im not sure how to best explain this but here goes...
is it possible to tell if program2 is modifying values of program1?
example:
Program1 loads, sets a bunch of values
Program2 loads, accesses program1's process and persistantly modifies some values
Program3 (what i am developing) loops through all proccesses running on the system to check if anything is altering the values of Program1
so far all ive managed to do is look for the offending program2 (regardless of whether its altering program1) and terminate it. however simply changing the name of program2 throws a spanner in the works.
existing code....
any input appreciated.
If somethings hard to do, its not worth doing - Homer Simpson
is it possible to tell if program2 is modifying values of program1?
example:
Program1 loads, sets a bunch of values
Program2 loads, accesses program1's process and persistantly modifies some values
Program3 (what i am developing) loops through all proccesses running on the system to check if anything is altering the values of Program1
so far all ive managed to do is look for the offending program2 (regardless of whether its altering program1) and terminate it. however simply changing the name of program2 throws a spanner in the works.
existing code....
Code:
//
#include "stdafx.h"
#include "windows.h"
#include <tlhelp32.h>
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
// TODO: Place code here.
OSVERSIONINFO OSVersion;
OSVersion.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
if(!GetVersionEx(&OSVersion)) return 0;
HANDLE hProcess;
if(OSVersion.dwPlatformId==VER_PLATFORM_WIN32_NT)// NT based OS
{
HINSTANCE hiPSAPI = LoadLibrary("PSAPI.DLL");
if( hiPSAPI == NULL ) return 0;
// PSAPI Function Pointers.
typedef BOOL (WINAPI *LPENUMPROCESSES)(DWORD *,DWORD,DWORD *);
typedef BOOL (WINAPI *LPENUMPROCESSMODULES)( HANDLE,HMODULE *,DWORD,LPDWORD);
typedef DWORD (WINAPI *LPGETMODULEBASENAME)( HANDLE,HMODULE,LPTSTR,DWORD);
LPENUMPROCESSES lpfEnumProcesses = (LPENUMPROCESSES)GetProcAddress(hiPSAPI,"EnumProcesses");
LPENUMPROCESSMODULES lpfEnumProcessModules = (LPENUMPROCESSMODULES)GetProcAddress(hiPSAPI,"EnumProcessModules");
LPGETMODULEBASENAME lpfGetModuleBaseName = (LPGETMODULEBASENAME)GetProcAddress(hiPSAPI,"GetModuleBaseNameA");
if(!lpfEnumProcesses||!lpfEnumProcessModules||!lpfGetModuleBaseName)
{
FreeLibrary(hiPSAPI);
return 0;
}
//TODO: add loop to increase to max dwNeeded, set at 400 for test
DWORD ProcessIDList[400],dwCb=400,dwCbNeeded,cbRet;
if(!lpfEnumProcesses(ProcessIDList,dwCb,&dwCbNeeded))
{
FreeLibrary(hiPSAPI);
return 0;
}
HMODULE hModule[50];
char ModuleName[50];
unsigned char i=0;
while(i<dwCbNeeded/sizeof(DWORD))
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_TERMINATE,0,ProcessIDList[i++]);
if(hProcess)
{
//check to see if this process is accessing our program1
/*cbRet=0;
if(lpfEnumProcessModules(hProcess,hModule,50,&cbRet))
if(lpfGetModuleBaseName(hProcess,hModule[0],ModuleName,50))
if(!stricmp(ModuleName,"TSearch.eXE"))
{
//this is all fine and dandy as long as the exe name is not changed
TerminateProcess(hProcess,0);
CloseHandle(hProcess);
break;
}
cbRet=GetLastError();
CloseHandle(hProcess);*/
}
}
FreeLibrary(hiPSAPI);
}
else if(OSVersion.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS)// Win 9x
{
}
return 0;
}any input appreciated.
If somethings hard to do, its not worth doing - Homer Simpson