16,472
社区成员
发帖
与我相关
我的任务
分享
DWORD lpidprocesses[1024],cbneeded,cprocesses;
HANDLE hprocess,hExplorer = NULL;
HMODULE hmodule;
TCHAR normalname[MAX_PATH]=_T("UnknownProcess");
BOOL bMonitor = FALSE;
if(!EnumProcesses(lpidprocesses,sizeof(lpidprocesses),&cbneeded))
{
OutputDebugString(_T("EnumProcesses Error\n"));
return -1;
}
cprocesses=cbneeded/sizeof(DWORD);
//
for(UINT i=0;i<cprocesses;i++)
{
hprocess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,lpidprocesses[i]);
if(hprocess)
{
if(EnumProcessModules(hprocess,&hmodule,sizeof(hmodule),&cbneeded))
{
GetModuleBaseName(hprocess,hmodule,normalname,sizeof(normalname));
……
}
}
else
{
DWORD s = GetLastError();
TCHAR szT[20] = {0};
FILE *stream;
_stprintf(szT,_T("Privilege8:%d\r\n"),s);
if( (stream = fopen( "C:\\Privilege.txt", "a" )) != NULL )
{
fwrite(szT, sizeof(TCHAR), 20, stream);
fclose( stream );
}
}
}
//提权
bool EnableDebugPrivilege()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
return FALSE;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
{
CloseHandle(hToken);
return false;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
{
CloseHandle(hToken);
return false;
}
return true;
}
PROCESSENTRY32 pe32 = {0};
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
return (FALSE);
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hProcessSnap, &pe32))
{
do
{ CString exefile=pe32.szExeFile;
CString paraname=lpName;
if(!exefile.CompareNoCase(lpName))
{
HANDLE hProcess =
OpenProcess(PROCESS_QUERY_INFORMATION,
FALSE,pe32.th32ProcessID);
bRet = OpenProcessToken(hProcess,TOKEN_ALL_ACCESS,&hToken);
CloseHandle (hProcessSnap);
return (bRet);
}
}
while(Process32Next(hProcessSnap,&pe32));
bRet = TRUE;
}
获取进程信息什么的我是上面做的,当时的代码