//Codigo por Victor Pereira
//darthvader@deathstar.com.br

#include "stdafx.h"
#include "defs.h"

//Prototipos
int EnumProc();
int EnumProcLow();
PVOID GetAddr(HINSTANCE hInst,TCHAR *szFunction);
PPROCS Insert(PPROCS sPtr, TCHAR *szName, INT nID);
void List(PPROCS sPtr,PPROCS sPtr2);

//Globais *PLIM* *PLIM*
PPROCS PROCI; //Processos via HIGH LEVEL
PPROCS PROCII; //Processos via LOW LEVEL


int _tmain(int argc, _TCHAR* argv[])
{

	int ret = 0;

	//memset((void *)PROCI,0x00,sizeof(struct _PROCS));
	if((ret = EnumProc()) != 0)
	{
		_tprintf(_T("Erro ao tentar listar os processos: %d\n"),GetLastError());
	}
	if((ret = EnumProcLow()) != 0)
	{
		_tprintf(_T("Erro ao tentar listar os processos: %d\n"),GetLastError());
	}
    List(PROCI,PROCII);
	return 0;
}
PPROCS Insert(PPROCS sPtr,  TCHAR *szName, INT nID)
{
	PPROCS newPtr,  currentPtr;
	newPtr = (PPROCS) malloc(sizeof(struct _PROCS));

	if (newPtr != NULL) {
		//A USEI MESMO FODA-SE, VAI HACKEAR ?? HACKAO MALVADO
		lstrcpy(newPtr->szNAME, szName);
		newPtr->nID = nID;
		newPtr->Next = NULL;
		currentPtr = sPtr;
		if(currentPtr == NULL)
			sPtr = newPtr;
		else
		{
			while (currentPtr->Next != NULL)
				currentPtr = currentPtr->Next;
			currentPtr->Next = newPtr;
		}

		return sPtr;
	}else
		return NULL;
}
void List(PPROCS sPtr,PPROCS sPtr2)
{
	 PPROCS currentPtr,currentPtr2;

	 currentPtr = sPtr;
	 currentPtr2 = sPtr2;

	 _tprintf(_T("Processos: Alta\t\tBaixa\n"));
	 _tprintf(_T("_______________________________\n"));
	while (currentPtr != NULL && currentPtr2 != NULL) {
		_tprintf(_T("%d:%s\t\t%d:%s\n"),currentPtr->nID,currentPtr->szNAME,currentPtr2->nID,currentPtr2->szNAME);
		currentPtr = currentPtr->Next;
		currentPtr2 = currentPtr2->Next;
	}
}
//Passa como parametro a fucao que faremos o getprocaddress e a DLL onde tem o endereco da funcao
PVOID GetAddr(HINSTANCE hInst,TCHAR *szFunction)
{
	//LPCSTR
	return (PVOID)GetProcAddress(hInst,(LPCSTR) szFunction);
}

int EnumProcLow()
{
	 HINSTANCE hInstLib = NULL;
    NTSTATUS (WINAPI * lpfZwQuerySystemInformation)(UINT, PVOID, ULONG, PULONG);

	hInstLib = LoadLibraryA("ntdll.dll");
	
	if(hInstLib == NULL) return -1;


	lpfZwQuerySystemInformation = (NTSTATUS(WINAPI *)( UINT, PVOID, ULONG, PULONG))GetAddr(hInstLib, _T("ZwQuerySystemInformation"));
    
	if (lpfZwQuerySystemInformation == NULL)
	{
		FreeLibrary(hInstLib);
		return -1;
	}

   HANDLE hHeap = GetProcessHeap();
    
    NTSTATUS Status;
    ULONG cbBuffer = 0x8000;
    PVOID pBuffer = NULL;
    
	do
    {
        pBuffer = HeapAlloc(hHeap, 0, cbBuffer);
    
		if (pBuffer == NULL)
            return ERROR_NOT_ENOUGH_MEMORY;

        Status = lpfZwQuerySystemInformation(SystemProcessesAndThreadsInformation,pBuffer, cbBuffer, NULL);

        if (Status == STATUS_INFO_LENGTH_MISMATCH)
        {
            HeapFree(hHeap, 0, pBuffer);
            cbBuffer *= 2;
        }
        else if (!NT_SUCCESS(Status))
        {
            HeapFree(hHeap, 0, pBuffer);
            return Status;
        }
    }
    while (Status == STATUS_INFO_LENGTH_MISMATCH);

    PSYSTEM_PROCESS_INFORMATION pProcesses =  (PSYSTEM_PROCESS_INFORMATION)pBuffer;

	int nCount = 0;
	for(;;)
	{
		if(pProcesses->ProcessId != 0)
		{
			TCHAR szTmp[256];
			//_tprintf(_T("%d:%s\n"),pProcesses->ProcessId,pProcesses->ProcessName.Buffer);
			WideCharToMultiByte( CP_ACP, 0, pProcesses->ProcessName.Buffer, -1,szTmp, 256, NULL, NULL );

			//_stprintf(szTmp,_T("%s"),pProcesses->ProcessName.Buffer);
			PROCII = Insert(PROCII,szTmp,pProcesses->ProcessId);
			nCount++;
		}
		if (pProcesses->NextEntryDelta == 0) break;
        //Acha o endereco da proxima estrutura pProcesses
        pProcesses = (PSYSTEM_PROCESS_INFORMATION)(((LPBYTE)pProcesses)
                        + pProcesses->NextEntryDelta);
	}
	//_tprintf(_T("Count = %d\n"),nCount);
	if(hHeap) HeapFree(hHeap, 0, pBuffer);
	if(hInstLib) FreeLibrary(hInstLib);
	return 0;
}
int EnumProc()
{
	HINSTANCE hInstLib = NULL;
	HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD, DWORD);
    BOOL (WINAPI *lpfProcess32First)(HANDLE, LPPROCESSENTRY32);
    BOOL (WINAPI *lpfProcess32Next)(HANDLE, LPPROCESSENTRY32);

	hInstLib = LoadLibraryA("Kernel32.DLL");
    //Se falhar.. xiiii
	if (hInstLib == NULL) return -1;

	lpfCreateToolhelp32Snapshot = (HANDLE (WINAPI *)(DWORD,DWORD)) GetAddr(hInstLib, "CreateToolhelp32Snapshot");
    lpfProcess32First = (BOOL (WINAPI *)(HANDLE,LPPROCESSENTRY32)) GetAddr(hInstLib, "Process32First");
	lpfProcess32Next = (BOOL (WINAPI *)(HANDLE,LPPROCESSENTRY32)) GetAddr(hInstLib, "Process32Next");

	//Se nao conseguiu mapear uma das funcoes.. SAI FORA DOM
    if (lpfProcess32Next == NULL || lpfProcess32First == NULL || lpfCreateToolhelp32Snapshot == NULL) return -1;


	HANDLE hProc = lpfCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32 pEntry;

	if(hProc == INVALID_HANDLE_VALUE) return 1;
	
	//Pega o tamanho do processo
	pEntry.dwSize = sizeof(PROCESSENTRY32);
	BOOL bFlag = lpfProcess32First(hProc, &pEntry);

    int nCount = 0;		
	while (bFlag) 
	{
		if(pEntry.th32ProcessID != 0)
		{
			TCHAR szTmp[128];
			//_tprintf(_T("%d:%s\n"),pEntry.th32ProcessID,pEntry.szExeFile);
			_stprintf(szTmp,_T("%s"),pEntry.szExeFile);
			PROCI = Insert(PROCI,szTmp,pEntry.th32ProcessID);
			nCount++;
		}
		pEntry.dwSize = sizeof(PROCESSENTRY32);
        bFlag = lpfProcess32Next(hProc, &pEntry);
	}
	//_tprintf(_T("Count = %d\n"),nCount);
	CloseHandle(hProc);
	FreeLibrary(hInstLib);
	return 0;
}