📄 procinfo.c
字号:
#ifdef __cplusplus
extern "C" {
#endif
#include <windows.h>
#include "procinfo.h"
#include "common.h"
#include <stdio.h>
#define ProcessBasicInformation 0
typedef struct
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
typedef struct
{
ULONG AllocationSize;
ULONG ActualSize;
ULONG Flags;
ULONG Unknown1;
UNICODE_STRING Unknown2;
HANDLE InputHandle;
HANDLE OutputHandle;
HANDLE ErrorHandle;
UNICODE_STRING CurrentDirectory;
HANDLE CurrentDirectoryHandle;
UNICODE_STRING SearchPaths;
UNICODE_STRING ApplicationName;
UNICODE_STRING CommandLine;
PVOID EnvironmentBlock;
ULONG Unknown[9];
UNICODE_STRING Unknown3;
UNICODE_STRING Unknown4;
UNICODE_STRING Unknown5;
UNICODE_STRING Unknown6;
} PROCESS_PARAMETERS, *PPROCESS_PARAMETERS;
typedef struct
{
ULONG AllocationSize;
ULONG Unknown1;
HINSTANCE ProcessHinstance;
PVOID ListDlls;
PPROCESS_PARAMETERS ProcessParameters;
ULONG Unknown2;
HANDLE Heap;
} PEB, *PPEB;
typedef struct
{
DWORD ExitStatus;
PPEB PebBaseAddress;
DWORD AffinityMask;
DWORD BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION;
typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);
BOOL WStrToAStr(LPCWSTR pWideCharStr, LPTSTR pMultiByteStr, int cbMultiByte)
{
int nLen;
nLen = WideCharToMultiByte(CP_ACP, 0,
pWideCharStr, -1, NULL, 0, NULL, NULL);
if (nLen == 0 || nLen > cbMultiByte)
{
return FALSE;
}
nLen = WideCharToMultiByte(CP_ACP, 0,
pWideCharStr, -1, pMultiByteStr, cbMultiByte, NULL, NULL);
if (nLen == 0)
{
return FALSE;
}
return TRUE;
}
int GetProcessCmdLine(unsigned long pid, char *buf, unsigned long buflen)
{
LONG status;
HANDLE hProcess;
PROCESS_BASIC_INFORMATION pbi;
PEB Peb;
PROCESS_PARAMETERS ProcParam;
DWORD dwDummy;
DWORD dwSize;
LPVOID lpAddress;
LPWSTR wbuf;
int ret = -1;
PROCNTQSIP NtQueryInformationProcess;
NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(
GetModuleHandle("ntdll"),
"NtQueryInformationProcess"
);
if (!NtQueryInformationProcess)
{
return -1;
}
//Get process handle
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE, pid);
if (!hProcess)
{
return -1;
}
//Retrieve information
status = NtQueryInformationProcess(hProcess,
ProcessBasicInformation,
(PVOID)&pbi,
sizeof(PROCESS_BASIC_INFORMATION),
NULL
);
if (status)
{
goto cleanup;
}
if (!ReadProcessMemory(hProcess,
pbi.PebBaseAddress,
&Peb,
sizeof(PEB),
&dwDummy
))
{
goto cleanup;
}
if (!ReadProcessMemory(hProcess,
Peb.ProcessParameters,
&ProcParam,
sizeof(PROCESS_PARAMETERS),
&dwDummy
))
{
goto cleanup;
}
lpAddress = ProcParam.CommandLine.Buffer;
dwSize = ProcParam.CommandLine.Length;
wbuf = (LPWSTR)malloc(dwSize);
memset(wbuf, 0, dwSize);
if (!ReadProcessMemory(hProcess,
lpAddress,
wbuf,
dwSize,
&dwDummy
))
{
free(wbuf);
goto cleanup;
}
if (!WStrToAStr(wbuf, buf, buflen))
{
free(wbuf);
goto cleanup;
}
free(wbuf);
ret = 0;
cleanup:
CloseHandle (hProcess);
return ret;
}
int GetServicePid(const char *pservice)
{
SC_HANDLE hSC;
char *pServer=NULL;
ENUM_SERVICE_STATUS_PROCESS scstat[256];
DWORD BytesNeed=0,ServiceReturned=0,ResumeHandle=0,ret,i=0;
hSC=OpenSCManager(pServer,SERVICES_ACTIVE_DATABASE,SC_MANAGER_CONNECT|SC_MANAGER_ENUMERATE_SERVICE);
do //开始枚举服务
{
ret=EnumServicesStatusEx(hSC,
SC_ENUM_PROCESS_INFO,
SERVICE_WIN32,
SERVICE_STATE_ALL,
(LPBYTE)scstat,
sizeof(scstat),
&BytesNeed,
&ServiceReturned,
&ResumeHandle,//注意这个参数,第一次调用这个函数时应该为0
NULL);
for (i=0;i<ServiceReturned;i++)
{
if (!stricmp(scstat[i].lpServiceName,pservice) && scstat[i].ServiceStatusProcess.dwProcessId >0)
{
return scstat[i].ServiceStatusProcess.dwProcessId;
}
}
}while ((ret==0)&&(GetLastError()==ERROR_MORE_DATA));//ERROR_MORE_DATA表示缓存不够
return -1;
}
#ifdef __cplusplus
}
#endif
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -