Enhance logging functionality: add dynamic log file naming and improve process/thread ID handling in main.c

woldann · woldann · commit 2e8e99527996 · 2025-12-01T07:57:27.000+03:00
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -45,15 +45,17 @@ option(DEBUG_BUILD "Enable debug build with verbose logging (LOG_LEVEL_3)" OFF)
 
 if(DEBUG_BUILD)
   set(LOG_LEVEL_DEF "LOG_LEVEL_3")
+  set(LOG_FILE_NAME "ghostinjector-debug.log")
 else()
   set(LOG_LEVEL_DEF "LOG_LEVEL_2")
+  set(LOG_FILE_NAME "ghostinjector.log")
 endif()
 
 target_compile_definitions(${EXECUTABLE_NAME} PRIVATE
   ${LOG_LEVEL_DEF}
   NEPTUNE_MODULERULES_HEADER="ntosutils_rules.h"
   NEPTUNE_ENABLE_MEMMEM
   VERSION=${PROJECT_VERSION}
-  LOG_FILE_PATH=L"ghostinjector.log"
+  LOG_FILE_PATH=L"${LOG_FILE_NAME}"
   LOG_ON_STDOUT=1
 )
diff --git a/src/main.c b/src/main.c
@@ -24,14 +24,102 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <stdbool.h>
 #include <string.h>
 #include <windows.h>
+#include <tlhelp32.h>
 
 #include "nerror.h"
 #include "ntosutils.h"
 #include "ntmem.h"
 #include "ntosutilswin.h"
 
+/**
+ * @brief Check if the given ID is a process ID
+ * @param id The ID to check
+ * @return true if it's a process ID, false if not (likely a thread ID)
+ */
+static bool is_process_id(uint32_t id)
+{
+	HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+	if (snap == INVALID_HANDLE_VALUE)
+		return false;
+
+	PROCESSENTRY32 pe = { .dwSize = sizeof(pe) };
+
+	if (Process32First(snap, &pe)) {
+		do {
+			if (pe.th32ProcessID == id) {
+				CloseHandle(snap);
+				return true;
+			}
+		} while (Process32Next(snap, &pe));
+	}
+
+	CloseHandle(snap);
+	return false;
+}
+
+/**
+ * @brief Get the process ID that owns the given thread
+ * @param thread_id The thread ID
+ * @return Process ID, or 0 if not found
+ */
+static DWORD get_process_id_from_thread(DWORD thread_id)
+{
+	HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
+	if (snap == INVALID_HANDLE_VALUE)
+		return 0;
+
+	THREADENTRY32 te = { .dwSize = sizeof(te) };
+
+	if (Thread32First(snap, &te)) {
+		do {
+			if (te.th32ThreadID == thread_id) {
+				DWORD pid = te.th32OwnerProcessID;
+				CloseHandle(snap);
+				return pid;
+			}
+		} while (Thread32Next(snap, &te));
+	}
+
+	CloseHandle(snap);
+	return 0;
+}
+
+#ifdef LOG_LEVEL_3
+/**
+ * @brief Log all modules loaded in the target process
+ * @param pid The process ID
+ */
+static void log_process_modules(DWORD pid)
+{
+	HANDLE snap = CreateToolhelp32Snapshot(
+		TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, pid);
+	if (snap == INVALID_HANDLE_VALUE) {
+		LOG_WARN(
+			"Failed to enumerate modules for process %u (error: %lu)",
+			pid, GetLastError());
+		return;
+	}
+
+	MODULEENTRY32 me = { .dwSize = sizeof(me) };
+	int count = 0;
+
+	LOG_INFO("=== Modules loaded in process %u ===", pid);
+
+	if (Module32First(snap, &me)) {
+		do {
+			LOG_INFO("  [%d] %s (base: %p, size: %u)", ++count,
+				 me.szModule, me.modBaseAddr, me.modBaseSize);
+		} while (Module32Next(snap, &me));
+	}
+
+	LOG_INFO("=== Total: %d modules ===", count);
+	CloseHandle(snap);
+}
+#endif
+
 void print_usage()
 {
 	printf("GhostInjector - DLL Injection tool for Windows processes\n\n");
@@ -59,7 +147,6 @@ int main(int argc, char *argv[])
 
 #ifdef LOG_LEVEL_1
 	LOG_INFO("Neptune initialized!");
-	LOG_INFO("ID: %u", id);
 	LOG_INFO("Number of DLLs to inject: %d", argc - 2);
 #endif
 
@@ -71,6 +158,29 @@ int main(int argc, char *argv[])
 		return 0x11;
 	}
 
+	bool is_process = is_process_id(id);
+	DWORD pid;
+
+	if (is_process) {
+		pid = id;
+#ifdef LOG_LEVEL_2
+		LOG_INFO("ID %u is a process", id);
+#endif
+	} else {
+		pid = get_process_id_from_thread(id);
+#ifdef LOG_LEVEL_2
+		LOG_INFO("ID %u is a thread, owner process ID: %u", id, pid);
+#endif
+		if (pid == 0) {
+#ifdef LOG_LEVEL_1
+			LOG_ERROR("Failed to get process ID from thread %u",
+				  id);
+#endif
+			neptune_destroy();
+			return 0x08;
+		}
+	}
+
 	HMODULE kernel32 = GetModuleHandleA("kernel32");
 	if (kernel32 == NULL) {
 #ifdef LOG_LEVEL_1
@@ -93,14 +203,24 @@ int main(int argc, char *argv[])
 	LOG_INFO("LoadLibraryA=%p", (void *)load_library_func);
 #endif
 
-	if (HAS_ERR(nosu_attach(id))) {
-#ifdef LOG_LEVEL_1
-		LOG_WARN("nosu_attach failed");
+#ifdef LOG_LEVEL_3
+	log_process_modules(pid);
 #endif
 
+	if (is_process) {
 		if (HAS_ERR(nosu_find_thread_and_upgrade(id))) {
 #ifdef LOG_LEVEL_1
-			LOG_ERROR("nosu_find_thread_and_upgrade failed");
+			LOG_ERROR(
+				"nosu_find_thread_and_upgrade failed for thread %u",
+				id);
+#endif
+			neptune_destroy();
+			return 0x07;
+		}
+	} else {
+		if (HAS_ERR(nosu_attach(id))) {
+#ifdef LOG_LEVEL_1
+			LOG_ERROR("nosu_attach failed for process %u", id);
 #endif
 			neptune_destroy();
 			return 0x06;
