1 /* @(#) $Id: win-process.c,v 1.5 2009/06/24 18:53:08 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
14 #include "rootcheck.h"
20 /* Using: http://support.microsoft.com/kb/q131065/ as ref for debug priv */
23 /* Set Debug privilege */
24 int os_win32_setdebugpriv(HANDLE h, int en)
27 TOKEN_PRIVILEGES tpPrevious;
29 DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES);
31 if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
36 tp.PrivilegeCount = 1;
37 tp.Privileges[0].Luid = luid;
38 tp.Privileges[0].Attributes = 0;
40 AdjustTokenPrivileges(h, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),
41 &tpPrevious,&cbPrevious);
43 if(GetLastError() != ERROR_SUCCESS)
48 tpPrevious.PrivilegeCount = 1;
49 tpPrevious.Privileges[0].Luid = luid;
52 /* If en is set to true, we enable the privilege */
55 tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
59 tpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED &
60 tpPrevious.Privileges[0].Attributes);
63 AdjustTokenPrivileges(h, FALSE, &tpPrevious, cbPrevious, NULL, NULL);
64 if(GetLastError() != ERROR_SUCCESS)
74 /* os_get_process_list: Get list of win32 processes */
75 void *os_get_process_list()
77 OSList *p_list = NULL;
81 PROCESSENTRY32 p_entry;
82 p_entry.dwSize = sizeof(PROCESSENTRY32);
85 /* Getting token for enable debug priv */
86 if(!OpenThreadToken(GetCurrentThread(),
87 TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, FALSE, &hpriv))
89 if(GetLastError() == ERROR_NO_TOKEN)
91 if(!ImpersonateSelf(SecurityImpersonation))
93 merror("%s: ERROR: os_get_win32_process_list -> "
94 "ImpersonateSelf",ARGV0);
98 if(!OpenThreadToken(GetCurrentThread(),
99 TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,
102 merror("%s: ERROR: os_get_win32_process_list -> "
109 merror("%s: ERROR: os_get_win32_process_list -> OpenThread",ARGV0);
115 /* Enabling debug privilege */
116 if(!os_win32_setdebugpriv(hpriv, 1))
118 merror("%s: ERROR: os_win32_setdebugpriv",ARGV0);
125 /* Snapshot of every process */
126 hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
127 if(hsnap == INVALID_HANDLE_VALUE)
129 merror("%s: ERROR: CreateToolhelp32Snapshot",ARGV0);
134 /* Getting first and second processes -- system entries */
135 if(!Process32First(hsnap, &p_entry) && !Process32Next(hsnap, &p_entry ))
137 merror("%s: ERROR: Process32First", ARGV0);
143 /* Creating process list */
144 p_list = OSList_Create();
148 merror(LIST_ERROR, ARGV0);
153 /* Getting each process name and path */
154 while(Process32Next( hsnap, &p_entry))
160 /* Setting process name */
161 os_strdup(p_entry.szExeFile, p_name);
164 /* Getting additional information from modules */
165 HANDLE hmod = INVALID_HANDLE_VALUE;
166 MODULEENTRY32 m_entry;
167 m_entry.dwSize = sizeof(MODULEENTRY32);
169 /* Snapshot of the process */
170 hmod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,
171 p_entry.th32ProcessID);
172 if(hmod == INVALID_HANDLE_VALUE)
174 os_strdup(p_name, p_path);
177 /* Getting executable path (first entry in the module list */
178 else if(!Module32First(hmod, &m_entry))
181 os_strdup(p_name, p_path);
186 os_strdup(m_entry.szExePath, p_path);
190 os_calloc(1, sizeof(Proc_Info), p_info);
191 p_info->p_name = p_name;
192 p_info->p_path = p_path;
193 OSList_AddData(p_list, p_info);
196 /* Removing debug privileges */
197 os_win32_setdebugpriv(hpriv, 0);
200 return((void *)p_list);