Guest User

Untitled

a guest
Dec 18th, 2018
82
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 5.11 KB | None | 0 0
  1.  
  2. #include "stdafx.h"
  3. #include <Windows.h>
  4. #include <Tlhelp32.h.>
  5.  
  6. FILETIME timp,timp2;
  7.  
  8. void wait(int wait)
  9. {
  10.     DWORD start = GetTickCount();
  11.     while(start + wait < GetTickCount());
  12.        
  13. }
  14.  
  15.  
  16. void init()
  17. {
  18.     HANDLE hSnap,hProc,tSnap,hThread,hModule,mSnap;
  19.     PROCESSENTRY32 process;
  20.     THREADENTRY32 thread;
  21.     MODULEENTRY32 modul;
  22.     SYSTEMTIME systime;
  23.     HKEY key;
  24.     char path[MAX_PATH],aux[MAX_PATH],aux2[MAX_PATH];
  25.     DWORD exists;
  26.     process.dwSize = sizeof( PROCESSENTRY32 );
  27.     hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
  28.     Process32First(hSnap, &process);
  29.     RegDeleteTree(HKEY_CURRENT_USER,"Wow6432Node\\Software\\TestWin32Api");
  30.     while(Process32Next(hSnap,&process))
  31.     {
  32.         hProc = OpenProcess(PROCESS_QUERY_INFORMATION ,false, process.th32ProcessID );
  33.  
  34.         printf("%s - error : %d\n",process.szExeFile, GetLastError());
  35.         strcpy(path,"Wow6432Node\\Software\\TestWin32Api\\");
  36.         strcat(strcat(strcat(path,itoa(process.th32ProcessID,aux,10)),"_"),process.szExeFile);
  37.         RegCreateKeyEx(HKEY_CURRENT_USER,path,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
  38.         mSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,process.th32ProcessID );
  39.         Module32First(mSnap, &modul);
  40.         RegSetValueEx(key,"Path:",0,1,(BYTE*)modul.szExePath,strlen(modul.szExePath)+1);
  41.         strcpy(aux,path);
  42.         strcat(strcat(aux,"\\"),"Modules");
  43.         RegCreateKeyEx(HKEY_CURRENT_USER,aux,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
  44.         while(Module32Next(mSnap,&modul))
  45.         {
  46.             RegSetValueEx(key,modul.szModule,0,REG_DWORD,modul.modBaseAddr,sizeof(modul.modBaseAddr));
  47.         }
  48.         CloseHandle(mSnap);
  49.  
  50.         tSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
  51.         Thread32First(tSnap,&thread);
  52.         strcpy(aux,path);
  53.         strcat(strcat(aux,"\\"),"threads");
  54.         RegCreateKeyEx(HKEY_CURRENT_USER,aux,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
  55.         do
  56.         {
  57.             if(process.th32ProcessID == thread.th32OwnerProcessID);
  58.             {
  59.                 RegSetValueEx(key,"TID:",0,REG_DWORD,(BYTE*)&thread.th32ThreadID,sizeof(thread.th32ThreadID));
  60.             }
  61.  
  62.         }while(Thread32Next(tSnap,&thread));
  63.         CloseHandle(tSnap);
  64.         CloseHandle(hProc);
  65.     }
  66. }
  67.  
  68. void check_reg()
  69. {
  70.  
  71.     HANDLE hSnap,hProc,tSnap,mSnap;
  72.     PROCESSENTRY32 process;
  73.     THREADENTRY32 thread;
  74.     MODULEENTRY32 modul;
  75.     SYSTEMTIME systime;
  76.     FILETIME aux_time,aux_time2,aux_time3,aux_time4;
  77.     HKEY key;
  78.     DWORD i = 0,buffer_size = MAX_PATH,pid,ok,exists;
  79.     char buffer[MAX_PATH],*token,path[MAX_PATH],aux[MAX_PATH],aux2[MAX_PATH];
  80.     GetSystemTime(&systime);
  81.     wait(5000);
  82.     SystemTimeToFileTime(&systime,&timp);
  83.     hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
  84.     Process32First(hSnap, &process);
  85.     while(Process32Next(hSnap,&process))
  86.     {
  87.         ok = 1;
  88.         RegOpenKeyEx(HKEY_CURRENT_USER,"Wow6432Node\\Software\\TestWin32Api\\",0,KEY_ENUMERATE_SUB_KEYS ,&key);
  89.         i=0;
  90.         while(RegEnumKeyEx(key,i,buffer,&buffer_size,NULL,NULL,NULL,NULL)!=ERROR_NO_MORE_ITEMS)
  91.         {
  92.             token = strtok(buffer,"_");
  93.             pid = atoi(token);
  94.             if(pid == process.th32ProcessID)
  95.             {
  96.                 ok = 0;
  97.                 break;
  98.             }
  99.             i++;
  100.             strcpy(buffer,"");
  101.             buffer_size = MAX_PATH;
  102.         }
  103.         hProc = OpenProcess(PROCESS_TERMINATE | PROCESS_QUERY_LIMITED_INFORMATION  ,false,process.th32ProcessID);
  104.         //TerminateProcess(hProc,0);
  105.         GetProcessTimes(hProc,&aux_time,&aux_time2,&aux_time3,&aux_time4);
  106.         if(aux_time.dwHighDateTime < timp.dwHighDateTime && ok == 1)               
  107.             printf("process %d:%s will be terminated\n",process.th32ProcessID,process.szExeFile);
  108.         else if(aux_time.dwHighDateTime ==  timp.dwHighDateTime && aux_time.dwLowDateTime < timp.dwLowDateTime && ok == 1)             
  109.             printf("process %d:%s will be terminated\n",process.th32ProcessID,process.szExeFile);              
  110.         else
  111.         {
  112.             strcpy(path,"Wow6432Node\\Software\\TestWin32Api\\");
  113.             strcat(strcat(strcat(path,itoa(process.th32ProcessID,aux,10)),"_"),process.szExeFile);
  114.             RegCreateKeyEx(HKEY_CURRENT_USER,path,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
  115.             mSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE32,process.th32ProcessID );
  116.             Module32First(mSnap, &modul);
  117.             RegSetValueEx(key,"Path:",0,1,(BYTE*)modul.szExePath,strlen(modul.szExePath)+1);
  118.             strcpy(aux,path);
  119.             strcat(strcat(aux,"\\"),"Modules");
  120.             RegCreateKeyEx(HKEY_CURRENT_USER,aux,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
  121.             while(Module32Next(mSnap,&modul))
  122.             {
  123.                 RegSetValueEx(key,modul.szModule,0,REG_DWORD,modul.modBaseAddr,sizeof(modul.modBaseAddr));
  124.             }
  125.             CloseHandle(mSnap);
  126.  
  127.             tSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
  128.             Thread32First(tSnap,&thread);
  129.             strcpy(aux,path);
  130.             strcat(strcat(aux,"\\"),"threads");
  131.             RegCreateKeyEx(HKEY_CURRENT_USER,aux,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,NULL,&key,&exists);
  132.             do
  133.             {
  134.                 if(process.th32ProcessID == thread.th32OwnerProcessID);
  135.                 {
  136.                     RegSetValueEx(key,"TID:",0,REG_DWORD,(BYTE*)&thread.th32ThreadID,sizeof(thread.th32ThreadID));
  137.                 }
  138.  
  139.             }while(Thread32Next(tSnap,&thread));
  140.             CloseHandle(tSnap);
  141.             CloseHandle(hProc);
  142.  
  143.  
  144.  
  145.         }
  146.     }
  147.  
  148. }
  149.  
  150.  
  151. int main()
  152. {
  153.  
  154.     SYSTEMTIME systime;
  155.     init();
  156.     while(1)
  157.     {
  158.         //check_reg();
  159.     }
  160.     system("pause");
  161.     return 0;
  162. }
Add Comment
Please, Sign In to add comment