18,356
社区成员
发帖
与我相关
我的任务
分享【对面的高手看过来】
//=======================================================================================
typedef unsigned long (WINAPI *NtDll)(unsigned int,void *,unsigned long,unsigned long*);
NtDll NtQuerySystemInformation;
NtQuerySystemInformation = (NtDll)GetProcAddress(GetModuleHandle("ntdll"),"NtQuerySystemInformation");
if(!NtQuerySystemInformation)
return false;
void *Buffer = NULL;
size_t Length = 0;
unsigned long hNtDll;
unsigned long Need = 0;
do
{
Length += 0x1000;
Buffer = realloc(Buffer, Length);
if(!Buffer)return false;
hNtDll = NtQuerySystemInformation(5, Buffer, Length, &Need);
}while(hNtDll == 0xc0000004);
if(hNtDll < 0)
{
free(Buffer);
return false;
}
struct ProcessInfo *PI;
PI = (struct ProcessInfo*)Buffer;
printf(" %-20s%s\n","ProcessName","PID");
while(PI->NextEntryDelta != 0)
{
if(PI->ProcessName.Buffer != 0)
{
printf(" %-20S%d\n",PI->ProcessName.Buffer,PI->ProcessId);
}
PI = (struct ProcessInfo *)(((char *)PI) + PI->NextEntryDelta);
}
free(Buffer);
//=======================================================================================
里面的 printf(" %-20S%d\n",PI->ProcessName.Buffer,PI->ProcessId); 这句用 COUT 怎么实现????
还有个问题 注册表里的服务路径键值都是很奇怪~~~~`比如:
\??\C:\WINDOWS\system32\drivers\kmsinput.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\cdrom.sys
\??\E:\X-Scan\dat\xpf.sys
怎么才能把他们转换成正常的路径呢?我想一定有办法吧,要不 WINDOWS 怎么识别他们的。
typedef unsigned long (WINAPI *NtDll)(unsigned int,void *,unsigned long,unsigned long*);
NtDll NtQuerySystemInformation;
NtQuerySystemInformation = (NtDll)GetProcAddress(GetModuleHandle("ntdll"),"NtQuerySystemInformation");
if(!NtQuerySystemInformation)
return false;
void *Buffer = NULL;
size_t Length = 0;
unsigned long hNtDll;
unsigned long Need = 0;
do
{
Length += 0x1000;
Buffer = realloc(Buffer, Length);
if(!Buffer)return false;
hNtDll = NtQuerySystemInformation(5, Buffer, Length, &Need);
}while(hNtDll == 0xc0000004);
if(hNtDll < 0)
{
free(Buffer);
return false;
}
struct ProcessInfo *PI;
PI = (struct ProcessInfo*)Buffer;
printf(" %-20s%s\n","ProcessName","PID");
while(PI->NextEntryDelta != 0)
{
if(PI->ProcessName.Buffer != 0)
{
printf(" %-20S%d\n",PI->ProcessName.Buffer,PI->ProcessId);
}
PI = (struct ProcessInfo *)(((char *)PI) + PI->NextEntryDelta);
}
free(Buffer);
//=======================================================================================
里面的 printf(" %-20S%d\n",PI->ProcessName.Buffer,PI->ProcessId); 这句用 COUT 怎么实现????
还有个问题 注册表里的服务路径键值都是很奇怪~~~~`比如:
\??\C:\WINDOWS\system32\drivers\kmsinput.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\cdrom.sys
\??\E:\X-Scan\dat\xpf.sys
怎么才能把他们转换成正常的路径呢?我想一定有办法吧,要不 WINDOWS 怎么识别他们的。
...全文
请发表友善的回复…
发表回复
CrackerVxV 2006-06-08
- 打赏
- 举报
GetSystemDirectory 这些我也会~我想知道有没有 API 可以自动识别这些路径并转换为正确的!
CrackerVxV 2006-06-08
- 打赏
- 举报
seu07201213(汪洋中的一片叶子)
简单地在命令行输出的话,就cout<<PI->ProcessName.Buffer<<'\t'<<PI->ProcessId<<endl;----------------------------------------------------------------
你给的是错误的,只能输出第一个字母~不能输出整个字符串!
简单地在命令行输出的话,就cout<<PI->ProcessName.Buffer<<'\t'<<PI->ProcessId<<endl;----------------------------------------------------------------
你给的是错误的,只能输出第一个字母~不能输出整个字符串!
ppzine 2006-06-06
- 打赏
- 举报
GetSystemDirectory
折腾_苏州 2006-06-06
- 打赏
- 举报
printf(" %-20S%d\n",PI->ProcessName.Buffer,PI->ProcessId); 这句用 COUT 怎么实现????
==============
简单地在命令行输出的话,就cout<<PI->ProcessName.Buffer<<'\t'<<PI->ProcessId<<endl;
==============
简单地在命令行输出的话,就cout<<PI->ProcessName.Buffer<<'\t'<<PI->ProcessId<<endl;
dch4890164 2006-06-06
- 打赏
- 举报
楼上正解!!!
lixiaosan 2006-06-06
- 打赏
- 举报
GetSystemDirectory
