Thread: Is it possible to write DLL using C++
View Single Post
Old 07-04-2009, 12:12 AM   #3 (permalink)
shadachi
Recruit
 
Join Date: Jul 2009
Posts: 2
shadachi is on a distinguished road
Well , then the dll will terminate startup.exe . I AM NOT MAKING A VIRUS .. swtness . i've seen alot of threads ppl wanting to make this a deadly dll. I'm just trying to make a simple anti-hack dll that kills the hack process

The sole reason to write this dll is to kill a process upon opening . It's an anti-hack dll for a game.exe



How bout using psapi.dll to list down the process .

Well , i found a code in the net but have no idea how to build it . Tried compiling but Gave me errors .

using psapi, this function list all process, check name and if the boolean is true check the filename too

(use the longname (if>8 char) without the .exe), then for your sample just call GetProcessIDByName(L"notepad", true);to find it.

Code:
#include <Psapi.h>

DWORD GetProcessIDByName(LPWSTR szName, bool bCheckFileName) {
DWORD aProcesses[i], cbNeeded, cProcesses;
unsigned int i;

if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return 0;

long l = wcslen(szName);
WCHAR szProcessToFind[MAX_PATH];
wcscpy(szProcessToFind, szName);
if(wcsicmp(&szName[l-4], L".exe")) {
wcscat(szProcessToFind, L".exe");
}

// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);

// Print the name and process identifier for each process.
for ( i = 0; i < cProcesses; i++ ) {
WCHAR szProcessName[MAX_PATH] = L"unknown";

// Get a handle to the process.
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i]);

// Get the process name.
if(hProcess) {
HMODULE hMod;
DWORD cbNeeded;

if(EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) {
GetModuleBaseNameW(hProcess, hMod, szProcessName, sizeof(szProcessName));
if(wcsicmp(szProcessToFind, szProcessName) == 0) {
CloseHandle( hProcess );
return aProcesses[i];
} else if(bCheckFileName) {
WCHAR *p, szFileName[MAX_PATH] = L"unknown", szLongFileName[MAX_PATH] = L"unknown";

GetModuleFileNameExW(hProcess, hMod, szFileName, sizeof(szFileName));
p = wcsrchr(szFileName, '\\');
if(wcsicmp(szProcessToFind, p+1) == 0) {
CloseHandle( hProcess );
return aProcesses[i];
}
if(wcschr(szFileName, '~')) {
if(GetLongPathNameW(szFileName, szLongFileName, sizeof(szLongFileName))) {
p = wcsrchr(szLongFileName, '\\');
if(wcsicmp(szProcessToFind, p+1) == 0) {
CloseHandle( hProcess );
return aProcesses[i];
}
}
}
} 
}
}
CloseHandle(hProcess);
}
return 0;
}
shadachi is offline   Reply With Quote