[00023]-[2015-09-19]-[01]-[windows Platform Basics 1]

[Enumeration of processes, threads, DLLs (dynamic-link libraries)]
[Snapshot processing CreateToolhelp32Snapshot ()]

// Thcs32_snapmodule // thcs32_snapprocess // Thcs32_snapthread HANDLE Hsnap = createtoolhelp32snapshot (    DWORD dwFlags,     //  type process for the snapshot system? Thread? DLL?    DWORD Dwprocssid,     //  NULL OR ProcessId);

[***32first ()/***32next ()]

//PROCESSENTRY32/*typedef struct TAGPROCESSENTRY32{DWORD dwsize;     Structural body size DWORD Cntusage;     The process's reference count is DWORD Th32processid;     The ID of the process ===> pidulong_ptr th32defaultheapid;     ID of the process default heap = 0DWORD Th32moduleid;     Process Module ID = 0DWORD cntthreads;     Process-enabled thread count DWORD Th32parentprocessid;     The Idlong pcpriclassbase of the parent process of the process;     The thread's priority DWORD DwFlags;     = = 0TCHAR Szexefile[max_path]; The name of the executable file of the process} PROCESSENTRY32, *pprocessentry32;*///THREADENTRY32/*typedef struct TAGTHREADENTRY32 {DWORD dwsize;     Structural body size DWORD cntusage;     = = 0 DWORD th32threadid;    　　// ....     DWORD Th32ownerprocessid;     The PID LONG Tpbasepri of the process to which the thread belongs;     The priority assigned by the thread in the kernel (0-31) 0 is the lowest priority LONG Tpdeltapri;     = 0 DWORD dwFlags; = 0} THREADENTRY32, *pthreadentry32;*///MODULEENTRY32/*typedef struct TAGMODULEENTRY32 {DWORD dwsize;     Structural body size DWORD Th32moduleid;     = 1DWORD Th32processid;     Checking the process identifier DWORD Glblcntusage;     The usage count of the global module is that the total load count of the module is generally meaningless = 0xffffDWORD proccntusage; The global module uses the same count as Glblcntusage). Usually this one is meaningless and is set to 0xFFFF.     BYTE *modbaseaddr; The base address of the module, within the scope of the process to which it belongs.     DWORD modbasesize; The size of the module, in units of bytes.     Hmodule hmodule; The module handle within the scope of the owning process.     TCHAR Szmodule[max_path]; A null-terminated string that contains the module name.     TCHAR Szexepath[max_path]; A null-terminated string that contains the location, or path of the module. } MODULEENTRY32, *pmoduleentry32, *lpmoduleentry32;*/BOOL WINAPI Process32First (HANDLE hsnap, LPPROCESSENTRY32 Lppe); BOOL WINAPI Process32Next (HANDLE hsnap, LPPROCESSENTRY32 Lppe); BOOL WINAPI Thread32first (HANDLE hsnap, LPTHRADENTRY32 lpte); BOOL WINAPI Thread32next (HANDLE hsnap, LPTHRADENTRY32 lpte); BOOL WINAPI Module32first (HANDLE hsnap, LPMODULEENTRY32 LPME); BOOL WINAPI Module32next (HANDLE hsnap, LPMODULEENTRY32 LPME);

Egcode:

HANDLE Hsnap = CreateToolhelp32Snapshot (thcs32_snapprocess, NULL);//A snapshot snapshot of a process in the system is an instantaneous action because the system's processes, threads, and DLLs are all in the dynamic
Changes in

PROCESSENTRYY32 PE = {0};
pe.dwsize = sizeof (PROCESSENTRY32);
BOOL BRet = Process32First (Hsnap, &PE);
while (BRet)
{
Now the PE do contain the content of a Process Entry
.......

BRet = Process32Next (Hsnap, &PE);//Get the next Process Entry content
}

[Adjust permissions for the current process]
(1) Use OpenProcessToken () to open the access token for the current process
(2) Use Lookupprivilegevalue () to obtain a description of the permission Luid
(3) Use AdjustTokenPrivileges () To adjust access token permissions---> [SeDebugPrivilege]

Egcode:

/** Adjust the current process with SeDebugPrivilege permissions*/voidSetdebugprivilege () {HANDLE Htoken=NULL; BOOL BRet= OpenProcessToken (GetCurrentProcess (), Token_all_access, &htoken); if(BRet = =TRUE)　　　　{Token_privilege TP; Tp. Privilegecount=1; Lookupprivilegevalue (NULL, Se_debug_name,&TP. privileges[0].　　　　LUID); Tp. privileges[0]. Attributes =se_privilege_enable; AdjustTokenPrivileges (Htoken, FALSE,&TP,sizeof(TP), NULL, NULL);　　CloseHandle (Htoken); }Else{CloseHandle (htoken); }    }

[00023]-[2015-09-19]-[01]-[windows Platform Basics 1]