#include
#include
void usage( int );
void PrintModules( DWORD );
//Define Command parameters
bool a=FALSE;
bool m=FALSE;
bool s=FALSE;
bool f=FALSE;
char * FindString;
void main(int argc, char **argv)
{
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
unsigned int PID;
//Get command parameters
if(argc==1)
{
usage(1);
exit(0);
}
for(int j=1;j
{
if ((argv[j][0]=='/') || (argv[j][0]=='-'))
switch(argv[j][1])
{
case 'a':
case 'A': a=true; break;
case 'm':
case 'M': m=true; break;
case 's':
case 'S':
{
s=true;
if(argv[j][3])
PID=atoi(argv[j]+3);
break;
}
case 'f':
case 'F':
{
f=true;
FindString=argv[j]+3;
break;
}
case '?':
case 'h':
case 'H': usage(1);break;
default: usage(0);break;
}
}
if(a)
{
// Get the list of process identifiers.
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) return;
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name of the modules for each process.
for ( i = 0; i < cProcesses; i++ ) PrintModules( aProcesses[i] );
}
if(s)
PrintModules(PID);
}
void PrintModules( DWORD processID )
{
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
char szProcessName[MAX_PATH];
unsigned int i;
unsigned int ModuleNum;
// Get a list of all the modules in this process.
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID );
if( EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
{
if(!f) printf( "Process ID: %u ", processID );
if(m) ModuleNum=cbNeeded / sizeof(HMODULE);
else ModuleNum=1;
for ( i = 0; i < ModuleNum; i++ )
{
char szModName[MAX_PATH];
// Get the full path to the module's file.
if ( GetModuleFileNameEx( hProcess, hMods[i], szModName,sizeof(szModName)))
{
// Print the module name and handle value.
if(!i) strcpy(szProcessName,szModName);
if(!f) printf("\t%s (0x%08X)\n", szModName, hMods[i] );
else
{
if(strstr(szModName,FindString))
{
printf( "Process ID: %u \n", processID );
printf("%s (0x%08X)\n", szProcessName, hMods[0] );
printf("\t%s (0x%08X)\n", szModName, hMods[i] );
}
}
}
}
}
CloseHandle( hProcess );
}
void usage(int ErrorCode)
{
if(!ErrorCode) printf("Parameters Error\n");
printf("\n");
printf("\t\t\tProcess Status Tools v0.1\n");
printf("\t\t\t\tBy lcx4\n");
printf("\twww.lcx4.com\n");
printf("\n");
printf("USAGE:\n");
printf("\t/a Display All Processes\n");
printf("\t/m Include the Modules(DLLs,etc)\n");
printf("\t/s[ :n ] Display the Process PID=n\n");
printf("\t/f:string Find the Process/Modules Contain the string\n");
}
873
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
