PeTools开发(一)

介绍:

完成进程的列举和模块的列举(1221)

主要功能介绍:

01对话框的载入DialogBox

02按钮的响应 WM_COMMAND

03加载listBox

04listBox的初始化

05WM_NOTIFY (List的响应)

06进程的权限提升

07CreateToolhelp32Snapshot

08Module32Next


主要是一些知识点的运用


展示图片:

PeTool1.jpg


主要代码:


// 20171217_01.cpp : Defines the entry point for the application.
//

#include "stdafx.h"
#include "resource.h"
#include <windows.h>
#include <stdio.h>
#include <stdlib.h> 
#include "tlhelp32.h"
#include <commctrl.h>
#include <shellapi.h>
#pragma comment(lib,"comctl32.lib") 

HINSTANCE hAppInstance;


//提升进程权限
BOOL EnableDebugPrivilege(BOOL bEnable)
{
	BOOL status=FALSE;
	HANDLE hToken;
	//打开当前进程的访问令牌
	if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))
	{
		LUID uID;
		LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&uID);
		//调整特权级别
		TOKEN_PRIVILEGES tp;
		tp.PrivilegeCount =1;
		tp.Privileges[0].Luid=uID;
		tp.Privileges[0].Attributes=bEnable?SE_PRIVILEGE_ENABLED:0;
		AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL);
		status =(GetLastError() ==ERROR_SUCCESS);
		CloseHandle(hToken);
	}
	return status;
}

BOOL EnumProcess(HWND hListProcess)
{
	HWND hProLV =hListProcess;
	LVITEM lvi;
	DWORD dwIdx=0;
	TCHAR szPath[MAX_PATH];         //进程路径
	TCHAR szPID[10];                        //PID
	TCHAR szBaseAddr[10];               //镜像基址
	TCHAR szBaseSize[10];                //镜像大小
	HANDLE hProSnapshot =NULL;		//进程快照句柄
	HANDLE hModSnapshot=NULL;	//模块快照句柄
	PROCESSENTRY32 pe32={0};
	MODULEENTRY32 me32 = {0};
	//SHFILEINFO fi;

	//清空列表
	ListView_DeleteAllItems(hProLV);
	//创建进程快照
	hProSnapshot =CreateToolhelp32Snapshot(TH32CS_SNAPALL,0); 
	if(hProSnapshot==INVALID_HANDLE_VALUE)
	{
		return FALSE;
	}

	pe32.dwSize =sizeof(pe32);
	ZeroMemory(&lvi,sizeof(lvi));
	lvi.mask		= LVIF_TEXT | LVIF_IMAGE | LVIF_PARAM | LVIF_STATE;
	lvi.state		= 0;
	lvi.stateMask	= 0;
	//枚举进程
	BOOL fOk =Process32First(hProSnapshot,&pe32);
	for (; fOk; fOk =Process32Next(hProSnapshot,&pe32),dwIdx++)
	{
		//StringCchPrintf(szPID,sizeof(szPID),_T("%08x"),pe32.th32ProcessID);
		sprintf(szPID,"%d",pe32.th32ProcessID);

		hModSnapshot =CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pe32.th32ProcessID);
		if (hModSnapshot !=INVALID_HANDLE_VALUE)
		{
			ZeroMemory(&me32,sizeof(me32));
			me32.dwSize = sizeof(me32);
			if(Module32First(hModSnapshot, &me32) && pe32.th32ProcessID !=0)
			{
				
				sprintf(szBaseAddr,"%08X",me32.modBaseAddr);
				sprintf(szBaseSize,"%08X",me32.modBaseSize);
				sprintf(szPath,"%s",pe32.szExeFile);

			}else{
				sprintf(szBaseAddr,"%08X",0);
				sprintf(szBaseSize,"%08X",0);
				sprintf(szPath,"%s",pe32.szExeFile);
				
			}
		}else{
			sprintf(szBaseAddr,"%08X",0);
			sprintf(szBaseSize,"%08X",0);
			sprintf(szPath,"%s",pe32.szExeFile);
		}
		lvi.pszText =szPath;
		lvi.cchTextMax=MAX_PATH;
		lvi.iItem =dwIdx;
	    ListView_InsertItem(hProLV,&lvi);
		ListView_SetItemText(hProLV,dwIdx,1,szPID);
		ListView_SetItemText(hProLV,dwIdx,2,szBaseAddr);
		ListView_SetItemText(hProLV,dwIdx,3,szBaseSize);
	}
	return TRUE;
}

BOOL EnumModules(HWND hListProcess,HWND hListModule,WPARAM wParam,LPARAM lParam)
{
	DWORD dwRowId;
	TCHAR szPid[0x20];
	LV_ITEM lv;
	//HWND hListModule;
	ListView_DeleteAllItems(hListModule);
	memset(&lv,0,sizeof(LV_ITEM));
	memset(szPid,0,0x20);
	
	dwRowId = SendMessage(hListProcess,LVM_GETNEXTITEM,-1,LVNI_SELECTED);
	//HWND hWnd = AfxGetMainWnd()->m_hWnd;
	//hListModule = GetDlgItem((HWND)hAppInstance,IDC_LIST_MODULE);
	
	if(dwRowId == -1)
	{
		MessageBox(NULL,TEXT("请选择进程"),TEXT("出错了"),MB_OK);
		return FALSE;
 
	}

	//获取PID
	lv.iSubItem = 1;
	lv.pszText = szPid;
	lv.cchTextMax = 0x20;
	SendMessage(hListProcess,LVM_GETITEMTEXT,dwRowId,(DWORD)&lv);

	DWORD dwPID = atoi(szPid);

	//通过pid列出所有的Modules
	HANDLE               hModuleSnap = INVALID_HANDLE_VALUE;
    MODULEENTRY32        me32;
 
    //给进程所引用的模块信息设定一个快照 
    hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
    if(hModuleSnap == INVALID_HANDLE_VALUE)
    {
		int i = GetLastError();
        return FALSE;
    }
 
    me32.dwSize = sizeof(MODULEENTRY32);
 
    if(!Module32First(hModuleSnap, &me32))
    {
        CloseHandle(hModuleSnap);
        return FALSE;
    }
	
	DWORD dwIdx= 0;
    do
    {
		/*
        printf("\n\n     MODULE NAME:     %s", me32.szModule);
        printf("\n     executable     = %s", me32.szExePath);
        printf("\n     process ID     = 0x%08X", me32.th32ProcessID);
        printf("\n     ref count (g)  =     0x%04X", me32.GlblcntUsage);
        printf("\n     ref count (p)  =     0x%04X", me32.ProccntUsage);
        printf("\n     base address   = 0x%08X", (DWORD)me32.modBaseAddr);
        printf("\n     base size      = %d", me32.modBaseSize);
		*/

		lv.pszText =me32.szModule;
		lv.iItem =dwIdx;
		lv.iSubItem = 0;
		SendMessage(hListModule,LVM_INSERTITEM,dwIdx,(DWORD)&lv);

	    lv.pszText = me32.szExePath;
		lv.iItem=dwIdx;
		lv.iSubItem = 1;
		SendMessage(hListModule,LVM_SETITEM,dwIdx,(DWORD)&lv);

		dwIdx++;
    } while(Module32Next(hModuleSnap, &me32));
 
    CloseHandle(hModuleSnap);
	
	return TRUE;
	//MessageBox(NULL,szPid,TEXT("pid"),MB_OK);
}

BOOL CALLBACK AboutDialogProc(
  HWND hwndDlg,  // handle to dialog box
  UINT uMsg,     // message
  WPARAM wParam, // first message parameter
  LPARAM lParam  // second message parameter
)
{
	switch(uMsg)
	{
		case WM_CLOSE:
		{
			//EndDeferWindowPos()
			EndDialog(hwndDlg,0);
			break;
		}
	}

	return FALSE;
}

VOID InitProcessListView(HWND hDlg)
{
	LV_COLUMN lv;
	HWND hListProcess;

	//初始化
	memset(&lv,0,sizeof(LV_COLUMN));
	hListProcess = GetDlgItem(hDlg,IDC_LIST_PROCESS);
	SendMessage(hListProcess,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_FULLROWSELECT,LVS_EX_FULLROWSELECT);
	
	//第一列
	lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
	lv.pszText = TEXT("进程");
	lv.cx = 150;
	lv.iSubItem = 0;
	SendMessage(hListProcess,LVM_INSERTCOLUMN,0,(DWORD)&lv);
	
	//第二列
	lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
	lv.pszText = TEXT("PID");
	lv.cx = 50;
	lv.iSubItem = 1;
	SendMessage(hListProcess,LVM_INSERTCOLUMN,1,(DWORD)&lv);
	
	//第三列
	lv.mask =  LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
	lv.pszText = TEXT("镜像基址");
	lv.cx = 100;
	lv.iSubItem = 2;
	SendMessage(hListProcess,LVM_INSERTCOLUMN,2,(DWORD)&lv);

	//第四列
	
	lv.mask =  LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
	lv.pszText = TEXT("镜像大小");
	lv.cx = 100;
	lv.iSubItem = 3 ;
	SendMessage(hListProcess,LVM_INSERTCOLUMN,3,(DWORD)&lv);

	EnumProcess(hListProcess);

}

VOID InitMuduleListView(HWND hDlg)
{
	LV_COLUMN lv;
	HWND hListModule;

	//初始化
	memset(&lv,0,sizeof(LV_COLUMN));
	hListModule = GetDlgItem(hDlg,IDC_LIST_MODULE);
	SendMessage(hListModule,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_FULLROWSELECT,LVS_EX_FULLROWSELECT);
	
	//第一列
	lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
	lv.pszText = TEXT("模块名称");
	lv.cx = 150;
	lv.iSubItem = 0;
	SendMessage(hListModule,LVM_INSERTCOLUMN,0,(DWORD)&lv);
	
	//第二列
	lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
	lv.pszText = TEXT("模块位置");
	lv.cx = 300;
	lv.iSubItem = 1;
	SendMessage(hListModule,LVM_INSERTCOLUMN,1,(DWORD)&lv);

}

BOOL CALLBACK MainDialogProc(
  HWND hwndDlg,  // handle to dialog box
  UINT uMsg,     // message
  WPARAM wParam, // first message parameter
  LPARAM lParam  // second message parameter
)
{
	HICON hSmallIcon = NULL;
	HICON hBigIcon = NULL;

	switch(uMsg)
	{
	case WM_CLOSE:
		{
			//EndDeferWindowPos()
			EndDialog(hwndDlg,0);
			break;
		}
	case WM_INITDIALOG:
		{
			//舒适化消息窗口
			//图标加载
			HICON hSmallIcon = LoadIcon(hAppInstance,MAKEINTRESOURCE(IDI_ICON_SMALL));
			HICON hBigIcon = LoadIcon(hAppInstance,MAKEINTRESOURCE(IDI_ICON_BIG));
			
			SendMessage(hwndDlg,WM_SETICON,ICON_BIG,(long)hBigIcon);
			SendMessage(hwndDlg,WM_SETICON,ICON_SMALL,(long)hSmallIcon);
			
			InitProcessListView(hwndDlg);
			InitMuduleListView(hwndDlg);

			break;
		}
	case WM_COMMAND:
		{
			switch(LOWORD(wParam))
			{
			case IDC_BUTTON_EXIT:
				{
					EndDialog(hwndDlg,0);
					break;
				}
			case IDC_BUTTON_ABOUT:
				{
					//MessageBox(0,0,0,0);
					DialogBox(hAppInstance,MAKEINTRESOURCE(IDD_DIALOG_ABOUT),NULL,AboutDialogProc);
					break;
				}
			}
		break;

		}

	case WM_NOTIFY:
		{
			NMHDR* pNMHDR = (NMHDR*)lParam;
			if(wParam == IDC_LIST_PROCESS && pNMHDR->code == NM_CLICK)
			{
				EnumModules(GetDlgItem(hwndDlg,IDC_LIST_PROCESS),GetDlgItem(hwndDlg,IDC_LIST_MODULE),wParam,lParam);	
			}
			break;
		}

	}
	return FALSE;

}


int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPSTR     lpCmdLine,
                     int       nCmdShow)
{
 	// TODO: Place code here.
	hAppInstance = hInstance;
	INITCOMMONCONTROLSEX icex;
	icex.dwSize  = sizeof(INITCOMMONCONTROLSEX);
	icex.dwICC = ICC_WIN95_CLASSES;
	InitCommonControlsEx(&icex);

	EnableDebugPrivilege(TRUE);

	DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG_MAIN),NULL,MainDialogProc);
	
	return 0;
}





原文链接: PeTools开发(一) 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( https://gyarmy.com/post-337.html )

发表评论

0则评论给“PeTools开发(一)”