ps.cpp

黑客编程代码ps列举进程代码.rar

#include <windows.h>
#include <stdio.h>
#include "psapi.h"

void usage( int );
void PrintModules( DWORD );

//Define Command parameters
bool a=FALSE;
bool m=FALSE;
bool s=FALSE;
bool f=FALSE;
char * FindString;

void main(int argc, char **argv)
{
	DWORD aProcesses[1024], cbNeeded, cProcesses;
    unsigned int i;
	unsigned int PID;
    //Get command parameters
	if(argc==1) 
	{
		usage(1);
		exit(0);
	}
	for(int j=1;j<argc;j++)
	{
		if ((argv[j][0]=='/') || (argv[j][0]=='-'))
			switch(argv[j][1])
			{
				case 'a':
				case 'A': a=true; break;
				case 'm':
				case 'M': m=true; break;
				case 's':
				case 'S': 
					{
						s=true; 
						if(argv[j][3])
						PID=atoi(argv[j]+3);
						break;
					}
				case 'f':
				case 'F': 
					{
						f=true;
						FindString=argv[j]+3;
						break;
					}
				case '?':
				case 'h':
				case 'H': usage(1);break;
				default: usage(0);break;
			}
	}
	if(a) 
	{
		// Get the list of process identifiers.
		if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )  return;
		// Calculate how many process identifiers were returned.
		cProcesses = cbNeeded / sizeof(DWORD);
		// Print the name of the modules for each process.
		for ( i = 0; i < cProcesses; i++ ) PrintModules( aProcesses[i] );
	}
	if(s)
		PrintModules(PID);
}

void PrintModules( DWORD processID )
{
    HMODULE hMods[1024];
    HANDLE hProcess;
    DWORD cbNeeded;
	char szProcessName[MAX_PATH];
    unsigned int i;
	unsigned int ModuleNum;
    // Get a list of all the modules in this process.
    hProcess = OpenProcess(  PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID );
    if( EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
    {
		if(!f) printf( "Process ID: %u ", processID );
        if(m) ModuleNum=cbNeeded / sizeof(HMODULE);
		else  ModuleNum=1;
		for ( i = 0; i < ModuleNum; i++ )
        {
            char szModName[MAX_PATH];
            // Get the full path to the module's file.
			if ( GetModuleFileNameEx( hProcess, hMods[i], szModName,sizeof(szModName)))
			{
				// Print the module name and handle value.
				if(!i) strcpy(szProcessName,szModName);
				if(!f) printf("\t%s (0x%08X)\n", szModName, hMods[i] );
				else 
				{
					if(strstr(szModName,FindString))
					{
						printf( "Process ID: %u \n", processID );
						printf("%s (0x%08X)\n", szProcessName, hMods[0] );	
						printf("\t%s (0x%08X)\n", szModName, hMods[i] );
					} 
				}
			}
		}
    }

    CloseHandle( hProcess );
}

void usage(int ErrorCode)
{
	if(!ErrorCode) printf("Parameters Error\n");
	printf("\n");
	printf("\t\t\tProcess Status Tools v0.1\n");
	printf("\t\t\t\tBy Shotgun\n");
	printf("\tShotgun@Xici.net\n");
	printf("\thttp://www.Patching.net\n");
	printf("\thttp://It.Xici.Net\n");
	printf("\n");
	printf("USAGE:\n");
	printf("\t/a         Display All Processes\n");
	printf("\t/m         Include the Modules(DLLs,etc)\n");
	printf("\t/s[ :n ]   Display the Process PID=n\n");
	printf("\t/f:string  Find the Process/Modules Contain the string\n");
}