├── EnumProcessWay
    ├── EnumProcessWay.sln
    └── EnumProcessWay
    │   ├── EnumProcessWay.vcxproj
    │   ├── EnumProcessWay.vcxproj.filters
    │   ├── EnumProcessWay.vcxproj.user
    │   └── Source.c
├── LICENSE
├── NtGetNextProcessWay
    ├── NtGetNextProcessWay.sln
    └── NtGetNextProcessWay
    │   ├── NtGetNextProcessWay.vcxproj
    │   ├── NtGetNextProcessWay.vcxproj.filters
    │   ├── NtGetNextProcessWay.vcxproj.user
    │   ├── Source.c
    │   └── noCRT.h
├── NtQuerySystemInformationWay
    ├── NtQuerySystemInformationWay.sln
    └── NtQuerySystemInformationWay
    │   ├── NtQuerySystemInformationWay.vcxproj
    │   ├── NtQuerySystemInformationWay.vcxproj.filters
    │   ├── NtQuerySystemInformationWay.vcxproj.user
    │   └── Source.c
├── README.md
└── WTSEnumerateProcessesAWay
    ├── WTSEnumerateProcessesAWay.sln
    └── WTSEnumerateProcessesAWay
        ├── Source.c
        ├── WTSEnumerateProcessesAWay.vcxproj
        ├── WTSEnumerateProcessesAWay.vcxproj.filters
        ├── WTSEnumerateProcessesAWay.vcxproj.user
        └── noCRT.h


/EnumProcessWay/EnumProcessWay.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.8.34309.116
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EnumProcessWay", "EnumProcessWay\EnumProcessWay.vcxproj", "{2B0503C7-6C0D-412C-970C-234F56686970}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{2B0503C7-6C0D-412C-970C-234F56686970}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{2B0503C7-6C0D-412C-970C-234F56686970}.Debug|x64.Build.0 = Debug|x64
18 | 		{2B0503C7-6C0D-412C-970C-234F56686970}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{2B0503C7-6C0D-412C-970C-234F56686970}.Debug|x86.Build.0 = Debug|Win32
20 | 		{2B0503C7-6C0D-412C-970C-234F56686970}.Release|x64.ActiveCfg = Release|x64
21 | 		{2B0503C7-6C0D-412C-970C-234F56686970}.Release|x64.Build.0 = Release|x64
22 | 		{2B0503C7-6C0D-412C-970C-234F56686970}.Release|x86.ActiveCfg = Release|Win32
23 | 		{2B0503C7-6C0D-412C-970C-234F56686970}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {9E4DFA03-1CC1-4D77-BF14-303BF4B92450}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/EnumProcessWay/EnumProcessWay/EnumProcessWay.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>17.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{2b0503c7-6c0d-412c-970c-234f56686970}</ProjectGuid>
 25 |     <RootNamespace>EnumProcessWay</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |     </ClCompile>
 80 |     <Link>
 81 |       <SubSystem>Console</SubSystem>
 82 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 83 |     </Link>
 84 |   </ItemDefinitionGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 89 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 92 |       <ConformanceMode>true</ConformanceMode>
 93 |     </ClCompile>
 94 |     <Link>
 95 |       <SubSystem>Console</SubSystem>
 96 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 97 |       <OptimizeReferences>true</OptimizeReferences>
 98 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 99 |     </Link>
100 |   </ItemDefinitionGroup>
101 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
102 |     <ClCompile>
103 |       <WarningLevel>Level3</WarningLevel>
104 |       <SDLCheck>true</SDLCheck>
105 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
106 |       <ConformanceMode>true</ConformanceMode>
107 |     </ClCompile>
108 |     <Link>
109 |       <SubSystem>Console</SubSystem>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <FunctionLevelLinking>true</FunctionLevelLinking>
117 |       <IntrinsicFunctions>true</IntrinsicFunctions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
120 |       <ConformanceMode>true</ConformanceMode>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Console</SubSystem>
124 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
125 |       <OptimizeReferences>true</OptimizeReferences>
126 |       <GenerateDebugInformation>true</GenerateDebugInformation>
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemGroup>
130 |     <ClCompile Include="Source.c" />
131 |   </ItemGroup>
132 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
133 |   <ImportGroup Label="ExtensionTargets">
134 |   </ImportGroup>
135 | </Project>


--------------------------------------------------------------------------------
/EnumProcessWay/EnumProcessWay/EnumProcessWay.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="Source.c">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 | </Project>


--------------------------------------------------------------------------------
/EnumProcessWay/EnumProcessWay/EnumProcessWay.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/EnumProcessWay/EnumProcessWay/Source.c:
--------------------------------------------------------------------------------
 1 | #include <windows.h>
 2 | #include <psapi.h>
 3 | #include <stdio.h>
 4 | #include <wchar.h>
 5 | #include <stdbool.h>
 6 | 
 7 | BOOL FindTarget(LPWSTR szProcessName, DWORD* pdwPid) {
 8 | 
 9 |     BOOL found = FALSE;
10 |     DWORD adwProcesses[1024 * 2], dwReturnLen1 = NULL, dwReturnLen2 = NULL, dwNmbrOfPids = NULL;
11 |     HANDLE hProcess = NULL;
12 |     HMODULE hModule = NULL;
13 |     WCHAR szProc[MAX_PATH];
14 | 
15 |     // PIDs array grabbing
16 |     if (!EnumProcesses(adwProcesses, sizeof(adwProcesses), &dwReturnLen1)) {
17 |         wprintf(L"[!] EnumProcesses Failed With Error : %d \n", GetLastError());
18 |         return FALSE;
19 |     }
20 | 
21 |     //number of elements in the array
22 |     dwNmbrOfPids = dwReturnLen1 / sizeof(DWORD);
23 | 
24 |     wprintf(L"[i] Number Of Processes Detected : %d \n", dwNmbrOfPids);
25 | 
26 |     for (int i = 0; i < dwNmbrOfPids; i++) {
27 | 
28 |         if (adwProcesses[i] != NULL) {
29 | 
30 |             // Open a process handle
31 |             if ((hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, adwProcesses[i])) != NULL) {
32 | 
33 |                 // The module handle is needed for 'GetModuleBaseName'
34 |                 if (!EnumProcessModules(hProcess, &hModule, sizeof(HMODULE), &dwReturnLen2)) {
35 |                     continue;
36 |                 }
37 |                 else {
38 |                     // Get the name of the process
39 |                     if (!GetModuleBaseName(hProcess, hModule, szProc, sizeof(szProc) / sizeof(WCHAR))) {
40 |                         wprintf(L"[!] GetModuleBaseName Failed [ At Pid: %d ] With Error : %d \n", adwProcesses[i], GetLastError());
41 |                     }
42 |                     else {
43 | 
44 |                         // Convert the process name to lowercase
45 |                         _wcslwr_s(szProc, MAX_PATH);
46 | 
47 |                         // check if process name matches the process we're looking for
48 |                         if (wcscmp(szProc, szProcessName) == 0) {
49 |                             *pdwPid = adwProcesses[i];
50 |                             found = TRUE;
51 |                             break;
52 |                         }
53 |                     }
54 |                 }
55 | 
56 |                 CloseHandle(hProcess);
57 |             }
58 |         }
59 | 
60 |         // Iterate through the PIDs array
61 |     }
62 | 
63 |     return found;
64 | }
65 | 
66 | int main() {
67 | 
68 |     LPWSTR szProcessName = L"notepad.exe";
69 |     DWORD pdwPid = NULL;
70 |     if (FindTarget(szProcessName, &pdwPid))
71 |         wprintf(L"[+] FOUND: process %s with PID: %d\n", szProcessName, pdwPid);
72 |     else
73 |         wprintf(L"[-] NOT FOUND process %s \n", szProcessName);
74 | 
75 |     return 0;
76 | }
77 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | This is free and unencumbered software released into the public domain.
 2 | 
 3 | Anyone is free to copy, modify, publish, use, compile, sell, or
 4 | distribute this software, either in source code form or as a compiled
 5 | binary, for any purpose, commercial or non-commercial, and by any
 6 | means.
 7 | 
 8 | In jurisdictions that recognize copyright laws, the author or authors
 9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 | 
24 | For more information, please refer to <https://unlicense.org>
25 | 


--------------------------------------------------------------------------------
/NtGetNextProcessWay/NtGetNextProcessWay.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.8.34309.116
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NtGetNextProcessWay", "NtGetNextProcessWay\NtGetNextProcessWay.vcxproj", "{6EFE1254-49BE-41DC-9FEB-E39A65CC1336}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{6EFE1254-49BE-41DC-9FEB-E39A65CC1336}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{6EFE1254-49BE-41DC-9FEB-E39A65CC1336}.Debug|x64.Build.0 = Debug|x64
18 | 		{6EFE1254-49BE-41DC-9FEB-E39A65CC1336}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{6EFE1254-49BE-41DC-9FEB-E39A65CC1336}.Debug|x86.Build.0 = Debug|Win32
20 | 		{6EFE1254-49BE-41DC-9FEB-E39A65CC1336}.Release|x64.ActiveCfg = Release|x64
21 | 		{6EFE1254-49BE-41DC-9FEB-E39A65CC1336}.Release|x64.Build.0 = Release|x64
22 | 		{6EFE1254-49BE-41DC-9FEB-E39A65CC1336}.Release|x86.ActiveCfg = Release|Win32
23 | 		{6EFE1254-49BE-41DC-9FEB-E39A65CC1336}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {31FD26F7-A69E-4893-A893-966EEAE99B09}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/NtGetNextProcessWay/NtGetNextProcessWay/NtGetNextProcessWay.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>17.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{6efe1254-49be-41dc-9feb-e39a65cc1336}</ProjectGuid>
 25 |     <RootNamespace>NtGetNextProcessWay</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |     </ClCompile>
 80 |     <Link>
 81 |       <SubSystem>Console</SubSystem>
 82 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 83 |     </Link>
 84 |   </ItemDefinitionGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 89 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 92 |       <ConformanceMode>true</ConformanceMode>
 93 |     </ClCompile>
 94 |     <Link>
 95 |       <SubSystem>Console</SubSystem>
 96 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 97 |       <OptimizeReferences>true</OptimizeReferences>
 98 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 99 |     </Link>
100 |   </ItemDefinitionGroup>
101 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
102 |     <ClCompile>
103 |       <WarningLevel>Level3</WarningLevel>
104 |       <SDLCheck>true</SDLCheck>
105 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
106 |       <ConformanceMode>true</ConformanceMode>
107 |     </ClCompile>
108 |     <Link>
109 |       <SubSystem>Console</SubSystem>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <FunctionLevelLinking>true</FunctionLevelLinking>
117 |       <IntrinsicFunctions>true</IntrinsicFunctions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
120 |       <ConformanceMode>true</ConformanceMode>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Console</SubSystem>
124 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
125 |       <OptimizeReferences>true</OptimizeReferences>
126 |       <GenerateDebugInformation>true</GenerateDebugInformation>
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemGroup>
130 |     <ClCompile Include="Source.c" />
131 |   </ItemGroup>
132 |   <ItemGroup>
133 |     <ClInclude Include="noCRT.h" />
134 |   </ItemGroup>
135 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
136 |   <ImportGroup Label="ExtensionTargets">
137 |   </ImportGroup>
138 | </Project>


--------------------------------------------------------------------------------
/NtGetNextProcessWay/NtGetNextProcessWay/NtGetNextProcessWay.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="Source.c">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 |   <ItemGroup>
23 |     <ClInclude Include="noCRT.h">
24 |       <Filter>Header Files</Filter>
25 |     </ClInclude>
26 |   </ItemGroup>
27 | </Project>


--------------------------------------------------------------------------------
/NtGetNextProcessWay/NtGetNextProcessWay/NtGetNextProcessWay.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/NtGetNextProcessWay/NtGetNextProcessWay/Source.c:
--------------------------------------------------------------------------------
 1 | #include <windows.h>
 2 | #include <psapi.h>
 3 | #include <strsafe.h>
 4 | #include <shlwapi.h>
 5 | #include "noCRT.h"
 6 | 
 7 | #pragma comment(lib, "shlwapi.lib")
 8 | 
 9 | typedef NTSTATUS(NTAPI* _NtGetNextProcess)(
10 |     HANDLE ProcessHandle,
11 |     ACCESS_MASK DesiredAccess,
12 |     ULONG HandleAttributes,
13 |     ULONG Flags,
14 |     PHANDLE NewProcessHandle
15 |     );
16 | 
17 | BOOL FindTarget(LPWSTR szProcessName, DWORD* pdwPid) {
18 |     BOOL found = FALSE;
19 |     HANDLE current = NULL;
20 |     WCHAR procName[MAX_PATH];
21 | 
22 |     _NtGetNextProcess myNtGetNextProcess = (_NtGetNextProcess)GetProcAddress(GetModuleHandleA("NTDLL.DLL"), "NtGetNextProcess");
23 | 
24 |     while (!myNtGetNextProcess(current, MAXIMUM_ALLOWED, 0, 0, &current)) {
25 |        
26 |         RtlSecureZeroMemory(procName, sizeof(procName));
27 |         if (GetProcessImageFileNameW(current, procName, MAX_PATH)) {
28 |             WCHAR LowerName[MAX_PATH];
29 |             DWORD dwSize = lstrlenW(PathFindFileNameW(procName));
30 |             DWORD j = 0;
31 | 
32 |             if (dwSize < MAX_PATH) {
33 |                 for (; j < dwSize; j++) {
34 |                     LowerName[j] = (WCHAR)tolower(PathFindFileNameW(procName)[j]);
35 |                 }
36 |                 LowerName[j] = L'\0';
37 | 
38 |                 if (lstrcmpiW(szProcessName, LowerName) == 0) {
39 |                     *pdwPid = GetProcessId(current);
40 |                     found = TRUE;
41 |                     break;
42 |                 }
43 |             }
44 |         }
45 |     }
46 |     return found;
47 | }
48 | 
49 | int main() {
50 | 
51 |     LPWSTR szProcessName = L"notepad.exe";
52 |     DWORD pdwPid = 0;
53 |     if (FindTarget(szProcessName, &pdwPid)) {
54 |         PRINTW(L"[+] FOUND: process %s with PID: %d\n", szProcessName, pdwPid);
55 |     }
56 |     else {
57 |         PRINTW(L"[-] NOT FOUND process %s \n", szProcessName);
58 |     }
59 | 
60 |     return 0;
61 | }
62 | 


--------------------------------------------------------------------------------
/NtGetNextProcessWay/NtGetNextProcessWay/noCRT.h:
--------------------------------------------------------------------------------
 1 | #include <Windows.h>
 2 | 
 3 | #define PRINTW(STR, ...)                                                                      \
 4 |     if (1) {                                                                                  \
 5 |         HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);                                     \
 6 |         if (hConsole != INVALID_HANDLE_VALUE) {                                                \
 7 |             LPWSTR buf = (LPWSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 1024);          \
 8 |             if (buf != NULL) {                                                                 \
 9 |                 int len = swprintf_s(buf, 1024, STR, __VA_ARGS__);                             \
10 |                 WriteConsoleW(hConsole, buf, len, NULL, NULL);                                  \
11 |                 HeapFree(GetProcessHeap(), 0, buf);                                            \
12 |             }                                                                                 \
13 |         }                                                                                     \
14 |     }
15 | 
16 | #define PRINTA(STR, ...)                                                                      \
17 |     if (1) {                                                                                  \
18 |         HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);                                     \
19 |         if (hConsole != INVALID_HANDLE_VALUE) {                                                \
20 |             LPSTR buf = (LPSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 1024);            \
21 |             if (buf != NULL) {                                                                 \
22 |                 int len = sprintf_s(buf, 1024, STR, __VA_ARGS__);                              \
23 |                 WriteConsoleA(hConsole, buf, len, NULL, NULL);                                  \
24 |                 HeapFree(GetProcessHeap(), 0, buf);                                            \
25 |             }                                                                                 \
26 |         }                                                                                     \
27 |     }
28 | 


--------------------------------------------------------------------------------
/NtQuerySystemInformationWay/NtQuerySystemInformationWay.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.8.34309.116
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NtQuerySystemInformationWay", "NtQuerySystemInformationWay\NtQuerySystemInformationWay.vcxproj", "{3487298F-E97C-4957-8B9D-51DBB3CFDF49}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{3487298F-E97C-4957-8B9D-51DBB3CFDF49}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{3487298F-E97C-4957-8B9D-51DBB3CFDF49}.Debug|x64.Build.0 = Debug|x64
18 | 		{3487298F-E97C-4957-8B9D-51DBB3CFDF49}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{3487298F-E97C-4957-8B9D-51DBB3CFDF49}.Debug|x86.Build.0 = Debug|Win32
20 | 		{3487298F-E97C-4957-8B9D-51DBB3CFDF49}.Release|x64.ActiveCfg = Release|x64
21 | 		{3487298F-E97C-4957-8B9D-51DBB3CFDF49}.Release|x64.Build.0 = Release|x64
22 | 		{3487298F-E97C-4957-8B9D-51DBB3CFDF49}.Release|x86.ActiveCfg = Release|Win32
23 | 		{3487298F-E97C-4957-8B9D-51DBB3CFDF49}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {51845421-4675-4C7B-BFCC-675BA657A59E}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/NtQuerySystemInformationWay/NtQuerySystemInformationWay/NtQuerySystemInformationWay.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>17.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{3487298f-e97c-4957-8b9d-51dbb3cfdf49}</ProjectGuid>
 25 |     <RootNamespace>NtQuerySystemInformationWay</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |     </ClCompile>
 80 |     <Link>
 81 |       <SubSystem>Console</SubSystem>
 82 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 83 |     </Link>
 84 |   </ItemDefinitionGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 89 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 92 |       <ConformanceMode>true</ConformanceMode>
 93 |     </ClCompile>
 94 |     <Link>
 95 |       <SubSystem>Console</SubSystem>
 96 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 97 |       <OptimizeReferences>true</OptimizeReferences>
 98 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 99 |     </Link>
100 |   </ItemDefinitionGroup>
101 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
102 |     <ClCompile>
103 |       <WarningLevel>Level3</WarningLevel>
104 |       <SDLCheck>true</SDLCheck>
105 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
106 |       <ConformanceMode>true</ConformanceMode>
107 |     </ClCompile>
108 |     <Link>
109 |       <SubSystem>Console</SubSystem>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <FunctionLevelLinking>true</FunctionLevelLinking>
117 |       <IntrinsicFunctions>true</IntrinsicFunctions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
120 |       <ConformanceMode>true</ConformanceMode>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Console</SubSystem>
124 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
125 |       <OptimizeReferences>true</OptimizeReferences>
126 |       <GenerateDebugInformation>true</GenerateDebugInformation>
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemGroup>
130 |     <ClCompile Include="Source.c" />
131 |   </ItemGroup>
132 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
133 |   <ImportGroup Label="ExtensionTargets">
134 |   </ImportGroup>
135 | </Project>


--------------------------------------------------------------------------------
/NtQuerySystemInformationWay/NtQuerySystemInformationWay/NtQuerySystemInformationWay.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="Source.c">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 | </Project>


--------------------------------------------------------------------------------
/NtQuerySystemInformationWay/NtQuerySystemInformationWay/NtQuerySystemInformationWay.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/NtQuerySystemInformationWay/NtQuerySystemInformationWay/Source.c:
--------------------------------------------------------------------------------
  1 | #include <windows.h>
  2 | #include <stdio.h>
  3 | 
  4 | typedef struct _UNICODE_STRING {
  5 |     USHORT Length;
  6 |     USHORT MaximumLength;
  7 |     PWSTR  Buffer;
  8 | } UNICODE_STRING;
  9 | typedef UNICODE_STRING* PUNICODE_STRING;
 10 | typedef const UNICODE_STRING* PCUNICODE_STRING;
 11 | 
 12 | typedef LONG KPRIORITY;
 13 | 
 14 | typedef struct _CLIENT_ID {
 15 |     HANDLE UniqueProcess;
 16 |     HANDLE UniqueThread;
 17 | } CLIENT_ID;
 18 | 
 19 | typedef struct _SYSTEM_PROCESS_INFORMATION {
 20 |     ULONG NextEntryOffset;
 21 |     ULONG NumberOfThreads;
 22 |     BYTE Reserved1[48];
 23 |     UNICODE_STRING ImageName;
 24 |     KPRIORITY BasePriority;
 25 |     HANDLE UniqueProcessId;
 26 |     PVOID Reserved2;
 27 |     ULONG HandleCount;
 28 |     ULONG SessionId;
 29 |     PVOID Reserved3;
 30 |     SIZE_T PeakVirtualSize;
 31 |     SIZE_T VirtualSize;
 32 |     ULONG Reserved4;
 33 |     SIZE_T PeakWorkingSetSize;
 34 |     SIZE_T WorkingSetSize;
 35 |     PVOID Reserved5;
 36 |     SIZE_T QuotaPagedPoolUsage;
 37 |     PVOID Reserved6;
 38 |     SIZE_T QuotaNonPagedPoolUsage;
 39 |     SIZE_T PagefileUsage;
 40 |     SIZE_T PeakPagefileUsage;
 41 |     SIZE_T PrivatePageCount;
 42 |     LARGE_INTEGER Reserved7[6];
 43 | } SYSTEM_PROCESS_INFORMATION, * PSYSTEM_PROCESS_INFORMATION;
 44 | 
 45 | typedef enum _SYSTEM_INFORMATION_CLASS {
 46 |     SystemBasicInformation = 0,
 47 |     SystemPerformanceInformation = 2,
 48 |     SystemTimeOfDayInformation = 3,
 49 |     SystemProcessInformation = 5,
 50 |     SystemProcessorPerformanceInformation = 8,
 51 |     SystemInterruptInformation = 23,
 52 |     SystemExceptionInformation = 33,
 53 |     SystemRegistryQuotaInformation = 37,
 54 |     SystemLookasideInformation = 45,
 55 |     SystemCodeIntegrityInformation = 103,
 56 |     SystemPolicyInformation = 134,
 57 | } SYSTEM_INFORMATION_CLASS;
 58 | 
 59 | typedef NTSTATUS(NTAPI* _NtQuerySystemInformation)(
 60 | 	SYSTEM_INFORMATION_CLASS SystemInformationClass,
 61 | 	PVOID                    SystemInformation,
 62 | 	ULONG                    SystemInformationLength,
 63 | 	PULONG                   ReturnLength
 64 | 	);
 65 | 
 66 | BOOL FindTarget(LPCWSTR szProcName, DWORD* pdwPid) {
 67 | 
 68 |     BOOL                         found = FALSE;
 69 |     _NtQuerySystemInformation    myNtQuerySystemInformation = NULL;
 70 |     ULONG                        uReturnLen1 = NULL, uReturnLen2 = NULL;
 71 |     PSYSTEM_PROCESS_INFORMATION  SystemProcInfo = NULL;
 72 |     NTSTATUS                     STATUS = NULL;
 73 |     PVOID                        pValueToFree = NULL;
 74 | 
 75 |     myNtQuerySystemInformation = (_NtQuerySystemInformation)GetProcAddress(GetModuleHandleA("NTDLL.DLL"), "NtQuerySystemInformation");
 76 |     if (myNtQuerySystemInformation == NULL) {
 77 |         printf("[!] GetProcAddress Failed With Error : %d\n", GetLastError());
 78 |         return FALSE;
 79 |     }
 80 | 
 81 |     myNtQuerySystemInformation(SystemProcessInformation, NULL, NULL, &uReturnLen1);
 82 | 
 83 |     SystemProcInfo = (PSYSTEM_PROCESS_INFORMATION)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (SIZE_T)uReturnLen1);
 84 |     if (SystemProcInfo == NULL) {
 85 |         printf("[!] HeapAlloc Failed With Error : %d\n", GetLastError());
 86 |         return FALSE;
 87 |     }
 88 | 
 89 |     pValueToFree = SystemProcInfo;
 90 | 
 91 |     STATUS = myNtQuerySystemInformation(SystemProcessInformation, SystemProcInfo, uReturnLen1, &uReturnLen2);
 92 |     if (STATUS != 0x0) {
 93 |         printf("[!] NtQuerySystemInformation Failed With Error : 0x%0.8X \n", STATUS);
 94 |         return FALSE;
 95 |     }
 96 | 
 97 |     while (TRUE) {
 98 | 
 99 |         // Comparing process name to the intended target process
100 |         if (SystemProcInfo->ImageName.Length && wcscmp(SystemProcInfo->ImageName.Buffer, szProcName) == 0) {
101 |                 *pdwPid = (DWORD)SystemProcInfo->UniqueProcessId;
102 |                 found = TRUE;
103 |                 break;
104 |         }
105 | 
106 |         // If NextEntryOffset is 0, we reached the end of the array
107 |         if (!SystemProcInfo->NextEntryOffset)
108 |             break;
109 | 
110 |         // Move to the next element
111 |         SystemProcInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)SystemProcInfo + SystemProcInfo->NextEntryOffset);
112 |     }
113 | 
114 |     HeapFree(GetProcessHeap(), 0, pValueToFree);
115 | 
116 |     return found;
117 | }
118 | 
119 | int main() {
120 | 
121 |     LPCWSTR szProcessName = L"notepad.exe";
122 |     DWORD pdwPid = NULL;
123 |     if (FindTarget(szProcessName, &pdwPid))
124 |         wprintf(L"[+] FOUND: process %s with PID: %d\n", szProcessName, pdwPid);
125 |     else
126 |         wprintf(L"[-] NOT FOUND process %s \n", szProcessName);
127 | 
128 |     return 0;
129 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # PEAs (Process Enumeration Alternatives)
 2 | 
 3 | Process Enumeration alternatives that avoid the use of `CreateToolhelp32Snapshot`, `Process32First`, `Process32Next` WinAPIs to enumerate running processes on windows. 
 4 | 
 5 | ## Purpose
 6 | 
 7 | This repository shows undocumented Native APIs to get the list of running processes without following the classic flow explained below:
 8 | 
 9 | * Take a snapshot of the current list of Windows processes using `CreateToolhelp32Snapshot`
10 | * Get the first process in the snapshot list using `Process32First`
11 | * Iterate through the subsequent processes using `Process32Next` until the error ERROR_NO_MORE_FILES is received, which is the signal to end the process enumeration operation
12 | 


--------------------------------------------------------------------------------
/WTSEnumerateProcessesAWay/WTSEnumerateProcessesAWay.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.8.34309.116
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WTSEnumerateProcessesAWay", "WTSEnumerateProcessesAWay\WTSEnumerateProcessesAWay.vcxproj", "{71950C88-027D-4725-AC95-DC5700CD087E}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{71950C88-027D-4725-AC95-DC5700CD087E}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{71950C88-027D-4725-AC95-DC5700CD087E}.Debug|x64.Build.0 = Debug|x64
18 | 		{71950C88-027D-4725-AC95-DC5700CD087E}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{71950C88-027D-4725-AC95-DC5700CD087E}.Debug|x86.Build.0 = Debug|Win32
20 | 		{71950C88-027D-4725-AC95-DC5700CD087E}.Release|x64.ActiveCfg = Release|x64
21 | 		{71950C88-027D-4725-AC95-DC5700CD087E}.Release|x64.Build.0 = Release|x64
22 | 		{71950C88-027D-4725-AC95-DC5700CD087E}.Release|x86.ActiveCfg = Release|Win32
23 | 		{71950C88-027D-4725-AC95-DC5700CD087E}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {50B240DC-8A79-44F1-AD1A-3C7CE54050FC}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/WTSEnumerateProcessesAWay/WTSEnumerateProcessesAWay/Source.c:
--------------------------------------------------------------------------------
 1 | #include <windows.h>
 2 | #include <strsafe.h>
 3 | #include <wtsapi32.h>
 4 | #include "noCRT.h"
 5 | 
 6 | #pragma comment(lib, "wtsapi32.lib")
 7 | 
 8 | int FindTarget(LPCWSTR szProcessName, DWORD* pdwPid) {
 9 |     BOOL found = FALSE;
10 |     WTS_PROCESS_INFOW* pi;
11 | 
12 |     DWORD level = 1;
13 |     DWORD count = 0;
14 | 
15 |     if (!WTSEnumerateProcessesW(WTS_CURRENT_SERVER_HANDLE, 0, level, (LPWSTR*)&pi, &count)) {
16 |         return 0;
17 |     }
18 | 
19 |     for (int i = 0; i < count; i++) {
20 |         WCHAR LowerName[MAX_PATH * 2];
21 |         DWORD dwSize = lstrlenW(pi[i].pProcessName);
22 |         DWORD j = 0;
23 | 
24 |         if (dwSize < MAX_PATH * 2) {
25 |             for (; j < dwSize; j++) {
26 |                 LowerName[j] = (WCHAR)tolower(pi[i].pProcessName[j]);
27 |             }
28 |             LowerName[j] = L'\0';
29 |         }
30 | 
31 |         if (lstrcmpiW(szProcessName, LowerName) == 0) {
32 |             *pdwPid = pi[i].ProcessId;
33 |             found = TRUE;
34 |             break;
35 |         }
36 |     }
37 | 
38 |     WTSFreeMemory(pi);
39 |     return found;
40 | }
41 | 
42 | int main()
43 | {
44 |     LPCWSTR szProcessName = L"notepad.exe";
45 |     DWORD pdwPid = 0;
46 |     if (FindTarget(szProcessName, &pdwPid)) {
47 |         PRINTW(L"[+] FOUND: process %s with PID: %d\n", szProcessName, pdwPid);
48 |     }
49 |     else {
50 |         PRINTW(L"[-] NOT FOUND process %s \n", szProcessName);
51 |     }
52 | 
53 |     return 0;
54 | }


--------------------------------------------------------------------------------
/WTSEnumerateProcessesAWay/WTSEnumerateProcessesAWay/WTSEnumerateProcessesAWay.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>17.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{71950c88-027d-4725-ac95-dc5700cd087e}</ProjectGuid>
 25 |     <RootNamespace>WTSEnumerateProcessesAWay</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |     </ClCompile>
 80 |     <Link>
 81 |       <SubSystem>Console</SubSystem>
 82 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 83 |     </Link>
 84 |   </ItemDefinitionGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 89 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 92 |       <ConformanceMode>true</ConformanceMode>
 93 |     </ClCompile>
 94 |     <Link>
 95 |       <SubSystem>Console</SubSystem>
 96 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 97 |       <OptimizeReferences>true</OptimizeReferences>
 98 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 99 |     </Link>
100 |   </ItemDefinitionGroup>
101 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
102 |     <ClCompile>
103 |       <WarningLevel>Level3</WarningLevel>
104 |       <SDLCheck>true</SDLCheck>
105 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
106 |       <ConformanceMode>true</ConformanceMode>
107 |     </ClCompile>
108 |     <Link>
109 |       <SubSystem>Console</SubSystem>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <FunctionLevelLinking>true</FunctionLevelLinking>
117 |       <IntrinsicFunctions>true</IntrinsicFunctions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
120 |       <ConformanceMode>true</ConformanceMode>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Console</SubSystem>
124 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
125 |       <OptimizeReferences>true</OptimizeReferences>
126 |       <GenerateDebugInformation>true</GenerateDebugInformation>
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemGroup>
130 |     <ClCompile Include="Source.c" />
131 |   </ItemGroup>
132 |   <ItemGroup>
133 |     <ClInclude Include="noCRT.h" />
134 |   </ItemGroup>
135 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
136 |   <ImportGroup Label="ExtensionTargets">
137 |   </ImportGroup>
138 | </Project>


--------------------------------------------------------------------------------
/WTSEnumerateProcessesAWay/WTSEnumerateProcessesAWay/WTSEnumerateProcessesAWay.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="Source.c">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 |   <ItemGroup>
23 |     <ClInclude Include="noCRT.h">
24 |       <Filter>Header Files</Filter>
25 |     </ClInclude>
26 |   </ItemGroup>
27 | </Project>


--------------------------------------------------------------------------------
/WTSEnumerateProcessesAWay/WTSEnumerateProcessesAWay/WTSEnumerateProcessesAWay.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/WTSEnumerateProcessesAWay/WTSEnumerateProcessesAWay/noCRT.h:
--------------------------------------------------------------------------------
 1 | #include <Windows.h>
 2 | 
 3 | #define PRINTW(STR, ...)                                                                      \
 4 |     if (1) {                                                                                  \
 5 |         HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);                                     \
 6 |         if (hConsole != INVALID_HANDLE_VALUE) {                                                \
 7 |             LPWSTR buf = (LPWSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 1024);          \
 8 |             if (buf != NULL) {                                                                 \
 9 |                 int len = swprintf_s(buf, 1024, STR, __VA_ARGS__);                             \
10 |                 WriteConsoleW(hConsole, buf, len, NULL, NULL);                                  \
11 |                 HeapFree(GetProcessHeap(), 0, buf);                                            \
12 |             }                                                                                 \
13 |         }                                                                                     \
14 |     }
15 | 
16 | #define PRINTA(STR, ...)                                                                      \
17 |     if (1) {                                                                                  \
18 |         HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);                                     \
19 |         if (hConsole != INVALID_HANDLE_VALUE) {                                                \
20 |             LPSTR buf = (LPSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 1024);            \
21 |             if (buf != NULL) {                                                                 \
22 |                 int len = sprintf_s(buf, 1024, STR, __VA_ARGS__);                              \
23 |                 WriteConsoleA(hConsole, buf, len, NULL, NULL);                                  \
24 |                 HeapFree(GetProcessHeap(), 0, buf);                                            \
25 |             }                                                                                 \
26 |         }                                                                                     \
27 |     }
28 | 


--------------------------------------------------------------------------------