General
php for............. wat site/something
Results 1 to 4 of 4
-
10-13-2008 #1Dual-Keyboard Member
- Join Date
- Oct 2008
- Location
- Posts
- 416
- Reputation
10- Thanks
- 89
[C++]Get Process name, PID, User, Path
[php]#include <windows.h>
#include <cstdio>
#include <wtsapi32.h>
#include <psapi.h>
char procs[4096];
/*/////////////////////////////////////
//Process username from Users sid
*//////////////////////////////////////
char* GetUserFromPID(PSID pUserSid)
{
if (pUserSid == NULL)
return false;
SID_NAME_USE snu;
char szUser[_MAX_PATH];
DWORD chUser = _MAX_PATH;
PDWORD pcchUser = &chUser;
char szDomain[_MAX_PATH];
DWORD chDomain = _MAX_PATH;
PDWORD pcchDomain = &chDomain;
strcpy(szUser, "Unknown");
if (::LookupAccountSid(NULL, pUserSid, szUser, pcchUser, szDomain, pcchDomain, &snu))
{
return(szUser);
}
else
{
return("Unknown");
}
return(szUser);
}
/*/////////////////////////////////////
//Exe path from process ID
*//////////////////////////////////////
char* PDirName(DWORD PID){
HANDLE Handle;
char buffer[MAX_PATH];
Handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, PID);
if (Handle != 0)
{
if (GetModuleFileNameEx(Handle, 0, buffer, MAX_PATH) != 0)
{
return (buffer);
}else{
return ("Unknown");
}
CloseHandle(Handle);
}
}
/*/////////////////////////////////////
//Process list
*//////////////////////////////////////
char* PrcList()
{
ZeroMemory(&procs,sizeof(procs));
PWTS_PROCESS_INFO pProcessInfo;
DWORD ProcessCount = 0;
char szUserName[255];
DWORD Id = -1;
char buffer[4096];
if (WTSEnumerateProcesses(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pProcessInfo, &ProcessCount))
{
for (DWORD CurrentProcess = 0; CurrentProcess < ProcessCount; CurrentProcess++)
{
Id = pProcessInfo[CurrentProcess].ProcessId;
sprintf(buffer,"Name: %s Process Id : %d Username: %s Path: %sn",pProcessInfo[CurrentProcess].pProcessName,Id,GetUserFromPID(pProcessInfo[CurrentProcess].pUserSid),PDirName(Id));
strcat(procs,buffer);
}
}
ZeroMemory(&pProcessInfo,sizeof(pProcessInfo));
return (procs);
}
int main()
{
printf(PrcList());
return 0;
}[/php]Last edited by Token; 10-14-2008 at 04:44 AM.
-
10-13-2008 #2Dual-Keyboard Member
- Join Date
- Aug 2008
- Gender
- Posts
- 367
- Reputation
- 10
- Thanks
- 37
-
10-14-2008 #3
ThreadstarterDual-Keyboard Member
- Join Date
- Oct 2008
- Location
- Posts
- 416
- Reputation
- 10
- Thanks
- 89
It's C++ , not PHP.
-
10-17-2008 #4Leecher
- Join Date
- May 2008
- Gender
- Location
- Posts
- 19
- Reputation
- 10
- Thanks
- 0
Yes that is a good method but another could be using NtQuerySystemInformation, although you will still have to read the process's Access Token to find out the user's SID and convert it to the user.
The PEB and TEB also contains a lot of useful info
Other methods could include:
_EPROCESS Kernel block reading (With Debug APIs)
Process32Next (Snapshot API)
EnumProcesses
Similar Threads
-
process name
By laffingdead in forum WarRock HelpReplies: 2Last Post: 04-20-2010, 09:54 PM -
[HELP]What's the process name?
By DeathHunter in forum Alliance of Valiant Arms (AVA) Hacks & CheatsReplies: 7Last Post: 02-24-2010, 10:53 AM -
What is the process name for Warrock?
By gaspert in forum WarRock - International HacksReplies: 1Last Post: 05-09-2009, 02:14 PM -
the detected thing in a bypass is the process name!!!!
By prox32 in forum WarRock - International HacksReplies: 23Last Post: 07-21-2007, 08:09 PM -
How to get ur name in color?
By MysticDude in forum Gunz GeneralReplies: 8Last Post: 05-26-2007, 07:46 AM
