在监控病毒的时候,我们经常需要监控病毒创建的每一个进程,监控进程是如何实现的呢,
我们来见代码分析,实现监控系统的每一个进程的创建,
#include "stdafx.h"
#include "resource.h"
#define MAX_LOADSTRING 100
// 全局变量:
HINSTANCE hInst; // 当前实例
TCHAR szTitle[MAX_LOADSTRING]; // 标题文本
TCHAR szWindowClass[MAX_LOADSTRING]; // 标题文本
// 包含的函数的声明
ATOM MyRegisterClass(HINSTANCE hInstance);
BOOL InitInstance(HINSTANCE, int);
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
LRESULT CALLBACK About(HWND, UINT, WPARAM, LPARAM);
/*
加载驱动
*/
void setup()
{
char namebuff[256];
//获取.sys文件所在的路径
GetModuleFileName(0,namebuff,256);
DWORD a=strlen(namebuff);
while(1)
{
if(namebuff[a]=='\\')break;
a--;
}
a++;
strcpy(&namebuff[a], "protector.sys");
//加载驱动protector.sys
SC_HANDLE man=OpenSCManager(0,0,SC_MANAGER_ALL_ACCESS);
SC_HANDLE t=CreateService(man,"protectorservice","protectorservice",SERVICE_START|SERVICE_STOP,SERVICE_KERNEL_DRIVER,SERVICE_DEMAND_START,SERVICE_ERROR_NORMAL,namebuff,0,0,0,0,0);
StartService(t,0,0);
CloseServiceHandle(t);
}
/*
卸载驱动
*/
void cleanup()
{
SC_HANDLE man = OpenSCManager(0,0,SC_MANAGER_ALL_ACCESS);
SERVICE_STATUS stat;
SC_HANDLE t = OpenService(man,"protectorservice",SERVICE_ALL_ACCESS);
ControlService(t,SERVICE_CONTROL_STOP,&stat);
DeleteService(t);
}
HANDLE device;
char outputbuff