一、 实现原理: 首先通过CreateToolhelp32Snapshot函数创建一个进程的快照,然后通过调用Process32First使用快照返回的句柄对进程进行遍历,相关的信息存放在PROCESSENTRY32结构类型的实例中,通过调用内部的一个函数GetProcessModule,获取对应的进程的模块名称,然后通过对进程地址空间信息的读取,从而获取相应的线程的ID等的信息。 二、主要实现代码: 获取进程地址空间内的相关信息: hProcess = OpenProcess (PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID); pfGetProcessMemoryInfo(hProcess,pmc,sizeof(pmc)); 获取进程的模块信息: BOOL CEmuteFileDlg::GetProcessModule(DWORD dwPID, DWORD dwModuleID, LPMODULEENTRY32 lpMe32, DWORD cbMe32) { BOOL bRet = FALSE; BOOL bFound = FALSE; HANDLE hModuleSnap = NULL; MODULEENTRY32 me32 = {0}; // Take a snapshot of all modules in the specified process. hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID); if (hModuleSnap == INVALID_HANDLE_VALUE) return (FALSE); // Fill the size of the structure before using it. me32.dwSize = sizeof(MODULEENTRY32); // Walk the module list of the process, and find the module of // interest. Then copy the information to the buffer pointed // to by lpMe32 so that it can be returned to the caller. if (Module32First(hModuleSnap, &me32)) { do { if (me32.th32ModuleID == dwModuleID) { CopyMemory (lpMe32, &me32, cbMe32); bFound = TRUE; } } while (!bFound && Module32Next(hModuleSnap, &me32)); bRet = bFound; // if this sets bRet to FALSE, dwModuleID // no longer exists in specified process } else bRet = FALSE; // could not walk module list // Do not forget to clean up the snapshot object. CloseHandle (hModuleSnap); return (bRet); } 三、提高权限: BOOL EnableDebugPrivilege() { HANDLE hToken; BOOL fOk=FALSE; if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)) { TOKEN_PRIVILEGES tp; tp.PrivilegeCount=1; if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tp.Privileges[0].Luid)) printf("Can't lookup privilege value./n"); tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; if(!AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL)) printf("Can't adjust privilege value./n"); fOk=(GetLastError()==ERROR_SUCCESS); CloseHandle(hToken); } return fOk; } 四、后记: 我感觉信息获取的不够完整,比如说,我很想知道怎么才能获取进程的线程的模块名称,不知道那位大侠不吝赐教! monkeycd@163.com thanx! :-) |