When we write some destructive program, we need to traverse and extract the ID of the process.
For these features, let's start with a few APIs
1.createtoolhelp32snapshout function
Get a snapshot of a process, module, or thread
The syntax is as follows:
HANDLE WINAPI CreateToolhelp32Snapshot ( _in_ DWORD dwFlags, _in_ DWORD Th32processid );
First parameter: The snapshot contains a part of the system with the following parameters:
We use th32cs_snapprocess here.
The snapshot contains all the processes inside the system.
The second one is about the PROCESSENTRY32 structure.
The syntax is as follows:
typedef struct TAGPROCESSENTRY32 { DWORD dwsize; DWORD cntusage; DWORD Th32processid; Ulong_ptr Th32defaultheapid; DWORD Th32moduleid; DWORD cntthreads; DWORD Th32parentprocessid; LONG pcpriclassbase; DWORD dwFlags; TCHAR Szexefile[max_path]; } PROCESSENTRY32, *pprocessentry32;
This describes a portal, which is a process that is read in the system address space when the snapshot is invoked.
This is only about Szexefile[max_path] and
Th32parentprocessid: This is the identity of the process after the process was created (parent process)
Szexefile: The name of the executable file inside the process
Here is the source code! Some functions are not explained, but can be understood by comments or by literal means
#include <Windows.h> #include <stdio.h> #include <TlHelp32.h> int main () { HANDLE Hproceessnap = createtoolhelp32snapshot (th32cs_snapprocess, 0); if (Hproceessnap = = Invalid_handle_value) { printf_s ("Failed to create snapshot \ n"); return-1; } else { PROCESSENTRY32 pe32; pe32.dwsize = sizeof (PE32); BOOL hprocess = Process32First (Hproceessnap, &pe32); Char buff[1024]; while (hprocess) { wsprintf (buff, "process name:%s--------------------process id:%d", Pe32.szexefile, PE32.TH32PARENTPROCESSID); printf_s ("%s\n", buff); memset (Buff, 0x00, 1024x768); hprocess = Process32Next (Hproceessnap, &pe32); } } CloseHandle (HPROCEESSNAP); return 0; }
The operation results are as follows
These are the contents of the widgets for the C/s + + traversal process and the process ID, please follow topic.alibabacloud.com (www.php.cn) for more information!