Autopsy  4.9.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Win32Process.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2012-2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.coreutils;
20 
21 import com.sun.jna.Pointer;
22 import com.sun.jna.platform.win32.Kernel32;
23 import com.sun.jna.platform.win32.Kernel32Util;
24 import com.sun.jna.platform.win32.Tlhelp32;
25 import com.sun.jna.platform.win32.WinDef.DWORD;
26 import com.sun.jna.platform.win32.WinNT;
27 import java.io.IOException;
28 import java.lang.reflect.Field;
29 import java.util.ArrayList;
30 import java.util.List;
31 
37 public class Win32Process {
38 
39  WinNT.HANDLE handle;
40  int pid;
41 
50  Win32Process(Process process) throws Exception {
51  if (process.getClass().getName().equals("java.lang.Win32Process") || // NON-NLS
52  process.getClass().getName().equals("java.lang.ProcessImpl")) { // NON-NLS
53  try {
54  Field f = process.getClass().getDeclaredField("handle"); // NON-NLS
55  f.setAccessible(true);
56  long handleVal = f.getLong(process);
57  handle = new WinNT.HANDLE(Pointer.createConstant(handleVal));
58  } catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException ex) {
59  throw new Exception(ex.getMessage()); // NON-NLS
60  }
61  }
62  this.pid = Kernel32.INSTANCE.GetProcessId(handle);
63  }
64 
72  Win32Process(int pid) throws Exception {
73  handle = Kernel32.INSTANCE.OpenProcess(
74  0x0400
75  | /*
76  * PROCESS_QUERY_INFORMATION
77  */ 0x0800
78  | /*
79  * PROCESS_SUSPEND_RESUME
80  */ 0x0001
81  | /*
82  * PROCESS_TERMINATE
83  */ 0x00100000 /*
84  * SYNCHRONIZE
85  */,
86  false,
87  pid);
88  if (handle == null) {
89  throw new Exception(Kernel32Util.formatMessageFromLastErrorCode(Kernel32.INSTANCE.GetLastError()));
90  }
91  this.pid = Kernel32.INSTANCE.GetProcessId(handle);
92  }
93 
94  @Override
95  protected void finalize() throws Throwable {
96  Kernel32.INSTANCE.CloseHandle(handle);
97  super.finalize();
98  }
99 
103  public void terminate() {
104  Kernel32.INSTANCE.TerminateProcess(handle, 0);
105  }
106 
114  public List<Win32Process> getChildren() throws Exception {
115  ArrayList<Win32Process> result = new ArrayList<>();
116  WinNT.HANDLE hSnap = Kernel32.INSTANCE.CreateToolhelp32Snapshot(Tlhelp32.TH32CS_SNAPPROCESS, new DWORD(0));
117  Tlhelp32.PROCESSENTRY32.ByReference ent = new Tlhelp32.PROCESSENTRY32.ByReference();
118  if (!Kernel32.INSTANCE.Process32First(hSnap, ent)) {
119  return result;
120  }
121  do {
122  if (ent.th32ParentProcessID.intValue() == pid) {
123  result.add(new Win32Process(ent.th32ProcessID.intValue()));
124  }
125  } while (Kernel32.INSTANCE.Process32Next(hSnap, ent));
126  Kernel32.INSTANCE.CloseHandle(hSnap);
127  return result;
128  }
129 }

Copyright © 2012-2018 Basis Technology. Generated on: Tue Dec 18 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.