时间: 2021-07-31 作者:daque
一、 实行道理: 开始经过createtoolhelp32snapshot因变量创造一个过程的快速照相,而后经过挪用process32first运用快速照相归来的句柄对过程举行遍历,关系的消息寄存在processentry32构造典型的范例中,经过挪用里面的一个因变量getprocessmodule,获得对应的过程的模块称呼,而后经过对过程地方空间消息的读取,进而获得相映的线程的id等的消息。 二、重要实行代码: 获得过程地方空间内的关系消息: hprocess = openprocess (process_all_access, false, pe32.th32processid); pfgetprocessmemoryinfo(hprocess,pmc,sizeof(pmc)); 获得过程的模块消息: bool cemutefiledlg::getprocessmodule(dword dwpid, dword dwmoduleid, lpmoduleentry32 lpme32, dword cbme32) { bool bret = false; bool bfound = false; handle hmodulesnap = null; moduleentry32 me32 = {0}; // take a snapshot of all modules in the specified process. hmodulesnap = createtoolhelp32snapshot(th32cs_snapmodule, dwpid); if (hmodulesnap == invalid_handle_value) return (false); // fill the size of the structure before using it. me32.dwsize = sizeof(moduleentry32); // walk the module list of the process, and find the module of // interest. then copy the information to the buffer pointed // to by lpme32 so that it can be returned to the caller. if (module32first(hmodulesnap, &me32)) { do { if (me32.th32moduleid == dwmoduleid) { copymemory (lpme32, &me32, cbme32); bfound = true; } } while (!bfound && module32next(hmodulesnap, &me32)); bret = bfound; // if this sets bret to false, dwmoduleid // no longer exists in specified process } else bret = false; // could not walk module list // do not forget to clean up the snapshot object. closehandle (hmodulesnap); return (bret); } 三、普及权力: bool enabledebugprivilege() { handle htoken; bool fok=false; if(openprocesstoken(getcurrentprocess(),token_adjust_privileges,&htoken)) { token_privileges tp; tp.privilegecount=1; if(!lookupprivilegevalue(null,se_debug_name,&tp.privileges[0].luid)) printf("can’t lookup privilege value.\n"); tp.privileges[0].attributes=se_privilege_enabled; if(!adjusttokenprivileges(htoken,false,&tp,sizeof(tp),null,null)) printf("can’t adjust privilege value.\n"); fok=(getlasterror()==error_success); closehandle(htoken); } return fok; } 四、跋文: 我发觉消息获得的不够完备,比方说,我很想领会如何本领获得过程的线程的模块称呼,不领会那位大侠不惜指教! monkeycd@163.com thanx!