介绍:
完成进程的列举和模块的列举(1221)
主要功能介绍:
01对话框的载入DialogBox
02按钮的响应 WM_COMMAND
03加载listBox
04listBox的初始化
05WM_NOTIFY (List的响应)
06进程的权限提升
07CreateToolhelp32Snapshot
08Module32Next
主要是一些知识点的运用
展示图片:
主要代码:
// 20171217_01.cpp : Defines the entry point for the application. // #include "stdafx.h" #include "resource.h" #include <windows.h> #include <stdio.h> #include <stdlib.h> #include "tlhelp32.h" #include <commctrl.h> #include <shellapi.h> #pragma comment(lib,"comctl32.lib") HINSTANCE hAppInstance; //提升进程权限 BOOL EnableDebugPrivilege(BOOL bEnable) { BOOL status=FALSE; HANDLE hToken; //打开当前进程的访问令牌 if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)) { LUID uID; LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&uID); //调整特权级别 TOKEN_PRIVILEGES tp; tp.PrivilegeCount =1; tp.Privileges[0].Luid=uID; tp.Privileges[0].Attributes=bEnable?SE_PRIVILEGE_ENABLED:0; AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL); status =(GetLastError() ==ERROR_SUCCESS); CloseHandle(hToken); } return status; } BOOL EnumProcess(HWND hListProcess) { HWND hProLV =hListProcess; LVITEM lvi; DWORD dwIdx=0; TCHAR szPath[MAX_PATH]; //进程路径 TCHAR szPID[10]; //PID TCHAR szBaseAddr[10]; //镜像基址 TCHAR szBaseSize[10]; //镜像大小 HANDLE hProSnapshot =NULL; //进程快照句柄 HANDLE hModSnapshot=NULL; //模块快照句柄 PROCESSENTRY32 pe32={0}; MODULEENTRY32 me32 = {0}; //SHFILEINFO fi; //清空列表 ListView_DeleteAllItems(hProLV); //创建进程快照 hProSnapshot =CreateToolhelp32Snapshot(TH32CS_SNAPALL,0); if(hProSnapshot==INVALID_HANDLE_VALUE) { return FALSE; } pe32.dwSize =sizeof(pe32); ZeroMemory(&lvi,sizeof(lvi)); lvi.mask = LVIF_TEXT | LVIF_IMAGE | LVIF_PARAM | LVIF_STATE; lvi.state = 0; lvi.stateMask = 0; //枚举进程 BOOL fOk =Process32First(hProSnapshot,&pe32); for (; fOk; fOk =Process32Next(hProSnapshot,&pe32),dwIdx++) { //StringCchPrintf(szPID,sizeof(szPID),_T("%08x"),pe32.th32ProcessID); sprintf(szPID,"%d",pe32.th32ProcessID); hModSnapshot =CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pe32.th32ProcessID); if (hModSnapshot !=INVALID_HANDLE_VALUE) { ZeroMemory(&me32,sizeof(me32)); me32.dwSize = sizeof(me32); if(Module32First(hModSnapshot, &me32) && pe32.th32ProcessID !=0) { sprintf(szBaseAddr,"%08X",me32.modBaseAddr); sprintf(szBaseSize,"%08X",me32.modBaseSize); sprintf(szPath,"%s",pe32.szExeFile); }else{ sprintf(szBaseAddr,"%08X",0); sprintf(szBaseSize,"%08X",0); sprintf(szPath,"%s",pe32.szExeFile); } }else{ sprintf(szBaseAddr,"%08X",0); sprintf(szBaseSize,"%08X",0); sprintf(szPath,"%s",pe32.szExeFile); } lvi.pszText =szPath; lvi.cchTextMax=MAX_PATH; lvi.iItem =dwIdx; ListView_InsertItem(hProLV,&lvi); ListView_SetItemText(hProLV,dwIdx,1,szPID); ListView_SetItemText(hProLV,dwIdx,2,szBaseAddr); ListView_SetItemText(hProLV,dwIdx,3,szBaseSize); } return TRUE; } BOOL EnumModules(HWND hListProcess,HWND hListModule,WPARAM wParam,LPARAM lParam) { DWORD dwRowId; TCHAR szPid[0x20]; LV_ITEM lv; //HWND hListModule; ListView_DeleteAllItems(hListModule); memset(&lv,0,sizeof(LV_ITEM)); memset(szPid,0,0x20); dwRowId = SendMessage(hListProcess,LVM_GETNEXTITEM,-1,LVNI_SELECTED); //HWND hWnd = AfxGetMainWnd()->m_hWnd; //hListModule = GetDlgItem((HWND)hAppInstance,IDC_LIST_MODULE); if(dwRowId == -1) { MessageBox(NULL,TEXT("请选择进程"),TEXT("出错了"),MB_OK); return FALSE; } //获取PID lv.iSubItem = 1; lv.pszText = szPid; lv.cchTextMax = 0x20; SendMessage(hListProcess,LVM_GETITEMTEXT,dwRowId,(DWORD)&lv); DWORD dwPID = atoi(szPid); //通过pid列出所有的Modules HANDLE hModuleSnap = INVALID_HANDLE_VALUE; MODULEENTRY32 me32; //给进程所引用的模块信息设定一个快照 hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID); if(hModuleSnap == INVALID_HANDLE_VALUE) { int i = GetLastError(); return FALSE; } me32.dwSize = sizeof(MODULEENTRY32); if(!Module32First(hModuleSnap, &me32)) { CloseHandle(hModuleSnap); return FALSE; } DWORD dwIdx= 0; do { /* printf("\n\n MODULE NAME: %s", me32.szModule); printf("\n executable = %s", me32.szExePath); printf("\n process ID = 0x%08X", me32.th32ProcessID); printf("\n ref count (g) = 0x%04X", me32.GlblcntUsage); printf("\n ref count (p) = 0x%04X", me32.ProccntUsage); printf("\n base address = 0x%08X", (DWORD)me32.modBaseAddr); printf("\n base size = %d", me32.modBaseSize); */ lv.pszText =me32.szModule; lv.iItem =dwIdx; lv.iSubItem = 0; SendMessage(hListModule,LVM_INSERTITEM,dwIdx,(DWORD)&lv); lv.pszText = me32.szExePath; lv.iItem=dwIdx; lv.iSubItem = 1; SendMessage(hListModule,LVM_SETITEM,dwIdx,(DWORD)&lv); dwIdx++; } while(Module32Next(hModuleSnap, &me32)); CloseHandle(hModuleSnap); return TRUE; //MessageBox(NULL,szPid,TEXT("pid"),MB_OK); } BOOL CALLBACK AboutDialogProc( HWND hwndDlg, // handle to dialog box UINT uMsg, // message WPARAM wParam, // first message parameter LPARAM lParam // second message parameter ) { switch(uMsg) { case WM_CLOSE: { //EndDeferWindowPos() EndDialog(hwndDlg,0); break; } } return FALSE; } VOID InitProcessListView(HWND hDlg) { LV_COLUMN lv; HWND hListProcess; //初始化 memset(&lv,0,sizeof(LV_COLUMN)); hListProcess = GetDlgItem(hDlg,IDC_LIST_PROCESS); SendMessage(hListProcess,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_FULLROWSELECT,LVS_EX_FULLROWSELECT); //第一列 lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM; lv.pszText = TEXT("进程"); lv.cx = 150; lv.iSubItem = 0; SendMessage(hListProcess,LVM_INSERTCOLUMN,0,(DWORD)&lv); //第二列 lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM; lv.pszText = TEXT("PID"); lv.cx = 50; lv.iSubItem = 1; SendMessage(hListProcess,LVM_INSERTCOLUMN,1,(DWORD)&lv); //第三列 lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM; lv.pszText = TEXT("镜像基址"); lv.cx = 100; lv.iSubItem = 2; SendMessage(hListProcess,LVM_INSERTCOLUMN,2,(DWORD)&lv); //第四列 lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM; lv.pszText = TEXT("镜像大小"); lv.cx = 100; lv.iSubItem = 3 ; SendMessage(hListProcess,LVM_INSERTCOLUMN,3,(DWORD)&lv); EnumProcess(hListProcess); } VOID InitMuduleListView(HWND hDlg) { LV_COLUMN lv; HWND hListModule; //初始化 memset(&lv,0,sizeof(LV_COLUMN)); hListModule = GetDlgItem(hDlg,IDC_LIST_MODULE); SendMessage(hListModule,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_FULLROWSELECT,LVS_EX_FULLROWSELECT); //第一列 lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM; lv.pszText = TEXT("模块名称"); lv.cx = 150; lv.iSubItem = 0; SendMessage(hListModule,LVM_INSERTCOLUMN,0,(DWORD)&lv); //第二列 lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM; lv.pszText = TEXT("模块位置"); lv.cx = 300; lv.iSubItem = 1; SendMessage(hListModule,LVM_INSERTCOLUMN,1,(DWORD)&lv); } BOOL CALLBACK MainDialogProc( HWND hwndDlg, // handle to dialog box UINT uMsg, // message WPARAM wParam, // first message parameter LPARAM lParam // second message parameter ) { HICON hSmallIcon = NULL; HICON hBigIcon = NULL; switch(uMsg) { case WM_CLOSE: { //EndDeferWindowPos() EndDialog(hwndDlg,0); break; } case WM_INITDIALOG: { //舒适化消息窗口 //图标加载 HICON hSmallIcon = LoadIcon(hAppInstance,MAKEINTRESOURCE(IDI_ICON_SMALL)); HICON hBigIcon = LoadIcon(hAppInstance,MAKEINTRESOURCE(IDI_ICON_BIG)); SendMessage(hwndDlg,WM_SETICON,ICON_BIG,(long)hBigIcon); SendMessage(hwndDlg,WM_SETICON,ICON_SMALL,(long)hSmallIcon); InitProcessListView(hwndDlg); InitMuduleListView(hwndDlg); break; } case WM_COMMAND: { switch(LOWORD(wParam)) { case IDC_BUTTON_EXIT: { EndDialog(hwndDlg,0); break; } case IDC_BUTTON_ABOUT: { //MessageBox(0,0,0,0); DialogBox(hAppInstance,MAKEINTRESOURCE(IDD_DIALOG_ABOUT),NULL,AboutDialogProc); break; } } break; } case WM_NOTIFY: { NMHDR* pNMHDR = (NMHDR*)lParam; if(wParam == IDC_LIST_PROCESS && pNMHDR->code == NM_CLICK) { EnumModules(GetDlgItem(hwndDlg,IDC_LIST_PROCESS),GetDlgItem(hwndDlg,IDC_LIST_MODULE),wParam,lParam); } break; } } return FALSE; } int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { // TODO: Place code here. hAppInstance = hInstance; INITCOMMONCONTROLSEX icex; icex.dwSize = sizeof(INITCOMMONCONTROLSEX); icex.dwICC = ICC_WIN95_CLASSES; InitCommonControlsEx(&icex); EnableDebugPrivilege(TRUE); DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG_MAIN),NULL,MainDialogProc); return 0; }
0则评论给“PeTools开发(一)”