HANDLE CreateToolhelp32Snapshot(
[
in
] DWORD dwFlags,
[
in
] DWORD th32ProcessID
);
BOOL
Thread32First(
[
in
] HANDLE hSnapshot,
[
in
, out] LPTHREADENTRY32 lpte
);
BOOL
Thread32Next(
[
in
] HANDLE hSnapshot,
[out] LPTHREADENTRY32 lpte
);
HANDLE CreateToolhelp32Snapshot(
[
in
] DWORD dwFlags,
[
in
] DWORD th32ProcessID
);
BOOL
Thread32First(
[
in
] HANDLE hSnapshot,
[
in
, out] LPTHREADENTRY32 lpte
);
BOOL
Thread32Next(
[
in
] HANDLE hSnapshot,
[out] LPTHREADENTRY32 lpte
);
using namespace std;
std::vector<DWORD> GetAllProcessThread(DWORD ProcessId)
/
/
一定要保证 是多字节模式,不然可能会出错
{
std::vector<DWORD>v;
HANDLE ThreadList
=
CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,
0
);
THREADENTRY32 ThreadInfo{ sizeof(THREADENTRY32) };
if
(Thread32First(ThreadList, &ThreadInfo))
{
do
{
if
(ThreadInfo.th32OwnerProcessID
=
=
ProcessId)
{
v.push_back(ThreadInfo.th32ThreadID);
}
}
while
(Thread32Next(ThreadList, &ThreadInfo));
}
CloseHandle(ThreadList);
return
v;
}
DWORD GetProcessId(char
*
ProcessName)
/
/
一定要保证 是多字节模式,不然可能会出错
{
DWORD ProcessId
=
0
;
HANDLE hProcessList
=
CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,
0
);
PROCESSENTRY32 processInfo{ sizeof(PROCESSENTRY32) };
if
(Process32First(hProcessList, &processInfo))
{
do {
if
(strcmp(processInfo.szExeFile, ProcessName)
=
=
0
)
{
ProcessId
=
processInfo.th32ProcessID;
break
;
}
}
while
(Process32Next(hProcessList, &processInfo));
}
CloseHandle(hProcessList);
return
ProcessId;
}
ULONG64 GetModuleBaseAdress(DWORD ProcessId,char
*
Module)
/
/
一定要保证 是多字节模式,不然可能会出错
{
ULONG64 ModuleBaseAdr
=
0
;
char p[
20
]
=
{
0
};
HANDLE ModuleList
=
CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessId);
MODULEENTRY32 ModuleInfo{ sizeof(MODULEENTRY32) };
if
(Module32First(ModuleList, &ModuleInfo))
{
do
{
if
(strcmp(ModuleInfo.szModule, Module)
=
=
0
)
{
sprintf(p,
"%d"
, ModuleInfo.modBaseAddr);
ModuleBaseAdr
=
atoi(p);
/
/
感谢指出 转换可以用
/
/
ModuleBaseAdr
=
(DWORD)ModuleInfo.modBaseAddr;强转
break
;
}
}
while
(Module32Next(ModuleList, &ModuleInfo));
}
CloseHandle(ModuleList);
return
ModuleBaseAdr;
}
using namespace std;
std::vector<DWORD> GetAllProcessThread(DWORD ProcessId)
/
/
一定要保证 是多字节模式,不然可能会出错
{
std::vector<DWORD>v;
HANDLE ThreadList
=
CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,
0
);
THREADENTRY32 ThreadInfo{ sizeof(THREADENTRY32) };
if
(Thread32First(ThreadList, &ThreadInfo))
{
do
{
if
(ThreadInfo.th32OwnerProcessID
=
=
ProcessId)
{
v.push_back(ThreadInfo.th32ThreadID);
}
}
while
(Thread32Next(ThreadList, &ThreadInfo));
}
CloseHandle(ThreadList);
return
v;
}
DWORD GetProcessId(char
*
ProcessName)
/
/
一定要保证 是多字节模式,不然可能会出错
{
DWORD ProcessId
=
0
;
HANDLE hProcessList
=
CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,
0
);
PROCESSENTRY32 processInfo{ sizeof(PROCESSENTRY32) };
if
(Process32First(hProcessList, &processInfo))
{
do {
if
(strcmp(processInfo.szExeFile, ProcessName)
=
=
0
)
{
ProcessId
=
processInfo.th32ProcessID;
break
;
}
}
while
(Process32Next(hProcessList, &processInfo));
}
CloseHandle(hProcessList);
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
最后于 2022-1-20 10:56
被AlphaYang编辑
,原因: