📄 main.cpp
字号:
int i,j,nItem;
//添加
char str[MAX_SIZE];
LVITEM lv;
lv.mask = LVIF_TEXT;
lv.iItem = 0;
lv.iSubItem = 0;
//
ListView_DeleteAllItems( g_hList );
if( NULL==sTarget )
{
//
lv.pszText = "进程列表";
ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
sprintf( str,"当前共有%d个进程。",g_mv.size() );
ListView_SetItemText( g_hList,0,1,str );
//
for( i=0;i<g_mv.size();i++ )
{
lv.iItem = i + 1;
sprintf( str,"%d",g_mv[i].pid );
lv.pszText = str;
nItem = ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
ListView_SetItemText( g_hList,nItem,1,g_mv[i].path );
}
}
else
{
PROCESSINFO p;
memset( (void*)&p,0,sizeof(p) );
for( i=0;i<g_mv.size();i++ )
{
if( lstrcmpi(sTarget,g_mv[i].name)==0 )
{
p = g_mv[i];
break;
}
}
//
lv.iItem = 0;
lv.pszText = "进程 ID";
nItem = ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
sprintf( str,"%08X,%d",p.pid,p.pid );
ListView_SetItemText( g_hList,nItem,1,str );
lv.iItem = 1;
lv.pszText = "进程名称";
nItem = ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
ListView_SetItemText( g_hList,nItem,1,p.name );
lv.iItem = 2;
lv.pszText = "进程路径";
nItem = ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
ListView_SetItemText( g_hList,nItem,1,p.path );
//-----------------------------------------------------
for( j=0;j<p.v.size();j++ )
{
sprintf( str,"%03d,%08X,%d KB",p.v[j].index,p.v[j].h,p.v[j].size );
lv.iItem = p.v[j].index + 2;
lv.pszText = str;
nItem = ListView_InsertItem( g_hList,(const LPLVITEM)&lv );
sprintf( str,"%s",p.v[j].path );
ListView_SetItemText( g_hList,nItem,1,str );
}
//-----------------------------------------------------
}
}
//-------------------------------------------------------------------------
void InitImageList()
{
g_ImageList = ImageList_Create( 16,16,ILC_MASK,100,0 );
TreeView_SetImageList( g_hTree,g_ImageList,TVSIL_NORMAL );
}
//-------------------------------------------------------------------------
void InitValue(PROCESSENTRY32 *pe)
{
if( NULL==pe )
{
ClearAllData();
return;
}
//
bool bCopy = false;
PROCESSINFO p;
memset( (void*)&p,0,sizeof(p) );
p.pid = pe->th32ProcessID;
strcpy( p.name,pe->szExeFile );
//
if( p.pid==0 )
{
strcpy( p.path,"System Idle Process" );
}
else if( p.pid==4 )
{
strcpy( p.path,"System" );
}
else
{
bCopy = true;
}
MODULESINFO m;
memset( (void*)&m,0,sizeof(m) );
HANDLE hSnapshot;
MODULEENTRY32 md32;
hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE,p.pid );
md32.dwSize = sizeof(MODULEENTRY32);
Module32First( hSnapshot,&md32 );
if(bCopy) strcpy( p.path,md32.szExePath );
do
{
m.index= p.v.size() + 1;
m.h = md32.hModule;
m.size = md32.modBaseSize/1024;
strcpy( m.path,md32.szExePath );
strcpy( m.name,md32.szModule );
p.v.push_back( m );
} while ( Module32Next( hSnapshot, &md32 ) );
CloseHandle( hSnapshot );
g_mv.push_back( p );
}
//-------------------------------------------------------------------------
void InitTreeData()
{
TreeView_DeleteAllItems(g_hTree);
g_hRoot = NULL;
ImageList_RemoveAll( g_ImageList );
//
int i,nIndex,IconNum;
HICON hTest,hIcon[2];
PROCESSINFO p;
memset( (void*)&p,0,sizeof(p) );
for( i=0;i<g_mv.size();i++ )
{
p = g_mv[i];
hTest = (HICON)ExtractIconEx( p.path,0,&hIcon[0],&hIcon[1],1 );
IconNum = (int)ExtractIconEx( p.path,-1,NULL,NULL,0 );
if( NULL==hTest || hTest==(HICON)1 || IconNum<=0 )
{
//目标进程没有图标,用 WIN32 标准图标替代
SHFILEINFO shfi;
memset(&shfi,0,sizeof(shfi));
SHGetFileInfo( "Foo.exe",
FILE_ATTRIBUTE_NORMAL,
&shfi,
sizeof(shfi),
SHGFI_ICON|SHGFI_USEFILEATTRIBUTES );
nIndex = ImageList_AddIcon( g_ImageList,shfi.hIcon );
DestroyIcon( shfi.hIcon );
}
else
{
nIndex = ImageList_AddIcon( g_ImageList,hIcon[1] );
DestroyIcon( hIcon[0] );
DestroyIcon( hIcon[1] );
}
//
if(NULL==g_hRoot) g_hRoot=InsertItem( TVI_ROOT,"所有进程",0,0 );
InsertItem( g_hRoot,p.name,nIndex,nIndex );
//
}
TreeView_Expand( g_hTree,g_hRoot,TVE_EXPAND );
}
//-------------------------------------------------------------------------
HTREEITEM InsertItem(HTREEITEM hTI,LPSTR str,int imgOpen,int imgClose)
{
TV_INSERTSTRUCT tvs;
TV_ITEM tvi;
tvs.hInsertAfter = TVI_LAST;
tvi.mask = TVIF_TEXT | TVIF_IMAGE | TVIF_SELECTEDIMAGE;
tvi.pszText = str;
tvi.iImage = imgClose;
tvi.iSelectedImage = imgOpen;
tvs.hParent = hTI;
tvs.item = tvi;
return TreeView_InsertItem( g_hTree,&tvs );
}
//------------------------------------------------------------------------------
DWORD EnumProcess(LPCTSTR sTarget)
{
if( NULL==sTarget ) InitValue( NULL );
DWORD dwRet = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS,0 );
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof( PROCESSENTRY32 );
Process32First( hSnapshot, &pe32 );
do
{
/*
if( NULL!=sTarget )
{
if( lstrcmpi(pe32.szExeFile,sTarget)==0 )
{
dwRet = pe32.th32ProcessID;
break;
}
}
else
*/
{
InitValue(&pe32);
}
} while ( Process32Next( hSnapshot, &pe32 ) );
CloseHandle( hSnapshot );
return dwRet;
}
//-------------------------------------------------------------------------
bool EnableDebugPrivilege()
{
HANDLE hToken = NULL;
LUID luid;
TOKEN_PRIVILEGES tkp; //令牌权限结构
if( !OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES,&hToken) )
{
//printf("OpenProcessToken failed\n");
return false;
}
if( !LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid) ) //查询 DEBUG 权限值
{
return false;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = luid;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; //权限属性使能
//调整为 DEBUG 权限
if( !AdjustTokenPrivileges(hToken,false,&tkp,sizeof(tkp),NULL,NULL) )
{
return false;
}
CloseHandle( hToken );
return true;
}
//------------------------------------------------------------------------------
void RunSysDlg()
{
HINSTANCE hInst = NULL;
hInst = LoadLibrary( "shell32.dll" );
if( hInst )
{
typedef void (__stdcall *FUNC)(HWND,HICON,LPCTSTR,LPCTSTR,LPCTSTR,UINT);
FUNC func;
func = (FUNC)GetProcAddress(hInst,(char*)61);
if( func )
{
func( g_hWnd,NULL,NULL,NULL,NULL,0x02 );
}
}
FreeLibrary( hInst );
}
//-------------------------------------------------------------------------
bool KillProcess()
{
if( NULL==g_sHotName || strlen(g_sHotName)<=0 ) return false;
char sMsg[MAX_SIZE];
strcpy( sMsg,"警告:强制杀掉进程可能会引发严重后果!\r\n确定要终止 " );
strcat( sMsg,g_sHotName );
strcat( sMsg," 的运行吗?" );
if( MessageBox(0,sMsg,"警告",MB_YESNO|MB_ICONINFORMATION)==IDNO )
{
return false;
}
HANDLE h;
DWORD dwTarget = 0;
dwTarget = g_dwHotPid; //GetPrcIdMem(g_sHotName);
if( 0==dwTarget ) return false;
h = OpenProcess( PROCESS_ALL_ACCESS,false,dwTarget );
//杀进程
if( !TerminateProcess(h,0) )
{
CloseHandle( h );
return false;
}
CloseHandle( h );
return true;
}
//-------------------------------------------------------------------------
DWORD GetPrcIdMem(LPCTSTR sTarget)
{
DWORD dwRet = 0;
for( int i=0;i<g_mv.size();i++ )
{
if( lstrcmpi(sTarget,g_mv[i].name)==0 )
{
dwRet = g_mv[i].pid;
break;
}
}
return dwRet;
}
//------------------------------------------------------------------------------
bool RemoteFreeLibrary(DWORD dwProcessID,LPCSTR lpszDll)
{
//打开目标进程
HANDLE hProcess;
hProcess = OpenProcess( PROCESS_ALL_ACCESS,FALSE,dwProcessID );
//向目标进程地址空间写入DLL名称
DWORD dwSize, dwWritten;
dwSize = lstrlenA( lpszDll ) + 1;
LPVOID lpBuf = VirtualAllocEx( hProcess,NULL,dwSize,MEM_COMMIT,PAGE_READWRITE );
if( NULL==lpBuf )
{
CloseHandle( hProcess );
return false;
}
if( WriteProcessMemory(hProcess,lpBuf,(LPVOID)lpszDll,dwSize,&dwWritten) )
{
//要写入字节数与实际写入字节数不相等,仍属失败
if( dwWritten!=dwSize )
{
VirtualFreeEx( hProcess,lpBuf,dwSize,MEM_DECOMMIT );
CloseHandle( hProcess );
return false;
}
}
else
{
CloseHandle( hProcess );
return false;
}
//使目标进程调用GetModuleHandle,获得DLL在目标进程中的句柄
DWORD dwHandle, dwID;
LPVOID pFunc = GetModuleHandleA;
HANDLE hThread;
hThread = CreateRemoteThread( hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pFunc,
lpBuf,0,&dwID );
//等待GetModuleHandle运行完毕
WaitForSingleObject( hThread,INFINITE );
//获得GetModuleHandle的返回值
GetExitCodeThread( hThread,&dwHandle );
//释放目标进程中申请的空间
VirtualFreeEx( hProcess,lpBuf,dwSize,MEM_DECOMMIT );
CloseHandle( hThread );
//使目标进程调用FreeLibrary,卸载DLL
pFunc = FreeLibrary;
hThread = CreateRemoteThread( hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pFunc,
(LPVOID)dwHandle,0,&dwID );
//等待FreeLibrary卸载完毕
WaitForSingleObject( hThread,INFINITE );
CloseHandle( hThread );
CloseHandle( hProcess );
return true;
}
//-------------------------------------------------------------------------
void CheckAndUnload()
{
if( g_dwHotPid<=0 ) return;
int i,j;
char str[MAX_SIZE];
PROCESSINFO p;
HWND hList = g_hList;
j = ListView_GetItemCount( hList );
if( j<=0 ) return;
g_mvUnload.clear();
for( i=0;i<j;i++ )
{
if( ListView_GetItemState(hList,i,LVIS_SELECTED) )
{
ListView_GetItemText( hList,i,1,str,MAX_SIZE );
strcpy( p.path,str );
p.pid = g_dwHotPid;
g_mvUnload.push_back( p );
}
}
if( g_mvUnload.size()<=0 ) return;
UnloadModules();
}
//-------------------------------------------------------------------------
void UnloadModules()
{
//全部操作 g_mvUnload
int i;
char sMsg[MAX_SIZE];
strcpy( sMsg,"警告:卸载模块可能会引发严重后果!\r\n确定要卸载选定的模块吗? " );
if( MessageBox(0,sMsg,"警告",MB_YESNO|MB_ICONINFORMATION)==IDNO )
{
return;
}
__try
{
for( i=0;i<g_mvUnload.size();i++ )
{
RemoteFreeLibrary( g_mvUnload[i].pid,g_mvUnload[i].path );
}
}
__finally
{
g_mvUnload.clear();
Sleep( DELAYTIME );
InitAllData( 2 );
}
}
//-------------------------------------------------------------------------
void ShowFileAttr(LPCTSTR sFile)
{
SHELLEXECUTEINFO sei;
sei.cbSize = sizeof(sei);
sei.fMask = SEE_MASK_NOCLOSEPROCESS | SEE_MASK_INVOKEIDLIST | SEE_MASK_FLAG_NO_UI;
sei.hwnd = g_hWnd;
sei.lpVerb = "properties";
sei.lpFile = sFile;
sei.lpParameters = NULL;
sei.lpDirectory = NULL;
sei.nShow = 0;
sei.hInstApp = 0;
sei.lpIDList = 0;
ShellExecuteEx( &sei );
}
//-------------------------------------------------------------------------⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -