玩编程有一段时间了~~工作业余之际写了这个工具,R3下的东西,老掉牙的方法了
算是一个学习windows编程的一个总结吧~!呵呵,大虾们莫笑~!
#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <tlhelp32.h>
#include <conio.h>
#include <string>
#include <winbase.h>
#include <psapi.h>
#define WIN32_LEAN_AND_MEAN // 从 Windows 头中排除极少使用的资料
#define _WIN32_WINNT 0x0400
#define DEF_BUF_SIZE 0x1000
//#define DEF_BUF_SIZE 1024
#define WTS_CURRENT_SERVER ((HANDLE)NULL)
#define WTS_CURRENT_SERVER_HANDLE ((HANDLE)NULL)
#define WTS_CURRENT_SERVER_NAME (NULL)
#define WTS_CURRENT_SESSION ((DWORD)-1)
typedef struct _WTS_PROCESS_INFO
{
DWORD SessionId;
DWORD ProcessId;
LPTSTR pProcessName;
PSID pUserSid;
} WTS_PROCESS_INFO, * PWTS_PROCESS_INFO;
typedef struct PROCESSINFO
{
DWORD pid;
char name[1024];
}info,*pinfo;
typedef BOOL (_stdcall *FUN_TWTSEnumerateProcesses)(HANDLE hServer,
DWORD Reserved,
DWORD Version,
PWTS_PROCESS_INFO* ppProcessInfo,
DWORD* pCount);
typedef void (_stdcall *FUN_WTSFreeMemory)(PVOID pMemory);
typedef DWORD (_stdcall *GETMODULEFILENAMEEX)(HANDLE hProcess,HMODULE hModule,LPTSTR lpFilename,DWORD nSize );
// 用于存储注入模块DLL的路径全名
char szDllPath[DEF_BUF_SIZE] = {0} ;
//VOID (CALLBACK *PAPCFUNC)(ULONG_PTR dwParam);
class Process
{
public:
Process();
~Process();
bool KillProcess(IN DWORD pid); //结束进程
void GetProcessInfo(void); //枚举进程
void GetProcessIDByName(OUT char *ProcessName,IN DWORD* ProcessID); //根据PID获得进程名
int GetProcessNameByPid(IN const char* ProcessName); //根据进程名获得PID
bool GetProcessModle(IN DWORD processID);
bool InjectDll(IN char *DllFullPath,IN const DWORD dwRemoteProcessId); //注入DLL
bool UnLoadDll(IN DWORD dwProcessID,IN LPCSTR lpszDll); //卸载DLL
HINSTANCE LoadDll(IN char* dllName); //加载DLL函数
DWORD* FindFunAddress(IN HINSTANCE handle,IN char* funName); //查找函数地址
void DisplayProcessInformation (IN LPBYTE lpBuf); //Native输出进程信息
void NativeProcess(void); //通过Native枚举进程
int GetProcessUserName(IN DWORD dwProcID,OUT char* strProcessName); //获取进程用户名
BOOL InjectModuleToProcessById ( DWORD dwProcessId ); // 使用APC机制向指定ID的进程注入模块
private:
bool EnableDebugPriv(IN const char* name); //提升进程权限
DWORD funAddrss;
int flag; //保留标志位
};
编译环境:VS2008
详细代码见附件了·!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课