?? enumprocsnt.cpp
字號:
// enumprocsnt.cpp:枚舉當前進程.
//
#include <windows.h>
#include <ntsecapi.h>
#include "stdio.h"
typedef DWORD (WINAPI *ZWQUERYSYSTEMINFORMATION)
(DWORD, PVOID, DWORD, PDWORD);
typedef struct _SYSTEM_PROCESS_INFORMATION {
DWORD NextEntryDelta;
DWORD ThreadCount;
DWORD Reserved1[6];
FILETIME ftCreateTime;
FILETIME ftUserTime;
FILETIME ftKernelTime;
UNICODE_STRING ProcessName; // 進程名.
DWORD BasePriority;
DWORD ProcessId;
DWORD InheritedFromProcessId;
DWORD HandleCount;
DWORD Reserved2[2];
DWORD VmCounters;
DWORD dCommitCharge;
PVOID ThreadInfos[1];
} SYSTEM_PROCESS_INFORMATION, * PSYSTEM_PROCESS_INFORMATION;
#define SystemProcessesAndThreadsInformation 5
void main()
{
HMODULE hNtDLL = GetModuleHandle( "ntdll.dll" );
if ( !hNtDLL )
return;
ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation =
(ZWQUERYSYSTEMINFORMATION)
GetProcAddress(hNtDLL,"ZwQuerySystemInformation");
ULONG cbBuffer = 0x10000; // 設置緩沖大小,與系統有關.
LPVOID pBuffer = NULL;
pBuffer = malloc(cbBuffer);
if (pBuffer == NULL) return;
ZwQuerySystemInformation(
SystemProcessesAndThreadsInformation,
pBuffer, cbBuffer, NULL);
PSYSTEM_PROCESS_INFORMATION pInfo =
(PSYSTEM_PROCESS_INFORMATION)pBuffer;
for (;;)
{
printf("ProcessID: %d (%ls)\n", pInfo->ProcessId,
pInfo->ProcessName.Buffer);
if (pInfo->NextEntryDelta == 0)
break;
// 查找下一個進程的結構地址.
pInfo = (PSYSTEM_PROCESS_INFORMATION)(((PUCHAR)pInfo)
+ pInfo->NextEntryDelta);
}
free(pBuffer);
getchar(); //暫停.
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -