admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add process name filtering option

Browse Source
This commit is contained in:
Adir Shitrit
2025-11-08 12:37:49 +02:00
parent 1a237b8a9e
commit 662d239deb
1 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
ghost-cli/src/main.rs
View File

@@ -36,6 +36,12 @@ fn main() -> Result<()> {
.value_name("PID") .value_name("PID")
.help("Target specific process ID") .help("Target specific process ID")
) )
.arg(
Arg::new("process")
.long("process")
.value_name("NAME")
.help("Target specific process name")
)
.arg( .arg(
Arg::new("output") Arg::new("output")
.short('o') .short('o')
@@ -75,10 +81,11 @@ fn main() -> Result<()> {
let verbose = matches.get_flag("verbose"); let verbose = matches.get_flag("verbose");
let quiet = matches.get_flag("quiet"); let quiet = matches.get_flag("quiet");
let target_pid = matches.get_one::<String>("pid"); let target_pid = matches.get_one::<String>("pid");
let target_process = matches.get_one::<String>("process");
let output_file = matches.get_one::<String>("output"); let output_file = matches.get_one::<String>("output");
info!("Starting Ghost process injection detection"); info!("Starting Ghost process injection detection");
debug!("Configuration - Format: {}, Verbose: {}, Quiet: {}, Target PID: {:?}", format, verbose, quiet, target_pid); debug!("Configuration - Format: {}, Verbose: {}, Quiet: {}, Target PID: {:?}, Target Process: {:?}", format, verbose, quiet, target_pid, target_process);
if !quiet { if !quiet {
println!("Ghost v0.1.0 - Process Injection Detection\n"); println!("Ghost v0.1.0 - Process Injection Detection\n");
@@ -109,6 +116,24 @@ fn main() -> Result<()> {
debug!("Found target process: {}", filtered[0].name); debug!("Found target process: {}", filtered[0].name);
} }
filtered filtered
} else if let Some(process_name) = target_process {
info!("Targeting processes with name: {}", process_name);
let all_processes = process::enumerate_processes()?;
let filtered: Vec<_> = all_processes
.into_iter()
.filter(|p| p.name.to_lowercase().contains(&process_name.to_lowercase()))
.collect();
if filtered.is_empty() {
warn!("No processes found matching name: {}", process_name);
if !quiet {
println!("Warning: No processes found matching name: {}", process_name);
}
} else {
info!("Found {} processes matching name: {}", filtered.len(), process_name);
debug!("Matching processes: {:?}", filtered.iter().map(|p| format!("{} ({})", p.name, p.pid)).collect::<Vec<_>>());
}
filtered
} else { } else {
let all_processes = process::enumerate_processes()?; let all_processes = process::enumerate_processes()?;
info!("Enumerating all processes, found {} total", all_processes.len()); info!("Enumerating all processes, found {} total", all_processes.len());