?? main.cpp
字號(hào):
int i,j,nItem;
//添加
char str[MAX_SIZE];
LVITEM lv;
lv.mask = LVIF_TEXT;
lv.iItem = 0;
lv.iSubItem = 0;
//
ListView_DeleteAllItems( g_hList );
if( NULL==sTarget )
{
//
lv.pszText = "進(jìn)程列表";
ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
sprintf( str,"當(dāng)前共有%d個(gè)進(jìn)程。",g_mv.size() );
ListView_SetItemText( g_hList,0,1,str );
//
for( i=0;i<g_mv.size();i++ )
{
lv.iItem = i + 1;
sprintf( str,"%d",g_mv[i].pid );
lv.pszText = str;
nItem = ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
ListView_SetItemText( g_hList,nItem,1,g_mv[i].path );
}
}
else
{
PROCESSINFO p;
memset( (void*)&p,0,sizeof(p) );
for( i=0;i<g_mv.size();i++ )
{
if( lstrcmpi(sTarget,g_mv[i].name)==0 )
{
p = g_mv[i];
break;
}
}
//
lv.iItem = 0;
lv.pszText = "進(jìn)程 ID";
nItem = ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
sprintf( str,"%08X,%d",p.pid,p.pid );
ListView_SetItemText( g_hList,nItem,1,str );
lv.iItem = 1;
lv.pszText = "進(jìn)程名稱";
nItem = ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
ListView_SetItemText( g_hList,nItem,1,p.name );
lv.iItem = 2;
lv.pszText = "進(jìn)程路徑";
nItem = ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
ListView_SetItemText( g_hList,nItem,1,p.path );
//-----------------------------------------------------
for( j=0;j<p.v.size();j++ )
{
sprintf( str,"%03d,%08X,%d KB",p.v[j].index,p.v[j].h,p.v[j].size );
lv.iItem = p.v[j].index + 2;
lv.pszText = str;
nItem = ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
sprintf( str,"%s",p.v[j].path );
ListView_SetItemText( g_hList,nItem,1,str );
}
//-----------------------------------------------------
}
}
//-------------------------------------------------------------------------
void InitImageList()
{
g_ImageList = ImageList_Create( 16,16,ILC_MASK,100,0 );
TreeView_SetImageList( g_hTree,g_ImageList,TVSIL_NORMAL );
}
//-------------------------------------------------------------------------
void InitValue(PROCESSENTRY32 *pe)
{
if( NULL==pe )
{
ClearAllData();
return;
}
//
bool bCopy = false;
PROCESSINFO p;
memset( (void*)&p,0,sizeof(p) );
p.pid = pe->th32ProcessID;
strcpy( p.name,pe->szExeFile );
//
if( p.pid==0 )
{
strcpy( p.path,"System Idle Process" );
}
else if( p.pid==4 )
{
strcpy( p.path,"System" );
}
else
{
bCopy = true;
}
MODULESINFO m;
memset( (void*)&m,0,sizeof(m) );
HANDLE hSnapshot;
MODULEENTRY32 md32;
hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE,p.pid );
md32.dwSize = sizeof(MODULEENTRY32);
Module32First( hSnapshot,&md32 );
if(bCopy) strcpy( p.path,md32.szExePath );
do
{
m.index= p.v.size() + 1;
m.h = md32.hModule;
m.size = md32.modBaseSize/1024;
strcpy( m.path,md32.szExePath );
strcpy( m.name,md32.szModule );
p.v.push_back( m );
} while ( Module32Next( hSnapshot, &md32 ) );
CloseHandle( hSnapshot );
g_mv.push_back( p );
}
//-------------------------------------------------------------------------
void InitTreeData()
{
TreeView_DeleteAllItems(g_hTree);
g_hRoot = NULL;
ImageList_RemoveAll( g_ImageList );
//
int i,nIndex,IconNum;
HICON hTest,hIcon[2];
PROCESSINFO p;
memset( (void*)&p,0,sizeof(p) );
for( i=0;i<g_mv.size();i++ )
{
p = g_mv[i];
hTest = (HICON)ExtractIconEx( p.path,0,&hIcon[0],&hIcon[1],1 );
IconNum = (int)ExtractIconEx( p.path,-1,NULL,NULL,0 );
if( NULL==hTest || hTest==(HICON)1 || IconNum<=0 )
{
//目標(biāo)進(jìn)程沒(méi)有圖標(biāo),用 WIN32 標(biāo)準(zhǔn)圖標(biāo)替代
SHFILEINFO shfi;
memset(&shfi,0,sizeof(shfi));
SHGetFileInfo( "Foo.exe",
FILE_ATTRIBUTE_NORMAL,
&shfi,
sizeof(shfi),
SHGFI_ICON|SHGFI_USEFILEATTRIBUTES );
nIndex = ImageList_AddIcon( g_ImageList,shfi.hIcon );
DestroyIcon( shfi.hIcon );
}
else
{
nIndex = ImageList_AddIcon( g_ImageList,hIcon[1] );
DestroyIcon( hIcon[0] );
DestroyIcon( hIcon[1] );
}
//
if(NULL==g_hRoot) g_hRoot=InsertItem( TVI_ROOT,"所有進(jìn)程",0,0 );
InsertItem( g_hRoot,p.name,nIndex,nIndex );
//
}
TreeView_Expand( g_hTree,g_hRoot,TVE_EXPAND );
}
//-------------------------------------------------------------------------
HTREEITEM InsertItem(HTREEITEM hTI,LPSTR str,int imgOpen,int imgClose)
{
TV_INSERTSTRUCT tvs;
TV_ITEM tvi;
tvs.hInsertAfter = TVI_LAST;
tvi.mask = TVIF_TEXT | TVIF_IMAGE | TVIF_SELECTEDIMAGE;
tvi.pszText = str;
tvi.iImage = imgClose;
tvi.iSelectedImage = imgOpen;
tvs.hParent = hTI;
tvs.item = tvi;
return TreeView_InsertItem( g_hTree,&tvs );
}
//------------------------------------------------------------------------------
DWORD EnumProcess(LPCTSTR sTarget)
{
if( NULL==sTarget ) InitValue( NULL );
DWORD dwRet = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS,0 );
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof( PROCESSENTRY32 );
Process32First( hSnapshot, &pe32 );
do
{
/*
if( NULL!=sTarget )
{
if( lstrcmpi(pe32.szExeFile,sTarget)==0 )
{
dwRet = pe32.th32ProcessID;
break;
}
}
else
*/
{
InitValue(&pe32);
}
} while ( Process32Next( hSnapshot, &pe32 ) );
CloseHandle( hSnapshot );
return dwRet;
}
//-------------------------------------------------------------------------
bool EnableDebugPrivilege()
{
HANDLE hToken = NULL;
LUID luid;
TOKEN_PRIVILEGES tkp; //令牌權(quán)限結(jié)構(gòu)
if( !OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES,&hToken) )
{
//printf("OpenProcessToken failed\n");
return false;
}
if( !LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid) ) //查詢 DEBUG 權(quán)限值
{
return false;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = luid;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; //權(quán)限屬性使能
//調(diào)整為 DEBUG 權(quán)限
if( !AdjustTokenPrivileges(hToken,false,&tkp,sizeof(tkp),NULL,NULL) )
{
return false;
}
CloseHandle( hToken );
return true;
}
//------------------------------------------------------------------------------
void RunSysDlg()
{
HINSTANCE hInst = NULL;
hInst = LoadLibrary( "shell32.dll" );
if( hInst )
{
typedef void (__stdcall *FUNC)(HWND,HICON,LPCTSTR,LPCTSTR,LPCTSTR,UINT);
FUNC func;
func = (FUNC)GetProcAddress(hInst,(char*)61);
if( func )
{
func( g_hWnd,NULL,NULL,NULL,NULL,0x02 );
}
}
FreeLibrary( hInst );
}
//-------------------------------------------------------------------------
bool KillProcess()
{
if( NULL==g_sHotName || strlen(g_sHotName)<=0 ) return false;
char sMsg[MAX_SIZE];
strcpy( sMsg,"警告:強(qiáng)制殺掉進(jìn)程可能會(huì)引發(fā)嚴(yán)重后果!\r\n確定要終止 " );
strcat( sMsg,g_sHotName );
strcat( sMsg," 的運(yùn)行嗎?" );
if( MessageBox(0,sMsg,"警告",MB_YESNO|MB_ICONINFORMATION)==IDNO )
{
return false;
}
HANDLE h;
DWORD dwTarget = 0;
dwTarget = g_dwHotPid; //GetPrcIdMem(g_sHotName);
if( 0==dwTarget ) return false;
h = OpenProcess( PROCESS_ALL_ACCESS,false,dwTarget );
//殺進(jìn)程
if( !TerminateProcess(h,0) )
{
CloseHandle( h );
return false;
}
CloseHandle( h );
return true;
}
//-------------------------------------------------------------------------
DWORD GetPrcIdMem(LPCTSTR sTarget)
{
DWORD dwRet = 0;
for( int i=0;i<g_mv.size();i++ )
{
if( lstrcmpi(sTarget,g_mv[i].name)==0 )
{
dwRet = g_mv[i].pid;
break;
}
}
return dwRet;
}
//------------------------------------------------------------------------------
bool RemoteFreeLibrary(DWORD dwProcessID,LPCSTR lpszDll)
{
//打開(kāi)目標(biāo)進(jìn)程
HANDLE hProcess;
hProcess = OpenProcess( PROCESS_ALL_ACCESS,FALSE,dwProcessID );
//向目標(biāo)進(jìn)程地址空間寫(xiě)入DLL名稱
DWORD dwSize, dwWritten;
dwSize = lstrlenA( lpszDll ) + 1;
LPVOID lpBuf = VirtualAllocEx( hProcess,NULL,dwSize,MEM_COMMIT,PAGE_READWRITE );
if( NULL==lpBuf )
{
CloseHandle( hProcess );
return false;
}
if( WriteProcessMemory(hProcess,lpBuf,(LPVOID)lpszDll,dwSize,&dwWritten) )
{
//要寫(xiě)入字節(jié)數(shù)與實(shí)際寫(xiě)入字節(jié)數(shù)不相等,仍屬失敗
if( dwWritten!=dwSize )
{
VirtualFreeEx( hProcess,lpBuf,dwSize,MEM_DECOMMIT );
CloseHandle( hProcess );
return false;
}
}
else
{
CloseHandle( hProcess );
return false;
}
//使目標(biāo)進(jìn)程調(diào)用GetModuleHandle,獲得DLL在目標(biāo)進(jìn)程中的句柄
DWORD dwHandle, dwID;
LPVOID pFunc = GetModuleHandleA;
HANDLE hThread;
hThread = CreateRemoteThread( hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pFunc,
lpBuf,0,&dwID );
//等待GetModuleHandle運(yùn)行完畢
WaitForSingleObject( hThread,INFINITE );
//獲得GetModuleHandle的返回值
GetExitCodeThread( hThread,&dwHandle );
//釋放目標(biāo)進(jìn)程中申請(qǐng)的空間
VirtualFreeEx( hProcess,lpBuf,dwSize,MEM_DECOMMIT );
CloseHandle( hThread );
//使目標(biāo)進(jìn)程調(diào)用FreeLibrary,卸載DLL
pFunc = FreeLibrary;
hThread = CreateRemoteThread( hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pFunc,
(LPVOID)dwHandle,0,&dwID );
//等待FreeLibrary卸載完畢
WaitForSingleObject( hThread,INFINITE );
CloseHandle( hThread );
CloseHandle( hProcess );
return true;
}
//-------------------------------------------------------------------------
void CheckAndUnload()
{
if( g_dwHotPid<=0 ) return;
int i,j;
char str[MAX_SIZE];
PROCESSINFO p;
HWND hList = g_hList;
j = ListView_GetItemCount( hList );
if( j<=0 ) return;
g_mvUnload.clear();
for( i=0;i<j;i++ )
{
if( ListView_GetItemState(hList,i,LVIS_SELECTED) )
{
ListView_GetItemText( hList,i,1,str,MAX_SIZE );
strcpy( p.path,str );
p.pid = g_dwHotPid;
g_mvUnload.push_back( p );
}
}
if( g_mvUnload.size()<=0 ) return;
UnloadModules();
}
//-------------------------------------------------------------------------
void UnloadModules()
{
//全部操作 g_mvUnload
int i;
char sMsg[MAX_SIZE];
strcpy( sMsg,"警告:卸載模塊可能會(huì)引發(fā)嚴(yán)重后果!\r\n確定要卸載選定的模塊嗎? " );
if( MessageBox(0,sMsg,"警告",MB_YESNO|MB_ICONINFORMATION)==IDNO )
{
return;
}
__try
{
for( i=0;i<g_mvUnload.size();i++ )
{
RemoteFreeLibrary( g_mvUnload[i].pid,g_mvUnload[i].path );
}
}
__finally
{
g_mvUnload.clear();
Sleep( DELAYTIME );
InitAllData( 2 );
}
}
//-------------------------------------------------------------------------
void ShowFileAttr(LPCTSTR sFile)
{
SHELLEXECUTEINFO sei;
sei.cbSize = sizeof(sei);
sei.fMask = SEE_MASK_NOCLOSEPROCESS | SEE_MASK_INVOKEIDLIST | SEE_MASK_FLAG_NO_UI;
sei.hwnd = g_hWnd;
sei.lpVerb = "properties";
sei.lpFile = sFile;
sei.lpParameters = NULL;
sei.lpDirectory = NULL;
sei.nShow = 0;
sei.hInstApp = 0;
sei.lpIDList = 0;
ShellExecuteEx( &sei );
}
//-------------------------------------------------------------------------?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -