Mimicking task manager

averagejoe

Have you ever wondered how to make your own task manager? That thing that pops up when you press control+shift+escape and shows all the process names, ids and files associated with them? Well now you can!

 

What you need is a C compiler, the dll, and the library. You can download them here: PROCS

The code below creates a window, and a listbox control then proceeds to populate the contents of said listbox with a for loop going through each process.

The meat and potatoes are in the ‘procs’ library which make the calls easy as pie. The definitions in procs.h are as such:


DWORD __stdcall GetNumberOfProcesses();
BOOL __stdcall GetProcessIDList(DWORD dwIDArray, DWORD dwArraySize);
BOOL __stdcall GetProcessPath(DWORD dwPID, char *szBuff, DWORD dwBuffSize);
BOOL __stdcall GetProcessBaseSize(DWORD dwPID, DWORD *dwImageBase, DWORD *dwImageSize);
DWORD __stdcall GetNumberOfModules(DWORD dwPID);
BOOL __stdcall GetModuleHandleList(DWORD dwPID,DWORD *dwHandleArray, DWORD dwArraySize);
BOOL __stdcall GetModulePath(DWORD dwPID, DWORD dwModh, char *szBuff, DWORD dwBuffSize);
BOOL __stdcall GetModuleSize(DWORD dwPID, DWORD dwModh, DWORD *dwImageSize);
DWORD __stdcall GetProcessPathID(char szPath);
HANDLE __stdcall GetModuleHandleEx(DWORD dwPID, char szModule);

Internally the library makes use of the PSAPI functions supported from the win32 lib for creating a working set from the process list. This library saves me a ton of time and was written by a rockstar of the reverse engineering community – Yoda. I found the library within his tool LordPE available here:

http://www.woodmann.com/collaborative/tools/index.php/LordPE

Here’s what it looks like compiled:

Here’s the code:

#include

#include

#include “procs.h”

#include

DWORD ProcList(void);

LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);

char szClassName[ ] = “Oh god not the bees!”;

int WINAPI WinMain (HINSTANCE hThisInstance,

HINSTANCE hPrevInstance,

LPSTR lpszArgument,

int nCmdShow)

{

HWND hwnd;

MSG messages;

WNDCLASSEX wincl;

wincl.hInstance = hThisInstance;

wincl.lpszClassName = szClassName;

wincl.lpfnWndProc = WindowProcedure;

wincl.style = CS_DBLCLKS;

wincl.cbSize = sizeof (WNDCLASSEX);

wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);

wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);

wincl.hCursor = LoadCursor (NULL, IDC_ARROW);

wincl.lpszMenuName = NULL;

wincl.cbClsExtra = 0;

wincl.cbWndExtra = 0;

wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND;

if (!RegisterClassEx (&wincl))

return 0;

hwnd = CreateWindowEx (

0,

szClassName,

“Process Listing”,

WS_OVERLAPPEDWINDOW,

CW_USEDEFAULT,

CW_USEDEFAULT,

800,

600,

HWND_DESKTOP,

NULL,

hThisInstance,

NULL

);

HWND hListBox = CreateWindowEx(WS_EX_CLIENTEDGE, “LISTBOX”, NULL, WS_CHILD | WS_VISIBLE | WS_VSCROLL | WS_HSCROLL, 35, 15, 700, 500, hwnd, 666, hThisInstance, NULL);

DWORD psz,pid;

HANDLE process;

char process_name[1024];

char pidmsg1[512];

char pidmsg2[512];

DWORD list[1024];

DWORD numoprocs = GetNumberOfProcesses();

if(!GetProcessIDList(list,psz))

{

MessageBox(NULL,”Damnit!”,”GetProcessIDList failed for some reason.”,MB_OK);

ExitProcess(0);

}

int cnt;

for(cnt = 0;cnt

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.