// ------------------------------------------------------------------------------------------------------------------------ // FileName: // ProcessInfo.h // remarks: // 基于应用层实现,有的进程,如杀软进程等获取不到调用的dll列表。 // ------------------------------------------------------------------------------------------------------------------------ #pragma once #include <vector> struct ProInfo { // 保存进程PID unsigned int uPID; // 保存进程名 CString strPrceName; // 保存进程路径 CString strFullPath; // 保存该进程调用dll名和路径 std::vector<CString> strDLLNameArr; }; class CProcessInfo { private: // 这个用于提权的 BOOL EnableDebugPrivilege (BOOL fEnable); public: // 保存进程名 std::vector<ProInfo> strPrceInfoArr; CProcessInfo(); ~CProcessInfo(); // 获取进程名 void GetProcessName (void); };
// ------------------------------------------------------------------------------------------------------------------------ // FileName: // ProcessInfo.cpp // remarks: // 基于应用层实现,有的进程,如杀软进程等获取不到调用的dll列表。 // ------------------------------------------------------------------------------------------------------------------------ #include "stdafx.h" #include "ProcessInfo.h" #include "TlHelp32.h" #include "StrSafe.h" #include "Psapi.h" // 防止错误 error LNK2019 #pragma comment(lib, "psapi.lib") CProcessInfo::CProcessInfo() { } CProcessInfo::~CProcessInfo() { } BOOL CProcessInfo::EnableDebugPrivilege(BOOL fEnable) { BOOL fOk = FALSE; HANDLE hToken; // 得到进程的访问令牌 if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES,&hToken)) { TOKEN_PRIVILEGES tp; tp.PrivilegeCount = 1; // 查看系统特权值并返回一个LUID结构体 LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid); tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0; // 启用/关闭 特权 AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL); fOk = (GetLastError() == ERROR_SUCCESS); CloseHandle(hToken); } else { return 0; } return(fOk); } void CProcessInfo::GetProcessName (void) { HANDLE hProcessSnap = NULL; HANDLE hProcessDll = NULL; BOOL bRet = FALSE; // 初始化dwSize为0,不然Process32First执行失败 PROCESSENTRY32 pe32 = {0}; MODULEENTRY32 me32; LPVOID lpMsgBuf; LPVOID lpDisplayBuf; DWORD dwError; ProInfo proinfo; LPCTSTR pszFormat = TEXT("开始服务时遇到错误! %s"); // 创建一个进程快照 if(!EnableDebugPrivilege(1)) { MessageBox(NULL, _T("提权失败!"), _T("提示"), MB_OK|MB_ICONEXCLAMATION); } hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcessSnap == INVALID_HANDLE_VALUE) { dwError = GetLastError(); FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER| FORMAT_MESSAGE_FROM_SYSTEM| FORMAT_MESSAGE_IGNORE_INSERTS, NULL, dwError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), LPTSTR(&lpMsgBuf), 0, NULL); lpDisplayBuf = (LPVOID)LocalAlloc( LMEM_ZEROINIT, (lstrlen((LPCTSTR)lpMsgBuf)+lstrlen(pszFormat))*sizeof(TCHAR)); // 格式化字符串 StringCchPrintf( (LPTSTR)lpDisplayBuf, LocalSize(lpDisplayBuf), // 字节数 pszFormat, lpMsgBuf); CString strTemp; strTemp.Format(TEXT("错误编码为:%d"), dwError); ::MessageBox(NULL, (LPCTSTR)lpDisplayBuf, strTemp, MB_OK|MB_ICONEXCLAMATION); // 清理分配的内存 LocalFree(lpMsgBuf); LocalFree(lpDisplayBuf); return; } pe32.dwSize = sizeof(PROCESSENTRY32); Module32First(hProcessSnap, &me32); if (Process32First(hProcessSnap, &pe32)) { do { WCHAR path[MAX_PATH]={0}; proinfo.uPID = pe32.th32ProcessID; proinfo.strPrceName = pe32.szExeFile; HMODULE hModule; HANDLE hProcess; DWORD needed; hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pe32.th32ProcessID); if (hProcess) { // 枚举进程 EnumProcessModules(hProcess, &hModule, sizeof(hModule), &needed); // 获取进程的全路径 GetModuleFileNameEx(hProcess, hModule, path, sizeof(path)); // 保存路径 proinfo.strFullPath = path; } else { proinfo.strFullPath = _T("无法获得进程路径"); } strPrceInfoArr.push_back(proinfo); } while (Process32Next(hProcessSnap, &pe32)); } std::vector<ProInfo>::iterator iter; for (iter = strPrceInfoArr.begin(); iter != strPrceInfoArr.end(); iter++) { // 获取该进程的快照 hProcessDll = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, iter->uPID); me32.dwSize = sizeof(MODULEENTRY32); if (!Module32First(hProcessDll, &me32 ) || iter->uPID==0) { continue; } do { iter->strDLLNameArr.push_back(me32.szExePath); } while( Module32Next(hProcessDll, &me32)); } // 关闭特权 EnableDebugPrivilege(0); // 关闭内核对象 CloseHandle(hProcessSnap ); }