-
Notifications
You must be signed in to change notification settings - Fork 21
/
ProcessInfo.h
145 lines (115 loc) · 3.64 KB
/
ProcessInfo.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#include "stdafx.h"
#include "windows.h"
#include <vector>
#include <tlhelp32.h>
#include <PSAPI.H>
#pragma comment( lib, "PSAPI.LIB" )
BOOL EnablePrivilege(HANDLE hToken,LPCSTR szPrivName)
{
TOKEN_PRIVILEGES tkp;
LookupPrivilegeValue( NULL,szPrivName,&tkp.Privileges[0].Luid );//修改进程权限
tkp.PrivilegeCount=1;
tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken,FALSE,&tkp,sizeof tkp,NULL,NULL );//通知系统修改进程权限
return( (GetLastError()==ERROR_SUCCESS) );
}
BOOL GetProcessList(std::vector<PROCESSINFO*> *pProcInfo)
{
DWORD processid[1024],needed;
HANDLE hProcess;
HMODULE hModule;
char path[MAX_PATH] = "";
char temp[256] = "";
CString path_convert=path;
pProcInfo->clear();
HANDLE handle = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
PROCESSENTRY32 *info = new PROCESSENTRY32;
info->dwSize=sizeof(PROCESSENTRY32);
int i = 0;
PROCESSINFO *Proc = new PROCESSINFO;
if(Process32First(handle,info))
{
//添加代码 new 更新
Proc = new PROCESSINFO;
memset(Proc, 0,sizeof(PROCESSINFO));
//////////////////////////////////////////////////////////////////////////
Proc->PID = info->th32ProcessID;
HANDLE hToken;
lstrcpy(Proc->ProcName,info->szExeFile);
if ( OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken) )
{
if (EnablePrivilege(hToken,SE_DEBUG_NAME))
{
EnumProcesses(processid, sizeof(processid), &needed);
hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,false,processid[i]);
if (hProcess)
{
EnumProcessModules(hProcess, &hModule, sizeof(hModule), &needed);
GetModuleFileNameEx(hProcess, hModule, path, sizeof(path));
GetShortPathName(path,path,260);
//Proc.ProcPath=path;
lstrcpy(Proc->ProcPath,path);
}
}
}
i++;
pProcInfo->push_back(Proc);
}
while(Process32Next(handle,info)!=FALSE)
{
//添加代码 new 更新
Proc = new PROCESSINFO;
memset(Proc, 0,sizeof(PROCESSINFO));
//////////////////////////////////////////////////////////////////////////
Proc->PID = info->th32ProcessID;
lstrcpy(Proc->ProcName,info->szExeFile);
HANDLE hToken;
if ( OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken) )
{
if (EnablePrivilege(hToken,SE_DEBUG_NAME)) //提升进程权限
{
EnumProcesses(processid, sizeof(processid), &needed);
hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,false,processid[i]);
if (hProcess)
{
EnumProcessModules(hProcess, &hModule, sizeof(hModule), &needed);
GetModuleFileNameEx(hProcess, hModule, path, sizeof(path));
GetShortPathName(path,path,260);
lstrcpy(Proc->ProcPath,path);
}
}
}
i++;
pProcInfo->push_back(Proc);
}
CloseHandle(handle);
return true;
}
BOOL KillProcess(DWORD pid)
{
//////////////////////////////////////////////////////////////////////////
//匹配进程
//////////////////////////////////////////////////////////////////////////
HANDLE hkernel32; //被注入进程的句柄
HANDLE hSnap;
PROCESSENTRY32 pe;
BOOL bNext;
pe.dwSize = sizeof(pe);
hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
bNext=Process32First(hSnap, &pe);
while(bNext)
{
//if (EnablePrivilege(hSnap,SE_DEBUG_NAME))
//{
if(pe.th32ProcessID=pid) //--->>
{
hkernel32=OpenProcess(PROCESS_TERMINATE|PROCESS_CREATE_THREAD|PROCESS_VM_WRITE|PROCESS_VM_OPERATION,1,pe.th32ProcessID);
TerminateProcess(hkernel32,0);
break;
}
//}
bNext=Process32Next(hSnap, &pe);
}
CloseHandle(hSnap);
return true;
}