @@
 #include <psapi.h>
 
 
-/* Using: http://support.microsoft.com/kb/q131065/ as ref for debug priv */
-
-
-/* Set Debug privilege */
+/* Set Debug privilege
+ * See: "How to obtain a handle to any process with SeDebugPrivilege"
+ * http://support.microsoft.com/kb/131065/en-us
+ */
 int os_win32_setdebugpriv(HANDLE h, int en)
 {
     TOKEN_PRIVILEGES tp;
@@ -29,9 +26,8 @@ int os_win32_setdebugpriv(HANDLE h, int en)
     LUID luid;
     DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES);
 
-    if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
-    {
-        return(0);
+    if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {
+        return (0);
     }
 
     tp.PrivilegeCount = 1;
@@ -39,151 +35,116 @@ int os_win32_setdebugpriv(HANDLE h, int en)
     tp.Privileges[0].Attributes = 0;
 
     AdjustTokenPrivileges(h, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),
-                          &tpPrevious,&cbPrevious);
+                          &tpPrevious, &cbPrevious);
 
-    if(GetLastError() != ERROR_SUCCESS)
-    {
-        return(0);
+    if (GetLastError() != ERROR_SUCCESS) {
+        return (0);
     }
 
     tpPrevious.PrivilegeCount = 1;
     tpPrevious.Privileges[0].Luid = luid;
 
-
     /* If en is set to true, we enable the privilege */
-    if(en)
-    {
+    if (en) {
         tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
-    }
-    else
-    {
+    } else {
         tpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED &
-                tpPrevious.Privileges[0].Attributes);
+                                                tpPrevious.Privileges[0].Attributes);
     }
 
     AdjustTokenPrivileges(h, FALSE, &tpPrevious, cbPrevious, NULL, NULL);
-    if(GetLastError() != ERROR_SUCCESS)
-    {
-        return(0);
+    if (GetLastError() != ERROR_SUCCESS) {
+        return (0);
     }
 
-    return(1);
+    return (1);
 }
 
-
-
-/* os_get_process_list: Get list of win32 processes */
-void *os_get_process_list()
+/* Get list of win32 processes */
+OSList *os_get_process_list()
 {
     OSList *p_list = NULL;
-
     HANDLE hsnap;
     HANDLE hpriv;
     PROCESSENTRY32 p_entry;
     p_entry.dwSize = sizeof(PROCESSENTRY32);
 
-
-    /* Getting token for enable debug priv */
-    if(!OpenThreadToken(GetCurrentThread(),
-                        TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, FALSE, &hpriv))
-    {
-        if(GetLastError() == ERROR_NO_TOKEN)
-        {
-            if(!ImpersonateSelf(SecurityImpersonation))
-            {
+    /* Get token to enable Debug privilege */
+    if (!OpenThreadToken(GetCurrentThread(),
+                         TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &hpriv)) {
+        if (GetLastError() == ERROR_NO_TOKEN) {
+            if (!ImpersonateSelf(SecurityImpersonation)) {
                 merror("%s: ERROR: os_get_win32_process_list -> "
-                       "ImpersonateSelf",ARGV0);
-                return(NULL);
+                       "ImpersonateSelf", ARGV0);
+                return (NULL);
             }
 
-            if(!OpenThreadToken(GetCurrentThread(),
-                                TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,
-                                FALSE, &hpriv))
-            {
+            if (!OpenThreadToken(GetCurrentThread(),
+                                 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
+                                 FALSE, &hpriv)) {
                 merror("%s: ERROR: os_get_win32_process_list -> "
-                       "OpenThread",ARGV0);
-                return(NULL) ;
+                       "OpenThread", ARGV0);
+                return (NULL) ;
             }
-        }
-        else
-        {
-            merror("%s: ERROR: os_get_win32_process_list -> OpenThread",ARGV0);
-            return(NULL);
+        } else {
+            merror("%s: ERROR: os_get_win32_process_list -> OpenThread", ARGV0);
+            return (NULL);
         }
     }
 
-
-    /* Enabling debug privilege */
-    if(!os_win32_setdebugpriv(hpriv, 1))
-    {
-        merror("%s: ERROR: os_win32_setdebugpriv",ARGV0);
+    /* Enable debug privilege */
+    if (!os_win32_setdebugpriv(hpriv, 1)) {
+        merror("%s: ERROR: os_win32_setdebugpriv", ARGV0);
         CloseHandle(hpriv);
-
-        return(NULL);
+        return (NULL);
     }
 
-
-    /* Snapshot of every process */
+    /* Make a snapshot of every process */
     hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
-    if(hsnap == INVALID_HANDLE_VALUE)
-    {
-        merror("%s: ERROR: CreateToolhelp32Snapshot",ARGV0);
-        return(NULL);
+    if (hsnap == INVALID_HANDLE_VALUE) {
+        merror("%s: ERROR: CreateToolhelp32Snapshot", ARGV0);
+        return (NULL);
     }
 
-
-    /* Getting first and second processes -- system entries */
-    if(!Process32First(hsnap, &p_entry) && !Process32Next(hsnap, &p_entry ))
-    {
+    /* Get first and second processes -- system entries */
+    if (!Process32First(hsnap, &p_entry) && !Process32Next(hsnap, &p_entry )) {
         merror("%s: ERROR: Process32First", ARGV0);
         CloseHandle(hsnap);
-        return(NULL);
+        return (NULL);
     }
 
-
-    /* Creating process list */
+    /* Create process list */
     p_list = OSList_Create();
-    if(!p_list)
-    {
+    if (!p_list) {
         CloseHandle(hsnap);
         merror(LIST_ERROR, ARGV0);
-        return(0);
+        return (0);
     }
 
-
-    /* Getting each process name and path */
-    while(Process32Next( hsnap, &p_entry))
-    {
+    /* Get each process name and path */
+    while (Process32Next( hsnap, &p_entry)) {
         char *p_name;
         char *p_path;
         Proc_Info *p_info;
 
-        /* Setting process name */
+        /* Set process name */
         os_strdup(p_entry.szExeFile, p_name);
 
-
-        /* Getting additional information from modules */
+        /* Get additional information from modules */
         HANDLE hmod = INVALID_HANDLE_VALUE;
         MODULEENTRY32 m_entry;
         m_entry.dwSize = sizeof(MODULEENTRY32);
 
         /* Snapshot of the process */
-        hmod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,
-                                        p_entry.th32ProcessID);
-        if(hmod == INVALID_HANDLE_VALUE)
-        {
-            os_strdup(p_name, p_path);
-        }
+        hmod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, p_entry.th32ProcessID);
 
-        /* Getting executable path (first entry in the module list */
-        else if(!Module32First(hmod, &m_entry))
-        {
+        if (hmod == INVALID_HANDLE_VALUE) {
+            os_strdup(p_name, p_path);
+        } else if (!Module32First(hmod, &m_entry)) {
+            /* Get executable path (first entry in the module list) */
             CloseHandle(hmod);
             os_strdup(p_name, p_path);
-        }
-
-        else
-        {
+        } else {
             os_strdup(m_entry.szExePath, p_path);
             CloseHandle(hmod);
         }
@@ -194,13 +155,12 @@ void *os_get_process_list()
         OSList_AddData(p_list, p_info);
     }
 
-    /* Removing debug privileges */
+    /* Remove debug privileges */
     os_win32_setdebugpriv(hpriv, 0);
 
     CloseHandle(hsnap);
-    return((void *)p_list);
+    return (p_list);
 }
 
 #endif /* WIN32 */
 
-/* EOF */