zoukankan      html  css  js  c++  java

  • 枚举进程

    一、上图来看看效果:

    二、程序代码

    #include <ntddk.h>

void DriverUnload(PDRIVER_OBJECT pDriverObject)
{
    KdPrint(("Stop Driver! 
"));
}

NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
    PEPROCESS pEprocess = NULL;
    PEPROCESS pFirstEprocess = NULL;
    ULONG ulProcessName = 0;
    ULONG ulProcessId = 0;

    pDriverObject->DriverUnload = DriverUnload;
    pEprocess = PsGetCurrentProcess();

    if (pEprocess == 0)
    {
        KdPrint(("PsGetCurrentProcess Error ! 
"));
        return STATUS_SUCCESS;
    }

    pFirstEprocess = pEprocess;

    while (pEprocess != NULL)
    {
        ulProcessName = (ULONG)pEprocess + 0x174;
        ulProcessId = *(ULONG*)((ULONG)pEprocess + 0x84);
        KdPrint(("ProcessName = %s, ProcessId = %d 
", ulProcessName, ulProcessId));
        pEprocess = (ULONG)(*(ULONG*)((ULONG)pEprocess + 0x88) - 0x88);

        if (pEprocess == pFirstEprocess || (*(LONG*)((LONG)pEprocess + 0x84)) < 0)
        {
            break;
        }
    }

    return STATUS_SUCCESS;
}

    三、显示

    先打开DbgView,开启内核监控。用KmdManager加载编译出来的驱动文件,运行,会看到DbgView输出进程信息。停止,卸载。
  • 相关阅读:
    jQuery标签操作
    Bootstrap和Font Awesome
    jQuery拾遗
    Bootstrap笔记
    软件测试
    Day01 第一个Python程序
    cd指令
    ls命令
    type命令
    每天一个Linux指令
  • 原文地址:https://www.cnblogs.com/qiyueliuguang/p/3650307.html
Copyright © 2011-2022 走看看