获取进程信息及每条进程所调用的dll

获取进程列表信息,并列举出每个进程所调用的DLL列表:

1.分别添加List Control,List Box控件,并关联对应的变量:

CListCtrl m_listProcess;

CListBox m_listDll;

2.添加头文件:

#include <TlHelp32.h>

#include "Psapi.h"

#pragma comment(lib, "Psapi.lib")

3.添加获取进程信息的变量:

public:

HANDLE hProcessSnap ;

unsigned int uPId ;//保存进程PID

CString m_processName ;//保存进程名

CString m_processPath ;//保存进程路径

4.在初始化中设置并获取进程列表信息:

m_listProcess.SetExtendedStyle(m_listProcess.GetExtendedStyle() | LVS_EX_GRIDLINES | LVS_EX_FULLROWSELECT | LVS_EX_HEADERDRAGDROP ) ;

m_listProcess.InsertColumn(0, _T("进程ID"), LVCFMT_LEFT, 70) ;

m_listProcess.InsertColumn(1, _T("进程名"), LVCFMT_LEFT, 90) ;

m_listProcess.InsertColumn(2, _T("进程路径"), LVCFMT_LEFT, 380) ;

GetProcessName() ;

5.GetProcessName()函数:

//用于提权的

BOOL CXXXDlg::EnableDebugPrivilege(BOOL fEnable)

{

BOOL fOk = FALSE ;

HANDLE hToken ;

//得到进程的访问令牌

if ( OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))

{

TOKEN_PRIVILEGES tp ;

tp.PrivilegeCount = 1 ;

//查看系统特权值并返回一个LUID结构体

LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid ) ;

tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0 ;

//启用/关闭特权

AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(tp), NULL, NULL) ;

fOk = (GetLastError() == ERROR_SUCCESS) ;

CloseHandle( hToken ) ;

}

else

{

return 0 ;

}

return fOk ;

}

void CXXXDlg::GetProcessName()

{

hProcessSnap = NULL ;

if ( !EnableDebugPrivilege(1))

{

MessageBoxA( NULL, "提取失败", "提示", MB_OK | MB_ICONEXCLAMATION ) ;

}

//创建一个进程快照

hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0) ;

if ( hProcessSnap == INVALID_HANDLE_VALUE)

{

MessageBoxA(NULL, "列举进程失败", "提示", MB_OK | MB_ICONEXCLAMATION
) ;

return ;

}

PROCESSENTRY32 pe32 ;

pe32.dwSize = sizeof(pe32) ;

BOOL bProcess = Process32First( hProcessSnap, &pe32) ;

int nCount = 0 ;

while( bProcess )

{

uPId = pe32.th32ProcessID ;

m_processName = pe32.szExeFile ;

HANDLE hProcess =
OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe32.th32ProcessID ) ;

if ( hProcess )

{

HMODULE hModule ;

DWORD needed ;

WCHAR path[MAX_PATH] = {0} ;

//枚举进程

EnumProcessModules( hProcess, &hModule, sizeof(hModule), &needed) ;

//获取进程的全路径

GetModuleFileNameEx( hProcess, hModule, path, sizeof(path)) ;//添加 #include "Psapi.h" ;获得某个正在运行的EXE或者DLL的全路径

m_processPath = path ;

}

else

{

m_processPath = _T("无法获得进程路径") ;

}

m_listProcess.InsertItem( nCount, LPSTR_TEXTCALLBACK) ;

CString m_processID ;

m_processID.Format(_T("%d"), uPId) ;

m_listProcess.SetItemText(nCount, 0,m_processID) ;

m_listProcess.SetItemText(nCount, 1, m_processName) ;

m_listProcess.SetItemText(nCount++, 2, m_processPath) ;

bProcess = Process32Next( hProcessSnap, &pe32) ;

}

}

6.单击CListCtrl控件中的每一条进程记录,将所对应的进程调用的DLL列表显示在CListBox控件中:

afx_msg void OnNMClickList4(NMHDR *pNMHDR, LRESULT *pResult);

ON_NOTIFY(NM_CLICK, IDC_LIST4, &CXXXDlg:OnNMClickList4)

void CXXXDlg::OnNMClickList4(NMHDR *pNMHDR, LRESULT *pResult)

{

LPNMITEMACTIVATE pNMItemActivate = reinterpret_cast<LPNMITEMACTIVATE>(pNMHDR);

// TODO: 在此添加控件通知处理程序代码

*pResult = 0;

int nItem = pNMItemActivate->iItem ;

CString m_processID =m_listProcess.GetItemText( nItem,0);

unsigned int n_ProcessId = _ttoi(m_processID) ;

CString m_StaticShow = _T("进程") ;

m_StaticShow += m_listProcess.GetItemText( nItem, 1) ;

m_StaticShow += _T("所调用DLL列表") ;

GetDlgItem(IDC_SHOW)->SetWindowText(m_StaticShow) ;

HANDLE hProcessDll = NULL ;

MODULEENTRY32 me32 ;

me32.dwSize = sizeof(MODULEENTRY32) ;

hProcessDll = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, n_ProcessId) ;

BOOL hProcess = NULL ;

hProcess = Module32First( hProcessDll, &me32) ;

while( hProcess && n_ProcessId != 0 )

{

m_listDll.AddString(me32.szExePath ) ;

hProcess = Module32Next( hProcessDll, &me32) ;

}

}

7.关闭窗口时关闭进程特权:

void CXXXDlg::OnClose()

{

// TODO: 在此添加消息处理程序代码和/或调用默认值

// 关闭特权

EnableDebugPrivilege(0);

// 关闭内核对象

CloseHandle(hProcessSnap );

CDialog::OnClose();

}