windows-nt/Source/XPSP1/NT/sdktools/checksym/processes.cpp

833 lines
23 KiB
C++
Raw Normal View History

2020-09-26 03:20:57 -05:00
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1999 - 2000
//
// File: processes.cpp
//
//--------------------------------------------------------------------------
// Processes.cpp: implementation of the CProcesses class.
//
//////////////////////////////////////////////////////////////////////
#ifndef NO_STRICT
#ifndef STRICT
#define STRICT 1
#endif
#endif /* NO_STRICT */
#include <WINDOWS.H>
#include <STDIO.H>
#include <TCHAR.H>
#include <stdlib.h>
#include "Globals.h"
#include "Processes.h"
#include "ProcessInfo.h"
#include "ProcessInfoNode.h"
#include "FileData.h"
#include "UtilityFunctions.h"
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CProcesses::CProcesses()
{
m_fInitialized = false;
m_iNumberOfProcesses = 0;
m_enumProcessCollectionMethod = NO_METHOD;
// Contained Objects
m_lpProcessInfoHead = NULL;
m_ProcessInfoHeadMutex = NULL;
// m_lpProgramOptions = NULL;
m_lpModuleInfoCache = NULL;
m_lpOutputFile = NULL;
m_lpInputFile = NULL;
}
CProcesses::~CProcesses()
{
WaitForSingleObject(m_ProcessInfoHeadMutex, INFINITE);
// If we have Process Info Objects... nuke them now...
if (m_lpProcessInfoHead)
{
CProcessInfoNode * lpProcessInfoNodePointer = m_lpProcessInfoHead;
CProcessInfoNode * lpProcessInfoNodePointerToDelete = m_lpProcessInfoHead;
// Traverse the linked list to the end..
while (lpProcessInfoNodePointer)
{ // Keep looking for the end...
// Advance our pointer to the next node...
lpProcessInfoNodePointer = lpProcessInfoNodePointer->m_lpNextProcessInfoNode;
// Delete the one behind us...
delete lpProcessInfoNodePointerToDelete;
// Set the node to delete to the current...
lpProcessInfoNodePointerToDelete = lpProcessInfoNodePointer;
}
// Now, clear out the Head pointer...
m_lpProcessInfoHead = NULL;
}
// Be a good citizen and release the Mutex
ReleaseMutex(m_ProcessInfoHeadMutex);
// Now, close the Mutex
if (m_ProcessInfoHeadMutex)
{
CloseHandle(m_ProcessInfoHeadMutex);
m_ProcessInfoHeadMutex = NULL;
}
}
//bool CProcesses::Initialize(CProgramOptions * lpProgramOptions, CModuleInfoCache * lpModuleInfoCache, CFileData * lpInputFile, CFileData * lpOutputFile)
bool CProcesses::Initialize(CModuleInfoCache * lpModuleInfoCache, CFileData * lpInputFile, CFileData * lpOutputFile)
{
// We need the following objects to do business...
// if ( lpProgramOptions == NULL || lpModuleInfoCache == NULL)
if ( lpModuleInfoCache == NULL)
return false;
// Let's save away our program options (beats passing it as an
// argument to every method...)
// m_lpProgramOptions = lpProgramOptions;
m_lpInputFile = lpInputFile;
m_lpOutputFile = lpOutputFile;
m_lpModuleInfoCache = lpModuleInfoCache;
m_ProcessInfoHeadMutex = CreateMutex(NULL, FALSE, NULL);
if (m_ProcessInfoHeadMutex == NULL)
return false;
// We only need to grab these exported functions if we intend to
// actively query our local machine's processes directly...
if (g_lpProgramOptions->GetMode(CProgramOptions::InputProcessesFromLiveSystemMode))
{
// PSAPI.DLL API's ARE NOW PREFERRED!!
// It doesn't tend to hang when enumerating modules for a process that is being debugged.
// The Toolhelp32 APIs seem to hang occasionally taking a snapshot of a process being debugged
// and this impacts Exception Monitor (which runs from a script against a process under
// windbg)
if ( g_lpProgramOptions->IsRunningWindowsNT() )
{
// Get the functions for Windows NT 4.0/2000
// Load library and get the procedures explicitly. We do
// this so that we don't have to worry about modules using
// this code failing to load under Windows 95, because
// it can't resolve references to the PSAPI.DLL.
if (g_lpDelayLoad->Initialize_PSAPI())
{
m_enumProcessCollectionMethod = PSAPI_METHOD;
} else
{
_tprintf(TEXT("Unable to load PSAPI.DLL, which may be required for enumeration of processes.\n"));
}
}
if ( m_enumProcessCollectionMethod == NO_METHOD )
{
if (g_lpDelayLoad->Initialize_TOOLHELP32())
{
m_enumProcessCollectionMethod = TOOLHELP32_METHOD;
} else
{
_tprintf(TEXT("KERNEL32.DLL is missing required function entry points!!\n"));
}
}
// On Windows NT, we need to enable SeDebugPrivilege to open some processes...
if ( ( m_enumProcessCollectionMethod != NO_METHOD ) &&
g_lpProgramOptions->IsRunningWindowsNT() )
{
HANDLE hOurProcessToken = 0;
bool fPrivilegeSet = false;
// To permit as much access to obtain a process handle as possible,
// we need to set the SeDebugPrivilege on our process handle, we can
// then open nearly any process...
if(OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hOurProcessToken))
{
// We got our Process Token...
if(SetPrivilege(hOurProcessToken, SE_DEBUG_NAME, TRUE))
{
fPrivilegeSet = true;
}
}
if (!fPrivilegeSet)
{
_tprintf(TEXT("\nWARNING: A required privilege (SeDebugPrivilege) is not held by the user\n"));
_tprintf(TEXT("running this program. Due to security, some processes running on this\n"));
_tprintf(TEXT("system may not be accessible. An administrator of this machine can grant\n"));
_tprintf(TEXT("you this privilege by using User Manager to enable the advanced User Right\n"));
_tprintf(TEXT("\"Debug Programs\" to enable complete access to this system.\n"));
}
if (hOurProcessToken)
CloseHandle(hOurProcessToken);
}
// We are initialized if we were able to enable a Process Collection Method
m_fInitialized = ( m_enumProcessCollectionMethod != NO_METHOD );
} else
{
m_fInitialized = true;
}
return m_fInitialized;
}
bool CProcesses::GetProcessesDataForRunningProcessesUsingPSAPI()
{
LPDWORD lpdwPIDs = NULL;
DWORD dwProcessIDHeapSizeUsed, dwProcessIDHeapSize, dwIndex ;
CProcessInfo * lpProcessInfo = NULL;
bool fRetval = false;
if (!m_fInitialized)
return false;
// It's possible the user provided a PID directly... if so,
// we can circumvent the whole search of PIDs on the system...
if (g_lpProgramOptions->GetProcessID())
{
// Okay, let's create a ProcessInfo object and pass this down to EnumerateModules()
lpProcessInfo = new CProcessInfo();
if (lpProcessInfo == NULL)
goto error_cleanup;
if (!lpProcessInfo->Initialize(m_lpModuleInfoCache, NULL, m_lpOutputFile, NULL))
{
goto error_cleanup;
}
if (lpProcessInfo->EnumerateModules(g_lpProgramOptions->GetProcessID(), this, NULL))
{
// Success... add this to the Processes Object...
if (!AddNewProcessInfoObject(lpProcessInfo))
{ // Failure adding the node...
goto error_cleanup; // For now, let's just error on out...
}
} else
{
// Failure enumerating modules on the only PID of interest... very bad...
goto error_cleanup;
}
}
else
{ // Nope, we brute force this baby...
// Call the PSAPI function EnumProcesses to get all of the
// ProcID's currently in the system.
// NOTE: In the documentation, the third parameter of
// EnumProcesses is named cbNeeded, which implies that you
// can call the function once to find out how much space to
// allocate for a buffer and again to fill the buffer.
// This is not the case. The cbNeeded parameter returns
// the number of PIDs returned, so if your buffer size is
// zero cbNeeded returns zero.
// NOTE: The loop here ensures that we
// actually allocate a buffer large enough for all the
// PIDs in the system.
dwProcessIDHeapSize = 256 * sizeof( DWORD ) ;
lpdwPIDs = NULL ;
do
{
if( lpdwPIDs )
{ // Hmm.. we've been through this loop already, double the HeapSize and try again.
delete [] lpdwPIDs;
dwProcessIDHeapSize *= 2 ;
}
lpdwPIDs = (LPDWORD) new DWORD[dwProcessIDHeapSize];
if( lpdwPIDs == NULL )
{
goto error_cleanup;
}
// Query the system for the total number of processes
if( !g_lpDelayLoad->EnumProcesses( lpdwPIDs, dwProcessIDHeapSize, &dwProcessIDHeapSizeUsed ) )
{
// It's bad if we can't enum processes... no place to go but to bail out...
goto error_cleanup;
}
} while( dwProcessIDHeapSizeUsed == dwProcessIDHeapSize );
// How many ProcID's did we get?
DWORD dwNumberOfPIDs = dwProcessIDHeapSizeUsed / sizeof( DWORD ) ;
// Loop through each ProcID.
for( dwIndex = 0 ; dwIndex < dwNumberOfPIDs; dwIndex++ )
{
// Okay, let's create a ProcessInfo object and pass this down to EnumerateModules()
// Each Process gets its own
lpProcessInfo = new CProcessInfo();
if (lpProcessInfo == NULL)
goto error_cleanup;
if (!lpProcessInfo->Initialize(m_lpModuleInfoCache, NULL, m_lpOutputFile, NULL))
{ // Failure initializing the ProcessInfo object?!?
delete lpProcessInfo;
lpProcessInfo = NULL;
continue;
}
if (lpProcessInfo->EnumerateModules(lpdwPIDs[dwIndex], this, NULL))
{
// Success... add this to the Processes Object...
if (!AddNewProcessInfoObject(lpProcessInfo))
{ // Failure adding the node...
delete lpProcessInfo;
lpProcessInfo = NULL;
continue;
}
// For now, let's error out...
} else
{
// An error enumerating modules might be normal...
delete lpProcessInfo;
lpProcessInfo = NULL;
continue;
}
}
}
fRetval = true;
goto cleanup;
error_cleanup:
if (lpProcessInfo)
delete lpProcessInfo;
cleanup:
if (lpdwPIDs)
{
delete [] lpdwPIDs;
}
return fRetval;
}
bool CProcesses::AddNewProcessInfoObject(CProcessInfo * lpProcessInfo)
{
if (!m_fInitialized)
return false;
// First, create a ProcessInfoNode object and then attach it to the bottom of the
// linked list of nodes...
CProcessInfoNode * lpProcessInfoNode = new CProcessInfoNode(lpProcessInfo);
/*
#ifdef _DEBUG
_tprintf(TEXT("Adding Process Info Object for [%s]\n"), lpProcessInfo->m_tszProcessName);
#endif
*/
if (lpProcessInfoNode == NULL)
return false; // Couldn't allocate memory..
// Acquire Mutex object to protect the linked-list...
WaitForSingleObject(m_ProcessInfoHeadMutex, INFINITE);
CProcessInfoNode * lpProcessInfoNodePointer = m_lpProcessInfoHead;
if (lpProcessInfoNodePointer) {
// Traverse the linked list to the end..
while (lpProcessInfoNodePointer->m_lpNextProcessInfoNode)
{ // Keep looking for the end...
lpProcessInfoNodePointer = lpProcessInfoNodePointer->m_lpNextProcessInfoNode;
}
lpProcessInfoNodePointer->m_lpNextProcessInfoNode = lpProcessInfoNode;
}
else
{ // First time through, the Process Info Head pointer is null...
m_lpProcessInfoHead = lpProcessInfoNode;
}
// Be a good citizen and release the Mutex
ReleaseMutex(m_ProcessInfoHeadMutex);
InterlockedIncrement(&m_iNumberOfProcesses);
return true;
}
bool CProcesses::SetPrivilege(HANDLE hToken, LPCTSTR Privilege, bool bEnablePrivilege)
{
TOKEN_PRIVILEGES tp;
LUID luid;
TOKEN_PRIVILEGES tpPrevious = {0};
DWORD cbPrevious=sizeof(TOKEN_PRIVILEGES);
if(!LookupPrivilegeValue( NULL, Privilege, &luid )) return false;
//
// first pass. get current privilege setting
//
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = 0;
AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
&tpPrevious,
&cbPrevious
);
if (GetLastError() != ERROR_SUCCESS) return false;
//
// second pass. set privilege based on previous setting
//
tpPrevious.PrivilegeCount = 1;
tpPrevious.Privileges[0].Luid = luid;
if(bEnablePrivilege) {
tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
}
else {
tpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED &
tpPrevious.Privileges[0].Attributes);
}
AdjustTokenPrivileges(
hToken,
FALSE,
&tpPrevious,
cbPrevious,
NULL,
NULL
);
if (GetLastError() != ERROR_SUCCESS) return false;
return true;
}
bool CProcesses::OutputProcessesData(CollectionTypes enumCollectionType, bool fCSVFileContext, bool fDumpHeader)
{
// Output to file?
if ( !g_lpProgramOptions->GetMode(CProgramOptions::QuietMode) &&
!g_lpProgramOptions->GetMode(CProgramOptions::PrintTaskListMode) )
{
// Output to Stdout?
if (!OutputProcessesDataToStdout(enumCollectionType, fCSVFileContext, fDumpHeader))
return false;
}
// Output to file?
if (g_lpProgramOptions->GetMode(CProgramOptions::OutputCSVFileMode))
{
// Try and output to file...
if (!OutputProcessesDataToFile(enumCollectionType, fDumpHeader))
return false;
}
if (m_lpProcessInfoHead) {
CProcessInfoNode * lpCurrentProcessInfoNode = m_lpProcessInfoHead;
while (lpCurrentProcessInfoNode)
{
// We have a node... print out Process Info for it, then the Modules Data...
if (lpCurrentProcessInfoNode->m_lpProcessInfo)
{
lpCurrentProcessInfoNode->m_lpProcessInfo->OutputProcessData(enumCollectionType, fCSVFileContext, false);
}
lpCurrentProcessInfoNode = lpCurrentProcessInfoNode->m_lpNextProcessInfoNode;
}
}
return true;
}
bool CProcesses::OutputProcessesDataToStdout(CollectionTypes enumCollectionType, bool fCSVFileContext, bool fDumpHeader)
{
if (fDumpHeader)
{
// Output to stdout...
_tprintf(TEXT("\n"));
CUtilityFunctions::OutputLineOfStars();
_tprintf(TEXT("%s - Printing Process Information for %d Processes.\n"), g_tszCollectionArray[enumCollectionType].tszCSVLabel, m_iNumberOfProcesses);
_tprintf(TEXT("%s - Context: %s\n"), g_tszCollectionArray[enumCollectionType].tszCSVLabel, fCSVFileContext ? g_tszCollectionArray[enumCollectionType].tszCSVContext : g_tszCollectionArray[enumCollectionType].tszLocalContext);
CUtilityFunctions::OutputLineOfStars();
}
return true;
}
bool CProcesses::OutputProcessesDataToFile(CollectionTypes enumCollectionType, bool fDumpHeader)
{
// Don't write anything if there are no processes to report...
if (0 == m_iNumberOfProcesses)
return true;
if (fDumpHeader)
{
// We skip output of the [PROCESSES] header if -E was specified...
if (!g_lpProgramOptions->GetMode(CProgramOptions::ExceptionMonitorMode))
{
// Write out the Processes tag so I can detect this output format...
if (!m_lpOutputFile->WriteString(TEXT("\r\n")) ||
!m_lpOutputFile->WriteString(g_tszCollectionArray[enumCollectionType].tszCSVLabel) ||
!m_lpOutputFile->WriteString(TEXT("\r\n"))
)
{
_tprintf(TEXT("Failure writing CSV header to file [%s]!"), m_lpOutputFile->GetFilePath());
m_lpOutputFile->PrintLastError();
return false;
}
}
// We have different output for -E
if (g_lpProgramOptions->GetMode(CProgramOptions::ExceptionMonitorMode))
{
// Write out the header... for the -E option...
if (!m_lpOutputFile->WriteString(TEXT("Module Path,Symbol Status,Time/Date String,File Version,Company Name,File Description,File Time/Date String,Local DBG Status,Local DBG,Local PDB Status,Local PDB\r\n")))
{
_tprintf(TEXT("Failure writing CSV header to file [%s]!"), m_lpOutputFile->GetFilePath());
m_lpOutputFile->PrintLastError();
return false;
}
} else
{
// Write out the Processes Header
if (!m_lpOutputFile->WriteString(g_tszCollectionArray[enumCollectionType].tszCSVColumnHeaders))
{
_tprintf(TEXT("Failure writing CSV header to file [%s]!"), m_lpOutputFile->GetFilePath());
m_lpOutputFile->PrintLastError();
return false;
}
}
}
return true;
}
bool CProcesses::GetProcessesData()
{
// Is this being collected interactively?
if (g_lpProgramOptions->GetMode(CProgramOptions::InputProcessesFromLiveSystemMode))
{
// Invoke the correct Process Collection Method
if (GetProcessCollectionMethod() == TOOLHELP32_METHOD)
{
GetProcessesDataForRunningProcessesUsingTOOLHELP32();
}
else if (GetProcessCollectionMethod() == PSAPI_METHOD)
{
GetProcessesDataForRunningProcessesUsingPSAPI();
}
}
// Is this being collected from a file?
if (g_lpProgramOptions->GetMode(CProgramOptions::InputCSVFileMode))
GetProcessesDataFromFile();
return true;
}
bool CProcesses::GetProcessesDataFromFile()
{
CProcessInfo * lpProcessInfo = NULL;
char szProcessNameToMatch[_MAX_FNAME+1];
// In case we're matching against these...
LPTSTR tszProcessNameToMatch = g_lpProgramOptions->GetProcessName();
DWORD dwProcessIDToMatch = g_lpProgramOptions->GetProcessID();
// If we're going to be matching on a process name, go ahead and grab it
// once now, convert to ANSI if necessary (since it comes from the CSV
// file in ANSI), and upper case it...
if ( ( g_lpProgramOptions->GetMode(CProgramOptions::InputProcessesWithMatchingNameOrPID) ) &&
( tszProcessNameToMatch )
)
{
// Let's save away the Process Name...
CUtilityFunctions::CopyTSTRStringToAnsi(tszProcessNameToMatch, szProcessNameToMatch, _MAX_FNAME+1);
// Upper case the process name... we should be ready to match on this now...
_strupr(szProcessNameToMatch);
}
// Read the Process Header Line
if (!m_lpInputFile->ReadFileLine())
return false;
// Currently, we don't actually read the data...
enum { BUFFER_SIZE = 128};
char szProcessName[BUFFER_SIZE];
TCHAR tszProcessName[BUFFER_SIZE];
DWORD iProcessID;
// Read the first field (should be blank, unless this is a new collection type
if (m_lpInputFile->ReadString())
return true;
bool fReturn = true;
while (fReturn == true)
{
// Read the process name...
if (0 == m_lpInputFile->ReadString(szProcessName, BUFFER_SIZE))
break;
if (!m_lpInputFile->ReadDWORD(&iProcessID))
{
fReturn = false;
break;
}
if ( g_lpProgramOptions->GetMode(CProgramOptions::InputProcessesWithMatchingNameOrPID) )
{
// Okay, the user has provided us something to match against our data...
if ( tszProcessNameToMatch )
{
// Process name provided... does it match?
if ( strcmp(szProcessNameToMatch, szProcessName) )
{
// Nope... well then, we should nuke this line...
m_lpInputFile->ReadFileLine();
// Then, jump to the next line processing...
goto ReadNewLine;
}
#ifdef _DEBUG
else
{
printf("DEBUG: MATCH FOUND ON Process Name [%s]\n", szProcessName);
}
#endif
} else
{
if ( dwProcessIDToMatch != iProcessID )
{
// Nope... well then, we should nuke this line...
m_lpInputFile->ReadFileLine();
// Then, jump to the next line processing...
goto ReadNewLine;
}
#ifdef _DEBUG
else
{
_tprintf(TEXT("DEBUG: MATCH FOUND ON Process ID [%d]\n"), iProcessID);
}
#endif
}
}
// Okay, let's create a ProcessInfo object and pass this down to EnumerateModules()
// Each Process gets its own
lpProcessInfo = new CProcessInfo();
if (lpProcessInfo == NULL)
{
fReturn = false;
break;
}
if (!lpProcessInfo->Initialize(m_lpModuleInfoCache, m_lpInputFile, m_lpOutputFile, NULL))
{ // Failure initializing the ProcessInfo object?!?
delete lpProcessInfo;
lpProcessInfo = NULL;
fReturn = false;
break;
}
// We need to convert this to Unicode possibly... (it will be copied in EnumModules())
CUtilityFunctions::CopyAnsiStringToTSTR(szProcessName, tszProcessName, BUFFER_SIZE);
// Save the process name...
lpProcessInfo->SetProcessName(tszProcessName);
// Enumerate the modules for the process
if (!lpProcessInfo->EnumerateModules(iProcessID, this, tszProcessName))
{
fReturn = false;
break;
}
// Success... add this to the Processes Object...
if (!AddNewProcessInfoObject(lpProcessInfo))
{ // Failure adding the node...
delete lpProcessInfo;
lpProcessInfo = NULL;
return false;
}
ReadNewLine:
// Before we read a new line... are we already pointing to the end?
if (m_lpInputFile->EndOfFile())
{
break;
}
// Read the first field (should be blank, unless this is a new collection type
if (m_lpInputFile->ReadString())
break;
}
// We don't expect to find anything...
return fReturn;
}
CProcesses::ProcessCollectionMethod CProcesses::GetProcessCollectionMethod()
{
return m_enumProcessCollectionMethod;
}
bool CProcesses::GetProcessesDataForRunningProcessesUsingTOOLHELP32()
{
CProcessInfo * lpProcessInfo = NULL;
HANDLE hSnapShot = NULL;
bool fReturn = false;
if (!m_fInitialized)
return false;
// It's possible the user provided a PID directly... if so,
// we can circumvent the whole search of PIDs on the system...
if (g_lpProgramOptions->GetProcessID())
{
// Okay, let's create a ProcessInfo object and pass this down to EnumerateModules()
lpProcessInfo = new CProcessInfo();
if (lpProcessInfo == NULL)
goto error_cleanup;
if (!lpProcessInfo->Initialize(m_lpModuleInfoCache, NULL, m_lpOutputFile, NULL))
{
goto error_cleanup;
}
if (lpProcessInfo->EnumerateModules(g_lpProgramOptions->GetProcessID(), this, NULL))
{
// Success... add this to the Processes Object...
if (!AddNewProcessInfoObject(lpProcessInfo))
{ // Failure adding the node...
goto error_cleanup; // For now, let's just error on out...
}
} else
{
// Failure enumerating modules on the only PID of interest... very bad...
goto error_cleanup;
}
}
else
{
PROCESSENTRY32 procentry;
BOOL bFlag;
// Get a handle to a Toolhelp snapshot of the systems processes.
hSnapShot = g_lpDelayLoad->CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if( hSnapShot == INVALID_HANDLE_VALUE )
{
goto error_cleanup ;
}
// Clear this structure
memset(&procentry, 0, sizeof(procentry));
// Get the first process' information.
procentry.dwSize = sizeof(PROCESSENTRY32) ;
bFlag = g_lpDelayLoad->Process32First( hSnapShot, &procentry ) ;
// While there are processes, keep looping.
while( bFlag )
{
// Okay, let's create a ProcessInfo object and pass this down to EnumerateModules()
// Each Process gets its own
lpProcessInfo = new CProcessInfo();
if (lpProcessInfo == NULL)
goto error_cleanup;
if (!lpProcessInfo->Initialize(m_lpModuleInfoCache, NULL, m_lpOutputFile, NULL))
{
// Failure initializing the ProcessInfo object?!?
delete lpProcessInfo;
lpProcessInfo = NULL;
// Clear this structure
memset(&procentry, 0, sizeof(procentry));
// Get the next Process...
procentry.dwSize = sizeof(PROCESSENTRY32) ;
bFlag = g_lpDelayLoad->Process32Next( hSnapShot, &procentry );
continue;
}
// Enumerate the modules for this process...
if (lpProcessInfo->EnumerateModules(procentry.th32ProcessID, this, procentry.szExeFile))
{
// Success... add this to the Processes Object...
if (!AddNewProcessInfoObject(lpProcessInfo))
{
// Failure adding the node...
delete lpProcessInfo;
lpProcessInfo = NULL;
}
} else
{
// An error enumerating modules might be normal...
delete lpProcessInfo;
lpProcessInfo = NULL;
}
// Get the next Process...
procentry.dwSize = sizeof(PROCESSENTRY32) ;
bFlag = g_lpDelayLoad->Process32Next( hSnapShot, &procentry );
}
}
fReturn = true;
goto cleanup;
error_cleanup:
if (lpProcessInfo)
delete lpProcessInfo;
cleanup:
if (hSnapShot != INVALID_HANDLE_VALUE)
CloseHandle(hSnapShot);
return fReturn;
}