#include "ProcMemInfo.h" #include "../NSimple.h" #include <Psapi.h> CProcMemInfo::CProcMemInfo() { Init(); } CProcMemInfo::~CProcMemInfo() { } BOOL CProcMemInfo::Init() { m_pMinAddr = NSys::GetSystemInfo()->lpMinimumApplicationAddress; m_pMaxAddr = NSys::GetSystemInfo()->lpMaximumApplicationAddress; m_dwMinSize = NSys::GetSystemInfo()->dwAllocationGranularity; m_pCurAddr = NULL; m_hProc = NULL; return TRUE; } BOOL CProcMemInfo::GetItemFilePath(HANDLE hProc, ProcMemItem *pItem) { std::vector<OneModItem>::iterator Iter; OneModItem *pModItem; VOID *pModEnd; for(Iter = m_vModList.begin(); Iter != m_vModList.end(); Iter ++) { pModItem = &*Iter; pModEnd = pModItem->m_ModEty.modBaseAddr+pModItem->m_ModEty.modBaseSize; if(pItem->Base.BaseAddress < pModItem->m_ModEty.modBaseAddr || pItem->Base.BaseAddress > pModEnd) continue; strcpy(pItem->m_szFilePath, pModItem->m_FileInfo.m_szRealPath); return TRUE; } return FALSE; } BOOL CProcMemInfo::GetItemMapedFile(HANDLE hProc, ProcMemItem *pItem) { DWORD dwRetVal; memset(pItem->m_szFilePath, 0, sizeof(pItem->m_szFilePath)); dwRetVal = GetMappedFileNameA(hProc, pItem->Base.BaseAddress, pItem->m_szFilePath, sizeof(pItem->m_szFilePath)); if(dwRetVal == 0) pItem->m_szFilePath[0] = 0; return TRUE; } BOOL CProcMemInfo::GetMemItemInfo(HANDLE hProc, ProcMemItem *pItem) { pItem->m_szFilePath[0] = 0; if(pItem->Base.Type == MEM_IMAGE) GetItemFilePath(hProc, pItem); if(pItem->Base.Type == MEM_MAPPED) GetItemMapedFile(hProc, pItem); return TRUE; } BOOL CProcMemInfo::ReadyForStart() { m_ProcModInfo.GetProcModInfo(m_dwProcId, m_vModList); return TRUE; } int CProcMemInfo::LoopGetProcInfo() { ProcMemItem OneItem; size_t dwRetVal; if(m_hProc == NULL) return 0; ReadyForStart(); m_vMemItems.clear(); for(m_pCurAddr=m_pMinAddr; m_pCurAddr<m_pMaxAddr; ) { memset(&OneItem.Base, 0, sizeof(OneItem.Base)); dwRetVal = VirtualQueryEx(m_hProc, m_pCurAddr, &OneItem.Base, sizeof(OneItem.Base)); if(dwRetVal == 0) { m_pCurAddr = (BYTE *)m_pCurAddr + m_dwMinSize; continue; } GetMemItemInfo(m_hProc, &OneItem); m_vMemItems.push_back(OneItem); m_pCurAddr = (BYTE *)OneItem.Base.BaseAddress + OneItem.Base.RegionSize; } return (int)m_vMemItems.size(); } std::vector<ProcMemItem> * CProcMemInfo::GetProcMemInfo(HANDLE hProc) { int nCount; m_hProc = hProc; nCount = LoopGetProcInfo(); if(nCount <= 0) return NULL; return &m_vMemItems; } std::vector<ProcMemItem> * CProcMemInfo::GetProcMemInfo(DWORD dwProcId) { CAutoHandle hProc; std::vector<ProcMemItem> * pRetVal; m_dwProcId = dwProcId; if(dwProcId == -1) { hProc = GetCurrentProcess(); } else { hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcId); if(hProc.IsVaildHandle() == FALSE) return NULL; } pRetVal = GetProcMemInfo(hProc); return pRetVal; }