热点排行

获取进程模块的信息

类别:VC语言 点击:0 评论:0 推荐:

一、实现原理:

  首先通过CreateToolhelp32Snapshot函数创建一个进程的快照,然后通过调用Process32First使用快照返回的句柄对进程进行遍历,相关的信息存放在PROCESSENTRY32结构类型的实例中,通过调用内部的一个函数GetProcessModule,获取对应的进程的模块名称,然后通过对进程地址空间信息的读取,从而获取相应的线程的ID等的信息。

二、主要实现代码:

获取进程地址空间内的相关信息:

                hProcess = OpenProcess (PROCESS_ALL_ACCESS,
                    FALSE, pe32.th32ProcessID);

  pfGetProcessMemoryInfo(hProcess,pmc,sizeof(pmc));


获取进程的模块信息:

BOOL CEmuteFileDlg::GetProcessModule(DWORD dwPID, DWORD dwModuleID, LPMODULEENTRY32 lpMe32, DWORD cbMe32)
{
    BOOL          bRet        = FALSE;
    BOOL          bFound      = FALSE;
    HANDLE        hModuleSnap = NULL;
    MODULEENTRY32 me32        = {0};
 
    // Take a snapshot of all modules in the specified process.

    hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID); 
 

    if (hModuleSnap == INVALID_HANDLE_VALUE)
        return (FALSE);
 
    // Fill the size of the structure before using it.

    me32.dwSize = sizeof(MODULEENTRY32);
 
    // Walk the module list of the process, and find the module of
    // interest. Then copy the information to the buffer pointed
    // to by lpMe32 so that it can be returned to the caller.

    if (Module32First(hModuleSnap, &me32))
    {
        do
        {
            if (me32.th32ModuleID == dwModuleID)
            {
                CopyMemory (lpMe32, &me32, cbMe32);
                bFound = TRUE;
            }
        }
        while (!bFound && Module32Next(hModuleSnap, &me32));
 
        bRet = bFound;   // if this sets bRet to FALSE, dwModuleID
                         // no longer exists in specified process
    }
    else
        bRet = FALSE;           // could not walk module list
 
    // Do not forget to clean up the snapshot object.

    CloseHandle (hModuleSnap);
 
    return (bRet);
}

三、提高权限:

BOOL EnableDebugPrivilege()
{
  HANDLE hToken;
  BOOL fOk=FALSE;
  if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))
  {
    TOKEN_PRIVILEGES tp;
    tp.PrivilegeCount=1;
    if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tp.Privileges[0].Luid))
      printf("Can't lookup privilege value.\n");
    tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
    if(!AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL))
      printf("Can't adjust privilege value.\n");
    fOk=(GetLastError()==ERROR_SUCCESS);
    CloseHandle(hToken);
  }
    return fOk;
}

四、后记:
 
  我感觉信息获取的不够完整,比如说,我很想知道怎么才能获取进程的线程的模块名称,不知道那位大侠不吝赐教!

  [email protected]

  thanx!
  :-)

代码下载:http://www.vckbase.com/code/listcode.asp?mclsid=13&sclsid=1305

本文地址:http://com.8s8s.com/it/it1157.htm

Copyright © 2004-2013 信息技术中文网 All rights reserved 版权所有

Powered by 信息技术中文网 Ver2.0