枚举windows全系列(98 NT 2000以及后系列)进程--1

最新推荐文章于 2024-08-04 16:10:31 发布

conhacker

最新推荐文章于 2024-08-04 16:10:31 发布

阅读量635

点赞数

文章标签： windows iterator include struct class null

本文链接：https://blog.csdn.net/conhacker/article/details/530596

版权

// ProcessPolicy.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include "Win98_Process.h"
#include "WinNT_Process.h"
//#include "SPESXML.h"

struct PROCESSINFO
{
CString ProcessName;
int RepairTime;
CString ProcessIntro;
};
typedef vector<PROCESSINFO> ProcessInfos;
strings ProcessList;

void GetProcessList()
{
OSVERSIONINFO info;
    info.dwOSVersionInfoSize = sizeof(info);
    GetVersionEx(&info);
if (info.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS )
{
  Win98_Process(ProcessList);
}
    else if ( info.dwPlatformId == VER_PLATFORM_WIN32_NT )
{
  WinNT_Process(ProcessList);
}
    else
  printf("Not support!/n");
}

bool ParseProcess(CXMLDOMNode& Node,ProcessInfos &process,int iLanguage)
%7 B
PROCESSINFO tempProcessNode;
CXMLDOMNodeList childNodes = Node.GetChildNodes();
CXMLDOMNode firstChild = Node.GetFirstChild();
CString ProcessName;
CString RepairTimeString;
for (int i = 0; i < childNodes.GetLength(); i++)
{
  CXMLDOMNode childNode = childNodes.GetItem(i);
  CString strNodeName = childNode.GetNodeName();
  CXMLDOMNodeList childInfoNodes;
  CXMLDOMNode childInfoNode;
  //childInfoNode = childNode.GetFirstChild();
  //得到prompt
  childInfoNodes = childNode.GetChildNodes();
  childInfoNode = childInfoNodes.GetItem(0);
  //cout<<(LPCSTR)childInfoNode.GetNodeName()<<endl;

  childInfoNodes = childInfoNode.GetChildNodes();
  for(int i = 0; i < childInfoNodes.GetLength(); i++)
  {
   CXMLDOMNode childNodePrompt = childInfoNodes.GetItem(i);
   CString strNodeName = childNodePrompt.GetNodeName();
   strNodeName.MakeLower();
   if(iLanguage == 0)
   {
    if(strNodeName == "chinese")
    {
     tempProcessNode.ProcessIntro = childNodePrompt.GetText();
     break;
    }
    else
    {
     continue;
    }
   }
   else if(iLanguage == 1)
   {
    if(strNodeName == "english")
    {
     tempProcessNode.ProcessIntro = childNodePrompt.GetText();
     break;
    }
    else
    {
     continue;
    }

   }
  }
  //得到进程名称和修复时间
  ProcessName = childNode.GetAttributes().GetNamedItem("ProcessName").GetText();
  RepairTimeString = childNode.GetAttributes().GetNamedItem("RepairTime").GetText();
  tempProcessNode.ProcessName = ProcessName;
  tempProcessNode.RepairTime = atoi(RepairTimeString);
  process.push_back(tempProcessNode);
  //cout<<(LPCSTR)tempProcessNode.ProcessIntro<<endl;
}

return true;
}

CXMLDOMNode GetProcessNodeByName(CXMLDOMNode& Node,CString NodeName,bool &flag)
{
CXMLDOMNodeList childNodes = Node.GetChildNodes();
CXMLDOMNode firstChild = Node.GetFirstChild();
for (int i = 0; i < childNodes.GetLength(); i++)
{
  CXMLDOMNode childNode = childNodes.GetItem(i);
  CString strNodeName = childNode.GetNodeName();
  strNodeName.MakeLower();
  if(strNodeName == NodeName)
  {
   flag = true;
   return childNode;
  }
  else
  {
   continue;

}
}
flag = false;
return firstChild;

}

CXMLDOMNode GetProcessNode(CXMLDOMNode& Node,CString AttrName,bool &flag)
{
CXMLDOMNodeList childNodes = Node.GetChildNodes();
CXMLDOMNode firstChild = Node.GetFirstChild();
CString NodeAttr;
//cout << (LPCTSTR)firstChild.GetNodeName() <<"/n";
for (int i = 0; i < childNodes.GetLength(); i++)
{
  CXMLDOMNode childNode = childNodes.GetItem(i);
  CString strNodeName = childNode.GetNodeName();
  NodeAttr = childNode.GetAttributes().GetNamedItem("Vulnerability").GetText();
  NodeAttr.MakeLower();
  if(NodeAttr == AttrName)
  {
   flag = true;
   return childNode;
  }
  else
  {
   continue;
  }
}
flag = false;
return firstChild;
}

int main(int argc, char* argv[])
{
//获取进程列表
GetProcessList();
//读取策略获取需要访问的节点信息
CoInitialize(NULL);
CXMLDOMDocument2 Doc;
Doc = CDOMDocument40Class::CreateXMLDOMDocument2();
Doc.SetProperty(_T("SelectionLanguage"), _T("XPath"));
Doc.SetAsync(FALSE);
Doc.SetPreserveWhiteSpace(TRUE);
if (!Doc.Load("../xml/policy.xml"))
{
  CXMLDOMParseError Error(Doc.GetParseError());

  cout
   << (LPCTSTR)Error.GetUrl() << _T(':')
   << Error.GetLine() << _T(':')
   << _T(": ") << (LPCTSTR)Error.GetReason() << _T("/n");

  return 2;
}
//  CoUninitialize();
bool ProcessID = false;
bool GetProcessFlag = false;
ProcessInfos IncludeProcessList;
CXMLDOMNode ProcessNode;
CXMLDOMNode CheckPoint;
CXMLDOMNode IncludeProcess;
CXMLDOMNode ExcludeProcess;
CXMLDOMNodeList nodeList = Doc.SelectNodes("//policy/rules");
ProcessNode = GetProcessNode(nodeList.GetItem(0),"process",GetProcessFlag);
if(!GetProcessFlag)
{
  return -1;
}

//
//必须启动进程检查

CheckPoint = ProcessNode.GetFirstChild();
CXMLDOMNodeList CheckPointNodeList;
CheckPointNodeList = CheckPoint.GetChildNodes();
for (int i = 0; i < CheckPointNodeList.GetLength(); i++)
{
  CXMLDOMNode childNodeCheck = CheckPointNodeList.GetItem(i);
  CString strNodeName = childNodeCheck.GetNodeName();
  strNodeName.MakeLower();
  if(strNodeName == "include")
  {
   IncludeProcess = GetProcessNodeByName(CheckPoint,"include",GetProcessFlag);
   ParseProcess(IncludeProcess,IncludeProcessList,0);

   vector<PROCESSINFO>::iterator ProcessInfotemp;
   vector<CString>::iterator ProcessListtemp;
   bool ProcessID = false;
   for(ProcessInfotemp = IncludeProcessList.begin();ProcessInfotemp!=IncludeProcessList.end();ProcessInfotemp++)
   {
    for(ProcessListtemp = ProcessList.begin();ProcessListtemp!=ProcessList.end();ProcessListtemp++)
    {
     //printf("%s/n",(*ProcessListtemp).c_str());
     if((*ProcessListtemp).Find(ProcessInfotemp->ProcessName) == -1)
     {
      ProcessID = false;
      continue;
     }
     else
     {
      ProcessID = true;
      break;
     }
     ProcessID = false;
    }
    if(!ProcessID)
    {
     cout<<"你没有启动:   "<<(LPCSTR)ProcessInfotemp->ProcessName<<endl;
     cout<<"限定修复时间: "<<ProcessInfotemp->RepairTime<<endl;
     cout<<"修复说明:     "<<(LPCSTR)ProcessInfotemp->ProcessIntro<<endl;
     cout<<"/n/n";
    }

   }

  }
  else if(strNodeName == "exclude")
  {
   //
   //违规进程检查
   ProcessInfos ExcludeProcessList;
   ExcludeProcess = GetProcessNodeByName(CheckPoint,"exclude",GetProcessFlag);
   ParseProcess(ExcludeProcess,ExcludeProcessList,0);

   vector<PROCESSINFO>::iterator ExProcessInfotemp;
   vector<CString>::iterator ExProcessListtemp;
   for(ExProcessInfotemp = ExcludeProcessList.begin();ExProcessInfotemp!=ExcludeProcessList.end();ExProcessInfotemp++)
   {
    for(ExProcessListtemp = ProcessList.begin();ExProcessListtemp!=ProcessList.end();ExProcessListtemp++)
    {
     //printf("%s/n",(*ProcessListtemp).c_str());
     if((*ExProcessListtemp).Find(ExProcessInfotemp->ProcessName) == -1)
     {
      ProcessID = false;
      continue;
     }
     else
     {
      ProcessID = true;
      break;
     }
     ProcessID = false;
    }
    if(ProcessID)
    {
     cout<<"你启动:   "<<(LPCSTR)ExProcessInfotemp->ProcessName<<endl;
     cout<<"限定修复时间: "<<ExProcessInfotemp->RepairTime<<endl;
     cout<<"修复说明:     "<<(LPCSTR)ExProcessInfotemp->ProcessIntro<<endl;
     cout<<"/n/n";
    }

   }

}
}

return 0;
}

conhacker

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
枚举windows全系列(98 NT 2000以及后系列)进程--1

// ProcessPolicy.cpp : Defines the entry point for the console application.//#include "stdafx.h"#include "Win98_Process.h"#include "WinNT_Process.h"//#include "SPESXML.h"struct PROCESSINFO{ CString Pr
复制链接

扫一扫