📄 prochelp.h
字号:
/******************************************************************************
Module: ProcHelp.h
Notices: Copyright (c) 2000 Jeffrey Richter
******************************************************************************/
#pragma once
#include <tlhelp32.h>
#include <tchar.h>
#define chINRANGE(low, Num, High) (((low) <= (Num)) && ((Num) <= (High)))
///////////////////////////////////////////////////////////////////////////////
class CProcessHelp
{
private:
HANDLE m_hSnapshot;
public:
CProcessHelp(DWORD dwFlags = 0, DWORD dwProcessID = 0);
~CProcessHelp();
BOOL CreateSnapshot(DWORD dwFlags, DWORD dwProcessID = 0);
BOOL ProcessFirst(PPROCESSENTRY32 ppe) const;
BOOL ProcessNext(PPROCESSENTRY32 ppe) const;
BOOL ProcessFind(DWORD dwProcessId, PPROCESSENTRY32 ppe) const;
BOOL ModuleFirst(PMODULEENTRY32 pme) const;
BOOL ModuleNext(PMODULEENTRY32 pme) const;
BOOL ModuleFind(PVOID pvBaseAddr, PMODULEENTRY32 pme) const;
BOOL ModuleFind(PTSTR pszModName, PMODULEENTRY32 pme) const;
BOOL ThreadFirst(PTHREADENTRY32 pte) const;
BOOL ThreadNext(PTHREADENTRY32 pte) const;
BOOL HeapListFirst(PHEAPLIST32 phl) const;
BOOL HeapListNext(PHEAPLIST32 phl) const;
int HowManyHeaps() const;
// Note: The heap block functions do not reference a snapshot and
// just walk the process's heap from the beginning each time. Infinite
// loops can occur if the target process changes its heap while the
// functions below are enumerating the blocks in the heap.
BOOL HeapFirst(PHEAPENTRY32 phe, DWORD dwProcessID, UINT_PTR dwHeapID) const;
BOOL HeapNext(PHEAPENTRY32 phe) const;
int HowManyBlocksInHeap(DWORD dwProcessID, DWORD dwHeapId) const;
BOOL IsAHeap(HANDLE hProcess, PVOID pvBlock, PDWORD pdwFlags) const;
public:
static BOOL EnableDebugPrivilege(BOOL bEnable = TRUE);
static BOOL ReadProcessMemory(DWORD dwProcessID, LPCVOID pvBaseAddress,
PVOID pvBuffer, DWORD cbRead, PDWORD pdwNumberOfBytesRead = NULL);
};
///////////////////////////////////////////////////////////////////////////////
inline CProcessHelp::CProcessHelp(DWORD dwFlags, DWORD dwProcessID)
{
m_hSnapshot = INVALID_HANDLE_VALUE;
CreateSnapshot(dwFlags, dwProcessID);
}
///////////////////////////////////////////////////////////////////////////////
inline CProcessHelp::~CProcessHelp()
{
if (m_hSnapshot != INVALID_HANDLE_VALUE)
CloseHandle(m_hSnapshot);
}
///////////////////////////////////////////////////////////////////////////////
inline BOOL CProcessHelp::CreateSnapshot(DWORD dwFlags, DWORD dwProcessID)
{
if (m_hSnapshot != INVALID_HANDLE_VALUE)
CloseHandle(m_hSnapshot);
if (dwFlags == 0)
{
m_hSnapshot = INVALID_HANDLE_VALUE;
}
else
{
m_hSnapshot = CreateToolhelp32Snapshot(dwFlags, dwProcessID);
}
return(m_hSnapshot != INVALID_HANDLE_VALUE);
}
///////////////////////////////////////////////////////////////////////////////
inline BOOL CProcessHelp::EnableDebugPrivilege(BOOL bEnable)
{
// Enabling the debug privilege allows the application to see
// information about service applications
BOOL bOK = FALSE; // Assume function fails
HANDLE hToken;
// Try to open this process's access token
if( OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken) )
{
// Attempt to modify the "Debug" privilege
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
bOK = (GetLastError() == ERROR_SUCCESS);
CloseHandle(hToken);
}
return(bOK);
}
///////////////////////////////////////////////////////////////////////////////
inline BOOL CProcessHelp::ReadProcessMemory(DWORD dwProcessID,
LPCVOID pvBaseAddress, PVOID pvBuffer, DWORD cbRead,
PDWORD pdwNumberOfBytesRead)
{
return(Toolhelp32ReadProcessMemory(dwProcessID, pvBaseAddress, pvBuffer,
cbRead, pdwNumberOfBytesRead));
}
///////////////////////////////////////////////////////////////////////////////
inline BOOL CProcessHelp::ProcessFirst(PPROCESSENTRY32 ppe) const
{
BOOL bOK = Process32First(m_hSnapshot, ppe);
if( bOK && (ppe->th32ProcessID == 0) )
{
bOK = ProcessNext(ppe); // Remove the "[System Process]" (PID = 0)
}
return(bOK);
}
inline BOOL CProcessHelp::ProcessNext(PPROCESSENTRY32 ppe) const
{
BOOL bOK = Process32Next(m_hSnapshot, ppe);
if(bOK && (ppe->th32ProcessID == 0))
{
bOK = ProcessNext(ppe); // Remove the "[System Process]" (PID = 0)
}
return(bOK);
}
inline BOOL CProcessHelp::ProcessFind(DWORD dwProcessId, PPROCESSENTRY32 ppe) const
{
BOOL bFound = FALSE;
for (BOOL bOK = ProcessFirst(ppe); bOK; bOK = ProcessNext(ppe))
{
bFound = (ppe->th32ProcessID == dwProcessId);
if (bFound) break;
}
return(bFound);
}
///////////////////////////////////////////////////////////////////////////////
inline BOOL CProcessHelp::ModuleFirst(PMODULEENTRY32 pme) const
{
return(Module32First(m_hSnapshot, pme));
}
inline BOOL CProcessHelp::ModuleNext(PMODULEENTRY32 pme) const
{
return(Module32Next(m_hSnapshot, pme));
}
inline BOOL CProcessHelp::ModuleFind(PVOID pvBaseAddr, PMODULEENTRY32 pme) const
{
BOOL bFound = FALSE;
for (BOOL bOK = ModuleFirst(pme); bOK; bOK = ModuleNext(pme))
{
bFound = (pme->modBaseAddr == pvBaseAddr);
if (bFound) break;
}
return(bFound);
}
inline BOOL CProcessHelp::ModuleFind(PTSTR pszModName, PMODULEENTRY32 pme) const
{
BOOL bFound = FALSE;
for (BOOL bOK = ModuleFirst(pme); bOK; bOK = ModuleNext(pme))
{
bFound = (lstrcmpi(pme->szModule, pszModName) == 0) ||
(lstrcmpi(pme->szExePath, pszModName) == 0);
if (bFound) break;
}
return(bFound);
}
///////////////////////////////////////////////////////////////////////////////
inline BOOL CProcessHelp::ThreadFirst(PTHREADENTRY32 pte) const
{
return(Thread32First(m_hSnapshot, pte));
}
inline BOOL CProcessHelp::ThreadNext(PTHREADENTRY32 pte) const
{
return(Thread32Next(m_hSnapshot, pte));
}
///////////////////////////////////////////////////////////////////////////////
inline int CProcessHelp::HowManyHeaps() const
{
int nHowManyHeaps = 0;
HEAPLIST32 hl = { sizeof(hl) };
for (BOOL bOK = HeapListFirst(&hl); bOK; bOK = HeapListNext(&hl))
nHowManyHeaps++;
return(nHowManyHeaps);
}
inline int CProcessHelp::HowManyBlocksInHeap(DWORD dwProcessID,
DWORD dwHeapID) const
{
int nHowManyBlocksInHeap = 0;
HEAPENTRY32 he = { sizeof(he) };
BOOL bOK = HeapFirst(&he, dwProcessID, dwHeapID);
for (; bOK; bOK = HeapNext(&he))
nHowManyBlocksInHeap++;
return(nHowManyBlocksInHeap);
}
inline BOOL CProcessHelp::HeapListFirst(PHEAPLIST32 phl) const
{
return(Heap32ListFirst(m_hSnapshot, phl));
}
inline BOOL CProcessHelp::HeapListNext(PHEAPLIST32 phl) const
{
return(Heap32ListNext(m_hSnapshot, phl));
}
inline BOOL CProcessHelp::HeapFirst(PHEAPENTRY32 phe, DWORD dwProcessID,
UINT_PTR dwHeapID) const
{
return(Heap32First(phe, dwProcessID, dwHeapID));
}
inline BOOL CProcessHelp::HeapNext(PHEAPENTRY32 phe) const
{
return(Heap32Next(phe));
}
inline BOOL CProcessHelp::IsAHeap(HANDLE hProcess, PVOID pvBlock,
PDWORD pdwFlags) const
{
HEAPLIST32 hl = { sizeof(hl) };
for (BOOL fOkHL = HeapListFirst(&hl); fOkHL; fOkHL = HeapListNext(&hl))
{
HEAPENTRY32 he = { sizeof(he) };
BOOL fOkHE = HeapFirst(&he, hl.th32ProcessID, hl.th32HeapID);
for (; fOkHE; fOkHE = HeapNext(&he))
{
MEMORY_BASIC_INFORMATION mbi;
VirtualQueryEx(hProcess, (PVOID) he.dwAddress, &mbi, sizeof(mbi));
if (chINRANGE(mbi.AllocationBase, pvBlock,
(PBYTE) mbi.AllocationBase + mbi.RegionSize))
{
*pdwFlags = hl.dwFlags;
return(TRUE);
}
}
}
return(FALSE);
}
//////////////////////////////// End of File //////////////////////////////////
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -