// tt2.cpp : 定义控制台应用程序的入口点. #include "stdafx.h" #include <windows.h> #include <iostream.h> #include "Shlwapi.h" #include "Psapi.h" #pragma comment(lib,"Psapi.lib") bool DebugPrivilege(const char *PName, BOOL bEnable) { bool bResult = TRUE; HANDLE hToken; TOKEN_PRIVILEGES TokenPrivileges; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken)) { bResult = FALSE; return bResult; } TokenPrivileges.PrivilegeCount = 1; TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0; LookupPrivilegeValue(NULL, PName, &TokenPrivileges.Privileges[0].Luid); AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL); if (GetLastError() != ERROR_SUCCESS) { bResult = FALSE; } CloseHandle(hToken); return bResult; } //我们以“计算器”这个实例来枚举该进程的所有用到的模块的句柄,并打印出来 int main() { DebugPrivilege(SE_DEBUG_NAME, TRUE); HMODULE nHmodule[1024]={NULL}; char lpFilename[MAX_PATH]=""; DWORD cbNeeded=0; HWND hwnd=::FindWindow(NULL,"计算器");//以计算机为例子,枚举它的模块句柄 DWORD idProcess=0; ::GetWindowThreadProcessId(hwnd,&idProcess);//获取计算器进程ID HANDLE hCalc=::OpenProcess(PROCESS_ALL_ACCESS,NULL,idProcess);//获取进程的句柄 if (!hCalc) { CloseHandle(hwnd); ::MessageBox(NULL,"很遗憾,你没有运行计算器","EnumProcessModules",MB_OK); } else { BOOL bRetn= ::EnumProcessModules(hCalc,nHmodule,sizeof(nHmodule),&cbNeeded); if (!bRetn) { CloseHandle(hCalc); ::MessageBox(NULL,"很遗憾,获取模块句柄失败","EnumProcessModules",MB_OK); } else { for (int i=0;i<((int)cbNeeded/sizeof(HMODULE));i++) { cout<<"第"<<i<<"个:"; GetModuleFileNameEx(hCalc,nHmodule[i],lpFilename,MAX_PATH); cout<<lpFilename; cout<<endl; } } } DebugPrivilege(SE_DEBUG_NAME, FALSE); return 0; }