[Enumeration of processes, threads, DLLs (dynamic-link libraries)]
[Snapshot processing CreateToolhelp32Snapshot ()]
// Thcs32_snapmodule // thcs32_snapprocess // Thcs32_snapthread HANDLE Hsnap = createtoolhelp32snapshot ( DWORD dwFlags, // type process for the snapshot system? Thread? DLL? DWORD Dwprocssid, // NULL OR ProcessId);
[***32first ()/***32next ()]
//PROCESSENTRY32/*typedef struct TAGPROCESSENTRY32{DWORD dwsize; Structural body size DWORD Cntusage; The process's reference count is DWORD Th32processid; The ID of the process ===> pidulong_ptr th32defaultheapid; ID of the process default heap = 0DWORD Th32moduleid; Process Module ID = 0DWORD cntthreads; Process-enabled thread count DWORD Th32parentprocessid; The Idlong pcpriclassbase of the parent process of the process; The thread's priority DWORD DwFlags; = = 0TCHAR Szexefile[max_path]; The name of the executable file of the process} PROCESSENTRY32, *pprocessentry32;*///THREADENTRY32/*typedef struct TAGTHREADENTRY32 {DWORD dwsize; Structural body size DWORD cntusage; = = 0 DWORD th32threadid; // .... DWORD Th32ownerprocessid; The PID LONG Tpbasepri of the process to which the thread belongs; The priority assigned by the thread in the kernel (0-31) 0 is the lowest priority LONG Tpdeltapri; = 0 DWORD dwFlags; = 0} THREADENTRY32, *pthreadentry32;*///MODULEENTRY32/*typedef struct TAGMODULEENTRY32 {DWORD dwsize; Structural body size DWORD Th32moduleid; = 1DWORD Th32processid; Checking the process identifier DWORD Glblcntusage; The usage count of the global module is that the total load count of the module is generally meaningless = 0xffffDWORD proccntusage; The global module uses the same count as Glblcntusage). Usually this one is meaningless and is set to 0xFFFF. BYTE *modbaseaddr; The base address of the module, within the scope of the process to which it belongs. DWORD modbasesize; The size of the module, in units of bytes. Hmodule hmodule; The module handle within the scope of the owning process. TCHAR Szmodule[max_path]; A null-terminated string that contains the module name. TCHAR Szexepath[max_path]; A null-terminated string that contains the location, or path of the module. } MODULEENTRY32, *pmoduleentry32, *lpmoduleentry32;*/BOOL WINAPI Process32First (HANDLE hsnap, LPPROCESSENTRY32 Lppe); BOOL WINAPI Process32Next (HANDLE hsnap, LPPROCESSENTRY32 Lppe); BOOL WINAPI Thread32first (HANDLE hsnap, LPTHRADENTRY32 lpte); BOOL WINAPI Thread32next (HANDLE hsnap, LPTHRADENTRY32 lpte); BOOL WINAPI Module32first (HANDLE hsnap, LPMODULEENTRY32 LPME); BOOL WINAPI Module32next (HANDLE hsnap, LPMODULEENTRY32 LPME);
Egcode:
HANDLE Hsnap = CreateToolhelp32Snapshot (thcs32_snapprocess, NULL);//A snapshot snapshot of a process in the system is an instantaneous action because the system's processes, threads, and DLLs are all in the dynamic
Changes in
PROCESSENTRYY32 PE = {0};
pe.dwsize = sizeof (PROCESSENTRY32);
BOOL BRet = Process32First (Hsnap, &PE);
while (BRet)
{
Now the PE do contain the content of a Process Entry
.......
BRet = Process32Next (Hsnap, &PE);//Get the next Process Entry content
}
[Adjust permissions for the current process]
(1) Use OpenProcessToken () to open the access token for the current process
(2) Use Lookupprivilegevalue () to obtain a description of the permission Luid
(3) Use AdjustTokenPrivileges () To adjust access token permissions---> [SeDebugPrivilege]
Egcode:
/** Adjust the current process with SeDebugPrivilege permissions*/voidSetdebugprivilege () {HANDLE Htoken=NULL; BOOL BRet= OpenProcessToken (GetCurrentProcess (), Token_all_access, &htoken); if(BRet = =TRUE) {Token_privilege TP; Tp. Privilegecount=1; Lookupprivilegevalue (NULL, Se_debug_name,&TP. privileges[0]. LUID); Tp. privileges[0]. Attributes =se_privilege_enable; AdjustTokenPrivileges (Htoken, FALSE,&TP,sizeof(TP), NULL, NULL); CloseHandle (Htoken); }Else{CloseHandle (htoken); } }
[00023]-[2015-09-19]-[01]-[windows Platform Basics 1]