2010-12-04 15:19:36 +10:00
|
|
|
/*
|
2010-12-22 18:47:45 +10:00
|
|
|
Test for a valid process. This may sometimes detect GUI, even for a console
|
|
|
|
|
process. I think this is due to a DLL being loaded in the address space
|
|
|
|
|
before the main image. Ideally I could just use the base address directly,
|
|
|
|
|
but that doesn't seem easy to do for another process - there doesn't seem to
|
|
|
|
|
be a GetModuleHandle for another process. The CreateRemoteThread trick won't
|
|
|
|
|
work with 64-bit (exit code is DWORD) and setting it up to make it work
|
|
|
|
|
hardly seems worth it. There's GetModuleInformation, but passing in NULL just
|
|
|
|
|
returns a base of NULL, so that's no help. Since 64/32 is sufficient, let
|
|
|
|
|
ansicon.exe handle the difference between console/GUI.
|
2010-12-04 15:19:36 +10:00
|
|
|
*/
|
|
|
|
|
|
2010-12-12 21:58:35 +10:00
|
|
|
#include "ansicon.h"
|
2010-12-04 15:19:36 +10:00
|
|
|
|
|
|
|
|
|
|
|
|
|
int ProcessType( LPPROCESS_INFORMATION pinfo )
|
|
|
|
|
{
|
|
|
|
|
MEMORY_BASIC_INFORMATION minfo;
|
|
|
|
|
char* ptr = 0;
|
|
|
|
|
|
|
|
|
|
while (VirtualQueryEx( pinfo->hProcess, ptr, &minfo, sizeof(minfo) ))
|
|
|
|
|
{
|
|
|
|
|
IMAGE_DOS_HEADER dos_header;
|
|
|
|
|
SIZE_T read;
|
2010-12-22 18:47:45 +10:00
|
|
|
if (minfo.BaseAddress == minfo.AllocationBase &&
|
|
|
|
|
ReadProcessMemory( pinfo->hProcess, minfo.AllocationBase,
|
2010-12-04 15:19:36 +10:00
|
|
|
&dos_header, sizeof(dos_header), &read ))
|
|
|
|
|
{
|
|
|
|
|
if (dos_header.e_magic == IMAGE_DOS_SIGNATURE)
|
|
|
|
|
{
|
|
|
|
|
IMAGE_NT_HEADERS nt_header;
|
|
|
|
|
if (ReadProcessMemory( pinfo->hProcess, (char*)minfo.AllocationBase +
|
|
|
|
|
dos_header.e_lfanew, &nt_header,
|
|
|
|
|
sizeof(nt_header), &read ))
|
|
|
|
|
{
|
|
|
|
|
if (nt_header.Signature == IMAGE_NT_SIGNATURE)
|
|
|
|
|
{
|
2010-12-16 16:00:56 +10:00
|
|
|
BOOL gui = (nt_header.OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI);
|
2010-12-12 21:58:35 +10:00
|
|
|
if (nt_header.OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI ||
|
2010-12-16 16:00:56 +10:00
|
|
|
gui )
|
2010-12-04 15:19:36 +10:00
|
|
|
{
|
|
|
|
|
if (nt_header.FileHeader.Machine == IMAGE_FILE_MACHINE_I386)
|
2010-12-16 16:00:56 +10:00
|
|
|
{
|
2010-12-22 18:47:45 +10:00
|
|
|
DEBUGSTR( L" %p: 32-bit %s",
|
|
|
|
|
minfo.AllocationBase, (gui) ? L"GUI" : L"console" );
|
|
|
|
|
return 32;
|
2010-12-16 16:00:56 +10:00
|
|
|
}
|
2010-12-04 15:19:36 +10:00
|
|
|
#ifdef _WIN64
|
2010-12-12 21:58:35 +10:00
|
|
|
if (nt_header.FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64)
|
2010-12-16 16:00:56 +10:00
|
|
|
{
|
2010-12-22 18:47:45 +10:00
|
|
|
DEBUGSTR( L" %p: 64-bit %s",
|
|
|
|
|
minfo.AllocationBase, (gui) ? L"GUI" : L"console" );
|
|
|
|
|
return 64;
|
2010-12-16 16:00:56 +10:00
|
|
|
}
|
2010-12-04 15:19:36 +10:00
|
|
|
#endif
|
2010-12-12 21:58:35 +10:00
|
|
|
DEBUGSTR( L" Ignoring unsupported machine (0x%X)",
|
|
|
|
|
nt_header.FileHeader.Machine );
|
2010-12-04 15:19:36 +10:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2010-12-12 21:58:35 +10:00
|
|
|
DEBUGSTR( L" Ignoring non-Windows subsystem (%u)",
|
|
|
|
|
nt_header.OptionalHeader.Subsystem );
|
2010-12-04 15:19:36 +10:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-12-12 21:58:35 +10:00
|
|
|
return 0;
|
2010-12-04 15:19:36 +10:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
ptr += minfo.RegionSize;
|
|
|
|
|
}
|
|
|
|
|
|
2010-12-12 21:58:35 +10:00
|
|
|
DEBUGSTR( L" Ignoring non-Windows process" );
|
|
|
|
|
return 0;
|
2010-12-04 15:19:36 +10:00
|
|
|
}
|
