forked from APTortellini/unDefender
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathFindPID.cpp
40 lines (33 loc) · 1.13 KB
/
FindPID.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#include "common.h"
DWORD FindPID(_In_ std::wstring imageName)
{
// create snapshot of processes using RAII classes
RAII::Handle snapshot(
CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL)
);
if (!snapshot.GetHandle())
{
Error(::GetLastError());
return ERROR_FILE_NOT_FOUND;
}
PROCESSENTRY32W processEntry;
processEntry.dwSize = sizeof(PROCESSENTRY32W);
auto status = Process32FirstW(snapshot.GetHandle(), &processEntry); // start enumerating from the first process
if (!status)
{
Error(::GetLastError());
return ERROR_FILE_NOT_FOUND;
}
std::transform(imageName.begin(), imageName.end(), imageName.begin(), towlower);
do
{
std::wstring processImage = processEntry.szExeFile;
std::transform(processImage.begin(), processImage.end(), processImage.begin(), towlower);
if (processImage == imageName)
{
std::wcout << L"[+] Found process " << processEntry.szExeFile << " with PID " << processEntry.th32ProcessID << std::endl; // when lsass is found return its PID to the caller
return processEntry.th32ProcessID;
}
} while (Process32NextW(snapshot.GetHandle(), &processEntry));
return ERROR_FILE_NOT_FOUND;
}