木马编程天天练 步入第2天 进程管理

1.进程枚举

 

----------------------------Snapshot函数

 

举例代码：

#include<windows.h>
#include<Tlhelp32.h>
#include<stdio.h>

int main()
{
    PROCESSENTRY32 pe32;
    pe32.dwSize = sizeof(pe32);

    HANDLE hProcessSnap;
    BOOL  bMore;
    int count = 0;
  
    hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);

    if(hProcessSnap == INVALID_HANDLE_VALUE)
    {
        printf("CreateToolhelp    函数调用失败/n");
        return 0;
    }

    bMore = Process32First(hProcessSnap,&pe32);
    printf("%20s/t%10s/n","进程名","PID");
    printf("======================================/n");
    while(bMore)
    {
        count++;
        printf("%20s/t%10d/n",pe32.szExeFile,pe32.th32ProcessID);
        bMore = Process32Next(hProcessSnap,&pe32);
    }
    CloseHandle(hProcessSnap);
    return 0;
}

-----------------------EnumProcess函数

 

举例代码：

#include<windows.h>
#include<stdio.h>
#include<psapi.h>

#pragma comment(lib,"psapi.lib");

BOOL UpdateProcessPrivilege(HANDLE hProcess,LPCTSTR lpPrivilegeName = SE_DEBUG_NAME);

void main()
{
 UpdateProcessPrivilege(GetCurrentProcess());

 DWORD processcount;
 DWORD cbNeeded;
 DWORD ProcessId[1024];

 EnumProcesses(ProcessId, sizeof(ProcessId), &cbNeeded);
 processcount=cbNeeded/sizeof(DWORD);

 HMODULE hModule;
 char szPath[MAX_PATH];

 for (DWORD i=0;i<processcount;i++)
 {
  //打开进程
  HANDLE hProcess=OpenProcess(
   PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,
   FALSE, ProcessId[i]);

  memset(szPath,0,sizeof(szPath));

  if (hProcess)
  {
   EnumProcessModules(hProcess,
    &hModule, sizeof(hModule), &cbNeeded);
   GetModuleFileNameExA(hProcess,
    hModule, szPath, sizeof(szPath));
   printf("ProcessID: %d (%s)/n",ProcessId[i],szPath);
  }
  else
   printf("Failed!!!/n");

  CloseHandle(hProcess);
 }

 getchar();  // 暂停.
}

BOOL UpdateProcessPrivilege( HANDLE hProcess, LPCTSTR lpPrivilegeName)
{
 HANDLE hToken;
 int iResult;
 TOKEN_PRIVILEGES TokenPrivileges;

 if (OpenProcessToken( hProcess, TOKEN_ALL_ACCESS, &hToken ) )
 {
  LUID destLuid;
  if (LookupPrivilegeValue( NULL, lpPrivilegeName, &destLuid ) )
  {
   TokenPrivileges.PrivilegeCount = 1;
   TokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
   TokenPrivileges.Privileges[0].Luid = destLuid;

   if ( iResult =AdjustTokenPrivileges( hToken, FALSE,
    &TokenPrivileges, 0, NULL, NULL )) {
     return TRUE;   
   }
  }
 }
 return FALSE;
}

 

2.进程关闭

 

ExitProcess

TerminateProcess

 

3.枚举进程模块

 

代码示例：

 

int Modlist(DWORD Pid)
{
 HANDLE SnapP;
 struct tagMODULEENTRY32 modsnap;
 
 DebugPrivilege(SE_DEBUG_NAME,TRUE);
 SnapP = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,Pid);
 if(SnapP == (HANDLE)-1) 
 {        
  sprintf(Temp,"Fail To CreateToolhelp32Snapshot/r/n");
  SendMessage(Socket,Temp);
        return 1;
    }
 modsnap.dwSize = sizeof(tagMODULEENTRY32);
 if(Module32First(SnapP,&modsnap))
 {
    sprintf(Temp,"The Process[%d] Module Infomation:/r/n/r/nModuleName           ModulePath/r/n",Pid);
    strcat(Temp,"-------------------------------------------------------------------------------/r/n");
    printf("%s",Temp);
    do
    {  
    sprintf(Temp,"%-21s%s/r/n",modsnap.szModule,modsnap.szExePath);
    printf("%s",Temp);
    }
    while(Module32Next(SnapP,&modsnap));
    sprintf(Temp,"/r/nList Process Module Compeleted/r/n");
 }
 else
       sprintf(Temp,"Fail To Process32First/r/n"); 
 printf("%s",Temp);

 DebugPrivilege(SE_DEBUG_NAME,FALSE);
 CloseHandle(SnapP);

    return 0;
}