process.cpp

一个国人自己实现图像库的程序（有参考价值）

#include "stdafx.h"
#include "..\Include\C_Process.h"

//===================================================================
HANDLE fooCreateThread (void * lpStartAddress, void * lpParameter, DWORD dwPriority)
{
	DWORD	thid ;
	HANDLE	hThread ;
	hThread = CreateThread (NULL, 0, (LPTHREAD_START_ROUTINE)lpStartAddress, 
							(LPVOID)lpParameter, 0, &thid) ;
	if (hThread != NULL)
		::SetThreadPriority (hThread, dwPriority) ;
	return hThread ;
}
//===================================================================
//	Run Program
BOOL  fooCreateProcess (PCTSTR szName, int nCmdShow, DWORD dwPriority)
{
	PROCESS_INFORMATION	pi ;
	STARTUPINFO			si ;
	BOOL				bResult = FALSE ;

	if (szName != NULL)
	{
		ZeroMemory (&si, sizeof(si)) ;
		si.cb = sizeof(si) ;
		si.wShowWindow	= (WORD) nCmdShow ;
		si.dwFlags		= STARTF_USESHOWWINDOW | STARTF_FORCEONFEEDBACK ;
		if (bResult = ::CreateProcess (NULL, const_cast<PTSTR>(szName), NULL, NULL, TRUE, dwPriority, NULL, NULL, &si, &pi))
		{
			::SetPriorityClass (pi.hProcess, dwPriority) ;
			::CloseHandle (pi.hProcess) ;
			::CloseHandle (pi.hThread) ;
		}
	}
	return bResult ;
}
//===================================================================
BOOL  fooEnablePrivilege (PCTSTR pPrivilegeName)
{
	BOOL		fOk = FALSE ;
	HANDLE		hToken ;
	if (OpenProcessToken (GetCurrentProcess (), TOKEN_ADJUST_PRIVILEGES, &hToken)
		&& (pPrivilegeName != NULL))
	{
		TOKEN_PRIVILEGES	tp ;
		tp.PrivilegeCount = 1 ;
		LookupPrivilegeValue (NULL, pPrivilegeName, &tp.Privileges[0].Luid) ;
		tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED ;
		AdjustTokenPrivileges (hToken, FALSE, &tp, sizeof(tp), NULL, NULL) ;
		fOk = (GetLastError() == ERROR_SUCCESS) ;
		CloseHandle (hToken) ;
   }
   return fOk ;
}
//===================================================================
BOOL  fooInjectDLL_W (DWORD dwProcessId, PCWSTR szDllFile)
{
	BOOL	bResult = FALSE ;
	HANDLE	hProcess = NULL, hThread = NULL ;
	WCHAR	* szRemoteName = NULL ;

	__try
	{
		//	得到进程句柄
		hProcess = OpenProcess (
				PROCESS_QUERY_INFORMATION |
				PROCESS_CREATE_THREAD     |
				PROCESS_VM_OPERATION      |
				PROCESS_VM_WRITE,
				FALSE, dwProcessId) ;
		if (hProcess == NULL)
			__leave ;

		//	字符串的字节长度
		int		iNameLen  = (1 + lstrlenW (szDllFile)) * sizeof(WCHAR) ;

		//	分配内存
		szRemoteName = (WCHAR *) VirtualAllocEx (hProcess, NULL, iNameLen, MEM_COMMIT, PAGE_READWRITE) ;
		if (szRemoteName == NULL)
			__leave ;
		
		//	拷贝字符串到目标进程
		if (!WriteProcessMemory (hProcess, szRemoteName, (VOID*)szDllFile, iNameLen, NULL))
			__leave ;

		//	得到 LoadLibraryW 的地址 (为ANSI字符)
		BYTE	szName[] = "K\0e\0r\0n\0e\0l\0\0\0" ;
		PTHREAD_START_ROUTINE	pfnThread = (PTHREAD_START_ROUTINE)
			GetProcAddress (GetModuleHandleW ((WCHAR*)szName), "LoadLibraryW");
		if (pfnThread == NULL)
			__leave ;

		//	call LoadLibraryW (szRemoteName)
		hThread = CreateRemoteThread (hProcess, NULL, 0,
					pfnThread, szRemoteName, 0, NULL) ;
		if (hThread == NULL)
			__leave ;

		//	等待进程结束
		WaitForSingleObject (hThread, INFINITE) ;
		bResult = TRUE ;
	}
	__finally
	{
		if (szRemoteName != NULL)
			VirtualFreeEx (hProcess, szRemoteName, 0, MEM_RELEASE) ;
		if (hThread  != NULL)
			CloseHandle (hThread) ;
		if (hProcess != NULL)
			CloseHandle (hProcess) ;
	}
	return bResult ;
}
//===================================================================
void  fooEnableTaskDlg (BOOL bEnable)
{
	HKEY		hKey ;
	TCHAR		* KeyValue = TEXT("DisableTaskMgr") ;
	TCHAR		* TaskMgr = TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System") ;
	
	if (::RegOpenKeyEx (HKEY_CURRENT_USER, TaskMgr, 0, KEY_ALL_ACCESS, &hKey) != ERROR_SUCCESS)
		if (::RegCreateKeyEx (HKEY_CURRENT_USER, TaskMgr, 0, NULL, 0, KEY_ALL_ACCESS, NULL, &hKey, NULL) != ERROR_SUCCESS)
			return ;
	if (bEnable)
		::RegDeleteValue (hKey, KeyValue) ;
	else
	{
		DWORD	val = 1 ;
		::RegSetValueEx (hKey, KeyValue, NULL, REG_DWORD, (BYTE*)&val, sizeof(val)) ;
	}
}
//===================================================================