1.获取命令行参数
LPSTR lpCmdLine=GetCommandLine(); printf("启动参数为:%s",lpCmdLine);
2.遍历CStringArray数组
CStringArray a; for(int m=0;m<a.GetSize();m++) { }
3.动态加载DLL函数
static HINSTANCE hinstDLL; typedef BOOL (CALLBACK *inshook)(); inshook instkbhook; hinstDLL = LoadLibrary((LPCTSTR) "shellhook.dll"); instkbhook = (inshook)GetProcAddress(hinstDLL, "StartShellHook"); instkbhook();
4.shellhook
#include <windows.h> #include <tchar.h> #include "ShellHook.h" HINSTANCE g_dll_module_handle=NULL; HHOOK g_shell_hook=NULL; LRESULT __declspec(dllexport)__stdcall CALLBACK SampleShellProc(int code, WPARAM wp, LPARAM lp) { if (code == HSHELL_WINDOWCREATED ) HWND wnd = (HWND)wp;//窗口句柄 TCHAR msg_buffer[MAX_PATH*2]; int pathLen, titleLen; pathLen = GetModuleFileName(NULL, msg_buffer, MAX_PATH-1); // get the process path OutputDebugStringA(msg_buffer); msg_buffer[pathLen] = 0; titleLen = GetWindowText(wnd, msg_buffer+pathLen+1, MAX_PATH-1); // get the window title msg_buffer[pathLen+1+titleLen] = 0; OutputDebugStringA(msg_buffer); //} } return CallNextHookEx(g_shell_hook, code, wp, lp); } SHELLHOOK_API int StartShellHook(void) { g_shell_hook = SetWindowsHookEx(WH_SHELL, (HOOKPROC)SampleShellProc, g_dll_module_handle, NULL); if (g_shell_hook==NULL) { OutputDebugStringA("HOOK失败"); } else { OutputDebugStringA("安装成功!"); } return (g_shell_hook != NULL); } SHELLHOOK_API void StopShellHook(void) { UnhookWindowsHookEx(g_shell_hook); g_shell_hook=NULL; } BOOL APIENTRY DllMain( HANDLE module, DWORD ul_reason_for_call, LPVOID reserved) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: g_dll_module_handle = (HINSTANCE)module; OutputDebugStringA("加载成功"); StartShellHook(); break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: OutputDebugStringA("卸载成功"); break; } return TRUE; }
5.判断进程是否运行
#include <windows.h> #include <iostream> #include <TlHelp32.h> // 获取进程PID HANDLE GetProcessHandle(const char *process_name, DWORD dwAccess) { HANDLE hProcessSnap; HANDLE hProcess; PROCESSENTRY32 pe32; hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); if (hProcessSnap==INVALID_HANDLE_VALUE) { return INVALID_HANDLE_VALUE; } pe32.dwSize=sizeof(PROCESSENTRY32); if (!Process32First(hProcessSnap,&pe32)) { return INVALID_HANDLE_VALUE; } do { if (strcmp(pe32.szExeFile,process_name)==0) return OpenProcess(dwAccess,0,pe32.th32ProcessID); } while (Process32Next(hProcessSnap,&pe32)); } //判断进程是否存在 BOOL ProcessExist(char *szName) { HANDLE hSnap; PROCESSENTRY32 pProcessInfo; hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPALL,NULL); if (hSnap == INVALID_HANDLE_VALUE) return FALSE; pProcessInfo.dwSize = sizeof(PROCESSENTRY32); if (!Process32First(hSnap,&pProcessInfo)) return FALSE; do { if (strstr(szName,pProcessInfo.szExeFile)) { CloseHandle(hSnap); return TRUE; } } while (Process32Next(hSnap,&pProcessInfo)); CloseHandle(hSnap); return FALSE; } //提权 bool SetDebugPrivilege(HANDLE hProcess) { HANDLE hToken; if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) return false; LUID luidSEDebugNameValue; if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luidSEDebugNameValue)) CloseHandle(hToken); TOKEN_PRIVILEGES tkpPrivileges; tkpPrivileges.PrivilegeCount = 1; tkpPrivileges.Privileges[0].Luid = luidSEDebugNameValue; tkpPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if (!AdjustTokenPrivileges(hToken, false, &tkpPrivileges, 0, NULL, NULL)) return false; return true; } int main() { while (1==1) { HANDLE hProcess=GetProcessHandle("explorer.exe",PROCESS_QUERY_INFORMATION); if (hProcess==0 || hProcess==INVALID_HANDLE_VALUE) { return 0; } else { std::cout <<"Explorer is running" << std::endl; std::cout <<"Yup, it's endless loop, until explorer is running" << std::endl; } } return 1; }