www.pudn.com > antinimda.zip > ProcessScanner.h


// ProcessScanner.h: interface for the CProcessScanner class. 
// 
////////////////////////////////////////////////////////////////////// 
 
#if !defined(AFX_PROCESSSCANNER_H__0E2262CA_D316_4A03_9F2A_FD36FAE5EC10__INCLUDED_) 
#define AFX_PROCESSSCANNER_H__0E2262CA_D316_4A03_9F2A_FD36FAE5EC10__INCLUDED_ 
 
#if _MSC_VER > 1000 
#pragma once 
#endif // _MSC_VER > 1000 
 
#pragma warning(disable : 4786) 
 
#include "../src/VirusKiller.h" 
#include "ServiceThread.h" 
#include  
#include  
 
using namespace std; 
 
 
class CProcessScanner  : public CServiceThread 
{ 
public: 
	CProcessScanner(); 
	virtual ~CProcessScanner(); 
 
	/* a collection of processes and thier names */ 
	typedef map	Processes; 
 
	/* describes a loaded process module */ 
	class Module { 
	public: 
		Module(DWORD processid, LPCTSTR module_name, ULONG base_address, ULONG module_size) : processId(processid), baseAddress(base_address), Length(module_size)  
			{ ASSERT(module_name); if (module_name) moduleName=module_name; } 
		Module(const Module& copy) : processId(copy.processId), moduleName(copy.moduleName), baseAddress(copy.baseAddress), Length(copy.Length)  
			{ } 
 
		Module& operator=(const Module& copy)  
			{ processId=copy.processId; moduleName=copy.moduleName; baseAddress=copy.baseAddress; Length=copy.Length; return *this; } 
		 
		DWORD	processId; 
		CString moduleName; 
		ULONG	baseAddress; 
		ULONG	Length; 
	}; 
 
	/* a collection of modules */ 
	typedef list Modules; 
 
	/* scan statistics of current process */ 
	inline const CString& CurrentProcessName() const { return m_processname; } 
	inline DWORD CurrentProcess() const { return m_processid; } 
	inline DWORD CurrentProcessSize() const { return m_processsize; } 
	inline DWORD CurrentProcessPosition() const { return m_processposition; } 
 
	/* scan statistics of this scan (global statistics) */ 
	inline int Scanned() const { return m_scanned; } 
	inline int Infections() const { return m_infections; } 
 
	/* enumerates all processes into a collection */ 
	static Processes GetActiveProcesses(); 
 
	/* collection processes being scanned */ 
	Processes processes; 
 
	/* notification methods */ 
	virtual VirusKiller::SCANRESULT OnInfectedProcess(HANDLE hprocess, const Module& module, VirusKiller& killer); 
 
protected: 
	/* state of current process scan */ 
	CString	m_processname; 
	DWORD	m_processid; 
	DWORD	m_processsize; 
	DWORD	m_processposition; 
 
	/* global scan state */ 
	int		m_scanned; 
	int		m_infections; 
	DWORD	m_bytesscanned; 
 
	/* size of each process read in bytes */ 
	DWORD	m_read_block_size; 
 
	/* collection of virus killers */ 
	VirusKiller::Set m_killers; 
 
	/* thread method */ 
	virtual void run(); 
 
	/* scans a single process */ 
	VirusKiller::SCANRESULT scanprocess(DWORD processid); 
 
	/* scans a module loaded into a processes address space */ 
	VirusKiller::SCANRESULT scanprocessblock(HANDLE hprocess, const Module& module); 
 
	/* returns a collection of modules loaded by specified process */ 
	Modules GetProcessModules(DWORD processid); 
	Modules GetProcessModules(HANDLE process, DWORD processid); 
}; 
 
#endif // !defined(AFX_PROCESSSCANNER_H__0E2262CA_D316_4A03_9F2A_FD36FAE5EC10__INCLUDED_)