CreateToolhelp32Snapshot
创建一个快照,因为我们的进程是实时在改变的一个东西,头文件Tlhelp32.h.
HANDLE WINAPI CreateToolhelp32Snapshot( DWORD dwFlags,
DWORD th32ProcessID );
Parameters
dwFlags
[in] Specifies portions of the system to include in the snapshot. This parameter can be one of the following values. Value Meaning
TH32CS_INHERIT Indicates that the snapshot handle is to be inheritable.
TH32CS_SNAPALL Equivalent to specifying TH32CS_SNAPHEAPLIST, TH32CS_SNAPMODULE, TH32CS_SNAPPROCESS, and TH32CS_SNAPTHREAD.
TH32CS_SNAPHEAPLIST Includes the heap list of the specified process in the snapshot.
TH32CS_SNAPMODULE Includes the module list of the specified process in the snapshot.
TH32CS_SNAPPROCESS Includes the process list in the snapshot.
TH32CS_SNAPTHREAD Includes the thread list in the snapshot.
th32ProcessID
[in] Specifies the process identifier. This parameter can be zero to indicate the current process. This parameter is used when the TH32CS_SNAPHEAPLIST or TH32CS_SNAPMODULE value is specified. Otherwise, it is ignored.
Return Values
第一个参数后4个比较常用,第二个参数就是如果第一个参数不为进程,就要指定查看哪个进程id,然后它需要一个微软自带的一个迭代器
Process32First
BOOL WINAPI Process32First( HANDLE hSnapshot,LPPROCESSENTRY32 lppe );
然后LPPROCESSENTRY32是个结构体,我们进程遍历的结果就在这里面
PROCESSENTRY32
typedef struct tagPROCESSENTRY32 {
DWORD dwSize;
DWORD cntUsage;
DWORD th32ProcessID;
ULONG_PTR th32DefaultHeapID;
DWORD th32ModuleID;
DWORD cntThreads;
DWORD th32ParentProcessID;
LONG pcPriClassBase;
DWORD dwFlags;
TCHAR szExeFile[MAX_PATH];
} PROCESSENTRY32;
typedef PROCESSENTRY32 *PPROCESSENTRY32;
所以我们需要定义一下这个结构体
// TestProcess.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <Windows.h>
#include <Tlhelp32.h.>
int main(){
//遍历进程
HANDLE hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
//首先查看第一个进程
BOOL bRet = Process32First(hsnap, &pe32);
while (bRet)
{
//开始查看后面的进程
bRet = Process32Next(hsnap, &pe32);
wprintf(pe32.szExeFile);
printf("
");
}
return 0;
}
当然这里不仅能够遍历进程还能遍历其模块信息,比如这里我们来获取qq
if (wcscmp(pe32.szExeFile, L"QQ.exe") == 0){
pid = pe32.th32ProcessID;
break;
}
然后再遍历模块
//遍历模块
hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid);
MODULEENTRY32 mo32 = { 0 };
mo32.dwSize = sizeof(MODULEENTRY32);
bRet = Module32First(hsnap, &mo32);
while (bRet)
{
//开始查看后面的进程
bRet = Module32Next(hsnap, &mo32);
wprintf(mo32.szExePath);
printf("
");
}
然后就是结束进程TerminateProcess
TerminateProcess
BOOL TerminateProcess( HANDLE hProcess, // handle to the process
UINT uExitCode // exit code for the process);
它需要进程句柄但是我们现在只有pid,我们需要打开某一进程然后获取对应的句柄,利用到OpenProcess函数,具体msdn,第一个参数就是权限,第二个是否继承,第三个就是pid
//结束进程
//打开某一个进程,获取对应的进程句柄
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
TerminateProcess(hProcess, 0);
完整代码
// TestProcess.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <Windows.h>
#include <Tlhelp32.h.>
int main(){
//遍历进程
HANDLE hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
DWORD pid = 0;
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
//首先查看第一个进程
BOOL bRet = Process32First(hsnap, &pe32);
while (bRet)
{
//开始查看后面的进程
bRet = Process32Next(hsnap, &pe32);
//wprintf(pe32.szExeFile);
//printf("
");
if (wcscmp(pe32.szExeFile, L"QQ.exe") == 0){
pid = pe32.th32ProcessID;
break;
}
}
//结束进程
//打开某一个进程,获取对应的进程句柄
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
TerminateProcess(hProcess, 0);
//遍历模块
hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid);
MODULEENTRY32 mo32 = { 0 };
mo32.dwSize = sizeof(MODULEENTRY32);
bRet = Module32First(hsnap, &mo32);
wprintf(mo32.szExePath);
printf("
");
while (bRet)
{
//开始查看后面的进程
bRet = Module32Next(hsnap, &mo32);
wprintf(mo32.szExePath);
printf("
");
}
return 0;
}
再魔改一下
// ProcessTools.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <Windows.h>
#include <TlHelp32.h>
#include <iostream>
#include <string>
using namespace std;
void Process(const unsigned char* pSrcChars, int srcSize, wchar_t* pDestChars, int* destSize){
}
int main()
{
//获取快照
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 pe32;
DWORD pid = 0;
pe32.dwSize = sizeof(PROCESSENTRY32);
//查看第一个进程
BOOL bRet = Process32First(hSnap, &pe32);
while (bRet)
{
bRet = Process32Next(hSnap, &pe32);
printf("进程名为:");
wprintf(pe32.szExeFile);
printf(" pid:");
cout << pe32.th32ProcessID << endl;
}
int flag = 0;
//遍历模块 flag = 1
while (true)
{
printf("====================start====================
");
printf("遍历模块输入1,结束进程输入2,刷新进程输入3
");
scanf("%d", &flag);
if (flag == 1){
printf("pid:");
scanf("%d", &pid);
hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid);
MODULEENTRY32 mo32 = { 0 };
mo32.dwSize = sizeof(MODULEENTRY32);
bRet = Module32First(hSnap, &mo32);
wprintf(mo32.szExePath);
printf("
");
while (bRet)
{
//开始查看后面的进程
bRet = Module32Next(hSnap, &mo32);
wprintf(mo32.szExePath);
printf("
");
}
}
else if (flag == 2){
printf("pid:");
scanf("%d", &pid);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
TerminateProcess(hProcess, 0);
}
else if (flag == 3){
system("cls");
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pe32;
DWORD pid = 0;
pe32.dwSize = sizeof(PROCESSENTRY32);
//查看第一个进程
BOOL bRet = Process32First(hSnap, &pe32);
while (bRet)
{
bRet = Process32Next(hSnap, &pe32);
printf("进程名为:");
wprintf(pe32.szExeFile);
printf(" pid:");
cout << pe32.th32ProcessID << endl;
}
}
else
{
printf("输入错误!
");
}
}
return 0;
}