1:BOOL EnumProcesses(
DWORD * lpidProcess,
DWORD cb,
DWORD * cbNeeded
);
获取当前系统的进程ID列表。lpidProcess为保存进程ID的数组,cb为数组大小,cbNeeded为实际的系统进程数
2:HANDLE OpenProcess(
DWORD dwDesiredAccess,
BOOL bInheritHandle,
DWORD dwProcessId
);
获取某进程的句柄。dwDesiredAccess为访问标识,bInheritHandle为句柄继承标识,dwProcessId为进程ID
3:BOOL EnumProcessModules(
HANDLE hProcess,
HMODULE *lphModule,
DWORD cb,
LPDWORD lpcbNeeded
);
获取某一进程的模块列表。hProcess为进程句柄,lphModule为保存模块句柄的数组,cb为数组大小,lpcbNeeded为进程实际的模块数
4:DWORD GetModuleBaseName(
HANDLE hProcess,
HMODULE hModule,
LPTSTR lpBaseName,
DWORD nSize
);
获取模块名称。hProcess为进程句柄,hModule为模块句柄(为NULL时返回进程名称),lpBaseName为保存模块名称的缓冲地址,nSize为缓冲区容量
5:可能有用的API
BOOL GetWindowThreadProcessId(
HWND hWnd,
LPDWORD lpdwProcessId
); 获取某窗口所在的进程ID
HANDLE GetCurrentProcess(
); 获取当前进程句柄
HANDLE GetCurrentProcessId(
); 获取当前进程ID
DWORD GetModuleFileNameExA(
HANDLE hProcess,
HMODULE hModule,
LPSTR lpFilename,
DWORD nSize
); 获取模块对应的文件名
BOOL GetProcessMemoryInfo(
HANDLE Process,
PPROCESS_MEMORY_COUNTERS ppsmemCounters,
DWORD cb
); 获取进程的内存使用情况
BOOL OpenProcessToken(
HANDLE ProcessHandle,
DWORD DesiredAccess,
PHANDLE TokenHandle
); 获取进程的令牌句柄
BOOL AdjustTokenPrivileges(
HANDLE TokenHandle,
BOOL DisableAllPrivileges,
PTOKEN_PRIVILEGES NewState,
DWORD BufferLength,
PTOKEN_PRIVILEGES PreviousState,
PDWORD ReturnLength
); 修改进程的访问令牌
BOOL LookupPrivilegeValue(
LPCTSTR lpSystemName,
LPCTSTR lpName,
PLUID lpLuid
); 获取某一权限对应的LUID
void SetProcessPrivilege( LPCTSTR szPrivilegeName, BOOL bOpen )
{
BOOL bResult;
DWORD dwCurProcId = GetCurrentProcessId();
HANDLE hCurProc;
hCurProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, dwCurProcId );
DWORD e = GetLastError();
HANDLE hToken;
bResult = OpenProcessToken( hCurProc, TOKEN_ADJUST_PRIVILEGES, &hToken );
bResult = CloseHandle(hCurProc);
LUID luid;
bResult = LookupPrivilegeValue( NULL, szPrivilegeName, &luid );
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
memcpy( &tp.Privileges[0].Luid, &luid, sizeof(LUID) );
tp.Privileges[0].Attributes = bOpen ? SE_PRIVILEGE_ENABLED : 0;
bResult = AdjustTokenPrivileges( hToken, FALSE, &tp, 0, NULL, NULL );
CloseHandle( hToken );
}
DWORD * lpidProcess,
DWORD cb,
DWORD * cbNeeded
);
获取当前系统的进程ID列表。lpidProcess为保存进程ID的数组,cb为数组大小,cbNeeded为实际的系统进程数
2:HANDLE OpenProcess(
DWORD dwDesiredAccess,
BOOL bInheritHandle,
DWORD dwProcessId
);
获取某进程的句柄。dwDesiredAccess为访问标识,bInheritHandle为句柄继承标识,dwProcessId为进程ID
3:BOOL EnumProcessModules(
HANDLE hProcess,
HMODULE *lphModule,
DWORD cb,
LPDWORD lpcbNeeded
);
获取某一进程的模块列表。hProcess为进程句柄,lphModule为保存模块句柄的数组,cb为数组大小,lpcbNeeded为进程实际的模块数
4:DWORD GetModuleBaseName(
HANDLE hProcess,
HMODULE hModule,
LPTSTR lpBaseName,
DWORD nSize
);
获取模块名称。hProcess为进程句柄,hModule为模块句柄(为NULL时返回进程名称),lpBaseName为保存模块名称的缓冲地址,nSize为缓冲区容量
5:可能有用的API
BOOL GetWindowThreadProcessId(
HWND hWnd,
LPDWORD lpdwProcessId
); 获取某窗口所在的进程ID
HANDLE GetCurrentProcess(
); 获取当前进程句柄
HANDLE GetCurrentProcessId(
); 获取当前进程ID
DWORD GetModuleFileNameExA(
HANDLE hProcess,
HMODULE hModule,
LPSTR lpFilename,
DWORD nSize
); 获取模块对应的文件名
BOOL GetProcessMemoryInfo(
HANDLE Process,
PPROCESS_MEMORY_COUNTERS ppsmemCounters,
DWORD cb
); 获取进程的内存使用情况
BOOL OpenProcessToken(
HANDLE ProcessHandle,
DWORD DesiredAccess,
PHANDLE TokenHandle
); 获取进程的令牌句柄
BOOL AdjustTokenPrivileges(
HANDLE TokenHandle,
BOOL DisableAllPrivileges,
PTOKEN_PRIVILEGES NewState,
DWORD BufferLength,
PTOKEN_PRIVILEGES PreviousState,
PDWORD ReturnLength
); 修改进程的访问令牌
BOOL LookupPrivilegeValue(
LPCTSTR lpSystemName,
LPCTSTR lpName,
PLUID lpLuid
); 获取某一权限对应的LUID
void SetProcessPrivilege( LPCTSTR szPrivilegeName, BOOL bOpen )
{
BOOL bResult;
DWORD dwCurProcId = GetCurrentProcessId();
HANDLE hCurProc;
hCurProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, dwCurProcId );
DWORD e = GetLastError();
HANDLE hToken;
bResult = OpenProcessToken( hCurProc, TOKEN_ADJUST_PRIVILEGES, &hToken );
bResult = CloseHandle(hCurProc);
LUID luid;
bResult = LookupPrivilegeValue( NULL, szPrivilegeName, &luid );
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
memcpy( &tp.Privileges[0].Luid, &luid, sizeof(LUID) );
tp.Privileges[0].Attributes = bOpen ? SE_PRIVILEGE_ENABLED : 0;
bResult = AdjustTokenPrivileges( hToken, FALSE, &tp, 0, NULL, NULL );
CloseHandle( hToken );
}