forked from zodiacon/ObjectExplorer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathProcessHelper.cpp
123 lines (107 loc) · 3.31 KB
/
ProcessHelper.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#include "pch.h"
#include "ProcessHelper.h"
#include <TlHelp32.h>
CString ProcessHelper::GetProcessName(DWORD pid) {
wil::unique_handle hProcess(::OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid));
if (hProcess) {
WCHAR name[MAX_PATH];
DWORD size = _countof(name);
if (::QueryFullProcessImageName(hProcess.get(), 0, name, &size)) {
return wcsrchr(name, L'\\') + 1;
}
}
EnumProcesses();
if (auto it = s_names.find(pid); it != s_names.end())
return it->second;
return L"<Unknown>";
}
CString ProcessHelper::GetProcessName2(DWORD pid) {
wil::unique_handle hProcess(::OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid));
if (hProcess) {
WCHAR name[MAX_PATH];
if (::GetProcessImageFileName(hProcess.get(), name, _countof(name))) {
return wcsrchr(name, L'\\') + 1;
}
}
EnumProcesses();
if (auto it = s_names.find(pid); it != s_names.end())
return it->second;
return L"<Unknown>";
}
CString ProcessHelper::GetFullProcessImageName(DWORD pid) {
wil::unique_handle hProcess(::OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid));
if (hProcess) {
WCHAR name[MAX_PATH];
DWORD size = _countof(name);
if (::QueryFullProcessImageName(hProcess.get(), 0, name, &size)) {
return name;
}
}
return GetProcessName2(pid);
}
std::wstring ProcessHelper::GetUserName(DWORD pid) {
if (pid <= 4)
return L"NT AUTHORITY\\System";
wil::unique_handle hProcess(::OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid));
if (!hProcess)
return {};
wil::unique_handle hToken;
if (!::OpenProcessToken(hProcess.get(), TOKEN_QUERY, hToken.addressof()))
return L"";
BYTE buffer[256];
DWORD len;
if (!::GetTokenInformation(hToken.get(), TokenUser, buffer, sizeof(buffer), &len))
return L"";
auto user = reinterpret_cast<TOKEN_USER*>(buffer);
DWORD userMax = TOKEN_USER_MAX_SIZE;
wchar_t name[TOKEN_USER_MAX_SIZE];
DWORD domainMax = 64;
wchar_t domain[64];
SID_NAME_USE use;
if (!::LookupAccountSid(nullptr, user->User.Sid, name, &userMax, domain, &domainMax, &use))
return L"";
return std::wstring(domain) + L"\\" + name;
}
void ProcessHelper::EnumProcesses(bool force) {
if (!force && !s_names.empty())
return;
wil::unique_handle hSnaphost(::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0));
if (!hSnaphost)
return;
PROCESSENTRY32 pe;
pe.dwSize = sizeof(pe);
::Process32First(hSnaphost.get(), &pe);
while (::Process32Next(hSnaphost.get(), &pe)) {
wil::unique_handle hProcess(::OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pe.th32ProcessID));
if (hProcess && wcsrchr(pe.szExeFile, L'.'))
continue;
s_names.insert({ pe.th32ProcessID, pe.szExeFile });
}
}
std::wstring ProcessHelper::GetDosNameFromNtName(PCWSTR name) {
static std::vector<std::pair<std::wstring, std::wstring>> deviceNames;
static bool first = true;
if (first) {
auto drives = ::GetLogicalDrives();
int drive = 0;
while (drives) {
if (drives & 1) {
// drive exists
WCHAR driveName[] = L"X:";
driveName[0] = (WCHAR)(drive + 'A');
WCHAR path[MAX_PATH];
if (::QueryDosDevice(driveName, path, MAX_PATH)) {
deviceNames.push_back({ path, driveName });
}
}
drive++;
drives >>= 1;
}
first = false;
}
for (auto& [ntName, dosName] : deviceNames) {
if (::_wcsnicmp(name, ntName.c_str(), ntName.size()) == 0)
return dosName + (name + ntName.size());
}
return L"";
}