遍历进程
#include <windows.h> #include <tlhelp32.h> //进程快照函数头文件 #include <stdio.h> int main() { int countProcess=0; //当前进程数量计数变量 PROCESSENTRY32 currentProcess; //存放快照进程信息的一个结构体 currentProcess.dwSize = sizeof(currentProcess); //在使用这个结构之前,先设置它的大小 HANDLE hProcess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);//给系统内的所有进程拍一个快照 if (hProcess == INVALID_HANDLE_VALUE) { printf("CreateToolhelp32Snapshot()调用失败! "); return -1; } bool bMore=Process32First(hProcess,¤tProcess); //获取第一个进程信息 while(bMore) { printf("PID=%5u PName= %s ",currentProcess.th32ProcessID,currentProcess.szExeFile); //遍历进程快照,轮流显示每个进程信息 bMore=Process32Next(hProcess,¤tProcess); //遍历下一个 countProcess++; } CloseHandle(hProcess); //清除hProcess句柄 printf("共有以上%d个进程在运行 ",countProcess); system("pause"); return 0; }
遍历线程
#include <windows.h> #include <TlHelp32.h> #include <iostream> #include <map> #include <string> using namespace std; BOOL traverseProcess(std::map<std::string, int>&_nameID){ PROCESSENTRY32 pe32; pe32.dwSize = sizeof(PROCESSENTRY32); HANDLE hProcessSnap; hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcessSnap == INVALID_HANDLE_VALUE){ cout << "CreateToolhelp32Snapshot Error!" << endl; return false; } if (!Process32First(hProcessSnap, &pe32)){ cout << "Process32First Error!" << endl; CloseHandle(hProcessSnap); return false; } int num = 0; do{ int id = pe32.th32ProcessID; cout << "[" << ++num << "]:" << "------------" << "Process ID = " << id << endl; } while (Process32Next(hProcessSnap, &pe32)); CloseHandle(hProcessSnap); return true; } int main(){ map<string, int> _nameID; if (!traverseProcess(_nameID)){ cout << "Start Process Error!" << endl; } system("pause"); }
遍历进程模块1
#include <windows.h> #include <TlHelp32.h> #include <locale.h> #include <stdio.h> bool GetModuleList(DWORD dwPId) { HANDLE hModuleSnap = INVALID_HANDLE_VALUE; MODULEENTRY32 me32 = { sizeof(MODULEENTRY32) }; // 1. 创建一个模块相关的快照句柄 hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, // 指定快照的类型 dwPId); // 指定进程 if (hModuleSnap == INVALID_HANDLE_VALUE) return false; // 2. 通过模块快照句柄获取第一个模块信息 if (!Module32First(hModuleSnap, &me32)) { CloseHandle(hModuleSnap); return false; } // 3. 循环获取模块信息 do { wprintf(L"模块基址:%d,模块大小:%d,模块名称:%s ",me32.modBaseAddr, me32.modBaseSize, me32.szModule); } while (Module32Next(hModuleSnap, &me32)); // 4. 关闭句柄并退出函数 CloseHandle(hModuleSnap); } int main() { setlocale(LC_ALL, "chs"); DWORD dwId = 0; printf("请输入一个ID:"); scanf_s("%ud", &dwId); GetModuleList(dwId); getchar(); }
遍历进程模块2
#include <stdio.h> #include <stdlib.h> #include <windows.h> #include <Tlhelp32.h> BOOL SetProcessPrivilege(char *lpName, BOOL opt); int main(int argc, char *argv[]) { PROCESSENTRY32 pe32; MODULEENTRY32 me32; HANDLE hProcess, hSnapshot_proc, hSnapshot_mod; pe32.dwSize = sizeof(pe32); SetProcessPrivilege("SeDebugPrivilege", 1); hSnapshot_proc = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (Process32First(hSnapshot_proc, &pe32)) { do { hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe32.th32ProcessID); if (pe32.th32ProcessID && pe32.th32ProcessID != 4 && pe32.th32ProcessID != 8) { printf("PID: %d >>> ProcName: %s ", pe32.th32ProcessID, pe32.szExeFile); me32.dwSize = sizeof(me32); hSnapshot_mod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pe32.th32ProcessID); Module32First(hSnapshot_mod, &me32); do { printf("ModName: %s -> Path: %s ", me32.szModule, me32.szExePath); } while (Module32Next(hSnapshot_mod, &me32)); printf("------ "); CloseHandle(hSnapshot_mod); } CloseHandle(hProcess); } while (Process32Next(hSnapshot_proc, &pe32)); } SetProcessPrivilege("SeDebugPrivilege", 0); CloseHandle(hSnapshot_proc); system("pause"); return 0; } BOOL SetProcessPrivilege(char *lpName, BOOL opt) { HANDLE tokenhandle; TOKEN_PRIVILEGES NewState; if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &tokenhandle)) { LookupPrivilegeValue(NULL, lpName, &NewState.Privileges[0].Luid); NewState.PrivilegeCount = 1; NewState.Privileges[0].Attributes = opt != 0 ? 2 : 0; AdjustTokenPrivileges(tokenhandle, FALSE, &NewState, sizeof(NewState), NULL, NULL); CloseHandle(tokenhandle); return 1; } else { return 0; } }
遍历模块3
#include <stdio.h> void GetModuleList(DWORD dwPId) { HANDLE hModuleSnap = INVALID_HANDLE_VALUE; MODULEENTRY32 me32 = { sizeof(MODULEENTRY32) }; hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,dwPId); if (!Module32First(hModuleSnap, &me32)) { CloseHandle(hModuleSnap); } do { printf("ModeBase: %d ModeSize: %d %s ", me32.modBaseAddr, me32.modBaseSize, me32.szExePath); } while (Module32Next(hModuleSnap, &me32)); } int main() { DWORD dwId = 1988; GetModuleList(dwId); getchar(); }