#include "stdafx.h" #include"resource.h" #include <psapi.h> #include <Tlhelp32.h> #include <commctrl.h> #include <string.h> #include<stdlib.h> #include<stdio.h> #include<commdlg.h> #pragma comment(lib,"psapi.lib") #pragma comment(lib,"comctl32.lib") TCHAR szFileName1[128]; HINSTANCE hAppInstance; VOID EnumProcess(HWND hListProcess) { LV_ITEM vitem; TCHAR TempBase[128] = {0}; TCHAR TempSize[128] = {0}; //初始化 memset(&vitem,0,sizeof(LV_ITEM)); vitem.mask = LVIF_TEXT; //进程遍历 MODULEENTRY32 me; PROCESSENTRY32 pe32; me.dwSize = sizeof(MODULEENTRY32); pe32.dwSize = sizeof(pe32); HANDLE hSnapshot_proc = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hSnapshot_proc != INVALID_HANDLE_VALUE) { BOOL check = Process32First(hSnapshot_proc, &pe32); while (check) { Module32First(hSnapshot_proc, &me); sprintf(TempBase, "%08X", me.modBaseAddr); sprintf(TempSize, "%08X", me.modBaseSize); TCHAR szBuff[128]; vitem.pszText = pe32.szExeFile; //第几行 vitem.iItem = 0; //第几列 vitem.iSubItem = 0; //ListView_InsertItem(hListProcess, &vitem); SendMessage(hListProcess, LVM_INSERTITEM,0,(DWORD)&vitem); wsprintf(szBuff, TEXT("%d"), pe32.th32ProcessID); vitem.pszText = szBuff; vitem.iItem = 0; vitem.iSubItem = 1; ListView_SetItem(hListProcess, &vitem); // sprintf(szBuff, "%x", pe32.modBaseAddr); vitem.pszText = TempBase; vitem.iItem = 0; vitem.iSubItem = 2; ListView_SetItem(hListProcess, &vitem); // sprintf(szBuff, "%x", pe32.modBaseSize); vitem.pszText = TempSize; vitem.iItem = 0; vitem.iSubItem = 3; ListView_SetItem(hListProcess, &vitem); // printf("进程PID = %d 进程名 = %s ", pe32.th32ProcessID, pe32.szExeFile); check = Process32Next(hSnapshot_proc, &pe32); } } CloseHandle(hSnapshot_proc); } VOID InitProcessListView(HWND hDlg) { LV_COLUMN lv; HWND hListProcess; //初始化 memset(&lv,0,sizeof(LV_COLUMN)); //获取IDC_LIST_PROCESS句柄 hListProcess = GetDlgItem(hDlg,IDC_LIST_PROCESS); //设置整行选中 SendMessage(hListProcess,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_FULLROWSELECT,LVS_EX_FULLROWSELECT); //第一列 lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM; lv.pszText = TEXT("进程"); //列标题 lv.cx = 200; //列宽 lv.iSubItem = 0; //ListView_InsertColumn(hListProcess, 0, &lv); SendMessage(hListProcess,LVM_INSERTCOLUMN,0,(DWORD)&lv); //第二列 lv.pszText = TEXT("PID"); lv.cx = 100; lv.iSubItem = 1; //ListView_InsertColumn(hListProcess, 1, &lv); SendMessage(hListProcess,LVM_INSERTCOLUMN,1,(DWORD)&lv); //第三列 lv.pszText = TEXT("镜像基址"); lv.cx = 100; lv.iSubItem = 2; ListView_InsertColumn(hListProcess, 2, &lv); //第四列 lv.pszText = TEXT("镜像大小"); lv.cx = 100; lv.iSubItem = 3; ListView_InsertColumn(hListProcess, 3, &lv); EnumProcess(hListProcess); } VOID InitModuleListView(HWND hDlg) { LV_COLUMN lv; HWND hListProcess; //初始化 memset(&lv,0,sizeof(LV_COLUMN)); //获取IDC_LIST_PROCESS句柄 hListProcess = GetDlgItem(hDlg,IDC_LIST_MODULE); //设置整行选中 SendMessage(hListProcess,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_FULLROWSELECT,LVS_EX_FULLROWSELECT); //第一列 lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM; lv.pszText = TEXT("模块名称"); //列标题 lv.cx = 200; //列宽 lv.iSubItem = 0; //ListView_InsertColumn(hListProcess, 0, &lv); SendMessage(hListProcess,LVM_INSERTCOLUMN,0,(DWORD)&lv); //第二列 lv.pszText = TEXT("模块位置"); lv.cx = 300; lv.iSubItem = 1; //ListView_InsertColumn(hListProcess, 1, &lv); SendMessage(hListProcess,LVM_INSERTCOLUMN,1,(DWORD)&lv); } BOOL SetProcessPrivilege(char *lpName, BOOL opt) { HANDLE tokenhandle; TOKEN_PRIVILEGES NewState; if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &tokenhandle)) { LookupPrivilegeValue(NULL, lpName, &NewState.Privileges[0].Luid); NewState.PrivilegeCount = 1; NewState.Privileges[0].Attributes = opt != 0 ? 2 : 0; AdjustTokenPrivileges(tokenhandle, FALSE, &NewState, sizeof(NewState), NULL, NULL); CloseHandle(tokenhandle); return 1; } else { return 0; } } VOID EnumModules(HWND hListModule, HWND hListProcess, WPARAM wParam, LPARAM lParam) { LV_ITEM vitem; TCHAR szBuff1[128]; //初始化 memset(&vitem,0,sizeof(LV_ITEM)); vitem.mask = LVIF_TEXT; DWORD dwRowId; TCHAR szPid[0x20]; TCHAR szBuf[0x20]; TCHAR szBuff[128]; LV_ITEM lv; //初始化 memset(&lv, 0, sizeof(LV_ITEM)); memset(szPid, 0, sizeof(szPid)); //获取选择行 dwRowId = SendMessage(hListProcess, LVM_GETNEXTITEM, -1, LVNI_SELECTED); if(dwRowId == -1) { MessageBox(NULL, TEXT("ERROR"), TEXT("ERROR"), MB_OK); return; } //获取PID lv.iSubItem = 1; lv.pszText = szPid; lv.cchTextMax = 0x20; SendMessage(hListProcess, LVM_GETITEMTEXT, dwRowId, (DWORD)&lv); //遍历进程模块 PROCESSENTRY32 pe32; MODULEENTRY32 me32; HANDLE hProcess, hSnapshot_proc, hSnapshot_mod; pe32.dwSize = sizeof(pe32); SetProcessPrivilege("SeDebugPrivilege", 1); hSnapshot_proc = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (Process32First(hSnapshot_proc, &pe32)) { do { hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe32.th32ProcessID); if (pe32.th32ProcessID && pe32.th32ProcessID != 4 && pe32.th32ProcessID != 8) { wsprintf(szBuf, TEXT("%d"), pe32.th32ProcessID); // printf("PID: %d >>> ProcName: %s ", pe32.th32ProcessID, pe32.szExeFile); me32.dwSize = sizeof(me32); hSnapshot_mod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pe32.th32ProcessID); Module32First(hSnapshot_mod, &me32); do { if(strcmp(szBuf, szPid) == 0) { vitem.pszText = me32.szModule; //第几行 vitem.iItem = 0; //第几列 vitem.iSubItem = 0; //ListView_InsertItem(hListProcess, &vitem); SendMessage(hListModule, LVM_INSERTITEM,0,(DWORD)&vitem); // wsprintf(szBuff, TEXT("%d"), pe32.th32ProcessID); vitem.pszText = me32.szExePath; vitem.iItem = 0; vitem.iSubItem = 1; ListView_SetItem(hListModule, &vitem); } // printf("ModName: %s -> Path: %s ", me32.szModule, me32.szExePath); } while (Module32Next(hSnapshot_mod, &me32)); printf("------ "); CloseHandle(hSnapshot_mod); } CloseHandle(hProcess); } while (Process32Next(hSnapshot_proc, &pe32)); } SetProcessPrivilege("SeDebugPrivilege", 0); CloseHandle(hSnapshot_proc); // MessageBox(NULL, szPid, TEXT("PID"), MB_OK); } DWORD ReadPEFile(IN LPSTR lpszFile, OUT LPVOID* pFileBuffer) { FILE* fp = fopen(lpszFile, "rb"); DWORD fileSize = 0; if (!fp) { printf("无法打开exe文件!"); return 0; } fseek(fp, 0, SEEK_END); fileSize = ftell(fp); fseek(fp, 0, SEEK_SET); *pFileBuffer = malloc(fileSize); if (!(*pFileBuffer)) { printf("分配空间失败!"); fclose(fp); return 0; } size_t n = fread(*pFileBuffer, fileSize, 1, fp); if (!n) { printf("读取数据失败!"); free(*pFileBuffer); fclose(fp); return 0; } fclose(fp); return n; } VOID FixHeaderInfomation(HWND hwndDlg) { PIMAGE_DOS_HEADER pDosHeader = NULL; PIMAGE_NT_HEADERS pNTHeader = NULL; PIMAGE_FILE_HEADER pFileHeader = NULL; PIMAGE_OPTIONAL_HEADER32 pOptionalHeader = NULL; PIMAGE_SECTION_HEADER pSectionHeader = NULL, flag = NULL; LPVOID pImageBuffer = NULL; ReadPEFile(szFileName1, &pImageBuffer); if ((*(PWORD)pImageBuffer) != IMAGE_DOS_SIGNATURE) { printf("不是有效的MZ标志!"); free(pImageBuffer); return; } pDosHeader = (PIMAGE_DOS_HEADER)pImageBuffer; if (*((PDWORD)((DWORD)pImageBuffer + pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE) { printf("不是有效的PE标志!"); free(pImageBuffer); return; } pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pImageBuffer + pDosHeader->e_lfanew); pFileHeader = (PIMAGE_FILE_HEADER)((DWORD)pNTHeader + 4); pOptionalHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pFileHeader + IMAGE_SIZEOF_FILE_HEADER); pSectionHeader = flag = (PIMAGE_SECTION_HEADER)((DWORD)pOptionalHeader + pFileHeader->SizeOfOptionalHeader); TCHAR szBuffer[128]; sprintf(szBuffer, "%x", pOptionalHeader->AddressOfEntryPoint); SendDlgItemMessage(hwndDlg, IDC_EDIT_ENTRYPOINT, WM_SETTEXT, 0, (DWORD)szBuffer); sprintf(szBuffer, "%x", pOptionalHeader->ImageBase); SendDlgItemMessage(hwndDlg, IDC_EDIT_IMAGEBASE, WM_SETTEXT, 0, (DWORD)szBuffer); } VOID FixDirectoryInfomation(HWND hwndDlg) { PIMAGE_DOS_HEADER pDosHeader = NULL; PIMAGE_NT_HEADERS pNTHeader = NULL; PIMAGE_FILE_HEADER pFileHeader = NULL; PIMAGE_OPTIONAL_HEADER32 pOptionalHeader = NULL; PIMAGE_SECTION_HEADER pSectionHeader = NULL, flag = NULL; LPVOID pImageBuffer = NULL; ReadPEFile(szFileName1, &pImageBuffer); if ((*(PWORD)pImageBuffer) != IMAGE_DOS_SIGNATURE) { printf("不是有效的MZ标志!"); free(pImageBuffer); return; } pDosHeader = (PIMAGE_DOS_HEADER)pImageBuffer; if (*((PDWORD)((DWORD)pImageBuffer + pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE) { printf("不是有效的PE标志!"); free(pImageBuffer); return; } pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pImageBuffer + pDosHeader->e_lfanew); pFileHeader = (PIMAGE_FILE_HEADER)((DWORD)pNTHeader + 4); pOptionalHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pFileHeader + IMAGE_SIZEOF_FILE_HEADER); pSectionHeader = flag = (PIMAGE_SECTION_HEADER)((DWORD)pOptionalHeader + pFileHeader->SizeOfOptionalHeader); TCHAR szBuffer[128]; sprintf(szBuffer, "%x", pOptionalHeader->DataDirectory[0].VirtualAddress); SendDlgItemMessage(hwndDlg, IDC_EDIT_EXPORT1, WM_SETTEXT, 0, (DWORD)szBuffer); sprintf(szBuffer, "%x", pOptionalHeader->DataDirectory[0].Size); SendDlgItemMessage(hwndDlg, IDC_EDIT_EXPORT2, WM_SETTEXT, 0, (DWORD)szBuffer); sprintf(szBuffer, "%x", pOptionalHeader->DataDirectory[1].VirtualAddress); SendDlgItemMessage(hwndDlg, IDC_EDIT_IMPORT1, WM_SETTEXT, 0, (DWORD)szBuffer); sprintf(szBuffer, "%x", pOptionalHeader->DataDirectory[1].Size); SendDlgItemMessage(hwndDlg, IDC_EDIT_IMPORT2, WM_SETTEXT, 0, (DWORD)szBuffer); } DWORD RvaToFileOffset(IN LPVOID FileBuffer, IN DWORD Rva) { PIMAGE_DOS_HEADER pDOS = (PIMAGE_DOS_HEADER)FileBuffer; PIMAGE_NT_HEADERS pNT = (PIMAGE_NT_HEADERS)((DWORD)FileBuffer + pDOS->e_lfanew); PIMAGE_SECTION_HEADER pSECTION = (PIMAGE_SECTION_HEADER)(pNT + 1); int i; for (i = 0; i < pNT->FileHeader.NumberOfSections; i++, pSECTION++) { if (Rva >= pSECTION->VirtualAddress && Rva < pSECTION->VirtualAddress + pSECTION->SizeOfRawData) { return (Rva - pSECTION->VirtualAddress + pSECTION->PointerToRawData); break; } } return 0; } VOID PrintImportTable(HWND hwndDlg) { TCHAR szBuff[10000] = {0}; TCHAR szString[100000] = {0}; PIMAGE_DOS_HEADER pDosHeader = NULL; PIMAGE_NT_HEADERS pNTHeader = NULL; PIMAGE_FILE_HEADER pFileHeader = NULL; PIMAGE_OPTIONAL_HEADER32 pOptionalHeader = NULL; LPVOID pFileBuffer = NULL; PIMAGE_IMPORT_DESCRIPTOR pImport = NULL; PIMAGE_IMPORT_BY_NAME pName = NULL; DWORD addrOfOri = 0; int i = 0; ReadPEFile(szFileName1, &pFileBuffer); pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer; pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pDosHeader + pDosHeader->e_lfanew); pFileHeader = (PIMAGE_FILE_HEADER)((DWORD)pNTHeader + 4); pOptionalHeader = (PIMAGE_OPTIONAL_HEADER32)(pFileHeader + 1); pImport = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)pFileBuffer + RvaToFileOffset(pFileBuffer, pOptionalHeader->DataDirectory[1].VirtualAddress)); addrOfOri = (DWORD)pFileBuffer + RvaToFileOffset(pFileBuffer, pImport->OriginalFirstThunk); while (1) { if (pImport->OriginalFirstThunk == 0) break; sprintf(szString,"****************%s**************** ", (char *)((DWORD)pFileBuffer + RvaToFileOffset(pFileBuffer, pImport->Name))); strcat(szBuff, szString); addrOfOri = (DWORD)pFileBuffer + RvaToFileOffset(pFileBuffer, pImport->OriginalFirstThunk); while (1) { if ((DWORD)(*(PDWORD)addrOfOri == 0)) { break; } if ((DWORD)(*(PDWORD)addrOfOri) >> 31 == 1) { sprintf(szString, "序号:%x ", (DWORD)(*(PDWORD)addrOfOri) & 0x7fffffff); strcat(szBuff, szString); } else { pName = (PIMAGE_IMPORT_BY_NAME)((DWORD)pFileBuffer + RvaToFileOffset(pFileBuffer, (DWORD)(*(PDWORD)addrOfOri))); i = 0; while (pName->Name[i] != 0) { sprintf(szString,"%c", pName->Name[i]); strcat(szBuff, szString); i++; } sprintf(szString, "%s"," "); strcat(szBuff, szString); } addrOfOri += 4; } pImport = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)pImport + 20); } free(pFileBuffer); SendDlgItemMessage(hwndDlg, IDC_EDIT_IMPORTINF, WM_SETTEXT, 0, (DWORD)szBuff); } VOID PrintfExportImform(HWND hwndDlg) { TCHAR szString[100000] = {0}; TCHAR szBuff[128] = {0}; PIMAGE_DOS_HEADER pDosHeader = NULL; PIMAGE_NT_HEADERS pNTHeader = NULL; PIMAGE_FILE_HEADER pFileHeader = NULL; PIMAGE_OPTIONAL_HEADER32 pOptionalHeader = NULL; PIMAGE_SECTION_HEADER pSectionHeader = NULL; PIMAGE_EXPORT_DIRECTORY pExport = NULL; LPVOID pFileBuffer = NULL; DWORD pExportFileOffset = NULL; ReadPEFile(szFileName1, &pFileBuffer); pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer; pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pDosHeader + pDosHeader->e_lfanew); pFileHeader = (PIMAGE_FILE_HEADER)((DWORD)pNTHeader + 4); pOptionalHeader = (PIMAGE_OPTIONAL_HEADER32)(pFileHeader + 1); pExportFileOffset = pOptionalHeader->DataDirectory[0].VirtualAddress; if(pExportFileOffset != 0) { pExportFileOffset = RvaToFileOffset(pFileBuffer, pExportFileOffset); pExport = (PIMAGE_EXPORT_DIRECTORY)((DWORD)pFileBuffer + pExportFileOffset); //printf("%d", pExport->NumberOfFunctions); //函数地址 DWORD FileOffOfFunctions = RvaToFileOffset(pFileBuffer, pExport->AddressOfFunctions); LPVOID pFunctionInFile = (LPVOID)((DWORD)pFileBuffer + FileOffOfFunctions); for (int i = 0; i < pExport->NumberOfFunctions; i++) { // printf("%x ", *((PDWORD)pFunctionInFile)); sprintf(szBuff, "%x ", *((PDWORD)pFunctionInFile)); strcat(szString, szBuff); pFunctionInFile = (LPVOID)((DWORD)pFunctionInFile + 4); } //函数名称 //AddressOfNames在文件中的偏移 DWORD FileOffOfNames = RvaToFileOffset(pFileBuffer, pExport->AddressOfNames); //printf("%x", FileOffOfNames); //AddressOfNames在文件中的地址 LPVOID pNamesInFile = (LPVOID)((DWORD)pFileBuffer + FileOffOfNames); //printf("%x", pNamesInFile); //AddressOfNames数组项在文件中的偏移 DWORD OffsetOfNames; LPVOID pNameInFile = NULL; //OffsetOfNames = RvaToFileOffset(pFileBuffer, (DWORD)(*((PDWORD)pNamesInFile))); for (int j = 0; j < pExport->NumberOfNames; j++) { OffsetOfNames = RvaToFileOffset(pFileBuffer, (DWORD)(*((PDWORD)pNamesInFile))); pNameInFile = (LPVOID)((DWORD)pFileBuffer + OffsetOfNames); strcat(szString, (char *)pNameInFile); strcat(szString, " "); // printf("%s ", pNameInFile); pNamesInFile = (LPVOID)((DWORD)pNamesInFile + 4); } //函数序号 DWORD OrdOffsetInFile = RvaToFileOffset(pFileBuffer, pExport->AddressOfNameOrdinals); LPVOID pOrdinalsInFile = (LPVOID)((DWORD)pFileBuffer + OrdOffsetInFile); for (int k = 0; k < pExport->NumberOfNames; k++) { // printf("%d ", *((PWORD)pOrdinalsInFile)); sprintf(szBuff, "%x ", *((PWORD)pOrdinalsInFile)); strcat(szString, szBuff); pOrdinalsInFile = (LPVOID)((DWORD)pOrdinalsInFile + 2); } }else { sprintf(szString, "%s ", "没有导出表!"); } // sprintf(szString, "------------OriginalFirstThunkVRA:%X------------ ", 1); SendDlgItemMessage(hwndDlg, IDC_EDIT_EXPORTINF, WM_SETTEXT, 0, (DWORD)szString); } BOOL CALLBACK ProcDlgExportInf( HWND hwndDlg, // handle to dialog box UINT uMsg, // message WPARAM wParam, // first message parameter LPARAM lParam // second message parameter ) { switch(uMsg) { case WM_CLOSE: EndDialog(hwndDlg, 0); break; case WM_INITDIALOG: PrintfExportImform(hwndDlg); return TRUE; } return FALSE; } BOOL CALLBACK ProcDlgImportInf( HWND hwndDlg, // handle to dialog box UINT uMsg, // message WPARAM wParam, // first message parameter LPARAM lParam // second message parameter ) { switch(uMsg) { case WM_CLOSE: EndDialog(hwndDlg, 0); break; case WM_INITDIALOG: PrintImportTable(hwndDlg); return TRUE; } return FALSE; } BOOL CALLBACK ProcDlgDirectory( HWND hwndDlg, // handle to dialog box UINT uMsg, // message WPARAM wParam, // first message parameter LPARAM lParam // second message parameter ) { switch(uMsg) { case WM_CLOSE: EndDialog(hwndDlg, 0); break; case WM_INITDIALOG: FixDirectoryInfomation(hwndDlg); return TRUE; case WM_COMMAND: switch(LOWORD(wParam)) { case IDC_BUTTON_CLOSE1: EndDialog(hwndDlg, 0); return TRUE; case IDC_BUTTON_EXPORT: DialogBox(hAppInstance, MAKEINTRESOURCE(IDD_DIALOG_EXPORTINF),hwndDlg, ProcDlgExportInf); return TRUE; case IDC_BUTTON_IMPORT: DialogBox(hAppInstance, MAKEINTRESOURCE(IDD_DIALOG_IMPORTINF), hwndDlg, ProcDlgImportInf); return TRUE; } } return FALSE; } BOOL CALLBACK ProcDlgPE( HWND hwndDlg, // handle to dialog box UINT uMsg, // message WPARAM wParam, // first message parameter LPARAM lParam // second message parameter ) { switch(uMsg) { case WM_CLOSE: EndDialog(hwndDlg, 0); break; case WM_INITDIALOG: FixHeaderInfomation(hwndDlg); return TRUE; case WM_COMMAND: switch(LOWORD (wParam)) { case IDC_BUTTON_CLOSE: EndDialog(hwndDlg, 0); return TRUE; case IDC_BUTTON_SECTION: return TRUE; case IDC_BUTTON_DIRECTORY: DialogBox(hAppInstance, MAKEINTRESOURCE(IDD_DIALOG_DIRECTORY),hwndDlg, ProcDlgDirectory); return TRUE; } } return FALSE; } VOID PEOpen(HWND hDlg) { OPENFILENAME stOpenFile; TCHAR szPeFileExt[100] = "*.exe;*.dll;*.scr;*.drv;*.sys"; TCHAR szFileName[256]; memset(szFileName, 0, 256); memset(&stOpenFile, 0, sizeof(stOpenFile)); stOpenFile.lStructSize = sizeof(OPENFILENAME); stOpenFile.Flags = OFN_FILEMUSTEXIST | OFN_PATHMUSTEXIST; stOpenFile.hwndOwner = hDlg; stOpenFile.lpstrFilter = szPeFileExt; stOpenFile.lpstrFile = szFileName; stOpenFile.nMaxFile = MAX_PATH; GetOpenFileName(&stOpenFile); strcpy(szFileName1, szFileName); MessageBox(0, szFileName,0 ,0); DialogBox(hAppInstance, MAKEINTRESOURCE(IDD_DIALOG_PE),hDlg, ProcDlgPE); } BOOL CALLBACK DialogProc( HWND hwndDlg, // handle to dialog box UINT uMsg, // message WPARAM wParam, // first message parameter LPARAM lParam // second message parameter ) { HWND hListModule = GetDlgItem(hwndDlg, IDC_LIST_MODULE); switch(uMsg) { case WM_CLOSE: EndDialog(hwndDlg, 0); break; case WM_INITDIALOG : InitProcessListView(hwndDlg); InitModuleListView(hwndDlg); return TRUE ; case WM_NOTIFY: { NMHDR* pNMHDR = (NMHDR*)lParam; if(wParam == IDC_LIST_PROCESS && pNMHDR->code == NM_CLICK) { EnumModules(hListModule, GetDlgItem(hwndDlg, IDC_LIST_PROCESS), wParam, lParam); } break; } case WM_COMMAND: switch (LOWORD (wParam)) { case IDC_BUTTON_PEOPEN : PEOpen(hwndDlg); return TRUE; case IDC_BUTTON_ABOUT: MessageBox(NULL, TEXT("by Athena"), TEXT("Hello"), 0); return TRUE; case IDC_BUTTON_LOGOUT: EndDialog(hwndDlg, 0); return TRUE; } break ; } return FALSE ; } int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { INITCOMMONCONTROLSEX icex; icex.dwSize = sizeof(INITCOMMONCONTROLSEX); icex.dwICC = ICC_WIN95_CLASSES; //包含大部分控件 InitCommonControlsEx(&icex); hAppInstance = hInstance; DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG_MAIN), NULL, DialogProc); return 0; }