📄 enumprocsnt.cpp
字号:
// enumprocsnt.cpp:枚举当前进程.
//
#include <windows.h>
#include <ntsecapi.h>
#include "stdio.h"
typedef DWORD (WINAPI *ZWQUERYSYSTEMINFORMATION)
(DWORD, PVOID, DWORD, PDWORD);
typedef struct _SYSTEM_PROCESS_INFORMATION {
DWORD NextEntryDelta;
DWORD ThreadCount;
DWORD Reserved1[6];
FILETIME ftCreateTime;
FILETIME ftUserTime;
FILETIME ftKernelTime;
UNICODE_STRING ProcessName; // 进程名.
DWORD BasePriority;
DWORD ProcessId;
DWORD InheritedFromProcessId;
DWORD HandleCount;
DWORD Reserved2[2];
DWORD VmCounters;
DWORD dCommitCharge;
PVOID ThreadInfos[1];
} SYSTEM_PROCESS_INFORMATION, * PSYSTEM_PROCESS_INFORMATION;
#define SystemProcessesAndThreadsInformation 5
void main()
{
HMODULE hNtDLL = GetModuleHandle( "ntdll.dll" );
if ( !hNtDLL )
return;
ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation =
(ZWQUERYSYSTEMINFORMATION)
GetProcAddress(hNtDLL,"ZwQuerySystemInformation");
ULONG cbBuffer = 0x10000; // 设置缓冲大小,与系统有关.
LPVOID pBuffer = NULL;
pBuffer = malloc(cbBuffer);
if (pBuffer == NULL) return;
ZwQuerySystemInformation(
SystemProcessesAndThreadsInformation,
pBuffer, cbBuffer, NULL);
PSYSTEM_PROCESS_INFORMATION pInfo =
(PSYSTEM_PROCESS_INFORMATION)pBuffer;
for (;;)
{
printf("ProcessID: %d (%ls)\n", pInfo->ProcessId,
pInfo->ProcessName.Buffer);
if (pInfo->NextEntryDelta == 0)
break;
// 查找下一个进程的结构地址.
pInfo = (PSYSTEM_PROCESS_INFORMATION)(((PUCHAR)pInfo)
+ pInfo->NextEntryDelta);
}
free(pBuffer);
getchar(); //暂停.
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -