Playing with processes - ??working??

[copex]

just a copy of what i posted over at IW.#
----------------------------------------
the code is very bugie on win7 x64, works better xp 32bit will not run on win 9x, so is win NT only.

the kill process sub works and will terminate a processes, though results very if the process is a system process, it will kill the explorer.exe  but the OS auto re-stares the explorer.exe process, (Privileges Huh?)

SetPrivilege - well it works i think, i don't understand what i should be setting to get thing to work.

there are two methods of getting the EXE name, one uses  EnumProcessModules & GetModuleBaseName and the other use's the CreateToolhelp32Snapshot both a in there own subroutines, the   findProcessIdByName() sub has problems with x64 processes, i am unsure if this is just down to Privileges/API/MYCode if there is anyway round this, it work alot better on win32 but sill kicks out "access denied" errors, as i never got it to work i never impmented the return of the pid for the killprocess sub.

oh.... sorry 4 the messy code.

Code: [Select]

'
'requires Sapero's Windows include files
'---------------------------------------
'
'this code works better on Win32 than Win64 - can anyone fix it :-)
'
$ifndef WIN32
$define WIN32
$endif

$ifdef WIN32
$define WIN32_LEAN_AND_MEAN
$endif
 
$include "windowssdk.inc"
$include "Psapi.inc"
$include "TlHelp32.inc"

DWORD aProcesses[1024], cbNeeded, cProcesses, procId, bProcess[512]
handle hProcess, hTokenSelf, hProcSelf
 
OPENCONSOLE

'// Get PID (Process ID) From window name and kill process.
'//--------------------------------------------------------

/*
hWnd = FindWindowA(NULL,"Calculator")

if hWnd >0
_GetWindowThreadProcessId(hWnd, &procId)
killProcess(procId)
ENDIF
*/

'// Get number of running Processes used by findProcessIdByName()
'
'EnumProcesses( aProcesses, len(aProcesses), &cbNeeded )
'cProcesses = cbNeeded/len(DWORD)

'// set privilages ( Not sure i got this working 100% still getting "access denied" errors
hProcSelf = OpenProcess( PROCESS_ALL_ACCESS,FALSE,GetCurrentProcessId() )
OpenProcessToken(hProcSelf,TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY ,&hTokenSelf)

'SetPrivilege( hTokenSelf, SE_TCB_NAME, TRUE )
'SetPrivilege( hTokenSelf, SE_IMPERSONATE_NAME, TRUE )

SetPrivilege(hTokenSelf,"SeDebugPrivilege",true)

'//check each PID and get filename.
'for i = 0 to cProcesses
' findProcessIdByName(aProcesses[i])
'next i

'// find process id from exe using CreateToolhelp32Snapshot & Kill the process, some process auto restart.
'
'retval = findPIDByName("explorer.exe")
retval = findPIDByName("calc.exe")

if retval <>0
killProcess(retval)
ELSE
print "Process Not Found."
ENDIF

'// terminate this program


print "Press any key to get the hell out of here"
WAITCON

CLOSECONSOLE
END




sub findPIDByName(string fileNameToFindPID),int
'// required by fined PIDByName
const TH32CS_SNAPHEAPLIST =0x00000001
const TH32CS_SNAPPROCESS =0x00000002
const TH32CS_SNAPTHREAD =0x00000004
const TH32CS_SNAPMODULE =0x00000008
const TH32CS_SNAPMODULE32 =0x00000010
const TH32CS_SNAPALL =(TH32CS_SNAPHEAPLIST | TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD | TH32CS_SNAPMODULE)
const TH32CS_INHERIT =0x80000000
const PROCESS_ALL_ACCESS =0x1F0FFF


type PROCESSENTRY32
uint dwSize
uint cntUsage
uint th32ProcessID
uint th32DefaultHeapID
uint th32ModuleID
uint cntThreads
uint th32ParentProcessID
uint pcPriClassBase
uint dwFlags
istring szExeFile[259]
endtype

def pe:PROCESSENTRY32
string item,PID
int retval, x = 0


hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0)
pe.dwSize=len(pe)
retval=Process32First(hSnapshot,pe)

do

if LCASE$(pe.szExeFile) = LCASE$(fileNameToFindPID)
CloseHandle(hSnapshot)
return pe.th32ProcessID
ENDIF
item = pe.szExeFile
PID = STR$(pe.th32ProcessID)

print "["+pid+"] "+item

x++

dwPriorityClass = 0
 
   hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pe.th32ProcessID)

    if hProcess = NULL
      print error("Open Process Fail findpidbyname ")
    else
    
      dwPriorityClass = GetPriorityClass(hProcess)

      if dwPriorityClass <>0
'print dwPriorityClass
ELSE
print error("dwPriorityClass")
endif
CloseHandle(hProcess)

/*' Print process Info
    print "process ID        = ",pe.th32ProcessID
    print "thread count      = ",pe.cntThreads
    print "parent process ID = ",pe.th32ParentProcessID
    print "Priority Base     = ",pe.pcPriClassBase
print "Priority Class    = ",dwPriorityClass
 */
endif

pe.dwSize=len(PROCESSENTRY32)
retval=Process32Next(hSnapshot,pe)

until retval = false

CloseHandle(hSnapshot)
return 0
ENDSUB

sub findProcessIdByName(int processID),INT

int ret
string szProcessName

szProcessName = SPACE$(255)

hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE,processID )

if hProcess <>0

ret = EnumProcessModules( hProcess, bProcess[0], len(bProcess), &cbNeeded)
 
if ret <>0
ret = GetModuleBaseName(hProcess, bProcess[0], szProcessName,len(szProcessName))
' ret = GetModuleFileNameEx(hProcess, bProcess[0], szProcessName,len(szProcessName))


if ret <>0
print szProcessName
ELSE
print error("GetModule")
ENDIF

ELSE
error("EnumProcessModules")
ENDIF
CloseHandle( hProcess )
ELSE
print error( "Openprocess Failed"+str$(processID))
ENDIF
 return 0
ENDSUB

sub killProcess(int PID)

HANDLE hProc

hProc = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_TERMINATE, FALSE, PID)

          if hProc <>0

               if TerminateProcess(hProc, 0) <>0
                    MessageBox (NULL, "CLOSED", "CLOSED", @MB_ICONSTOP)
               else
                    MessageBox (NULL, error("SUB KillProcess "), "NOT CLOSED PID"+str$(procId), @MB_ICONSTOP)
                  CloseHandle(hProc)
  endif
          else
               MessageBox (NULL, error("SUB KillProcess "),"I CANT CLOSE "+str$(procId),@MB_ICONSTOP)
 ENDIF
ENDSUB


sub SetPrivilege(HANDLE hToken, string lpszPrivilege,INT bEnablePrivilege)

TYPE TOKEN_PRIVILEGES
DEF PrivilegeCount:INT
DEF LowPart:INT
DEF HighPart:INT
DEF Attributes:INT
ENDTYPE


def tp:TOKEN_PRIVILEGES
def luid:LUID

if LookupPrivilegeValue(NULL,lpszPrivilege,&luid ) = 0
error("LookupPrivilegeValue error: ")
return FALSE
ENDIF

tp.PrivilegeCount = 1
tp.Privileges[0].Luid = luid

    if bEnablePrivilege = true
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED
else
tp.Privileges[0].Attributes = 0
ENDIF

'// Enable the privilege or disable all privileges.

if AdjustTokenPrivileges(hToken,FALSE, &tp, LEN(TOKEN_PRIVILEGES), 0, 0) =0
error("AdjustTokenPrivileges error:")
 return FALSE
ENDIF

if GetLastError() = ERROR_NOT_ALL_ASSIGNED

 print "The token does not have the specified privilege."
 return FALSE
ENDIF

return TRUE

ENDSUB

SUB error(string errorCall),string  

   INT CodeErrorId, nBufferSize, flag
   STRING sBuffer,retError  

   nBufferSize = 1024
   sBuffer = String$(nBufferSize, Chr$(0))
   flag=FORMAT_MESSAGE_FROM_SYSTEM

   CodeErrorId=GetLastError()

   FormatMessage(flag, NULL,CodeErrorId,LANG_NEUTRAL, sBuffer, nBufferSize ,NULL )
retError = errorCall+" / "+sBuffer+" / ErrorID = "+str$(CodeErrorID)

return retError

endsub