Application Security Testing: An Integral Part of DevOps
I would like to present an object-oriented architecture that implements a simple framework for retrieving processes and modules under NT/2000 and 9x/ME. The design of my classes allows extending the framework according to your specific needs. The implementation itself is pretty straightforward. CTaskManager implements the system's processor. It is responsible for creating an instance of a specific library handler (i.e. CPsapiHandler or CToolhelpHandler) that is able to employ the correct process information provider library (i.e. PSAPI or ToolHelp32 respectively). CTaskManager is in charge of creating and marinating a container object that keeps a list with all currently active processes. After instantiating of the CTaskManager object the application calls Populate() method. It forces enumerating of all processes and DLL libraries and storing them into a hierarchy kept by CTaskManager'smember m_pProcesses.
It is important to take into account the fact that NT's Kernel32.dll doesn't implemented any of the ToolHelp32 functions. Therefore we must link them explicitly, using runtime dynamic linking. Otherwise, if we use static linking the code will fail to load on NT, regardless whether or not the application has attempted to execute any of those functions.
Following snippet illustrates exposed by CTaskManager basic interface methods.
main(int argc, char* argv)
// Retrieves information about processes and modules.
// The taskManager dynamically decides whether to use ToolHelp library or PSAPI
// Enumerates all processes
for (unsigned i = 0; i < taskManager.GetProcessCount(); i++)
pProcess = taskManager.GetProcessByIndex(i);
printf("Process %s pid=%d\n", pProcess->Get_Name(), pProcess->Get_ProcessId());
// Enumerates all modules loaded by (pProcess) process
for (unsigned j = 0; j < pProcess->GetModuleCount(); j++)
pModule = pProcess->GetModuleByIndex(j);
printf("\t %s Handle=%.8x\n", pModule->GetBaseName(), pModule->Get_Module());
} // for
} // for
DownloadsDownload sample - 8Kb