Finddll. C-searches are running processes for module occurrency

/*

DLL occurency finder Utility
It simply searches in all running process for <dll_name> occurency.

Very useful with malware detecting/removing. Imagine you
Find a DLL which you can't delete and you need to know
Which process is running it...

Coded by Piotr Bania <bania.piotr@gmail.com>

Sample usage:

E:/projekty/finddll/debug> finddll jar50.dll

....
[+] Searching in ping.exe (pid = 0x564) for module occurency.
[+] Searching in firefox.exe (pid = 0xfc4) for module occurency.

[*] --- Module occurency found ---
[+] Jar50.dll found in firefox.exe (pid = 0xfc4)
[+] Jar50.dll base located at: 0x023c0000
[+] Jar50.dll handle in process: 0x23c0000
[+] Jar50.dll size of module: 0xd000 bytes
[+] Jar50.dll path: C:/program files/Mozilla Firefox/components/jar50.dll
[*] --- Press any key to continue ---
....

*/

# Include <stdio. h>
# Include <stdlib. h>
# Include <conio. h>
# Include <windows. h>
# Include <tlhelp32.h>

Int find_dll (char * filename );
Void display_info (processentry32 pe32, moduleentry32 me32 );

Int C = 0;

Int main (INT argc, char * argv []) {

Printf ("[$] DLL occurency finder utility/N ");
Printf ("[$] Coded by Piotr Bania <bania.piotr@gmail.com/n ");
If (argc! = 2 ){
Printf ("[!] Usage: % S <dll_name>/N ", argv [0]);
Printf ("[!] For example: % s kernel32.dll/N ", argv [0]);
Return 0;
}

Find_dll (argv [1]);

Printf ("/n [+] scaning ended, found % d occurences./N", C );
Printf ("Bye :)/N ");
Getch ();

Return 0;
}

Void display_info (char * filename, processentry32 pe32, moduleentry32 me32 ){
 

Printf ("/n [*] --- module occurency found ---/N ");
Printf ("[+] % s found in % s (pid = 0x % x)/n", filename, pe32.szexefile, pe32.th32processid );
Printf ("[+] % s base located at: 0x % 08x/N", filename, me32.modbaseaddr );
Printf ("[+] % s handle in process: 0x % x/N", filename, me32.hmodule );
Printf ("[+] % s size of module: 0x % x Bytes/N", filename, me32.modbasesize );
Printf ("[+] % s path: % s/n", filename, me32.szexepath );
Printf ("[*] --- press any key to continue ---/n ");
C ++;

// Super pseudo randomization fatal exit *:)*
If (getch () = 27) Exit (gettickcount ());
}

Int find_dll (char * filename ){
Handle hsnap, hmsnap;
Processentry32 pe32;
Moduleentry32 me32;

Hsnap = createconlhelp32snapshot (th32cs_snapprocess, null );
 
If (hsnap = invalid_handle_value ){
Printf ("[!] Error: cannot create snapshot for processes, error = % d/N ", getlasterror ());
Return false;
}

Printf ("[+] snapshot for processes created, handle = 0x % x/N", hsnap );
 
If (process32first (hsnap, & pe32) = false ){
Printf ("[!] Error: process32first () failed, error = % d/N ", getlasterror ());
Return false;
}

Hmsnap = createconlhelp32snapshot (th32cs_snapmodule, pe32.th32processid );
If (hmsnap = invalid_handle_value ){
Printf ("[!] Error: cannot create snapshot for modules, error = % d/N ", getlasterror ());
Return false;
}
 
Printf ("[+] Searching in % s (pid = 0x % x) for module occurency./N", pe32.szexefile, pe32.th32processid );
If (module32first (hmsnap, & me32) = NULL ){
Printf ("[!] Error: module32first () failed, error = % d/N ", getlasterror ());
Return false;
}

If (! Strcmpi (filename, me32.szmodule) display_info (filename, pe32, me32 );
While (module32next (hmsnap, & me32 )! = False ){
If (! Strcmpi (filename, me32.szmodule) display_info (filename, pe32, me32 );
}
Closehandle (hmsnap );
// Printf ("/nnext process/N ");

While (process32next (hsnap, & pe32 )! = NULL ){
Hmsnap = createconlhelp32snapshot (th32cs_snapmodule, pe32.th32processid );
If (hmsnap = invalid_handle_value ){
Printf ("[!] Error: cannot create modules snapshot for % s (pid = 0x % x), error = % d/N ", pe32.szexefile, pe32.th32processid, getlasterror ());
Goto next_process;
}

Printf ("[+] Searching in % s (pid = 0x % x) for module occurency./N", pe32.szexefile, pe32.th32processid );
If (module32first (hmsnap, & me32 )! = NULL ){
If (! Strcmpi (filename, me32.szmodule) display_info (filename, pe32, me32 );
While (module32next (hmsnap, & me32 )! = False ){
If (! Strcmpi (filename, me32.szmodule) display_info (filename, pe32, me32 );
}
Next_process:
Closehandle (hmsnap );
}
Else {
Printf ("[!] Error: cannot creat snapshot for modules, error = % d/N ", getlasterror ());
Return false;
}
}

Closehandle (hmsnap );
Closehandle (hsnap );
}