/************************************************************************//* 云守护email:542335496@qq.com *//************************************************************************/#include <stdio.h>#include <windows.h>#include <TLHELP32.H>#include <ntsecapi.h>//需升级windows sdk,静态调用#include"psapi.h"#pragma comment (lib,"psapi.lib")//设置字体颜色void SetColor(unsigned short ForeColor=4,unsigned short BackGroundColor=0){HANDLE hCon = GetStdHandle(STD_OUTPUT_HANDLE);//获得缓冲区句柄SetConsoleTextAttribute(hCon,ForeColor|BackGroundColor);//设置文本及背景颜色,可以使用color -?查看};//通过系统快照获取进程BOOL GetProcessList(){HANDLE hProcessSnap;HANDLE hModuleSnap;BOOL bRet=FALSE;BOOL bModule=FALSE;PROCESSENTRY32 pe32={0};MODULEENTRY32 me32={0};pe32.dwSize=sizeof(PROCESSENTRY32);me32.dwSize=sizeof(MODULEENTRY32);hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);bRet=Process32First(hProcessSnap,&pe32);while(bRet){SetColor(0,2);printf("进程:%s\n",pe32.szExeFile);SetColor(0,7);hModuleSnap=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);bModule=Module32First(hModuleSnap,&me32);while(bModule){printf("\t模块:%s\n",me32.szExePath);bModule=Module32Next(hModuleSnap,&me32);}bRet=Process32Next(hProcessSnap,&pe32);}CloseHandle(hProcessSnap);CloseHandle(hModuleSnap);return TRUE;}//第二种方法 PSAPI 静态调用BOOL GetProcessListByPSAPi(){DWORD ProcessCount;DWORD cbNeeded;DWORD ProcessId[1024];EnumProcesses(ProcessId,sizeof(ProcessId),&cbNeeded);ProcessCount = cbNeeded/sizeof(DWORD);HMODULE hModule;char szPath[MAX_PATH];for(DWORD i = 0; i < ProcessCount; i ++){HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,ProcessId[i]);if(hProcess){EnumProcessModules(hProcess,&hModule,sizeof(hModule),&cbNeeded);GetModuleFileNameEx(hProcess,hModule,szPath,sizeof(szPath));SetColor(0,6);printf("PID:%d ",ProcessId[i]);SetColor(0,7);printf("\t%s\n",szPath);}elsecontinue;}return TRUE;}//第三种方法 WTSAPItypedef struct _WTS_PROCESS_INFO{DWORD SessionId;DWORD ProcessId;LPTSTR pProcessName;PSID pUserSid;}WTS_PROCESS_INFO,*PWTS_PROCESS_INFO;typedef HANDLE (WINAPI *WTSOPENSERVER)(LPTSTR pServerName);typedef BOOL (WINAPI *WTSENUMRATEPROCESSES)(HANDLE hServer,DWORD Reserved,DWORD Version,PWTS_PROCESS_INFO* ppProcessInfo,DWORD *pCount);//动态调用,合适用于windows NT/2000终端服务BOOL GetProcessByWTSAPI(){HMODULE hWtsApi32 = LoadLibrary("wtsapi32.dll");if(hWtsApi32==NULL){printf("请升级sdk,没有找到wtsapi.dll");return FALSE;}WTSOPENSERVER pWtsOpenServer = (WTSOPENSERVER)GetProcAddress(hWtsApi32,"WTSOpenSeverA");WTSENUMRATEPROCESSES pWtsEnumrateProcesses = (WTSENUMRATEPROCESSES)GetProcAddress(hWtsApi32,"WTSEnumrateProcessesA");//终端服务名字,可以使用nbtstat -an 命令查看char *szServerName = " 1FB978629C104D4";HANDLE hWtsServer = pWtsOpenServer(szServerName);PWTS_PROCESS_INFO pWtsapi;DWORD dwCount;if(!pWtsEnumrateProcesses(hWtsServer,0,1,&pWtsapi,&dwCount))return FALSE;for(DWORD i = 0; i < dwCount; i ++){printf("ProcessID: %d (%s)\n",pWtsapi[i].ProcessId,pWtsapi[i].pProcessName);}return TRUE;}//第四种方法#define SystemProcessesAndThreadsInformation5// 动态调用typedef DWORD (WINAPI *ZWQUERYSYSTEMINFORMATION) (DWORD, PVOID, DWORD, PDWORD);// 结构定义typedef struct _SYSTEM_PROCESS_INFORMATION{DWORDNextEntryDelta;DWORDThreadCount;DWORDReserved1[6];FILETIMEftCreateTime;FILETIMEftUserTime;FILETIMEftKernelTime;UNICODE_STRING ProcessName;DWORDBasePriority;DWORDProcessId;DWORDInheritedFromProcessId;DWORDHandleCount;DWORDReserved2[2];DWORDVmCounters;DWORDdCommitCharge;PVOIDThreadInfos[1];}SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;BOOL GetProcessListByNTDLL(){// 导出函数HMODULE hNtDll = GetModuleHandle("ntdll.dll");ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation = (ZWQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"ZwQuerySystemInformation");ULONG cbBuffer = 0x10000;LPVOID pBuffer = NULL;pBuffer = malloc(cbBuffer);if(pBuffer == NULL)return -1;// 获取进程信息ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,pBuffer,cbBuffer,NULL);// 指针指向链表头部PSYSTEM_PROCESS_INFORMATION pInfo = (PSYSTEM_PROCESS_INFORMATION)pBuffer;// 输出结果for(;;){SetColor(0,13);printf("PID:%d ",pInfo->ProcessId);SetColor(0,7);printf("\t%ls\n",pInfo->ProcessName.Buffer);if(pInfo->NextEntryDelta == 0)break;// 读取下一个节点pInfo = (PSYSTEM_PROCESS_INFORMATION)(((PUCHAR)pInfo)+pInfo->NextEntryDelta);}// 释放缓冲区free(pBuffer);return TRUE;}void main(){//GetProcessList();//GetProcessListByPSAPi();//GetProcessByWTSAPI();GetProcessListByNTDLL();}
