进程ID
下面这个方式是枚举进程ID
typedef LONG NTSTATUS;typedef ULONG ACCESS_MASK;typedef ULONG KPRIORITY ;typedef DWORD ACCESS_MASK ;
typedef struct _VM_COUNTERS { ULONG PeakVirtualSize; ULONG VirtualSize; ULONG PageFaultCount; ULONG PeakWorkingSetSize; ULONG WorkingSetSize; ULONG QuotaPeakPagedPoolUsage; ULONG QuotaPagedPoolUsage; ULONG QuotaPeakNonPagedPoolUsage; ULONG QuotaNonPagedPoolUsage; ULONG PagefileUsage; ULONG PeakPagefileUsage;} VM_COUNTERS, *PVM_COUNTERS;
// 用于应用程序“关于”菜单项的 CAboutDlg 对话框typedef struct _SYSTEM_PROCESSES{ ULONG NextEntryDelta; //构成结构序列的偏移量; ULONG ThreadCount; //线程数目; ULONG Reserved1[6]; LARGE_INTEGER CreateTime; //创建时间; LARGE_INTEGER UserTime; //用户模式(Ring 3)的CPU时间; LARGE_INTEGER KernelTime; //内核模式(Ring 0)的CPU时间; UNICODE_STRING ProcessName; //进程名称; KPRIORITY BasePriority; //进程优先权; ULONG ProcessId; //进程标识符; ULONG InheritedFromProcessId; //父进程的标识符; ULONG HandleCount; //句柄数目; ULONG Reserved2[2]; VM_COUNTERS VmCounters; //虚拟存储器的结构; IO_COUNTERS IoCounters; //IO计数结构; Windows 2000 only //SYSTEM_THREADS Threads[1]; //进程相关线程的结构数组;}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;
typedef NTSTATUS ( __stdcall *ZWQUERYSYSTEMINFORMATION ) ( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL );
//ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation = NULL; //NTSYSTEMDEBUGCONTROL NtSystemDebugControl = NULL;
ZWQUERYSYSTEMINFORMATION NtQuerySystemInformation;
ZwQuerySystemInformation = (ZWQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "ZwQuerySystemInformation");
NtQuerySystemInformation = (ZWQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "NtQuerySystemInformation");
//_SYSTEM_PROCESS_INFORMATION processinfo = {0};
DWORD relen = 0;
// ZwQuerySystemInformation(SystemProcessInformation, &processinfo, sizeof(processinfo), &relen);
NTSTATUS status ; UINT nSize = 1024 ; LPBYTE lpBuf = NULL ;
// 由于事先并不知道需要多少空间来存储进程信息 // 因而采用循环测试法, while ( TRUE ) { // 动态分配空间,用来存储进程信息 if ( ( lpBuf = new BYTE [ nSize ] ) == NULL ) { return ; }
// 枚举进程信息 status = NtQuerySystemInformation ( SystemProcessInformation, lpBuf, nSize, 0 ) ; if ( !NT_SUCCESS(status) ) { // 检测是否返回缓冲区不够大 if ( status == STATUS_INFO_LENGTH_MISMATCH ) { nSize += 1024 ; delete lpBuf ; continue ; } else { return ; } } else break ; }
PSYSTEM_PROCESSES pSysProcess = (PSYSTEM_PROCESSES)lpBuf ; while ( pSysProcess->NextEntryDelta != 0 ) { CString strProcess;
strProcess.Format("%d", pSysProcess->ProcessId); //其实这里你可以获得别的需要的东西
} pSysProcess = (PSYSTEM_PROCESSES)( (DWORD)pSysProcess + pSysProcess->NextEntryDelta ) ; } delete lpBuf ;
进程hmodule
BOOL GetProcessModule(DWORD dwPID) //需要进程ID{ BOOL bRet = FALSE; BOOL bFound = FALSE; HANDLE hModuleSnap = NULL; MODULEENTRY32 me32 = {0};
CString strModule;
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if (hModuleSnap == INVALID_HANDLE_VALUE) return (FALSE);
// Fill the size of the structure before using it.
me32.dwSize = sizeof(MODULEENTRY32);
if (Module32First(hModuleSnap, &me32)) { do { strModule.AppendFormat("%s,", me32.szModule);
} while ( Module32Next(hModuleSnap, &me32));
bRet = bFound;
} else bRet = FALSE; // could not walk module list
CloseHandle (hModuleSnap);
return (bRet);}
hwnd
HWND hWnd = NULL;
hWnd = ::GetForegroundWindow(); //
hWnd = ::FindWindow("窗口的类名称", "窗口标题");
所以有的程序喜欢在运行时候动态修改窗口的标题而且每次都标题都会不同,防止别人获得他的窗口句柄
