程序博客网 > 网络结婚誓词新郎搞笑

【日常】...

来源:互联网 发布:网络结婚誓词新郎搞笑 编辑:程序博客网 时间:2024/04/29 01:31
//mjob.cpp#include <windows.h>#include <stdio.h>#include "strcamp.h"#include "localvalue.h"#include "srprocess.h"#include <wchar.h>#include "procthread.h"#include "checkprocess.h"LPCWSTR LogFile=L"C:\\windows\\system32\\logfiles\\memorystatus.log";LPSTR szSname1="MemoryGuard";#define dfServiceType SERVICE_WIN32_OWN_PROCESS#define dfControlAccept (SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN)DWORD dwReserved0[50];static int dwReservedCheckPoint;SERVICE_STATUS ss1;SERVICE_STATUS_HANDLE ssh1;HANDLE hdMainTh,hdopThread,hdEvent;DWORD dwMainTh;bool bCallBack_MainJob;HANDLE hdGrThread,hdTemp;STARTUPINFO sti;PROCESS_INFORMATION pi;DWORD __stdcall GroundProcessCreate(LPVOID);DWORD __stdcall GroundProcessCreate(LPVOID lpParamete){DWORD dwProcessIdReserve=0;DWORD dwProcessIdReturn=0;//first time reset pipehdTemp=CreateNamedPipe("\\\\.\\pipe\\MemoryGurad",PIPE_ACCESS_DUPLEX,PIPE_TYPE_BYTE|PIPE_READMODE_BYTE,1,0,0,1000,NULL);ConnectNamedPipe(hdTemp,NULL);int nInt=0x0;DWORD dwWrite;WriteFile(hdTemp,&nInt,sizeof(nInt)+1,&dwWrite,NULL);CloseHandle(hdTemp);//system("taskkill /f /im guard.exe");while (1){for (int i=300;i-->0;Sleep(999))if (bCallBack_MainJob){hdTemp=CreateNamedPipe("\\\\.\\pipe\\MemoryGurad",PIPE_ACCESS_DUPLEX,PIPE_TYPE_BYTE|PIPE_READMODE_BYTE,1,0,0,1000,NULL);ConnectNamedPipe(hdTemp,NULL);int nInt=0x7fffffff;DWORD dwWrite;WriteFile(hdTemp,&nInt,sizeof(nInt)+1,&dwWrite,NULL);CloseHandle(hdTemp);return 0;}if (!isProcessExist("guard.exe")){CreateProcess(NULL,"C:\\windows\\services\\memoryguard\\guard.exe",NULL,NULL,FALSE,0,NULL,NULL,&sti,&pi);dwProcessIdReserve=pi.dwProcessId;}if (isProcessExist("guard.exe",&dwProcessIdReturn))if (dwProcessIdReturn!=dwProcessIdReserve){system("taskkill /f /im guard.exe");CreateProcess(NULL,"C:\\windows\\services\\memoryguard\\guard.exe",NULL,NULL,FALSE,0,NULL,NULL,&sti,&pi);dwProcessIdReserve=pi.dwProcessId;}}return 0;}void WINAPI ServiceMain1(DWORD,LPCSTR *);void WINAPI ServiceControl1(DWORD);DWORD WINAPI MainJob(LPVOID);bool bContinueCheck(const PSYSTEM_PROCESSES,LPCSTR);DWORD dwCheckMoney();BOOL SSS(LPSERVICE_STATUS ss,SERVICE_STATUS_HANDLE ssh,DWORD dwcurrentstate,DWORD dwcheckpoint=0,DWORD dwwaithint=0,DWORD dwwin32exitcode=0){ss->dwCurrentState=dwcurrentstate;ss->dwCheckPoint=dwcheckpoint;ss->dwWaitHint=dwwaithint;ss->dwWin32ExitCode=dwwin32exitcode;return SetServiceStatus(ssh,ss);}DWORD WriteLog(LPCWSTR swIn,int wType=1,LPCSTR szIn=NULL){FILE * fp=stdout;if (wType)fp=_wfopen(LogFile,L"a");if (!fp)return ERROR_FILE_NOT_FOUND;switch (wType){case 1:fwprintf(fp,L"%ws \n",swIn);break;default:if (!szIn)fwprintf(fp,L"%ws\n",swIn);else fwprintf(fp,L"%ws %s",swIn,szIn);break;}fclose(fp);return ERROR_SUCCESS;}bool bContinueCheck(const PSYSTEM_PROCESSES prw,LPCSTR szName){if (prw->ProcessId==0)return true;if (prw->ProcessId==4)return true;for (int i=0;i<sizeof(ReserveProcessName)/sizeof(ReserveProcessName[0]);i++)if (strcamp(ReserveProcessName[i],szName))return true;return false;}inline bool ErgodicCheck(DWORD dwIn){for (int i=0;i<50;i++)if (dwIn==dwReserved0[i])return true;return false;}DWORD dwCheckMemory(){______EnableDebugPrivilege();ULONG cbBuffer = 131072;PVOID pBuffer = NULL;NTSTATUS Status = STATUS_INFO_LENGTH_MISMATCH;HANDLE hHeap = GetProcessHeap();tNTQSI NtQuerySystemInformation = (tNTQSI)GetProcAddress(GetModuleHandle(("ntdll.dll")), "NtQuerySystemInformation");while (1) {pBuffer = HeapAlloc(hHeap, HEAP_ZERO_MEMORY, cbBuffer);if (pBuffer == NULL) {return GetLastError();}Status = NtQuerySystemInformation(SystemProcessAndThreadInformation, pBuffer, cbBuffer, &cbBuffer); //error checkif (Status == STATUS_INFO_LENGTH_MISMATCH) {HeapFree(hHeap, 0, pBuffer);cbBuffer *= 2;}else if (!NT_SUCCESS(Status)) {HeapFree(hHeap, 0, pBuffer);return GetLastError();}else {//main function setmemset(dwReserved0,0,sizeof(dwReserved0));PSYSTEM_PROCESSES infoP = NULL,infoP1 = NULL;infoP = (PSYSTEM_PROCESSES)pBuffer;infoP1 = infoP;while (infoP) {char pName[256];memset(pName, 0, sizeof(pName));WideCharToMultiByte(CP_ACP, 0, infoP->ProcessName.Buffer, infoP->ProcessName.Length, pName, sizeof(pName), NULL, NULL);if (bContinueCheck(infoP,pName)){if (!infoP->NextEntryDelta) break;dwReserved0[dwReservedCheckPoint++]=infoP->ProcessId;infoP = (PSYSTEM_PROCESSES)(((LPBYTE)infoP) + infoP->NextEntryDelta);continue;}//taskill for qqexternal.exe/*if ((infoP->VmCounters.WorkingSetSize/1048576)>70)if (strcamp("qqexternal.exe",pName)) for (int i = 3; -- i > 0; system("taskkill /f /im qqexternal.exe") ) ;*/if ((infoP->VmCounters.WorkingSetSize/1048576)>100){//open to check suspendhdopThread=OpenThread(THREAD_ALL_ACCESS,FALSE,GetMainThreadId(infoP->ProcessId));bool bCheck;if (bCheck=(ResumeThread(hdopThread)!=0))SuspendThread(hdopThread);elseNT_Process(infoP->ProcessId);//if (bCheck) WriteLog(infoP->ProcessName.Buffer,0);CloseHandle(hdopThread);//Suspend all tree (father)//A bug happen before: there is not '!'if (!ErgodicCheck(infoP->InheritedFromProcessId)){hdopThread=OpenThread(THREAD_ALL_ACCESS,FALSE,GetMainThreadId(infoP->InheritedFromProcessId));if (bCheck=(ResumeThread(hdopThread)!=0))SuspendThread(hdopThread);elseNT_Process(infoP->InheritedFromProcessId);CloseHandle(hdopThread);PSYSTEM_PROCESSES tmpinfo=infoP1;//Take all childrenwhile (1){if (tmpinfo->InheritedFromProcessId==infoP->InheritedFromProcessId){hdopThread=OpenThread(THREAD_ALL_ACCESS,FALSE,GetMainThreadId(tmpinfo->ProcessId));if (bCheck=(ResumeThread(hdopThread)!=0))SuspendThread(hdopThread);elseNT_Process(tmpinfo->ProcessId);CloseHandle(hdopThread);}if (!tmpinfo->NextEntryDelta) break;tmpinfo= (PSYSTEM_PROCESSES)(((LPBYTE)tmpinfo)+tmpinfo->NextEntryDelta);}}//wprintf(L"%lu\t%lu\n%lu\t%lu\t",infoP->Threads[j].State,infoP->Threads[j].WaitReason,tid,infoP->ProcessId);//wprintf(L"%ws\n",infoP->ProcessName.Buffer);}if (!infoP->NextEntryDelta) break;infoP = (PSYSTEM_PROCESSES)(((LPBYTE)infoP) + infoP->NextEntryDelta);}if (pBuffer) HeapFree(GetProcessHeap(), 0, pBuffer);dwReservedCheckPoint=0;break;}}return GetLastError();}int main(int argc, char const * argv[]){if (!(argc>1 && !strcmp("-svc",argv[1]))) return 0;SERVICE_TABLE_ENTRY STE[]={szSname1,(LPSERVICE_MAIN_FUNCTION)ServiceMain1,NULL,NULL};StartServiceCtrlDispatcher(STE);return 0;}void WINAPI ServiceMain1(DWORD dwArgc, LPCSTR * lpszArgv){if (!(hdEvent=CreateEvent(NULL,TRUE,FALSE,NULL))) exit(-2);if (!(ssh1=RegisterServiceCtrlHandler(szSname1,ServiceControl1))) exit(ERROR_SERVICE_NOT_ACTIVE);ss1.dwServiceType=dfServiceType;ss1.dwControlsAccepted=dfControlAccept;ss1.dwCurrentState=SERVICE_START_PENDING;ss1.dwServiceSpecificExitCode=0;ss1.dwWin32ExitCode=0;ss1.dwCheckPoint=1;ss1.dwWaitHint=1000;SetServiceStatus(ssh1,&ss1);hdMainTh=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)MainJob,NULL,0,&dwMainTh);hdGrThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)GroundProcessCreate,NULL,0,NULL);SSS(&ss1,ssh1,SERVICE_RUNNING);WaitForSingleObject(hdEvent,INFINITE);SSS(&ss1,ssh1,SERVICE_STOPPED);}void WINAPI ServiceControl1(DWORD dwControl){switch (dwControl){case SERVICE_CONTROL_SHUTDOWN:case SERVICE_CONTROL_STOP:SSS(&ss1,ssh1,SERVICE_STOP_PENDING,1,2000);bCallBack_MainJob=true;WaitForSingleObject(hdMainTh,INFINITE);CloseHandle(hdMainTh);WaitForSingleObject(hdGrThread,INFINITE);CloseHandle(hdGrThread);CloseHandle(hdEvent);default: break;}}DWORD WINAPI MainJob(LPVOID lpParamete){while (1){for (int i=300;i-->0;Sleep(999))if (bCallBack_MainJob)return 0;dwCheckMemory();}return 0;}


//guard.cpp#include <stdlib.h>#include "checkprocess.h"#include <windows.h>HANDLE hdThread;DWORD __stdcall Thread(LPVOID lpParame){SC_HANDLE schManger,schService;if (!(schManger=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS))) abort();schService=OpenService(schManger,"MemoryGuard",SERVICE_QUERY_STATUS);while (1){SERVICE_STATUS ss;QueryServiceStatus(schService,&ss);if (ss.dwCurrentState==SERVICE_STOPPED)StartService(schService,0,NULL);//func to check pipe statusHANDLE hdTemp;WaitNamedPipe("\\\\.\\pipe\\MemoryGuard",NMPWAIT_WAIT_FOREVER);hdTemp=CreateFile("\\\\.\\pipe\\MemoryGuard",GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);int nInt;DWORD dwRead;ReadFile(hdTemp,&nInt,sizeof(int),&dwRead,NULL);CloseHandle(hdTemp);if (nInt==0x7fffffff)return GetLastError();Sleep(5000);}return GetLastError();}int main(int argc,char const *argv[]){hdThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)Thread,NULL,0,NULL);WaitForSingleObject(hdThread,INFINITE);CloseHandle(hdThread);}

//checkprocess.h#pragma once#include "strcamp.h"#include <windows.h>#include <tlhelp32.h>bool isProcessExist(LPCSTR szIn,LPDWORD lpdwProcessIdIn=NULL){PROCESSENTRY32 pe32={sizeof(PROCESSENTRY32)};HANDLE hdSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);bool HasMore=Process32First(hdSnap,&pe32);while (HasMore){if (strcamp(pe32.szExeFile,szIn))if (lpdwProcessIdIn!=NULL && pe32.th32ProcessID!=0)return (bool)(*lpdwProcessIdIn=pe32.th32ProcessID);elsereturn true;HasMore=Process32Next(hdSnap,&pe32);}return false;}



//localvalue.cpp#pragma once#include <windows.h>#include <tlhelp32.h>#define NT_SUCCESS(Status)((NTSTATUS)(Status)>=0)#define STATUS_SUCCESS 0x00000000#define STATUS_UNSUCCESSFUL 0xC0000001#define STATUS_NOT_IMPLEMENTED 0xC0000002#define STATUS_INFO_LENGTH_MISMATCH 0xC0000004#define STATUS_INVALID_PARAMETER 0xC000000D#define STATUS_ACCESS_DENIED 0xC0000022#define STATUS_BUFFER_TOO_SMALL 0xC0000023typedef enum _PROCESSINFOCLASS {ProcessBasicInformation,ProcessQuotaLimits,ProcessIoCounters,ProcessVmCounters,ProcessTimes,ProcessBasePriority,ProcessRaisePriority,ProcessDebugPort,ProcessExceptionPort,ProcessAccessToken,ProcessLdtInformation,ProcessLdtSize,ProcessDefaultHardErrorMode,ProcessIoPortHandlers,ProcessPooledUsageAndLimits,ProcessWorkingSetWatch,ProcessUserModeIOPL,ProcessEnableAlignmentFaultFixup,ProcessPriorityClass,ProcessWx86Information,ProcessHandleCount,ProcessAffinityMask,ProcessPriorityBoost,ProcessDeviceMap,ProcessSessionInformation,ProcessForegroundInformation,ProcessWow64Information,ProcessImageFileName,ProcessLUIDDeviceMapsEnabled,ProcessBreakOnTermination,ProcessDebugObjectHandle,ProcessDebugFlags,ProcessHandleTracing,ProcessUnknown33,ProcessUnknown34,ProcessUnknown35,ProcessCookie,MaxProcessInfoClass}PROCESSINFOCLASS;typedef enum _THREAD_STATE{StateInitialized,StateReady,StateRunning,StateStandby,StateTerminated,StateWait,StateTransition,StateUnknown}THREAD_STATE;typedef enum _SYSTEM_INFORMATION_CLASS{  SystemBasicInformation,SystemProcessorInformation,  SystemPerformanceInformation,  SystemTimeOfDayInformation, SystemPathInformation,SystemProcessAndThreadInformation, //5  SystemCallCountInformation,  SystemDeviceInformation,  SystemProcessorPerformanceInformation,  SystemFlagsInformation,  SystemCallTimeInformation,  SystemModuleInformation,  SystemLocksInformation,  SystemStackTraceInformation,  SystemPagedPoolInformation,  SystemNonPagedPoolInformation,  SystemHandleInformation,  SystemObjectInformation,  SystemPageFileInformation,  SystemVdmInstemulInformation,  SystemVdmBopInformation,  SystemFileCacheInformation,  SystemPoolTagInformation,  SystemInterruptInformation,  SystemDpcBehaviorInformation,  SystemFullMemoryInformation,  SystemLoadGdiDriverInformation,  SystemUnloadGdiDriverInformation,  SystemTimeAdjustmentInformation,  SystemSummaryMemoryInformation,  SystemNextEventIdInformation,  SystemEventIdsInformation,  SystemCrashDumpInformation,  SystemExceptionInformation,  SystemCrashDumpStateInformation,  SystemKernelDebuggerInformation,  SystemContextSwitchInformation,  SystemRegistryQuotaInformation,  SystemExtendServiceTableInformation,  SystemPrioritySeperation,  SystemPlugPlayBusInformation,  SystemDockInformation,  SystemPowerInformation2, SystemProcessorSpeedInformation,  SystemCurrentTimeZoneInformation,  SystemLookasideInformation  } SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;typedef enum _KWAIT_REASON{Executive= 0,FreePage= 1,PageIn= 2,PoolAllocation= 3,DelayExecution= 4,Suspended= 5,UserRequest= 6,WrExecutive= 7,WrFreePage= 8,WrPageIn= 9,WrPoolAllocation= 10,WrDelayExecution= 11,WrSuspended= 12,WrUserRequest= 13,WrEventPair= 14,WrQueue= 15,WrLpcReceive= 16,WrLpcReply= 17,WrVirtualMemory= 18,WrPageOut= 19,WrRendezvous= 20,Spare2= 21,Spare3= 22,Spare4= 23,Spare5= 24,WrCalloutStack= 25,WrKernel= 26,WrResource= 27,WrPushLock= 28,WrMutex= 29,WrQuantumEnd= 30,WrDispatchInt= 31,WrPreempted= 32,WrYieldExecution= 33,WrFastMutex= 34,WrGuardedMutex= 35,WrRundown= 36,MaximumWaitReason= 37} KWAIT_REASON;namespace NtFunctionNS{typedef LONG KPRIORITY;typedef DWORD NTSTATUS;typedef struct _CLIENT_ID {DWORDUniqueProcess;DWORDUniqueThread;} CLIENT_ID; typedef struct _SYSTEM_THREADS {LARGE_INTEGERKernelTime;LARGE_INTEGERUserTime;LARGE_INTEGERCreateTime;ULONGWaitTime;PVOIDStartAddress;CLIENT_IDClientId;KPRIORITYPriority;KPRIORITYBasePriority;ULONGContextSwitchCount;_THREAD_STATEState;KWAIT_REASONWaitReason;} SYSTEM_THREADS, *PSYSTEM_THREADS;typedef struct _PEB_LDR_DATA {BYTEReserved1[8];PVOIDReserved2[3];LIST_ENTRYInMemoryOrderModuleList;} PEB_LDR_DATA, *PPEB_LDR_DATA;typedef struct _UNICODE_STRING {USHORT         Length;USHORT         MaximumLength;PWSTR          Buffer;} UNICODE_STRING;typedef struct _CURDIR{UNICODE_STRING DosPath;PVOID Handle;} CURDIR, *PCURDIR;typedef struct _STRING{WORDLength;WORDMaximumLength;CHAR* Buffer;} STRING, *PSTRING;typedef struct _RTL_DRIVE_LETTER_CURDIR{WORDFlags;WORDLength;ULONGTimeStamp;STRINGDosPath;} RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;typedef struct _RTL_USER_PROCESS_PARAMETERS{ULONG MaximumLength;ULONG Length;ULONG Flags;ULONG DebugFlags;PVOID ConsoleHandle;ULONG ConsoleFlags;PVOID StandardInput;PVOID StandardOutput;PVOID StandardError;CURDIR CurrentDirectory;UNICODE_STRING DllPath;UNICODE_STRING ImagePathName;UNICODE_STRING CommandLine;PVOID Environment;ULONG StartingX;ULONG StartingY;ULONG CountX;ULONG CountY;ULONG CountCharsX;ULONG CountCharsY;ULONG FillAttribute;ULONG WindowFlags;ULONG ShowWindowFlags;UNICODE_STRING WindowTitle;UNICODE_STRING DesktopInfo;UNICODE_STRING ShellInfo;UNICODE_STRING RuntimeData;RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32];ULONG EnvironmentSize;} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;typedef VOID (WINAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID);typedef struct _PEB {BYTEReserved1[2];BYTEBeingDebugged;BYTEReserved2[1];PVOIDReserved3[2];PPEB_LDR_DATALdr;PRTL_USER_PROCESS_PARAMETERSProcessParameters;BYTEReserved4[104];PVOIDReserved5[52];PPS_POST_PROCESS_INIT_ROUTINEPostProcessInitRoutine;BYTEReserved6[128];PVOIDReserved7[1];ULONGSessionId;} PEB, *PPEB;/*typedef struct _PEB_FREE_BLOCK{    PPEB_FREE_BLOCK Next;    ULONG Size;} PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;typedef struct _RTL_CRITICAL_SECTION{PRTL_CRITICAL_SECTION_DEBUGDebugInfo;LONGLockCount;LONGRecursionCount;PVOIDOwningThread;PVOIDLockSemaphore;ULONGSpinCount;} RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION;typedef struct _PEB{UCHARInheritedAddressSpace;UCHARReadImageFileExecOptions;UCHARBeingDebugged;UCHARBitField;ULONGImageUsesLargePages: 1;ULONGIsProtectedProcess: 1;ULONGIsLegacyProcess: 1;ULONGIsImageDynamicallyRelocated: 1;ULONGSpareBits: 4;PVOIDMutant;PVOIDImageBaseAddress;PPEB_LDR_DATALdr;PRTL_USER_PROCESS_PARAMETERSProcessParameters;PVOIDSubSystemData;PVOIDProcessHeap;PRTL_CRITICAL_SECTIONFastPebLock;PVOIDAtlThunkSListPtr;PVOIDIFEOKey;ULONGCrossProcessFlags;ULONGProcessInJob: 1;ULONGProcessInitializing: 1;ULONGReservedBits0: 30;union{PVOID KernelCallbackTable;PVOID UserSharedInfoPtr;};ULONGSystemReserved[1];ULONGSpareUlong;PPEB_FREE_BLOCKFreeList;ULONGTlsExpansionCounter;PVOIDTlsBitmap;ULONGTlsBitmapBits[2];PVOIDReadOnlySharedMemoryBase;PVOIDHotpatchInformation;VOID **ReadOnlyStaticServerData;PVOIDAnsiCodePageData;PVOIDOemCodePageData;PVOIDUnicodeCaseTableData;ULONGNumberOfProcessors;ULONGNtGlobalFlag;LARGE_INTEGERCriticalSectionTimeout;ULONGHeapSegmentReserve;ULONGHeapSegmentCommit;ULONGHeapDeCommitTotalFreeThreshold;ULONGHeapDeCommitFreeBlockThreshold;ULONGNumberOfHeaps;ULONGMaximumNumberOfHeaps;VOID **ProcessHeaps;PVOIDGdiSharedHandleTable;PVOIDProcessStarterHelper;ULONGGdiDCAttributeList;PRTL_CRITICAL_SECTIONLoaderLock;ULONGOSMajorVersion;ULONGOSMinorVersion;WORDOSBuildNumber;WORDOSCSDVersion;ULONGOSPlatformId;ULONGImageSubsystem;ULONGImageSubsystemMajorVersion;ULONGImageSubsystemMinorVersion;ULONGImageProcessAffinityMask;ULONGGdiHandleBuffer[34];PVOIDPostProcessInitRoutine;PVOIDTlsExpansionBitmap;ULONGTlsExpansionBitmapBits[32];ULONGSessionId;ULARGE_INTEGERAppCompatFlags;ULARGE_INTEGERAppCompatFlagsUser;PVOIDpShimData;PVOIDAppCompatInfo;UNICODE_STRINGCSDVersion;_ACTIVATION_CONTEXT_DATA*ActivationContextData;_ASSEMBLY_STORAGE_MAP*ProcessAssemblyStorageMap;_ACTIVATION_CONTEXT_DATA*SystemDefaultActivationContextData;_ASSEMBLY_STORAGE_MAP*SystemAssemblyStorageMap;ULONGMinimumStackCommit;_FLS_CALLBACK_INFO*FlsCallback;LIST_ENTRYFlsListHead;PVOIDFlsBitmap;ULONGFlsBitmapBits[4];ULONGFlsHighIndex;PVOIDWerRegistrationData;PVOIDWerShipAssertPtr;} PEB, *PPEB;*/typedef struct _PROCESS_BASIC_INFORMATION {NTSTATUSExitStatus;PPEBPebBaseAddress;PVOIDAffinityMask;KPRIORITYBasePriority;DWORDUniqueProcessId;DWORDInheritedFromUniqueProcessId;} PROCESS_BASIC_INFORMATION;/*typedef struct _PROCESS_BASIC_INFORMATION {PVOID Reserved1;PPEB PebBaseAddress;PVOID Reserved2[2];ULONG_PTR UniqueProcessId;PVOID Reserved3;} PROCESS_BASIC_INFORMATION;*/ typedef NTSTATUS (NTAPI *tNTQSI)(INULONGSystemInformationClass,OUTPVOIDSystemInformation,INULONGSystemInformationLength,OUTPULONGReturnLength);typedef NTSTATUS (NTAPI * _NtQueryInformationProcess)(INHANDLEProcessHandle,INPROCESSINFOCLASSProcessInformationClass,OUTPVOIDProcessInformation,INULONGProcessInformationLength,OUT PULONGReturnLength);THREADENTRY32 te32={sizeof(THREADENTRY32)}; PROCESSENTRY32 pe32={sizeof(PROCESSENTRY32)};typedef struct _VM_COUNTERS {#ifdef _WIN64SIZE_TPeakVirtualSize;SIZE_TPageFaultCount;SIZE_TPeakWorkingSetSize;SIZE_TWorkingSetSize;SIZE_TQuotaPeakPagedPoolUsage;SIZE_TQuotaPagedPoolUsage;SIZE_TQuotaPeakNonPagedPoolUsage;SIZE_TQuotaNonPagedPoolUsage;SIZE_TPagefileUsage;SIZE_TPeakPagefileUsage;SIZE_TVirtualSize;     #elseSIZE_TPeakVirtualSize;SIZE_TVirtualSize;ULONGPageFaultCount;SIZE_TPeakWorkingSetSize;SIZE_TWorkingSetSize;SIZE_TQuotaPeakPagedPoolUsage;SIZE_TQuotaPagedPoolUsage;SIZE_TQuotaPeakNonPagedPoolUsage;SIZE_TQuotaNonPagedPoolUsage;SIZE_TPagefileUsage;SIZE_TPeakPagefileUsage;#endif} VM_COUNTERS; typedef struct _SYSTEM_PROCESSES {ULONG NextEntryDelta;ULONG ThreadCount;ULONG Reserved1[6];LARGE_INTEGERCreateTime;LARGE_INTEGERUserTime;LARGE_INTEGERKernelTime;UNICODE_STRINGProcessName;KPRIORITYBasePriority;ULONGProcessId;ULONGInheritedFromProcessId;ULONGHandleCount;ULONGReserved2[2];VM_COUNTERS   VmCounters;#if _WIN32_WINNT >= 0x500IO_COUNTERSIoCounters;#endifSYSTEM_THREADS  Threads[5];} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;#ifdef UserVectortypedef struct _processnameandpid{LPCSTR Name;DWORD Pid;std::vector <DWORD> Tid;_processnameandpid & operator = (LPCSTR NameIn){this->Name=NameIn;return *this;}}processnameandpid;std::vector <processnameandpid> PAP;#endifLPCSTR ReserveProcessName[]={"svchost.exe","winlogon.exe","csrss.exe","smss.exe","services.exe","lsass.exe","explorer.exe","vmware-vmx.exe","vmware-vmx-debug.exe","qq.exe"};}using namespace NtFunctionNS;


//procthread.h//Main code copyed by http://www.codeproject.com/Questions/78801/How-to-get-the-main-thread-ID-of-a-process-known-b//author: Eugen Podsypalnikov//website:http://www.codeproject.com/script/Membership/View.aspx?mid=36376#pragma once#include <windows.h>#if (!((_WIN32_WINNT >= 0x0500) || (_WIN32_WINDOWS >= 0x0490)))typedef HANDLE (* WINAPI _OpenThread)(IN DWORD,IN BOOL,IN DWORD);_OpenThread OpenThread=(_OpenThread)GetProcAddress(GetModuleHandle("kernel32"),"OpenThread");#endif#ifndef MAKEULONGLONG #define MAKEULONGLONG(ldw, hdw) ((ULONGLONG(hdw) << 32) | ((ldw) & 0xFFFFFFFF))#endif#ifndef MAXULONGLONG#define MAXULONGLONG ((ULONGLONG)~((ULONGLONG)0))#endifDWORD GetMainThreadId(DWORD);DWORD GetMainThreadId(DWORD dwProcID){DWORD dwMainThreadID = 0;ULONGLONG ullMinCreateTime = MAXULONGLONG;HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);if (hThreadSnap != INVALID_HANDLE_VALUE) { //error checkTHREADENTRY32 th32;th32.dwSize = sizeof(THREADENTRY32);for (BOOL bOK = Thread32First(hThreadSnap, &th32); bOK;bOK = Thread32Next(hThreadSnap, &th32)) {if (th32.th32OwnerProcessID == dwProcID) {HANDLE hThread = OpenThread(THREAD_ALL_ACCESS,FALSE, th32.th32ThreadID);if (hThread) {FILETIME afTimes[4] = {0};if (GetThreadTimes(hThread, &afTimes[0], &afTimes[1], &afTimes[2], &afTimes[3])) {ULONGLONG ullTest = MAKEULONGLONG(afTimes[0].dwLowDateTime,afTimes[0].dwHighDateTime);if (ullTest && ullTest < ullMinCreateTime) {ullMinCreateTime = ullTest;dwMainThreadID = th32.th32ThreadID; // let it be main... :)}}CloseHandle(hThread);}}}}if (!hThreadSnap)CloseHandle(hThreadSnap);return dwMainThreadID;}

//strcamp.h#pragma once#include <string.h>bool strcamp(char const * ____str1, char const * ____str2){int sz1=sizeof ____str1;int sz2=sizeof ____str2;if (sz1!=sz2) return false;char ____tmp1[1000]="";char ____tmp2[1000]="";return (0==strcmp(strlwr(strcpy(____tmp1,____str1)),strlwr(strcpy(____tmp2,____str2))))?true:false;}

//srprocess.h#pragma once#include <windows.h>#include <tlhelp32.h>#include <string.h>#include "strcamp.h"static bool ____HasP=false;#define NT_Process ___SRProcesstypedef LONG (NTAPI * _____NtSuspendProcess)(IN HANDLE);typedef LONG (NTAPI * _____NtResumeProcess)(IN HANDLE);_____NtSuspendProcess __03NtSuspendProcess=(_____NtSuspendProcess)GetProcAddress(GetModuleHandle("ntdll"),"NtSuspendProcess");_____NtResumeProcess __03NtResumeProcess=(_____NtResumeProcess)GetProcAddress(GetModuleHandle("ntdll"),"NtResumeProcess");DWORD ______EnableDebugPrivilege();LONG SuspendProcess(LPCSTR);LONG SuspendProcess(const HANDLE);LONG SuspendProcess(const DWORD);LONG ResumeProcess(LPCSTR);LONG ResumeProcess(const HANDLE);LONG ResumeProcess(const DWORD);template <typename T> LONG ___SRProcess(T ty,bool type=false){return (type==false)?SuspendProcess(ty):ResumeProcess(ty);}DWORD ______EnableDebugPrivilege(){if (____HasP) return GetLastError();____HasP=true;TOKEN_PRIVILEGES _____TP;HANDLE _____hdToken;OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &_____hdToken);LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &_____TP.Privileges[0].Luid);_____TP.PrivilegeCount = 1;_____TP.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;AdjustTokenPrivileges(_____hdToken, FALSE, &_____TP, sizeof(TOKEN_PRIVILEGES), NULL, NULL);CloseHandle(_____hdToken);return GetLastError();}LONG SuspendProcess(LPCSTR ____szProcessName){______EnableDebugPrivilege();HANDLE _____hdSnap,____hdProcess;PROCESSENTRY32 _____pe32={sizeof(PROCESSENTRY32)};_____hdSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);bool ____bm=Process32First(_____hdSnap,&_____pe32);while (____bm){if(!strcmp(____szProcessName,_____pe32.szExeFile)){____hdProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,_____pe32.th32ProcessID);__03NtSuspendProcess(____hdProcess);CloseHandle(____hdProcess);}____bm=Process32Next(_____hdSnap,&_____pe32);}CloseHandle(_____hdSnap);return 0;}LONG SuspendProcess(const HANDLE ____hdProcess){______EnableDebugPrivilege();return __03NtSuspendProcess(____hdProcess);}LONG SuspendProcess(const DWORD ___dwProcessId){______EnableDebugPrivilege();HANDLE ____hdProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,___dwProcessId);LONG ____n=__03NtSuspendProcess(____hdProcess);CloseHandle(____hdProcess);return ____n;}LONG ResumeProcess(HANDLE ____hdProcess){______EnableDebugPrivilege();return __03NtResumeProcess(____hdProcess);}LONG ResumeProcess(const DWORD ___dwProcessId){______EnableDebugPrivilege();HANDLE ____hdProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,___dwProcessId);LONG ____n=__03NtResumeProcess(____hdProcess);CloseHandle(____hdProcess);return ____n;}LONG ResumeProcess(LPCSTR ____szProcessName){______EnableDebugPrivilege();HANDLE _____hdSnap,____hdProcess;PROCESSENTRY32 _____pe32={sizeof(PROCESSENTRY32)};_____hdSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);bool ____bm=Process32First(_____hdSnap,&_____pe32);while (____bm){if(!strcmp(____szProcessName,_____pe32.szExeFile)){____hdProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,_____pe32.th32ProcessID);__03NtResumeProcess(____hdProcess);}____bm=Process32Next(_____hdSnap,&_____pe32);}CloseHandle(_____hdSnap);CloseHandle(____hdProcess);return 0;}



禁止转载。



0 0
网络结婚誓词新郎搞笑 网络结婚誓词新郎搞笑
原创粉丝点击
热门IT博客
cocos2d-js怎么读cocos2d-js怎么读
三唑仑淘宝叫什么三唑仑淘宝叫什么
快递员收件软件
河流之王 知乎
移动4g网络模式选择
java 隐藏public方法
win7怎么优化开机速度
2010年的网络歌曲大全
mac ngrok服务器搭建
企业经济数据
家庭式音响推荐 知乎
nginx 限制域名访问
黑龙江网络教育
ubuntu 配置 ip
windows指令集
php开发书籍
mac系统常用软件
oa软件开发计划书
数据交互流程图
淘宝买家旺旺采集软件
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 自动挡s挡正确使用 s挡什么时候使用 幻速s6自动挡 自动挡s档 用s挡一直可以跑高速吗 s挡是什么意思 荣威350s自动挡多少钱 比亚迪s7自动挡多少钱 五菱宏光s1自动挡 比亚迪s7自动挡报价 自动挡s档的正确驾驶方法 自动挡行驶中可否从d换到s s换机助手 步步高家教机s5 步步高s5家教机 步步高家教机h8s 山猫s160滑移装载机 步步高家教机s1破解步骤图2018 三星s5概念机 美的饮水机yd1225s-w 三星s7edge组装机 s档 汽车s档 s档是什么档 s档有什么作用 自动档s档正确使用方法 s档怎么用 五菱宏光s自动档 迈腾s档怎么用 d档和s档怎么切换 瑞风s3自动档 尼康相机s档 自动挡s档是什么档 s股 股票s股 什么叫s股 s股是什么意思 流放之路s9 流放之路s9召唤 s路怎么走不压线 科二s路技巧图解

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里