枚举系统的当前进程

来源：互联网发布：java反射获取类上注解编辑：程序博客网时间：2024/04/29 20:10
枚举系统的当前进程

#include "stdio.h"#include "windows.h"void main(){OSVERSIONINFO osverInfo;osverInfo.dwOSVersionInfoSize=sizeof(osverInfo);printf("Hello! Thandks IDA ASM Me!\n");if(GetVersionEx(&osverInfo)){switch(osverInfo.dwPlatformId){case VER_PLATFORM_WIN32_NT:if(osverInfo.dwMajorVersion<5){printf("The Current OS info is : Microsoft Windows NT %d.%d\n",\osverInfo.dwMajorVersion,osverInfo.dwMinorVersion);}else{printf("The Current OS info is : \nMicrosoft Windows 2000/xp %d.%d %s",\osverInfo.dwMajorVersion,osverInfo.dwMinorVersion,osverInfo.szCSDVersion);}break;default:printf("Invalid os information...\n");break;}}else{printf("GetVersionEx is falied with error code=0x%x\n",GetLastError());}getchar();}#ifdef __cplusplusextern "C"{#endif#include "ntddk.h"VOIDDriverUnload(IN PDRIVER_OBJECT DriverObject);#ifdef __cplusplus}#endif#ifdef __cplusplusextern "C"#endifNTSTATUSDriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ){NTSTATUS   ntStatus=STATUS_SUCCESS;ULONG    MajorVersion;ULONG    MinVersion;ULONG    BuildNum;UNICODE_STRING CurrentVer;UNICODE_STRING SerVersion;RTL_OSVERSIONINFOW osverInfo;DbgPrint(__TIME__ __FILE__" >>> DriverEntry function ...\n");/* //利用内核API来实现osverInfo.dwOSVersionInfoSize=sizeof(osverInfo);if(PsGetVersion(&MajorVersion,&MinVersion,&BuildNum,&SerVersion)){if(MajorVersion<5){DbgPrint("The Current OS info is : Microsoft Windows NT %d.%d\n",MajorVersion,MinVersion);}else{DbgPrint("The Current OS info is : Microsoft Windows 2000/xp %d.%d %S\n",MajorVersion,MinVersion,SerVersion);}}else if(NT_SUCCESS(RtlGetVersion(&osverInfo))){if(osverInfo.dwMajorVersion<5){DbgPrint("The Current OS info is : Microsoft Windows NT %d.%d\n",\osverInfo.dwMajorVersion,osverInfo.dwMinorVersion);}else{DbgPrint("The Current OS info is : Microsoft Windows 2000/xp %d.%d %S\n",\osverInfo.dwMajorVersion,osverInfo.dwMinorVersion,osverInfo.szCSDVersion);}}else{DbgPrint("PsGetVersion function is falied ...\n");}*///通过查询注册表来实现RTL_QUERY_REGISTRY_TABLE RegTable[3];RtlZeroMemory(RegTable,sizeof(RegTable));RtlZeroMemory(&CurrentVer,sizeof(CurrentVer));RtlZeroMemory(&SerVersion,sizeof(SerVersion));RegTable[0].Flags=RTL_QUERY_REGISTRY_DIRECT;RegTable[0].Name =L"CurrentVersion";RegTable[0].EntryContext=&CurrentVer;RegTable[0].DefaultType=REG_SZ;RegTable[0].DefaultData=&CurrentVer;RegTable[0].DefaultLength=sizeof(CurrentVer);RegTable[1].Flags=RTL_QUERY_REGISTRY_DIRECT;RegTable[1].Name =L"CSDVersion";RegTable[1].EntryContext=&SerVersion;RegTable[1].DefaultType=REG_SZ;RegTable[1].DefaultData=&SerVersion;RegTable[1].DefaultLength=sizeof(SerVersion);ntStatus=RtlQueryRegistryValues(RTL_REGISTRY_WINDOWS_NT,\NULL,\RegTable,\NULL,\NULL);if(NT_SUCCESS(ntStatus)){DbgPrint("The Current Version : %S %S\n",CurrentVer,SerVersion);}return ntStatus;}VOIDDriverUnload(IN PDRIVER_OBJECT DriverObject){DbgPrint(__TIME__ __FILE__" >>> DriverUnload function ...\n");return;}
原文地址：http://hi.baidu.com/vbcs003/item/dfb8bc0b0649921aeafe389b
0 0