• MFC任务管理器task manager----进程的挂起与恢复--NtSuspendProcess&&NtResumeProcess


    http://hi.baidu.com/xbbsh/blog/item/b73d3125462201084c088db1.html

    --------------------------------------------------

    MFC任务管理器task manager----进程的挂起与恢复--NtSuspendProcess&&NtResumeProcess
    2009-08-11 1:13

    .h

    pubilc:

    typedef DWORD (WINAPI *NtSuspendProcess)(HANDLE ProcessHandle); 
    typedef DWORD (WINAPI *NtResumeProcess)(HANDLE hProcess);

    NtSuspendProcess m_NtSuspendProcess;
    NtResumeProcess   m_NtResumeProcess;

    .cpp:

    void CPage2::OnBnClickedResume()
    {
    // TODO: 在此添加控件通知处理程序代码
    int nIdx=m_list2.GetNextItem(-1,LVNI_SELECTED);
    CString   process=m_list2.GetItemText(nIdx,1);

    DWORD processID= _ttol(process.GetBuffer(0));

    HANDLE hProcess = OpenProcess( PROCESS_SUSPEND_RESUME ,//暂停时用这个(P.._S.._R..)标志
       FALSE, (DWORD)processID );
    if (hProcess)
    {
       HMODULE h_module=LoadLibrary(L"ntdll.dll");
       m_NtResumeProcess=(NtResumeProcess)GetProcAddress(h_module,"NtResumeProcess");
       m_NtResumeProcess(hProcess);
    }
    }

    太晚了 睡觉睡觉。。。。。。。

    --------------------------------------------------

    .h

    #pragma once

    #include <windows.h>
    #include <tlhelp32.h>
    #include <stdio.h>

    #include <string>
    #include <tchar.h>


    //#include <ntifs.h>
    #include <Psapi.h>
    #pragma comment (lib,"Psapi.lib")

    void ErrorExit(LPTSTR lpszFunction);

    //--------------------------------------------------
    // for cpu 暂停

    //方法1 不可关闭本程序,否则进程会退出
    long DbgUiConnectToDbg_ntdll();

    //long (*DbgUiConnectToDbg)();//这样会报重复定义
    long DbgUiDebugActiveProcess_ntdll(HANDLE ProcessHandle);//暂停
    long DbgUiStopDebugging_ntdll(HANDLE ProcessHandle);//恢复

    //方法2 可关闭本程序
    DWORD NtSuspendProcess_ntdll(HANDLE hProcess);//暂停
    DWORD NtResumeProcess_ntdll(HANDLE hProcess);//恢复


    //要先调用这个
    void LoadNtDllFun();

    //--------------------------------------------------

    class win_proc_public
    {
    public:
        win_proc_public(void);
        ~win_proc_public(void);
    public:

        std::string GetExeFullName(HANDLE hProcess)
        {    
            std::string r = "";

            //HANDLE hProcess = 0;
            char lpImageFileName[2049] = {0};
            DWORD nSize = 2048;

            //hProcess = getm
            DWORD len = GetProcessImageFileName(hProcess, lpImageFileName, nSize);

            if (len < 1)
            {
                //不能直接退出,因为有些权限是得不到的
                //ErrorExit("GetExeFullName: ");
            }

            //len = GetModuleFileNameEx(hProcess, lpImageFileName, nSize);
            

            r = lpImageFileName;
            r = DosDevicePath2LogicalPath(r.c_str());
            
            return r;
        }//


        //将 "DeviceHarddiskVolume2" 等转换为 "D:"
        //DosDevicePath2LogicalPath代码摘自:ms-help://MS.MSDNQTR.v80.chs/MS.MSDN.v80/MS.WIN32COM.v10.en/fileio/fs/obtaining_a_file_name_from_a_file_handle.htm
        std::string DosDevicePath2LogicalPath(LPCTSTR lpszDosPath)
        {
            std::string strResult = "";

            // Translate path with device name to drive letters.
            TCHAR szTemp[MAX_PATH];
            szTemp[0] = '';

            if ( lpszDosPath==NULL || !GetLogicalDriveStrings(_countof(szTemp)-1, szTemp) )
            {
                return strResult;
            }

            TCHAR szName[MAX_PATH];
            TCHAR szDrive[3] = TEXT(" :");
            BOOL bFound = FALSE;
            TCHAR* p = szTemp;

            do{
                // Copy the drive letter to the template string
                *szDrive = *p;

                // Look up each device name
                if ( QueryDosDevice(szDrive, szName, _countof(szName)) )
                {
                    UINT uNameLen = (UINT)_tcslen(szName);

                    if (uNameLen < MAX_PATH) 
                    {
                        bFound = _tcsnicmp(lpszDosPath, szName, uNameLen) == 0;

                        if ( bFound )
                        {
                             // Reconstruct pszFilename using szTemp
                             // Replace device path with DOS path
                             TCHAR szTempFile[MAX_PATH];
                             _stprintf(szTempFile, TEXT("%s%s"), szDrive, lpszDosPath+uNameLen);
                             strResult = szTempFile;
                        }
                    }
                }
                // Go to the next NULL character.
                while (*p++);
            } while (!bFound && *p); // end of string

            return strResult;
        }//

        void mainaaa()
        {
            GetProcessList( );
        }

        BOOL GetProcessList( )
        {
            HANDLE hProcessSnap;
            HANDLE hProcess;
            PROCESSENTRY32 pe32;
            DWORD dwPriorityClass;

            hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
            if( hProcessSnap == INVALID_HANDLE_VALUE )
            {
                return( FALSE );
            }

            pe32.dwSize = sizeof( PROCESSENTRY32 );

            if( !Process32First( hProcessSnap, &pe32 ) )
            {
                CloseHandle( hProcessSnap );                                     
                return( FALSE );
            }

            do
            {
                printf( " "
                "=====================================================" );
                printf( " PROCESS NAME:  %5s", pe32.szExeFile);
                printf( " "
                "-----------------------------------------------------" );

                dwPriorityClass = 0;
                hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
                //hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pe32.th32ProcessID );
                if( hProcess == NULL )
                {
                    printf("erro");
                }
                else
                {
                    dwPriorityClass = GetPriorityClass( hProcess );
                    if( !dwPriorityClass )
                    printf("erro");

                    //--------------------------------------------------
                    //clq add 程序全路径

                    //char szFilePath[256] = {0};
                    ////HANDLE hProcess=OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,pe32.th32ProcessID);
                    //if ( GetProcessImageFileName(hProcess,szFilePath,MAX_PATH)!=0 )
                    //{
                    //    //mystring strFilePath = CCommon::DosDevicePath2LogicalPath(szFilePath);
                    //}

                    std::string exename = GetExeFullName(hProcess);
                    printf( "   path              = %s", exename.c_str() );
                    //--------------------------------------------------


    //                CloseHandle( hProcess );
                }

                printf( "   process ID        = %d", pe32.th32ProcessID );
                printf( "   thread count      = %d", pe32.cntThreads );
                printf( "   parent process ID = %d", pe32.th32ParentProcessID );
                printf( "   Priority Base     = %d", pe32.pcPriClassBase );
                if( dwPriorityClass )
                printf( "   Priority Class    = %d", dwPriorityClass );

            } while( Process32Next( hProcessSnap, &pe32 ) );

            CloseHandle( hProcessSnap );
            return( TRUE );

        }//

    public:
        static void test1()
        {
            win_proc_public proc;
            proc.mainaaa();

            test2(4008);
        }//

        static void test2(DWORD pid)
        {

            HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
            //if (!GetProcessTimes(hProcess, &creation_time, &exit_time, &kernel_time, &user_time))
            //{
            //    return -1;
            //}

            if (hProcess == NULL) return;

            LoadNtDllFun();
            //DbgUiConnectToDbg_ntdll();
            //long r = DbgUiDebugActiveProcess_ntdll(hProcess);//暂停//调用后不能停止程序否则被停止的程序会被强制退出(相当于调试器停止?)

            //::Sleep(5*60*1000);

            //r = DbgUiStopDebugging_ntdll(hProcess);//恢复运行

            NtSuspendProcess_ntdll(hProcess);//暂停
            NtResumeProcess_ntdll(hProcess);//恢复

        }//
    };
    --------------------------------------------------

    .cpp

    #include "win_proc_public.h"

    win_proc_public::win_proc_public(void)
    {
    }

    win_proc_public::~win_proc_public(void)
    {
    }


    //--------------------------------------------------
    // for cpu 暂停

    //方法1
    long (__stdcall *DbgUiConnectToDbg_p)();//在 .h 这样会报重复定义
    long (__stdcall *DbgUiDebugActiveProcess_p)(HANDLE ProcessHandle);//暂停
    long (__stdcall *DbgUiStopDebugging_p)(HANDLE ProcessHandle);//恢复
    //方法2
    //NtResumeProcess
    DWORD (WINAPI *NtResumeProcess_p)(HANDLE hProcess);//暂停
    DWORD (WINAPI *NtSuspendProcess_p)(HANDLE hProcess);//恢复

    void LoadNtDllFun()
    {
        HMODULE dllhandle;
        //dwret:dword;
        //ProcessHandle: dword;
        //begin
        dllhandle = LoadLibrary("ntdll.dll");
        if (dllhandle != 0 )
        {
            DbgUiConnectToDbg_p       = (long (__stdcall *)())    GetProcAddress(dllhandle, "DbgUiConnectToDbg");
            DbgUiDebugActiveProcess_p = (long (__stdcall *)(HANDLE))GetProcAddress(dllhandle, "DbgUiDebugActiveProcess");
            DbgUiStopDebugging_p      = (long (__stdcall *)(HANDLE))GetProcAddress(dllhandle, "DbgUiStopDebugging");

            //MyDbgUiConnectToDbg;
            //ProcessHandle:=OpenProcess(process_all_access, False, findprocess("winlogon.exe"));
            ////messagebox(0,pchar(inttohex(ProcessHandle,8)),"aa",0);
            //dwret:=MyDbgUiDebugActiveProcess(ProcessHandle);
            //if dwret<>0 then messagebox(0,pchar("保护失败"),"提示",0) else
            //messagebox(0,pchar("保护成功,来结束我吧!"),"提示",0)

            NtResumeProcess_p       = (DWORD (__stdcall *)(HANDLE))GetProcAddress(dllhandle, "NtResumeProcess");
            NtSuspendProcess_p      = (DWORD (__stdcall *)(HANDLE))GetProcAddress(dllhandle, "NtSuspendProcess");

        }

        //CloseHandle(dllhandle);
    }//

    long DbgUiConnectToDbg_ntdll()
    {
        return DbgUiConnectToDbg_p();
    }//

    long DbgUiDebugActiveProcess_ntdll(HANDLE ProcessHandle)
    {
        return DbgUiDebugActiveProcess_p(ProcessHandle);
    }//

    long DbgUiStopDebugging_ntdll(HANDLE ProcessHandle)
    {
        return DbgUiStopDebugging_p(ProcessHandle);
    }//

    DWORD NtResumeProcess_ntdll(HANDLE hProcess)//暂停
    {
        return NtResumeProcess_p(hProcess);
    }

    DWORD NtSuspendProcess_ntdll(HANDLE hProcess)//恢复
    {
        return NtSuspendProcess_p(hProcess);
    }

    /*
    这个据说也成
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID );
    if (hProcess)
    {
    HINSTANCE h_module = LoadLibrary(“ntdll.dll”);
    NtProcess mProcess = (NtProcess)GetProcAddress(h_module, “NtResumeProcess”); //NtResumeProcess NtSuspendProcess
    mProcess(hProcess);
    }
    其中processID为进程PID号码
    休眠还是恢复,随你选择
    */

    http://www.cnblogs.com/-clq/archive/2012/03/15/2397533.html

  • 相关阅读:
    你想了解数据库吗,进来瞧一瞧吧,详细的数据库解读
    MySQL8.0-INFORMATION_SCHEMA增强
    工作总结:涉及数据库、软件测试等内容
    MySQL高级-MySQL锁
    年轻就该多尝试,教你20小时Get一项新技能
    “TensorFlow 开发者出道计划”全攻略,玩转社区看这里!
    MySQL数据库高级操作(图文详解)
    JAVA RMI helloworld入门
    JAVA8 十大新特性详解
    Java 8 Lambda表达式探险
  • 原文地址:https://www.cnblogs.com/findumars/p/5812175.html
Copyright © 2020-2023  润新知