Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Win32Process.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2012-2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.coreutils;
20 
21 import com.sun.jna.Pointer;
22 import com.sun.jna.platform.win32.Kernel32;
23 import com.sun.jna.platform.win32.Kernel32Util;
24 import com.sun.jna.platform.win32.Tlhelp32;
25 import com.sun.jna.platform.win32.WinDef.DWORD;
26 import com.sun.jna.platform.win32.WinNT;
27 import java.io.IOException;
28 import java.lang.reflect.Field;
29 import java.util.ArrayList;
30 import java.util.List;
31 
37 public class Win32Process {
38  WinNT.HANDLE handle;
39  int pid;
40 
47  Win32Process (Process process) throws Exception
48  {
49  if (process.getClass().getName().equals("java.lang.Win32Process") || // NON-NLS
50  process.getClass().getName().equals("java.lang.ProcessImpl")) { // NON-NLS
51  try {
52  Field f = process.getClass().getDeclaredField("handle"); // NON-NLS
53  f.setAccessible(true);
54  long handleVal = f.getLong(process);
55  handle = new WinNT.HANDLE(Pointer.createConstant(handleVal));
56  }
57  catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException ex) {
58  throw new Exception(ex.getMessage()); // NON-NLS
59  }
60  }
61  this.pid = Kernel32.INSTANCE.GetProcessId(handle);
62  }
63 
69  Win32Process (int pid) throws Exception
70  {
71  handle = Kernel32.INSTANCE.OpenProcess (
72  0x0400| /* PROCESS_QUERY_INFORMATION */
73  0x0800| /* PROCESS_SUSPEND_RESUME */
74  0x0001| /* PROCESS_TERMINATE */
75  0x00100000 /* SYNCHRONIZE */,
76  false,
77  pid);
78  if (handle == null)
79  throw new Exception (Kernel32Util.formatMessageFromLastErrorCode (Kernel32.INSTANCE.GetLastError ()));
80  this.pid = Kernel32.INSTANCE.GetProcessId(handle);
81  }
82 
83  @Override
84  protected void finalize () throws Throwable
85  {
86  Kernel32.INSTANCE.CloseHandle (handle);
87  super.finalize();
88  }
89 
93  public void terminate ()
94  {
95  Kernel32.INSTANCE.TerminateProcess (handle, 0);
96  }
97 
103  public List<Win32Process> getChildren () throws Exception
104  {
105  ArrayList<Win32Process> result = new ArrayList<> ();
106  WinNT.HANDLE hSnap = Kernel32.INSTANCE.CreateToolhelp32Snapshot(Tlhelp32.TH32CS_SNAPPROCESS, new DWORD(0));
107  Tlhelp32.PROCESSENTRY32.ByReference ent = new Tlhelp32.PROCESSENTRY32.ByReference ();
108  if (!Kernel32.INSTANCE.Process32First (hSnap, ent)) return result;
109  do {
110  if (ent.th32ParentProcessID.intValue () == pid) result.add (new Win32Process (ent.th32ProcessID.intValue ()));
111  } while (Kernel32.INSTANCE.Process32Next (hSnap, ent));
112  Kernel32.INSTANCE.CloseHandle (hSnap);
113  return result;
114  }
115 }

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.