Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include "stdafx.h"
- #include <Windows.h>
- #include <Tlhelp32.h.>
- FILETIME timp,timp2;
- void wait(int wait)
- {
- DWORD start = GetTickCount();
- while(start + wait < GetTickCount());
- }
- void init()
- {
- HANDLE hSnap,hProc,tSnap,hThread,hModule,mSnap;
- PROCESSENTRY32 process;
- THREADENTRY32 thread;
- MODULEENTRY32 modul;
- SYSTEMTIME systime;
- HKEY key;
- char path[MAX_PATH],aux[MAX_PATH],aux2[MAX_PATH];
- DWORD exists;
- process.dwSize = sizeof( PROCESSENTRY32 );
- hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
- Process32First(hSnap, &process);
- RegDeleteTree(HKEY_CURRENT_USER,"Wow6432Node\\Software\\TestWin32Api");
- while(Process32Next(hSnap,&process))
- {
- hProc = OpenProcess(PROCESS_QUERY_INFORMATION ,false, process.th32ProcessID );
- printf("%s - error : %d\n",process.szExeFile, GetLastError());
- strcpy(path,"Wow6432Node\\Software\\TestWin32Api\\");
- strcat(strcat(strcat(path,itoa(process.th32ProcessID,aux,10)),"_"),process.szExeFile);
- RegCreateKeyEx(HKEY_CURRENT_USER,path,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
- mSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,process.th32ProcessID );
- Module32First(mSnap, &modul);
- RegSetValueEx(key,"Path:",0,1,(BYTE*)modul.szExePath,strlen(modul.szExePath)+1);
- strcpy(aux,path);
- strcat(strcat(aux,"\\"),"Modules");
- RegCreateKeyEx(HKEY_CURRENT_USER,aux,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
- while(Module32Next(mSnap,&modul))
- {
- RegSetValueEx(key,modul.szModule,0,REG_DWORD,modul.modBaseAddr,sizeof(modul.modBaseAddr));
- }
- CloseHandle(mSnap);
- tSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
- Thread32First(tSnap,&thread);
- strcpy(aux,path);
- strcat(strcat(aux,"\\"),"threads");
- RegCreateKeyEx(HKEY_CURRENT_USER,aux,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
- do
- {
- if(process.th32ProcessID == thread.th32OwnerProcessID);
- {
- RegSetValueEx(key,"TID:",0,REG_DWORD,(BYTE*)&thread.th32ThreadID,sizeof(thread.th32ThreadID));
- }
- }while(Thread32Next(tSnap,&thread));
- CloseHandle(tSnap);
- CloseHandle(hProc);
- }
- }
- void check_reg()
- {
- HANDLE hSnap,hProc,tSnap,mSnap;
- PROCESSENTRY32 process;
- THREADENTRY32 thread;
- MODULEENTRY32 modul;
- SYSTEMTIME systime;
- FILETIME aux_time,aux_time2,aux_time3,aux_time4;
- HKEY key;
- DWORD i = 0,buffer_size = MAX_PATH,pid,ok,exists;
- char buffer[MAX_PATH],*token,path[MAX_PATH],aux[MAX_PATH],aux2[MAX_PATH];
- GetSystemTime(&systime);
- wait(5000);
- SystemTimeToFileTime(&systime,&timp);
- hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
- Process32First(hSnap, &process);
- while(Process32Next(hSnap,&process))
- {
- ok = 1;
- RegOpenKeyEx(HKEY_CURRENT_USER,"Wow6432Node\\Software\\TestWin32Api\\",0,KEY_ENUMERATE_SUB_KEYS ,&key);
- i=0;
- while(RegEnumKeyEx(key,i,buffer,&buffer_size,NULL,NULL,NULL,NULL)!=ERROR_NO_MORE_ITEMS)
- {
- token = strtok(buffer,"_");
- pid = atoi(token);
- if(pid == process.th32ProcessID)
- {
- ok = 0;
- break;
- }
- i++;
- strcpy(buffer,"");
- buffer_size = MAX_PATH;
- }
- hProc = OpenProcess(PROCESS_TERMINATE | PROCESS_QUERY_LIMITED_INFORMATION ,false,process.th32ProcessID);
- //TerminateProcess(hProc,0);
- GetProcessTimes(hProc,&aux_time,&aux_time2,&aux_time3,&aux_time4);
- if(aux_time.dwHighDateTime < timp.dwHighDateTime && ok == 1)
- printf("process %d:%s will be terminated\n",process.th32ProcessID,process.szExeFile);
- else if(aux_time.dwHighDateTime == timp.dwHighDateTime && aux_time.dwLowDateTime < timp.dwLowDateTime && ok == 1)
- printf("process %d:%s will be terminated\n",process.th32ProcessID,process.szExeFile);
- else
- {
- strcpy(path,"Wow6432Node\\Software\\TestWin32Api\\");
- strcat(strcat(strcat(path,itoa(process.th32ProcessID,aux,10)),"_"),process.szExeFile);
- RegCreateKeyEx(HKEY_CURRENT_USER,path,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
- mSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE32,process.th32ProcessID );
- Module32First(mSnap, &modul);
- RegSetValueEx(key,"Path:",0,1,(BYTE*)modul.szExePath,strlen(modul.szExePath)+1);
- strcpy(aux,path);
- strcat(strcat(aux,"\\"),"Modules");
- RegCreateKeyEx(HKEY_CURRENT_USER,aux,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
- while(Module32Next(mSnap,&modul))
- {
- RegSetValueEx(key,modul.szModule,0,REG_DWORD,modul.modBaseAddr,sizeof(modul.modBaseAddr));
- }
- CloseHandle(mSnap);
- tSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
- Thread32First(tSnap,&thread);
- strcpy(aux,path);
- strcat(strcat(aux,"\\"),"threads");
- RegCreateKeyEx(HKEY_CURRENT_USER,aux,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
- do
- {
- if(process.th32ProcessID == thread.th32OwnerProcessID);
- {
- RegSetValueEx(key,"TID:",0,REG_DWORD,(BYTE*)&thread.th32ThreadID,sizeof(thread.th32ThreadID));
- }
- }while(Thread32Next(tSnap,&thread));
- CloseHandle(tSnap);
- CloseHandle(hProc);
- }
- }
- }
- int main()
- {
- SYSTEMTIME systime;
- init();
- while(1)
- {
- //check_reg();
- }
- system("pause");
- return 0;
- }
Add Comment
Please, Sign In to add comment