One-day Windows API training (89) OpenProcess function

One-day Windows API training (89) OpenProcess function

Over the past year, there have been a lot of rogue software, which has made everyone suffer from such disgusting software. In this environment, many customers need powerful tools to scan and kill such rogue software. What would you do if you were asked to develop a software to scan and kill the virus? Of course, we first traverse all the processes on the computer, and then display the detailed information of each process to the user so that the user can decide which processes can run and which cannot run. Or compare the information of the current process with the pattern in the virus database to identify the suspicious viruses. The following shows how to use the function OpenProcess to open a process and obtain the process name.

The function OpenProcess declaration is as follows:

Winbaseapi
_ Out
Handle
Winapi
OpenProcess (
_ In DWORD dwdesiredaccess,
_ In bool binherithandle,
_ In DWORD dwprocessid
);
Dwdesiredaccess is the permission to access the process.
Binherithandle indicates whether the handle inherits the process attributes.
Dwprocessid is the process ID.

An example of calling a function is as follows:
#001 // obtain process information.
#002 // Cai junsheng 2007/12/13 QQ: 9073204 Shenzhen
#003 void testopenprocesses (void)
#004 {
#005 //
#006 const int nbufsize = 512;
#007 tchar chbuf [nbufsize];
#008 zeromemory (chbuf, nbufsize );
#009
#010 //
#011 DWORD dwprocs [1, 1024];
#012 DWORD dwneeded;
#013
#014 // enumerate all process IDs.
#015 if (! Enumprocesses (dwprocs, sizeof (dwprocs), & dwneeded ))
#016 {
#017 // output error information.
#018 wsprintf (chbuf, _ T ("enumprocesses failed (% d)./N"), getlasterror ());
#019 outputdebugstring (chbuf );
#020
#021 return;
#022}
#023
#024 // calculate the number of process IDs.
#025 DWORD dwproccount = dwneeded/sizeof (DWORD );
#026
#027 wsprintf (chbuf, _ T ("enumprocesses count (% d)./N"), dwproccount );
#028 outputdebugstring (chbuf );
#029
#030 // traverse all process IDs and open the process.
#031 for (DWORD I = 0; I <dwproccount; I ++)
#032 {
#033 wsprintf (chbuf, _ T ("enumprocesses (% d)./R/N"), dwprocs);
#034 outputdebugstring (chbuf );
#035
#036 // open the process based on the process ID.
#037 handle hprocess = OpenProcess (process_query_information |
#038 process_vm_read,
#039 false, dwprocs);
#040
#041 if (hprocess)
#042 {
#043 hmodule hmod;
#044 DWORD cbneeded;
#045
#046 // obtain the handle of the first module of the process.
#047 if (enumprocessmodules (hprocess, & hmod, sizeof (hmod ),
#048 & cbneeded ))
#049 {
#050 //
#051 zeromemory (chbuf, nbufsize );
#052
#053 // obtain the name of the first module of the process.
#054 if (: getmodulebasename (hprocess, hmod, chbuf, nbufsize ))
#055 {
#056 //
#057 outputdebugstring (chbuf );
#058 outputdebugstring (_ T ("/R/N "));
#059}
#060}
#061}
#062}
#063
#064}