1.进程枚举
----------------------------Snapshot函数
举例代码:
#include<windows.h>
#include<Tlhelp32.h>
#include<stdio.h>
int main()
{
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(pe32);
HANDLE hProcessSnap;
BOOL bMore;
int count = 0;
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
printf("CreateToolhelp 函数调用失败/n");
return 0;
}
bMore = Process32First(hProcessSnap,&pe32);
printf("%20s/t%10s/n","进程名","PID");
printf("======================================/n");
while(bMore)
{
count++;
printf("%20s/t%10d/n",pe32.szExeFile,pe32.th32ProcessID);
bMore = Process32Next(hProcessSnap,&pe32);
}
CloseHandle(hProcessSnap);
return 0;
}
-----------------------EnumProcess函数
举例代码:
#include<windows.h>
#include<stdio.h>
#include<psapi.h>
#pragma comment(lib,"psapi.lib");
BOOL UpdateProcessPrivilege(HANDLE hProcess,LPCTSTR lpPrivilegeName = SE_DEBUG_NAME);
void main()
{
UpdateProcessPrivilege(GetCurrentProcess());
DWORD processcount;
DWORD cbNeeded;
DWORD ProcessId[1024];
EnumProcesses(ProcessId, sizeof(ProcessId), &cbNeeded);
processcount=cbNeeded/sizeof(DWORD);
HMODULE hModule;
char szPath[MAX_PATH];
for (DWORD i=0;i<processcount;i++)
{
//打开进程
HANDLE hProcess=OpenProcess(
PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,
FALSE, ProcessId[i]);
memset(szPath,0,sizeof(szPath));
if (hProcess)
{
EnumProcessModules(hProcess,
&hModule, sizeof(hModule), &cbNeeded);
GetModuleFileNameExA(hProcess,
hModule, szPath, sizeof(szPath));
printf("ProcessID: %d (%s)/n",ProcessId[i],szPath);
}
else
printf("Failed!!!/n");
CloseHandle(hProcess);
}
getchar(); // 暂停.
}
BOOL UpdateProcessPrivilege( HANDLE hProcess, LPCTSTR lpPrivilegeName)
{
HANDLE hToken;
int iResult;
TOKEN_PRIVILEGES TokenPrivileges;
if (OpenProcessToken( hProcess, TOKEN_ALL_ACCESS, &hToken ) )
{
LUID destLuid;
if (LookupPrivilegeValue( NULL, lpPrivilegeName, &destLuid ) )
{
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
TokenPrivileges.Privileges[0].Luid = destLuid;
if ( iResult =AdjustTokenPrivileges( hToken, FALSE,
&TokenPrivileges, 0, NULL, NULL )) {
return TRUE;
}
}
}
return FALSE;
}
2.进程关闭
ExitProcess
TerminateProcess
3.枚举进程模块
代码示例:
int Modlist(DWORD Pid)
{
HANDLE SnapP;
struct tagMODULEENTRY32 modsnap;
DebugPrivilege(SE_DEBUG_NAME,TRUE);
SnapP = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,Pid);
if(SnapP == (HANDLE)-1)
{
sprintf(Temp,"Fail To CreateToolhelp32Snapshot/r/n");
SendMessage(Socket,Temp);
return 1;
}
modsnap.dwSize = sizeof(tagMODULEENTRY32);
if(Module32First(SnapP,&modsnap))
{
sprintf(Temp,"The Process[%d] Module Infomation:/r/n/r/nModuleName ModulePath/r/n",Pid);
strcat(Temp,"-------------------------------------------------------------------------------/r/n");
printf("%s",Temp);
do
{
sprintf(Temp,"%-21s%s/r/n",modsnap.szModule,modsnap.szExePath);
printf("%s",Temp);
}
while(Module32Next(SnapP,&modsnap));
sprintf(Temp,"/r/nList Process Module Compeleted/r/n");
}
else
sprintf(Temp,"Fail To Process32First/r/n");
printf("%s",Temp);
DebugPrivilege(SE_DEBUG_NAME,FALSE);
CloseHandle(SnapP);
return 0;
}