标题:[原创]枚举系统进程代码
只看楼主
cince
Rank: 1
等 级:新手上路
威 望:1
帖 子:108
专家分:0
注 册:2007-1-21
 问题点数:0 回复次数:4 
[原创]枚举系统进程代码
*/ --------------------------------------------------------------------------------------
*/ 出自: 编程中国 http://www.bc-cn.net
*/ 作者: cince
*/ 时间: 2007-9-18 编程论坛首发
*/ 声明: 尊重作者劳动,转载请保留本段文字
*/ --------------------------------------------------------------------------------------



//COM: Microsoft Studio .

Head file:
======================
symbols.h
#define IDM_EXIT 100
#define IDM_KILL 101
======================
RESOURCE.h
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 102
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1001
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
====================================
NTENUM.h
#ifndef NTENUM_H_INCLUDED
#define NTENUM_H_INCLUDED
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <vdmdbg.h>
#include <psapi.h>
#include <string.h>
#include \"enum.h\"
//Windows NT Functions
typedef BOOL (WINAPI *ENUMPROCESSES)(
DWORD * lpidProcess, // array to receive the process identifiers
DWORD cb, // size of the array
DWORD * cbNeeded // receives the number of bytes returned
);
typedef BOOL (WINAPI *ENUMPROCESSMODULES)(
HANDLE hProcess, // handle to the process
HMODULE * lphModule, // array to receive the module handles
DWORD cb, // size of the array
LPDWORD lpcbNeeded // receives the number of bytes returned
);
typedef DWORD (WINAPI *GETMODULEFILENAME)(
HANDLE hProcess, // handle to the process
HMODULE hModule, // handle to the module
LPTSTR lpstrFileName, // array to receive filename
DWORD nSize // size of filename array.
);
typedef DWORD (WINAPI *GETMODULEBASENAME)(
HANDLE hProcess, // handle to the process
HMODULE hModule, // handle to the module
LPTSTR lpstrFileName, // array to receive base name of module
DWORD nSize // size of module name array.
);
typedef INT (WINAPI *VDMENUMTASKWOWEX)(
DWORD dwProcessId, // ID of NTVDM process
TASKENUMPROCEX fp, // address of our callback function
LPARAM lparam); // anything we want to pass to the callback function.
class NT_process_enumerator : public process_enumerator {
enum { max_num = 1024 };
HANDLE psapi;
HANDLE vdmdbg;
ENUMPROCESSES EnumProcesses;
GETMODULEFILENAME GetModuleFileName;
ENUMPROCESSMODULES EnumProcessModules;
VDMENUMTASKWOWEX VDMEnumTaskWOWEx;
GETMODULEBASENAME GetModuleBaseName;
static BOOL WINAPI show_task(DWORD dwThreadId,
WORD hMod16,
WORD hTask16,
PSZ pszModName,
PSZ FileName,
LPARAM lpUserDefined);
void show_task(char const *FileName, DWORD ProcessID) {
process_enumerator::show_task(FileName, ProcessID);
}
public:
NT_process_enumerator(display &d);
virtual bool real_show();
};
#endif
======================================
MAINWND.h
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
HWND CreateMainWnd();
======================================
ERROR.h
#include \"display.h\"
class error {
public:
virtual void show(display &str) = 0;
};
class no_library : public error {
public:
virtual void show(display &str) {
str << \"Unable to load libraries\";
}
};
class no_proc : public error {
public:
virtual void show(display &str) {
str << \"Unable to get procedure addresses\";
}
};
===========================================
ENUM.h
#ifndef ENUM_H_INCLUDED
#define ENUM_H_INCLUDED
#include \"display.h\"
class process_enumerator {
void header() {
char string[256];
wsprintf(string, \" %-50s\t%10s\", \"Executable\", \"Process ID\");
disp.heading(string);
}
protected:
display &disp;

process_enumerator(display &d) : disp(d) {}
virtual bool real_show() = 0;

void show_task(char const *FileName, DWORD ProcessID) {
char string[256];
wsprintf(string, \"%-60s\t%#10x\", FileName, ProcessID);
disp << string;
}
public:
virtual void show() {
header();
real_show();
}
};
#endif
==========================================
DISPLAY.h
#ifndef DISPLAY_H_INCLUDED
#define DISPLAY_H_INCLUDED
#define WIN32_LEAN_AND_MEAN
#define WIN32_EXTRA_LEAN
#include <windows.h>
class display
{
public:
virtual void show(char const *string) = 0;
virtual void heading(char const *string) = 0;
void system_error(char const *name);
virtual void resize() {}
virtual ~display() {}
};

class text_display : public display {
HANDLE str;
public:
text_display(HANDLE stream = INVALID_HANDLE_VALUE);
virtual void show(char const *string);
virtual void heading(char const *string) {
show(string);
}
};

class window_display : public display {
HWND output;
HWND parent;
public:
static RECT rectDefault;
window_display(HWND p, RECT &rectangle = rectDefault);
virtual void show(char const *string);
virtual void heading(char const *string);
virtual void resize();
};
inline display &operator<<(display &d, char const *string) {
d.show(string);
return d;
}
#endif
===========================================
95ENUM.h
#ifndef WIN95_ENUM_H_INLCUDED
#define WIN95_ENUM_H_INLCUDED
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <tlhelp32.h> // Toolhelp 32
#include \"enum.h\"
// Win95 functions
typedef BOOL (WINAPI *PROCESSWALK)(
HANDLE hSnapshot,
LPPROCESSENTRY32 lppe
);

typedef HANDLE (WINAPI *CREATESNAPSHOT)(
DWORD dwFlags,
DWORD th32ProcessID
);
class Win95_enumerator : public process_enumerator
{
HANDLE kernel;
HANDLE snapshot;
PROCESSENTRY32 proc;
CREATESNAPSHOT CreateToolhelp32Snapshot;
PROCESSWALK Process32First;
PROCESSWALK Process32Next;
protected:
virtual bool real_show();
public:
Win95_enumerator(display &d);
};
#endif
=============================================

[此贴子已经被作者于2007-9-18 15:22:28编辑过]

搜索更多相关主题的帖子: Microsoft 进程 系统 枚举 代码 
2007-09-18 15:14
cince
Rank: 1
等 级:新手上路
威 望:1
帖 子:108
专家分:0
注 册:2007-1-21
得分:0 


//kill.c
#include <windows.h>
#include <stdio.h>
/* Kill.c: Kill a process given its Process ID on the command line
*/
int main(int argc, char **argv) {
HANDLE process;
DWORD PID;
if ( 2 != argc ) {
fprintf(stderr, \"\nUsage: kill <PID>\");
return 1;
}

PID = strtoul(argv[1], NULL, 0); // base 0 allows 0x prefix for hex input...
process = OpenProcess(PROCESS_TERMINATE, 0, PID);
TerminateProcess(process, (unsigned)-1);
return 0;
}
=================
#include \"95enum.h\"
Win95_enumerator::Win95_enumerator(display &d) :
process_enumerator(d),
kernel(GetModuleHandle(\"KERNEL32.DLL\"))
{
if ( NULL == kernel )
return;
CreateToolhelp32Snapshot =
(CREATESNAPSHOT)GetProcAddress((HINSTANCE)kernel,
\"CreateToolhelp32Snapshot\");
Process32First = (PROCESSWALK)GetProcAddress((HINSTANCE)kernel,
\"Process32First\");
Process32Next = (PROCESSWALK)GetProcAddress((HINSTANCE)kernel,
\"Process32Next\");
if (
NULL == CreateToolhelp32Snapshot ||
NULL == Process32First ||
NULL == Process32Next)
return;
proc.dwSize = sizeof(proc);
}
bool Win95_enumerator::real_show()
{
if (
NULL == CreateToolhelp32Snapshot ||
NULL == Process32First ||
NULL == Process32Next)
return false;
snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
/* Now that we have a snapshot of the system state, we simply
* walk the list it represents by calling Process32First once,
* then call Proces32Next repeatedly until we get to the end
* of the list.
*/
Process32First(snapshot, &proc);
show_task(proc.szExeFile, proc.th32ProcessID);
while (TRUE == Process32Next(snapshot, &proc))
show_task(proc.szExeFile, proc.th32ProcessID);
/* This should happen automatically when we terminate, but it never
* hurts to clean up after ourselves.
*/
CloseHandle(snapshot);
return true;
}
========================
#include \"display.h\"
extern char head_string[];
void display::system_error(char const *name)
{
// Retrieve, format, and print out a message from the
// last errror. The `name' that's passed should be in the form of a
// present tense noun (phrase) such as \"opening file\".
//
char *ptr = NULL;
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM,
0,
GetLastError(),
0,
(char *)&ptr,
1024,
NULL);
(*this) << \"Error \" << name << \": \" << ptr;
LocalFree(ptr);
}
void window_display::heading(char const *string) {
for ( int i=0; string[i]; i++)
head_string[i] = string[i];
RECT parent_rect;
GetClientRect(parent, &parent_rect);
InvalidateRect(parent, &parent_rect, true);
UpdateWindow(parent);
}

void window_display::show(char const *string)
{
SendMessage(output, LB_ADDSTRING, 0 , (long)string);
}
void window_display::resize() {
RECT rect;
GetClientRect(parent, &rect);
MoveWindow(output,
rect.left,
rect.top + 20,
rect.right,
rect.bottom - 20,
true);
}
window_display::window_display(HWND p, RECT &rect) :
parent(p)
{
if ( rect.left == CW_USEDEFAULT )
GetClientRect(parent, &rect);
output = CreateWindow(\"LISTBOX\",
\"Processes\",
WS_VSCROLL | WS_VISIBLE | WS_CHILD | LBS_USETABSTOPS |
LBS_NOINTEGRALHEIGHT,
rect.left,
rect.top + 20,
rect.right - rect.left,
rect.bottom - rect.top - 20,
parent,
NULL,
GetModuleHandle(NULL),
NULL);
int width = (rect.right - rect.left) / 4;
int tab_stop = width - 10;
SendMessage(output, LB_SETTABSTOPS, 1, (long)&tab_stop);
}
RECT window_display::rectDefault = {
CW_USEDEFAULT,
CW_USEDEFAULT,
CW_USEDEFAULT,
CW_USEDEFAULT
};

void text_display::show(char const *string)
{
char newline = '\n';
DWORD written;
WriteFile(str, string, strlen(string), &written, NULL);
WriteFile(str, &newline, 1, &written, NULL);
}
text_display::text_display(HANDLE stream) : str(stream)
{
if (INVALID_HANDLE_VALUE == str) {
str = GetStdHandle(STD_OUTPUT_HANDLE);
if ( str == INVALID_HANDLE_VALUE)
MessageBox(NULL, \"Unable to get standard output handle\",
\"Error\", MB_OK | MB_ICONERROR);
}
}
=================================


There Is Nothing Impossible In My Dictionary.
2007-09-18 15:15
cince
Rank: 1
等 级:新手上路
威 望:1
帖 子:108
专家分:0
注 册:2007-1-21
得分:0 


#include \"mainwnd.h\"
#include \"symbols.h\"
#include \"display.h\"
#include <string.h>
extern display *d;
char head_string[256];
static LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) {
PAINTSTRUCT ps;
HDC hdc;
static int tab;
switch (message) {
case WM_CREATE:
head_string[0] = '\0';
RECT rect;
GetClientRect(hWnd, &rect);
tab = rect.right - rect.left - 400;
return TRUE;
case WM_SIZE:
if ( d )
d->resize();
break;
case WM_SETFOCUS:
break;

case WM_PAINT: {
hdc = BeginPaint (hWnd, &ps);
TabbedTextOut(hdc,
0,
0,
head_string,
strlen(head_string),
1,
&tab,
0);
EndPaint (hWnd, &ps);
break;
}
case WM_DESTROY:
PostQuitMessage(0);
break;
case WM_COMMAND:
switch(wParam) {
case IDM_EXIT:
PostQuitMessage(0);
break;
default:
break;
}
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
return 0;
}

HWND CreateMainWnd()
{
WNDCLASS wc;
HINSTANCE hInstance = (HINSTANCE)GetModuleHandle(NULL);
HWND hWnd;
wc.style = CS_PARENTDC;
wc.lpfnWndProc = (WNDPROC)WndProc;
wc.cbClsExtra = 0;
wc.cbWndExtra = 0;
wc.hInstance = hInstance;
wc.hIcon = LoadIcon (hInstance, \"PS\");
wc.hCursor = LoadCursor(NULL, IDC_ARROW);
wc.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
wc.lpszMenuName = \"PS\";
wc.lpszClassName = \"PS\";
RegisterClass(&wc);
hWnd = CreateWindow(\"PS\",
\"Processes\",
WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT,
0,
CW_USEDEFAULT,
0,
NULL,
NULL,
hInstance,
NULL);

if (!hWnd) {
int reason = GetLastError();
return NULL;
}
ShowWindow(hWnd, SW_SHOWDEFAULT);
UpdateWindow(hWnd);
return hWnd;
}
=========================================
#include \"95enum.h\"
#include \"NTenum.h\"
#include \"mainwnd.h\"
display *d = NULL;
int main(int argc, char **argv)
{
OSVERSIONINFO info;
info.dwOSVersionInfoSize = sizeof(info);
GetVersionEx(&info);
HWND window = NULL;
process_enumerator *processes;
if ( argc > 1 ) {
window = CreateMainWnd();
d=new window_display(window);
}
else
d=new text_display;
if (info.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS )
processes = new Win95_enumerator(*d);
else if ( info.dwPlatformId == VER_PLATFORM_WIN32_NT )
processes = new NT_process_enumerator(*d);
else
MessageBox(NULL,
\"Error\",
\"Sorry: This doesn't work on Win32s\",
MB_OK);
processes->show();
MSG msg;
if ( window ) {
while ( GetMessage(&msg, NULL, 0, 0)) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
delete d;
return 0;
}
=====================================
#include \"NTenum.h\"
NT_process_enumerator::NT_process_enumerator(display &d) :
process_enumerator(d)
{
psapi = LoadLibrary(\"PSAPI.DLL\");
vdmdbg = LoadLibrary(\"VDMDBG.DLL\");
if ( NULL == psapi || NULL == vdmdbg )
return;
VDMEnumTaskWOWEx = (VDMENUMTASKWOWEX)GetProcAddress(
(HINSTANCE)vdmdbg, \"VDMEnumTaskWOWEx\");
EnumProcesses =(ENUMPROCESSES)GetProcAddress(
(HINSTANCE)psapi, \"EnumProcesses\");
GetModuleFileName = (GETMODULEFILENAME)GetProcAddress(
(HINSTANCE)psapi, \"GetModuleFileNameExA\");
GetModuleBaseName = (GETMODULEBASENAME)GetProcAddress(
(HINSTANCE)psapi, \"GetModuleBaseNameA\");
EnumProcessModules = (ENUMPROCESSMODULES)GetProcAddress(
(HINSTANCE)psapi, \"EnumProcessModules\");
if (
NULL == VDMEnumTaskWOWEx ||
NULL == EnumProcesses ||
NULL == GetModuleFileName ||
NULL == GetModuleBaseName ||
NULL == EnumProcessModules )
return;
}
bool
NT_process_enumerator::real_show() {
DWORD process_ids[max_num];
DWORD num_processes;
if (
NULL == VDMEnumTaskWOWEx ||
NULL == EnumProcesses ||
NULL == GetModuleFileName ||
NULL == GetModuleBaseName ||
NULL == EnumProcessModules )
return false;
int success = EnumProcesses(process_ids,
sizeof(process_ids),
&num_processes);
num_processes /= sizeof(process_ids[0]);
if ( !success ) {
disp.system_error(\"Enumerating Processes\");
return false;
}
for ( unsigned i=0; i<num_processes; i++) {
HANDLE process = OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE,
process_ids[i]);
HMODULE modules[max_num];
DWORD num_modules;
char file_name[MAX_PATH];
EnumProcessModules(process,
modules,
sizeof(modules),
&num_modules);
num_modules /= sizeof(modules[0]);
if (GetModuleFileName(process,
modules[0],
file_name,
sizeof(file_name)))
{
show_task(file_name, process_ids[i]);
GetModuleBaseName(process,
modules[0],
file_name,
sizeof(file_name));
if ( 0 == _stricmp(file_name, \"NTVDM.EXE\"))
{
// We've got an NT VDM -- enumerate the processes
// it contains.
VDMEnumTaskWOWEx(process_ids[i], show_task, (long)&disp);
}
}
CloseHandle(process);
}
FreeLibrary((HINSTANCE)vdmdbg);
FreeLibrary((HINSTANCE)psapi);
return true;
}
BOOL WINAPI
NT_process_enumerator::show_task(DWORD dwThreadId,
WORD hMod16,
WORD hTask16,
PSZ pszModName,
PSZ FileName,
LPARAM lpUserDefined)
{
display &disp = *(display *)lpUserDefined;
char string[256];
wsprintf(string,\" %-55s\t%#10x\", FileName, hTask16);
disp << string;
return TRUE;
}


There Is Nothing Impossible In My Dictionary.
2007-09-18 15:17
HJin
Rank: 6Rank: 6
等 级:贵宾
威 望:27
帖 子:401
专家分:0
注 册:2007-6-9
得分:0 
Hi brother:

How about upload an attachment of all your files in a .zip or .rar file? You know if we want to try, we have to prepare the files.

The knowledge of using psapi is standard. I used to aplly the same kind of idea to inject a dll into a game's memory space to hack it.

One new trick is to direclty deal with the .exe data sturcture, which is considered by many hackers as undectable in the game hacking field.

HJin

I am working on a system which has no Chinese input. Please don\'t blame me for typing English.
2007-09-18 15:30
cince
Rank: 1
等 级:新手上路
威 望:1
帖 子:108
专家分:0
注 册:2007-1-21
得分:0 


。。。。。


有空时就我就传一下吧

There Is Nothing Impossible In My Dictionary.
2007-09-18 17:00



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-170925-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.108625 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved