-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwinreaper.cpp
232 lines (190 loc) · 7.5 KB
/
winreaper.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
#include <windows.h>
#include <tlhelp32.h>
#include <iostream>
#include <thread>
#include <chrono>
#include <unordered_map>
#include <string>
struct ProcessInfo {
DWORD pid;
std::wstring name;
DWORD parentPid;
std::wstring commandLine;
bool isValid;
};
bool isProcessRunning(DWORD pid) {
HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid);
if (hProcess == NULL) return false;
DWORD exitCode;
bool isRunning = GetExitCodeProcess(hProcess, &exitCode) && exitCode == STILL_ACTIVE;
CloseHandle(hProcess);
return isRunning;
}
// Move getProcessInfo before ProcessTree
ProcessInfo getProcessInfo(DWORD pid) {
ProcessInfo info = { pid, L"", 0, L"", false };
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot != INVALID_HANDLE_VALUE) {
PROCESSENTRY32W entry;
entry.dwSize = sizeof(PROCESSENTRY32W);
if (Process32FirstW(hSnapshot, &entry)) {
do {
if (entry.th32ProcessID == pid) {
info.name = entry.szExeFile;
info.parentPid = entry.th32ParentProcessID;
info.isValid = true;
break;
}
} while (Process32NextW(hSnapshot, &entry));
}
CloseHandle(hSnapshot);
}
if (info.name.empty() && info.isValid) {
info.name = L"<unknown>";
}
return info;
}
class ProcessTree {
private:
std::unordered_map<DWORD, ProcessInfo> processes;
DWORD rootPid;
DWORD gameProcessPid;
std::wstring initialCommand;
public:
ProcessTree(DWORD initialPid, const std::wstring& cmd)
: rootPid(initialPid), gameProcessPid(0), initialCommand(cmd) {
// Add the current process (winreaper) to the tracked processes
ProcessInfo self = getProcessInfo(GetCurrentProcessId());
self.commandLine = initialCommand;
processes[GetCurrentProcessId()] = self;
}
bool shouldTrack(DWORD pid, DWORD parentPid) const {
// Track if it's the root process
if (pid == rootPid) return true;
// Track if it's a child of any process we're already tracking
if (processes.find(parentPid) != processes.end()) return true;
// Track if it's the game process or its children
if (gameProcessPid != 0 && (pid == gameProcessPid || isDescendant(parentPid))) return true;
return false;
}
bool isDescendant(DWORD pid) const {
if (pid == 0) return false;
DWORD currentPid = pid;
int depth = 0; // Prevent infinite loops
while (currentPid != 0 && depth < 10) {
if (currentPid == rootPid || currentPid == gameProcessPid) return true;
auto it = processes.find(currentPid);
if (it == processes.end()) break;
currentPid = it->second.parentPid;
depth++;
}
return false;
}
void addProcess(const ProcessInfo& info) {
processes[info.pid] = info;
// If this is the game process, track it
if (info.name.find(L"APlagueTaleInnocence_x64.exe") != std::wstring::npos) {
gameProcessPid = info.pid;
}
}
bool isTracked(DWORD pid) const {
return processes.find(pid) != processes.end();
}
bool isWatchedForExit(DWORD pid) const {
return pid == gameProcessPid || isDescendant(pid);
}
std::wstring getProcessName(DWORD pid) const {
if (pid == GetCurrentProcessId()) {
return L"winreaper.exe"; // Always return our own name
}
auto it = processes.find(pid);
return it != processes.end() ? it->second.name : L"<unknown>";
}
bool isRunning() const {
for (const auto& pair : processes) {
if (isProcessRunning(pair.first)) {
if (pair.first == gameProcessPid || isDescendant(pair.first)) {
return true;
}
}
}
return false;
}
};
int wmain(int argc, wchar_t* argv[]) {
if (argc < 2) {
std::wcerr << L"Usage: " << argv[0] << L" <program> [args...]\n";
return 1;
}
std::wstring commandLine = argv[1];
for (int i = 2; i < argc; ++i) {
commandLine += L" ";
commandLine += argv[i];
}
STARTUPINFOW si = { sizeof(si) };
PROCESS_INFORMATION pi;
if (!CreateProcessW(NULL, commandLine.data(), NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) {
std::wcerr << L"Failed to create process: " << GetLastError() << L"\n";
return 1;
}
ProcessTree processTree(pi.dwProcessId, commandLine);
std::unordered_map<DWORD, ProcessInfo> currentProcesses;
std::unordered_map<DWORD, ProcessInfo> previousProcesses;
std::this_thread::sleep_for(std::chrono::milliseconds(100));
while (true) {
currentProcesses.clear();
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot != INVALID_HANDLE_VALUE) {
PROCESSENTRY32W entry;
entry.dwSize = sizeof(PROCESSENTRY32W);
if (Process32FirstW(hSnapshot, &entry)) {
do {
ProcessInfo info = {
entry.th32ProcessID,
entry.szExeFile,
entry.th32ParentProcessID,
L"",
true
};
currentProcesses[entry.th32ProcessID] = info;
if (previousProcesses.find(entry.th32ProcessID) == previousProcesses.end() &&
processTree.shouldTrack(entry.th32ProcessID, entry.th32ParentProcessID)) {
processTree.addProcess(info);
std::wcout << L"[+] New process: " << info.name
<< L" (PID: " << info.pid
<< L", Parent: " << processTree.getProcessName(info.parentPid)
<< L" [" << info.parentPid << L"])";
// Add indicator if this process is being watched for program exit
if (processTree.isWatchedForExit(info.pid)) {
std::wcout << L" [TRACKED]";
}
std::wcout << L"\n";
}
} while (Process32NextW(hSnapshot, &entry));
}
CloseHandle(hSnapshot);
}
// Check for ended processes
for (const auto& prev : previousProcesses) {
if ((currentProcesses.find(prev.first) == currentProcesses.end() || !isProcessRunning(prev.first))
&& processTree.isTracked(prev.first)) {
const ProcessInfo& info = prev.second;
std::wcout << L"[-] Process ended: " << info.name
<< L" (PID: " << info.pid << L")";
if (processTree.isWatchedForExit(info.pid)) {
std::wcout << L" [TRACKED]";
}
std::wcout << L"\n";
}
}
previousProcesses = currentProcesses;
if (!processTree.isRunning()) {
std::wcout << L"All tracked processes have ended. Exiting...\n";
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
return 0;
}
std::this_thread::sleep_for(std::chrono::milliseconds(100));
}
return 0;
}