Need help with creating the following program. -->C or C++ code is preferable. P
ID: 3919537 • Letter: N
Question
Need help with creating the following program.
-->C or C++ code is preferable. Program needs to be able to be run on a Windows system!
*** note: prompt relates to learning malware defense/debugging Windows internals, and analyzing kernel memory ***
Requirements: Create a program in any programming language of choice that can
1. Enumerates all the running processes on a computer system;
2. Lists all the running threads within process boundary;
3. Enumerates all the loaded modules within the processes;
4. Show all the executable pages within the processes (i.e. the ".exe" pages); AND
5. Gives us a capability to read the memory.
Explanation / Answer
#include <windows.h>
#include <stdio.h>
#include <tchar.h>
#include <psapi.h>
// make sure correct resolution of symbols, adding Psapi.lib to Targetlibs
void PrintProcessNameAndID( DWORD processID )
{
TCHAR ProcessName[MAX_PATH] = TEXT("<unknown>");
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
// Get process name.
if (NULL != hProcess )
{
HMODULE hMod;
DWORD Needed;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
&Needed) )
{
GetModuleBaseName( hProcess, hMod, ProcessName,
sizeof(ProcessName)/sizeof(TCHAR) );
}
}
// Print the process name and identifier ID
_tprintf( TEXT("%s (PID: %u) "), ProcessName, processID );
// Release the handle to the process.
CloseHandle( hProcess );
}
int main( void )
{
// Get the list of process identifiers.
DWORD aProcesses[1024], Needed, Processes;
unsigned int i;
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &Needed ) )
{
return 1;
}
Processes = Needed / sizeof(DWORD);
for ( i = 0; i < Processes; i++ )
{
if( aProcesses[i] != 0 )
{
PrintProcessNameAndID( aProcesses[i] );
}
}
return 0;
}