您的位置：首页 > 其它

几种获取进程列表的方法

2016-07-18 21:52 344 查看

1.CreateToolhelp32Snapshot法：

// //////////////////////////////////////////////////////////////////////////

// // CreateToolhelp32Snapshot 法 #include <Tlhelp32.h>

// //////////////////////////////////////////////////////////////////////////

PROCESSENTRY32 pe32;

pe32.dwSize = sizeof(PROCESSENTRY32);

BOOL bRet;

HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);

bRet = Process32First(hProcessSnap,&pe32);

while (bRet)

{

bRet = Process32Next(hProcessSnap,&pe32);

printf("%s\n",&pe32.szExeFile);

}

return 0;

复制代码
如果想输出文件路径，在其中加入提权代码后再OpenProcess，GetModuleFileNameEx即可。

2.EnumProcesses 法

///
4000
///////////////////////////////////////////////////////////////////////

// EnumProcesses 法 #include <Psapi.h> #pragma comment(lib,"Psapi.lib")

//////////////////////////////////////////////////////////////////////////

DWORD PID[1024];

DWORD needed,NumProcess;

EnumProcesses(PID,sizeof(PID),&needed);

NumProcess = needed/sizeof(DWORD);

char FilePatch[MAX_PATH];

for (DWORD i=0;i<NumProcess;i++)

{

HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,PID[i]);

if (hProcess)

{

GetModuleFileNameEx(hProcess,NULL,FilePatch,sizeof(FilePatch));

printf("%s\n",FilePatch);

}

}

CloseHandle(hProcess);

printf("一共%d个进程\n",NumProcess);

return 0;

复制代码
3.WTSOpenServer 法

//////////////////////////////////////////////////////////////////////////

// WTSOpenServer 法 #include <Wtsapi32.h> #pragma comment(lib,"Wtsapi32.lib") 用nbtstat -an获取本机NetBios名称，并在命令行下输入即可

//////////////////////////////////////////////////////////////////////////

char *szServerName = argv[1];

PWTS_PROCESS_INFO wts;

DWORD dwCount;

HANDLE hWtsServer = WTSOpenServer(szServerName);

if(!WTSEnumerateProcesses(hWtsServer,0,1,&wts,&dwCount))

return 0;

for (DWORD i=0;i<dwCount;i++)

{

printf("%s\n",wts[i].pProcessName);

}

return 0;

复制代码
4. ZwQuerySystemInformation 法

//////////////////////////////////////////////////////////////////////////

// ZwQuerySystemInformation 法

//////////////////////////////////////////////////////////////////////////

/*

* Author: Leng_que

* Date: 2010年1月26日23:44:28

* E-mail: [email]leng_que@yahoo.com.cn[/email]

* Description: 演示了如何通过ZwQuerySystemInformation这个函数获取系统的相关信息

*/

#include <stdio.h>

#include <windows.h>

typedef LONG NTSTATUS;

#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)

#define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L)

#define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L)

#define STATUS_INVALID_INFO_CLASS ((NTSTATUS)0xC0000003L)

#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)

typedef enum _SYSTEM_INFORMATION_CLASS

{

SystemBasicInformation, // 0 Y N

SystemProcessorInformation, // 1 Y N

SystemPerformanceInformation, // 2 Y N

SystemTimeOfDayInformation, // 3 Y N

SystemNotImplemented1, // 4 Y N

SystemProcessesAndThreadsInformation, // 5 Y N

SystemCallCounts, // 6 Y N

SystemConfigurationInformation, // 7 Y N

SystemProcessorTimes, // 8 Y N

SystemGlobalFlag, // 9 Y Y

SystemNotImplemented2, // 10 Y N

SystemModuleInformation, // 11 Y N

SystemLockInformation, // 12 Y N

SystemNotImplemented3, // 13 Y N

SystemNotImplemented4, // 14 Y N

SystemNotImplemented5, // 15 Y N

SystemHandleInformation, // 16 Y N

SystemObjectInformation, // 17 Y N

SystemPagefileInformation, // 18 Y N

SystemInstructionEmulationCounts, // 19 Y N

SystemInvalidInfoClass1, // 20

SystemCacheInformation, // 21 Y Y

SystemPoolTagInformation, // 22 Y N

SystemProcessorStatistics, // 23 Y N

SystemDpcInformation, // 24 Y Y

SystemNotImplemented6, // 25 Y N

SystemLoadImage, // 26 N Y

SystemUnloadImage, // 27 N Y

SystemTimeAdjustment, // 28 Y Y

SystemNotImplemented7, // 29 Y N

SystemNotImplemented8, // 30 Y N

SystemNotImplemented9, // 31 Y N

SystemCrashDumpInformation, // 32 Y N

SystemExceptionInformation, // 33 Y N

SystemCrashDumpStateInformation, // 34 Y Y/N

SystemKernelDebuggerInformation, // 35 Y N

SystemContextSwitchInformation, // 36 Y N

SystemRegistryQuotaInformation, // 37 Y Y

SystemLoadAndCallImage, // 38 N Y

SystemPrioritySeparation, // 39 N Y

SystemNotImplemented10, // 40 Y N

SystemNotImplemented11, // 41 Y N

SystemInvalidInfoClass2, // 42

SystemInvalidInfoClass3, // 43

SystemTimeZoneInformation, // 44 Y N

SystemLookasideInformation, // 45 Y N

SystemSetTimeSlipEvent, // 46 N Y

SystemCreateSession, // 47 N Y

SystemDeleteSession, // 48 N Y

SystemInvalidInfoClass4, // 49

SystemRangeStartInformation, // 50 Y N

SystemVerifierInformation, // 51 Y Y

SystemAddVerifier, // 52 N Y

SystemSessionProcessesInformation // 53 Y N

} SYSTEM_INFORMATION_CLASS;

typedef struct _LSA_UNICODE_STRING

{

USHORT Length;

USHORT MaximumLength;

PWSTR Buffer;

} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING;

typedef struct _CLIENT_ID

{

HANDLE UniqueProcess;

HANDLE UniqueThread;

} CLIENT_ID;

typedef enum _THREAD_STATE

{

StateInitialized,

StateReady,

StateRunning,

StateStandby,

StateTerminated,

StateWait,

StateTransition,

StateUnknown

} THREAD_STATE;

typedef enum _KWAIT_REASON

{

Executive,

FreePage,

PageIn,

PoolAllocation,

DelayExecution,

Suspended,

UserRequest,

WrExecutive,

WrFreePage,

WrPageIn,

WrPoolAllocation,

WrDelayExecution,

WrSuspended,

WrUserRequest,

WrEventPair,

WrQueue,

WrLpcReceive,

WrLpcReply,

WrVirtualMemory,

WrPageOut,

WrRendezvous,

Spare2,

Spare3,

Spare4,

Spare5,

Spare6,

WrKernel

} KWAIT_REASON;

typedef struct _IO_COUNTERS

{

LARGE_INTEGER ReadOperationCount; //I/O读操作数目

LARGE_INTEGER WriteOperationCount; //I/O写操作数目

LARGE_INTEGER OtherOperationCount; //I/O其他操作数目

LARGE_INTEGER ReadTransferCount; //I/O读数据数目

LARGE_INTEGER WriteTransferCount; //I/O写数据数目

LARGE_INTEGER OtherTransferCount; //I/O其他操作数据数目

} IO_COUNTERS, *PIO_COUNTERS;

typedef struct _VM_COUNTERS

{

ULONG PeakVirtualSize; //虚拟存储峰值大小

ULONG VirtualSize; //虚拟存储大小

ULONG PageFaultCount; //页故障数目

ULONG PeakWorkingSetSize; //工作集峰值大小

ULONG WorkingSetSize; //工作集大小

ULONG QuotaPeakPagedPoolUsage; //分页池使用配额峰值

ULONG QuotaPagedPoolUsage; //分页池使用配额

ULONG QuotaPeakNonPagedPoolUsage; //非分页池使用配额峰值

ULONG QuotaNonPagedPoolUsage; //非分页池使用配额

ULONG PagefileUsage; //页文件使用情况

ULONG PeakPagefileUsage; //页文件使用峰值

} VM_COUNTERS, *PVM_COUNTERS;

typedef LONG KPRIORITY;

typedef struct _SYSTEM_THREADS

{

LARGE_INTEGER KernelTime;

LARGE_INTEGER UserTime;

LARGE_INTEGER CreateTime;

ULONG WaitTime;

PVOID StartAddress;

CLIENT_ID ClientId;

KPRIORITY Priority;

KPRIORITY BasePriority;

ULONG ContextSwitchCount;

THREAD_STATE State;

KWAIT_REASON WaitReason;

} SYSTEM_THREADS, *PSYSTEM_THREADS;

typedef struct _SYSTEM_PROCESSES

{

ULONG NextEntryDelta;

ULONG ThreadCount;

ULONG Reserved1[6];

LARGE_INTEGER CreateTime;

LARGE_INTEGER UserTime;

LARGE_INTEGER KernelTime;

UNICODE_STRING ProcessName;

KPRIORITY BasePriority;

ULONG ProcessId;

ULONG InheritedFromProcessId;

ULONG HandleCount;

ULONG Reserved2[2];

VM_COUNTERS VmCounters;

IO_COUNTERS IoCounters;

SYSTEM_THREADS Threads[1];

} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;

typedef struct _SYSTEM_BASIC_INFORMATION

{

BYTE Reserved1[24];

PVOID Reserved2[4];

CCHAR NumberOfProcessors;

} SYSTEM_BASIC_INFORMATION;

typedef NTSTATUS (WINAPI *NTQUERYSYSTEMINFORMATION)(IN SYSTEM_INFORMATION_CLASS, IN OUT PVOID, IN ULONG, OUT PULONG OPTIONAL);

int main(void)

{

HINSTANCE ntdll_dll = GetModuleHandle("ntdll.dll");

if ( ntdll_dll!=NULL )

{

NTQUERYSYSTEMINFORMATION dwFunAddress = (NTQUERYSYSTEMINFORMATION)GetProcAddress(ntdll_dll, "ZwQuerySystemInformation");

if ( dwFunAddress!=NULL )

{

//执行 SystemBasicInformation

SYSTEM_BASIC_INFORMATION sbi = {0};

NTSTATUS status = dwFunAddress(SystemBasicInformation, (PVOID)&sbi, sizeof(sbi), NULL);

if ( status == STATUS_SUCCESS )

{

printf("处理器个数：%d\r\n", sbi.NumberOfProcessors);

printf("\r\n");

}

else

{

printf("\r\n SystemBasicInformation error");

}

//执行 SystemProcessesAndThreadsInformation

PSYSTEM_PROCESSES pSp=NULL;

ULONG retureSize=0;

status = dwFunAddress(SystemProcessesAndThreadsInformation, NULL, 0, &retureSize);

if ( status == STATUS_INFO_LENGTH_MISMATCH )

{

unsigned char *buf = new unsigned char[retureSize];

if ( buf!=NULL )

{

status = dwFunAddress(SystemProcessesAndThreadsInformation, (PVOID)buf, retureSize, NULL);

if ( status == STATUS_SUCCESS )

{

pSp = (PSYSTEM_PROCESSES)buf;

printf("===============所有进程信息=============\r\n");

do {

printf("进程ID：%d\r\n", pSp->ProcessId);

printf("进程名：");

wprintf(L"%s\r\n", pSp->ProcessName.Buffer);

printf("线程数：%d\r\n", pSp->ThreadCount);

printf("工作集大小：%dKB\r\n", pSp->VmCounters.WorkingSetSize/1024);

printf("\r\n\r\n");

pSp = (PSYSTEM_PROCESSES)( (unsigned long)pSp + pSp->NextEntryDelta );

} while ( pSp->NextEntryDelta != 0 );

printf("========================================\r\n");

delete[] buf;

buf = NULL;

pSp = NULL;

}

else if ( status == STATUS_UNSUCCESSFUL )

{

printf("\r\n STATUS_UNSUCCESSFUL");

}

else if ( status == STATUS_NOT_IMPLEMENTED )

{

printf("\r\n STATUS_NOT_IMPLEMENTED");

}

else if ( status == STATUS_INVALID_INFO_CLASS )

{

printf("\r\n STATUS_INVALID_INFO_CLASS");

}

else if ( status == STATUS_INFO_LENGTH_MISMATCH )

{

printf("\r\n STATUS_INFO_LENGTH_MISMATCH");

}

}

else

{

printf("\r\n new operation error!");

}

}

}

else

{

printf("\r\n get ZwQuerySystemInformation address error!");

}

FreeLibrary(ntdll_dll);

}

system("pause > nul");

return 0;

}

复制代码

1.CreateToolhelp32Snapshot法：

// //////////////////////////////////////////////////////////////////////////

// // CreateToolhelp32Snapshot 法 #include <Tlhelp32.h>

// //////////////////////////////////////////////////////////////////////////

PROCESSENTRY32 pe32;

pe32.dwSize = sizeof(PROCESSENTRY32);

BOOL bRet;

HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);

bRet = Process32First(hProcessSnap,&pe32);

while (bRet)

{

bRet = Process32Next(hProcessSnap,&pe32);

printf("%s\n",&pe32.szExeFile);

}

return 0;

复制代码
如果想输出文件路径，在其中加入提权代码后再OpenProcess，GetModuleFileNameEx即可。

2.EnumProcesses 法

//////////////////////////////////////////////////////////////////////////

// EnumProcesses 法 #include <Psapi.h> #pragma comment(lib,"Psapi.lib")

//////////////////////////////////////////////////////////////////////////

DWORD PID[1024];

DWORD needed,NumProcess;

EnumProcesses(PID,sizeof(PID),&needed);

NumProcess = needed/sizeof(DWORD);

char FilePatch[MAX_PATH];

for (DWORD i=0;i<NumProcess;i++)

{

HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,PID[i]);

if (hProcess)

{

GetModuleFileNameEx(hProcess,NULL,FilePatch,sizeof(FilePatch));

printf("%s\n",FilePatch);

}

}

CloseHandle(hProcess);

printf("一共%d个进程\n",NumProcess);

return 0;

复制代码
3.WTSOpenServer 法

//////////////////////////////////////////////////////////////////////////

// WTSOpenServer 法 #include <Wtsapi32.h> #pragma comment(lib,"Wtsapi32.lib") 用nbtstat -an获取本机NetBios名称，并在命令行下输入即可

//////////////////////////////////////////////////////////////////////////

char *szServerName = argv[1];

PWTS_PROCESS_INFO wts;

DWORD dwCount;

HANDLE hWtsServer = WTSOpenServer(szServerName);

if(!WTSEnumerateProcesses(hWtsServer,0,1,&wts,&dwCount))

return 0;

for (DWORD i=0;i<dwCount;i++)

{

printf("%s\n",wts[i].pProcessName);

}

return 0;

复制代码
4. ZwQuerySystemInformation 法

//////////////////////////////////////////////////////////////////////////

// ZwQuerySystemInformation 法

//////////////////////////////////////////////////////////////////////////

/*

* Author: Leng_que

* Date: 2010年1月26日23:44:28

* E-mail: [email]leng_que@yahoo.com.cn[/email]

* Description: 演示了如何通过ZwQuerySystemInformation这个函数获取系统的相关信息

*/

#include <stdio.h>

#include <windows.h>

typedef LONG NTSTATUS;

#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)

#define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L)

#define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L)

#define STATUS_INVALID_INFO_CLASS ((NTSTATUS)0xC0000003L)

#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)

typedef enum _SYSTEM_INFORMATION_CLASS

{

SystemBasicInformation, // 0 Y N

SystemProcessorInformation, // 1 Y N

SystemPerformanceInformation, // 2 Y N

SystemTimeOfDayInformation, // 3 Y N

SystemNotImplemented1, // 4 Y N

SystemProcessesAndThreadsInformation, // 5 Y N

SystemCallCounts, // 6 Y N

SystemConfigurationInformation, // 7 Y N

SystemProcessorTimes, // 8 Y N

SystemGlobalFlag, // 9 Y Y

SystemNotImplemented2, // 10 Y N

SystemModuleInformation, // 11 Y N

SystemLockInformation, // 12 Y N

SystemNotImplemented3, // 13 Y N

SystemNotImplemented4, // 14 Y N

SystemNotImplemented5, // 15 Y N

SystemHandleInformation, // 16 Y N

SystemObjectInformation, // 17 Y N

SystemPagefileInformation, // 18 Y N

SystemInstructionEmulationCounts, // 19 Y N

SystemInvalidInfoClass1, // 20

SystemCacheInformation, // 21 Y Y

SystemPoolTagInformation, // 22 Y N

SystemProcessorStatistics, // 23 Y N

SystemDpcInformation, // 24 Y Y

SystemNotImplemented6, // 25 Y N

SystemLoadImage, // 26 N Y

SystemUnloadImage, // 27 N Y

SystemTimeAdjustment, // 28 Y Y

SystemNotImplemented7, // 29 Y N

SystemNotImplemented8, // 30 Y N

SystemNotImplemented9, // 31 Y N

SystemCrashDumpInformation, // 32 Y N

SystemExceptionInformation, // 33 Y N

SystemCrashDumpStateInformation, // 34 Y Y/N

SystemKernelDebuggerInformation, // 35 Y N

SystemContextSwitchInformation, // 36 Y N

SystemRegistryQuotaInformation, // 37 Y Y

SystemLoadAndCallImage, // 38 N Y

SystemPrioritySeparation, // 39 N Y

SystemNotImplemented10, // 40 Y N

SystemNotImplemented11, // 41 Y N

SystemInvalidInfoClass2, // 42

SystemInvalidInfoClass3, // 43

SystemTimeZoneInformation, // 44 Y N

SystemLookasideInformation, // 45 Y N

SystemSetTimeSlipEvent, // 46 N Y

1d506

SystemCreateSession, // 47 N Y

SystemDeleteSession, // 48 N Y

SystemInvalidInfoClass4, // 49

SystemRangeStartInformation, // 50 Y N

SystemVerifierInformation, // 51 Y Y

SystemAddVerifier, // 52 N Y

SystemSessionProcessesInformation // 53 Y N

} SYSTEM_INFORMATION_CLASS;

typedef struct _LSA_UNICODE_STRING

{

USHORT Length;

USHORT MaximumLength;

PWSTR Buffer;

} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING;

typedef struct _CLIENT_ID

{

HANDLE UniqueProcess;

HANDLE UniqueThread;

} CLIENT_ID;

typedef enum _THREAD_STATE

{

StateInitialized,

StateReady,

StateRunning,

StateStandby,

StateTerminated,

StateWait,

StateTransition,

StateUnknown

} THREAD_STATE;

typedef enum _KWAIT_REASON

{

Executive,

FreePage,

PageIn,

PoolAllocation,

DelayExecution,

Suspended,

UserRequest,

WrExecutive,

WrFreePage,

WrPageIn,

WrPoolAllocation,

WrDelayExecution,

WrSuspended,

WrUserRequest,

WrEventPair,

WrQueue,

WrLpcReceive,

WrLpcReply,

WrVirtualMemory,

WrPageOut,

WrRendezvous,

Spare2,

Spare3,

Spare4,

Spare5,

Spare6,

WrKernel

} KWAIT_REASON;

typedef struct _IO_COUNTERS

{

LARGE_INTEGER ReadOperationCount; //I/O读操作数目

LARGE_INTEGER WriteOperationCount; //I/O写操作数目

LARGE_INTEGER OtherOperationCount; //I/O其他操作数目

LARGE_INTEGER ReadTransferCount; //I/O读数据数目

LARGE_INTEGER WriteTransferCount; //I/O写数据数目

LARGE_INTEGER OtherTransferCount; //I/O其他操作数据数目

} IO_COUNTERS, *PIO_COUNTERS;

typedef struct _VM_COUNTERS

{

ULONG PeakVirtualSize; //虚拟存储峰值大小

ULONG VirtualSize; //虚拟存储大小

ULONG PageFaultCount; //页故障数目

ULONG PeakWorkingSetSize; //工作集峰值大小

ULONG WorkingSetSize; //工作集大小

ULONG QuotaPeakPagedPoolUsage; //分页池使用配额峰值

ULONG QuotaPagedPoolUsage; //分页池使用配额

ULONG QuotaPeakNonPagedPoolUsage; //非分页池使用配额峰值

ULONG QuotaNonPagedPoolUsage; //非分页池使用配额

ULONG PagefileUsage; //页文件使用情况

ULONG PeakPagefileUsage; //页文件使用峰值

} VM_COUNTERS, *PVM_COUNTERS;

typedef LONG KPRIORITY;

typedef struct _SYSTEM_THREADS

{

LARGE_INTEGER KernelTime;

LARGE_INTEGER UserTime;

LARGE_INTEGER CreateTime;

ULONG WaitTime;

PVOID StartAddress;

CLIENT_ID ClientId;

KPRIORITY Priority;

KPRIORITY BasePriority;

ULONG ContextSwitchCount;

THREAD_STATE State;

KWAIT_REASON WaitReason;

} SYSTEM_THREADS, *PSYSTEM_THREADS;

typedef struct _SYSTEM_PROCESSES

{

ULONG NextEntryDelta;

ULONG ThreadCount;

ULONG Reserved1[6];

LARGE_INTEGER CreateTime;

LARGE_INTEGER UserTime;

LARGE_INTEGER KernelTime;

UNICODE_STRING ProcessName;

KPRIORITY BasePriority;

ULONG ProcessId;

ULONG InheritedFromProcessId;

ULONG HandleCount;

ULONG Reserved2[2];

VM_COUNTERS VmCounters;

IO_COUNTERS IoCounters;

SYSTEM_THREADS Threads[1];

} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;

typedef struct _SYSTEM_BASIC_INFORMATION

{

BYTE Reserved1[24];

PVOID Reserved2[4];

CCHAR NumberOfProcessors;

} SYSTEM_BASIC_INFORMATION;

typedef NTSTATUS (WINAPI *NTQUERYSYSTEMINFORMATION)(IN SYSTEM_INFORMATION_CLASS, IN OUT PVOID, IN ULONG, OUT PULONG OPTIONAL);

int main(void)

{

HINSTANCE ntdll_dll = GetModuleHandle("ntdll.dll");

if ( ntdll_dll!=NULL )

{

NTQUERYSYSTEMINFORMATION dwFunAddress = (NTQUERYSYSTEMINFORMATION)GetProcAddress(ntdll_dll, "ZwQuerySystemInformation");

if ( dwFunAddress!=NULL )

{

//执行 SystemBasicInformation

SYSTEM_BASIC_INFORMATION sbi = {0};

NTSTATUS status = dwFunAddress(SystemBasicInformation, (PVOID)&sbi, sizeof(sbi), NULL);

if ( status == STATUS_SUCCESS )

{

printf("处理器个数：%d\r\n", sbi.NumberOfProcessors);

printf("\r\n");

}

else

{

printf("\r\n SystemBasicInformation error");

}

//执行 SystemProcessesAndThreadsInformation

PSYSTEM_PROCESSES pSp=NULL;

ULONG retureSize=0;

status = dwFunAddress(SystemProcessesAndThreadsInformation, NULL, 0, &retureSize);

if ( status == STATUS_INFO_LENGTH_MISMATCH )

{

unsigned char *buf = new unsigned char[retureSize];

if ( buf!=NULL )

{

status = dwFunAddress(SystemProcessesAndThreadsInformation, (PVOID)buf, retureSize, NULL);

if ( status == STATUS_SUCCESS )

{

pSp = (PSYSTEM_PROCESSES)buf;

printf("===============所有进程信息=============\r\n");

do {

printf("进程ID：%d\r\n", pSp->ProcessId);

printf("进程名：");

wprintf(L"%s\r\n", pSp->ProcessName.Buffer);

printf("线程数：%d\r\n", pSp->ThreadCount);

printf("工作集大小：%dKB\r\n", pSp->VmCounters.WorkingSetSize/1024);

printf("\r\n\r\n");

pSp = (PSYSTEM_PROCESSES)( (unsigned long)pSp + pSp->NextEntryDelta );

} while ( pSp->NextEntryDelta != 0 );

printf("========================================\r\n");

delete[] buf;

buf = NULL;

pSp = NULL;

}

else if ( status == STATUS_UNSUCCESSFUL )

{

printf("\r\n STATUS_UNSUCCESSFUL");

}

else if ( status == STATUS_NOT_IMPLEMENTED )

{

printf("\r\n STATUS_NOT_IMPLEMENTED");

}

else if ( status == STATUS_INVALID_INFO_CLASS )

{

printf("\r\n STATUS_INVALID_INFO_CLASS");

}

else if ( status == STATUS_INFO_LENGTH_MISMATCH )

{

printf("\r\n STATUS_INFO_LENGTH_MISMATCH");

}

}

else

{

printf("\r\n new operation error!");

}

}

}

else

{

printf("\r\n get ZwQuerySystemInformation address error!");

}

FreeLibrary(ntdll_dll);

}

system("pause > nul");

return 0;

}

复制代码

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签：

相关文章推荐

新的分享

章节导航