- /************************************************************************/
- /* 云守护
- email:542335496@qq.com */
- /************************************************************************/
- #include <stdio.h>
- #include <windows.h>
- #include <TLHELP32.H>
- #include <ntsecapi.h>
- //需升级windows sdk,静态调用
- #include "psapi.h"
- #pragma comment (lib,"psapi.lib")
- //设置字体颜色
- void SetColor(unsigned short ForeColor=4,unsigned short BackGroundColor=0)
- {
- HANDLE hCon = GetStdHandle(STD_OUTPUT_HANDLE);//获得缓冲区句柄
- SetConsoleTextAttribute(hCon,ForeColor|BackGroundColor);//设置文本及背景颜色,可以使用color -?查看
- };
- //通过系统快照获取进程
- BOOL GetProcessList(){
- HANDLE hProcessSnap;
- HANDLE hModuleSnap;
- BOOL bRet=FALSE;
- BOOL bModule=FALSE;
- PROCESSENTRY32 pe32={0};
- MODULEENTRY32 me32={0};
- pe32.dwSize=sizeof(PROCESSENTRY32);
- me32.dwSize=sizeof(MODULEENTRY32);
- hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
- bRet=Process32First(hProcessSnap,&pe32);
- while(bRet){
- SetColor(0,2);
- printf("进程:%s\n",pe32.szExeFile);
- SetColor(0,7);
- hModuleSnap=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);
- bModule=Module32First(hModuleSnap,&me32);
- while(bModule){
- printf("\t模块:%s\n",me32.szExePath);
- bModule=Module32Next(hModuleSnap,&me32);
- }
- bRet=Process32Next(hProcessSnap,&pe32);
- }
- CloseHandle(hProcessSnap);
- CloseHandle(hModuleSnap);
- return TRUE;
- }
- //第二种方法 PSAPI 静态调用
- BOOL GetProcessListByPSAPi(){
- DWORD ProcessCount;
- DWORD cbNeeded;
- DWORD ProcessId[1024];
- EnumProcesses(ProcessId,sizeof(ProcessId),&cbNeeded);
- ProcessCount = cbNeeded/sizeof(DWORD);
- HMODULE hModule;
- char szPath[MAX_PATH];
- for(DWORD i = 0; i < ProcessCount; i ++)
- {
- HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,ProcessId[i]);
- if(hProcess)
- {
- EnumProcessModules(hProcess,&hModule,sizeof(hModule),&cbNeeded);
- GetModuleFileNameEx(hProcess,hModule,szPath,sizeof(szPath));
- SetColor(0,6);
- printf("PID:%d ",ProcessId[i]);
- SetColor(0,7);
- printf("\t%s\n",szPath);
- }
- else
- continue;
- }
- return TRUE;
- }
- //第三种方法 WTSAPI
- typedef struct _WTS_PROCESS_INFO{
- DWORD SessionId;
- DWORD ProcessId;
- LPTSTR pProcessName;
- PSID pUserSid;
- }WTS_PROCESS_INFO,*PWTS_PROCESS_INFO;
- typedef HANDLE (WINAPI *WTSOPENSERVER)(LPTSTR pServerName);
- typedef BOOL (WINAPI *WTSENUMRATEPROCESSES)(HANDLE hServer,DWORD Reserved,DWORD Version,PWTS_PROCESS_INFO* ppProcessInfo,DWORD *pCount);
- //动态调用,合适用于windows NT/2000终端服务
- BOOL GetProcessByWTSAPI(){
- HMODULE hWtsApi32 = LoadLibrary("wtsapi32.dll");
- if(hWtsApi32==NULL){
- printf("请升级sdk,没有找到wtsapi.dll");
- return FALSE;
- }
- WTSOPENSERVER pWtsOpenServer = (WTSOPENSERVER)GetProcAddress(hWtsApi32,"WTSOpenSeverA");
- WTSENUMRATEPROCESSES pWtsEnumrateProcesses = (WTSENUMRATEPROCESSES)GetProcAddress(hWtsApi32,"WTSEnumrateProcessesA");
- //终端服务名字,可以使用nbtstat -an 命令查看
- char *szServerName = " 1FB978629C104D4";
- HANDLE hWtsServer = pWtsOpenServer(szServerName);
- PWTS_PROCESS_INFO pWtsapi;
- DWORD dwCount;
- if(!pWtsEnumrateProcesses(hWtsServer,0,1,&pWtsapi,&dwCount))
- return FALSE;
- for(DWORD i = 0; i < dwCount; i ++)
- {
- printf("ProcessID: %d (%s)\n",pWtsapi[i].ProcessId,pWtsapi[i].pProcessName);
- }
- return TRUE;
- }
- //第四种方法
- #define SystemProcessesAndThreadsInformation 5
- // 动态调用
- typedef DWORD (WINAPI *ZWQUERYSYSTEMINFORMATION) (DWORD,
- PVOID,
- DWORD,
- PDWORD);
- // 结构定义
- typedef struct _SYSTEM_PROCESS_INFORMATION{
- DWORD NextEntryDelta;
- DWORD ThreadCount;
- DWORD Reserved1[6];
- FILETIME ftCreateTime;
- FILETIME ftUserTime;
- FILETIME ftKernelTime;
- UNICODE_STRING ProcessName;
- DWORD BasePriority;
- DWORD ProcessId;
- DWORD InheritedFromProcessId;
- DWORD HandleCount;
- DWORD Reserved2[2];
- DWORD VmCounters;
- DWORD dCommitCharge;
- PVOID ThreadInfos[1];
- }SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
- BOOL GetProcessListByNTDLL(){
- // 导出函数
- HMODULE hNtDll = GetModuleHandle("ntdll.dll");
- ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation = (ZWQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"ZwQuerySystemInformation");
- ULONG cbBuffer = 0x10000;
- LPVOID pBuffer = NULL;
- pBuffer = malloc(cbBuffer);
- if(pBuffer == NULL)
- return -1;
- // 获取进程信息
- ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,pBuffer,cbBuffer,NULL);
- // 指针指向链表头部
- PSYSTEM_PROCESS_INFORMATION pInfo = (PSYSTEM_PROCESS_INFORMATION)pBuffer;
- // 输出结果
- for(;;)
- {
- SetColor(0,13);
- printf("PID:%d ",pInfo->ProcessId);
- SetColor(0,7);
- printf("\t%ls\n",pInfo->ProcessName.Buffer);
- if(pInfo->NextEntryDelta == 0)
- break;
- // 读取下一个节点
- pInfo = (PSYSTEM_PROCESS_INFORMATION)(((PUCHAR)pInfo)+pInfo->NextEntryDelta);
- }
- // 释放缓冲区
- free(pBuffer);
- return TRUE;
- }
- void main(){
- //GetProcessList();
- //GetProcessListByPSAPi();
- //GetProcessByWTSAPI();
- GetProcessListByNTDLL();
- }
原文地址
http://blog.csdn.net/earbao/article/details/8464715
