check hidden process

于 2008-08-28 10:39:00 发布
阅读量753 收藏
点赞数
分类专栏: vcbcbdelphi的window编程 windows底层核心編程 文章标签: include query path c
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/iiprogram/article/details/2842049
版权
  #include <windows.h>
#include "psapi.h"
#pragma comment(lib,"psapi.lib")
int main ( int argc , char * argv [])
{
printf ( "/nEasy to Find Hided PID Code /n" );
printf ( "Author: Finback Jun.6,2006 <Finbackcpp@hotmail.com> /n" );
printf ( "NOTE???this code needn't any driver supported /n" );
printf ( " /n" );
DWORD aProcesses [ 1024 ], cbNeeded ;
if (! EnumProcesses ( aProcesses , sizeof ( aProcesses ), & cbNeeded ))
return 0 ;
DWORD cProcesses = cbNeeded / sizeof ( DWORD );
DWORD PidFor ;
for ( PidFor = 0x0c ; PidFor < 0xFFFF ; PidFor += 4 )
{
HANDLE hProcess = OpenProcess ( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ ,
FALSE , PidFor );
if ( hProcess )
{
BOOL sHide = false ;
unsigned int i ;
char szName [ MAX_PATH ] = "<Unknown>" ;
HMODULE hModule ;

for ( i = 1 ; i < = cProcesses ; i ++)
{
if ( PidFor == aProcesses [ i ])
{
sHide = true ;
break ;
}
}
if ( EnumProcessModules ( hProcess , & hModule , sizeof ( hModule ),
& cbNeeded ))
{
GetModuleFileNameEx ( hProcess , hModule , szName , sizeof ( szName ));
printf ( "%-5d - %16s %s/n" , PidFor , szName ,
( sHide ) ? "" : "--[Hidden]--" );
}
else
{
GetProcessImageFileName ( hProcess , szName , sizeof ( szName ));
printf ( "%-5d - %16s %s/n" , PidFor , szName , "--[Zombie]--" );
}
}
CloseHandle ( hProcess );
}
return 0 ;
}
iiprogram
关注
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值