DWORD dwPid = 2904;	// Process ID
HANDLE hProcess = OpenProcess ( SYNCHRONIZE | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwPid );

	HMODULE hmd;
	TCHAR szFileName[MAX_PATH] = { 0, };

	if ( hProcess != NULL )
	{
		DWORD dwSize2 = 0;
		LPTSTR pszName = NULL;

		if ( EnumProcessModules ( hProcess, &hmd, sizeof( hmd ), &dwSize2 ) )
		{
			GetModuleFileNameEx ( hProcess, hmd, szFileName, _countof( szFileName ) );
		}
	}
저작자표시 (새창열림)

'Source' 카테고리의 다른 글

Process Memory Quantity  (0) 2011.12.08
psapi.h  (0) 2011.12.08
현재 실행중인 Process  (0) 2011.11.30
HideProcess  (0) 2011.11.30
Syn Flooding  (0) 2011.11.30 
#include 
#include 
/* Process, Thread, Module, Heap 열거를 위한 함수 - [CreateToolhelp32Snapshot()를 사용] */
#include 

int main ( int argc, char* argv[] )
{    
    HANDLE hProcess = NULL;
    PROCESSENTRY32 pe32 = {0};   // 프로세스 상태 정보를 담을 구조체 선언
    
    hProcess = CreateToolhelp32Snapshot ( TH32CS_SNAPPROCESS, 0 );
    pe32.dwSize = sizeof ( PROCESSENTRY32 );
    
    printf ("[%25s \t %5s] \n", "System Process", "PID");
    
    /* 
    첫번째 프로세스의 정보를 가져오는 경우와 다음 프로세스 정보를 가져올 경우
    Process32First, Process32Next 해당함수를 사용하게 됩니다.
    */
    if ( Process32First ( hProcess, &pe32 ) )
    {
        while ( Process32Next ( hProcess, &pe32 ) )
        {
            printf ( ("%25s \t %5d \n"), pe32.szExeFile, pe32.th32ProcessID);
        }
        
    } else {
        printf ("■■■■■■■\n");
    }
    CloseHandle ( hProcess );

    return 0;
}
저작자표시 (새창열림)

'Source' 카테고리의 다른 글

psapi.h  (0) 2011.12.08
프로세스 절대 경로  (0) 2011.12.08
HideProcess  (0) 2011.11.30
Syn Flooding  (0) 2011.11.30
/asm/thread_info.h  (0) 2011.11.30 
#include "stdafx.h"
#include "windows.h"
#include "nativeAPI.h"
#include 
#include 
#include 

void ListProcessNThread();
void HideProcess();
DWORD FindProcessEPROC(int PID);

int main (int argc, char* argv[])
{
    int select=0;
    
    while(1) {
        system("CLS");
        printf ("\n\n\t# Process Management - BlackH3s #\n\n");
        printf ("\t1. Taskmgr \n");
        printf ("\t2. Hide Process \n");
        printf ("\t3. Exit \n\n");
        printf ("\t[ ]\b\b");
        
        scanf_s ("%d",&select,1);
        
        switch(select) {
        case 1:
            ListProcessNThread();
            _getch();
            break;
            
        case 2:
            HideProcess();
            break;
            
        case 3:
            exit(1);
            break;
            
        default:
            printf("RESELECT AGAIN~~\n");   
            _getch();
            break;
        }
    }
}
////////////////////////////////////////////////////////////////////////////////////////////
void HideProcess()
{
    int ppid=0;
    system("CLS");
    printf ("\n\n\tWhich process want hidden? \n");
    printf ("\tIf you enter '0', Back to Menu \n");
    printf ("\t[ ]\b\b"); 
    scanf_s ("%d",&ppid);
    
    if(ppid!=0) {
        
        // FindProcessEPROC(ppid);
        HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, ppid);
 
        //if ( NULL == hProcess ) {
        printf("test");
        _getch();
        //}
    }
    // OpenProcess(PROCESS_QUERY_INFORMATION, 0, dwProcessId);
    // DWORD dwProcessId;
}
////////////////////////////////////////////////////////////////////////////////////////////
void ListProcessNThread()
{
    ULONG dwAllocedSize, dwNeeded;
    PSYSTEM_PROCESSES pProcesses;
    NTSTATUS Status;
    int nThreadCount = 0;
       
    //1. Get Buffer of information data
    dwAllocedSize = 0x1000;
       
    while(TRUE) {
        pProcesses = (PSYSTEM_PROCESSES)VirtualAlloc(NULL, dwAllocedSize, MEM_COMMIT,
        PAGE_READWRITE);
        
        Status = ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,
            pProcesses, dwAllocedSize, &dwNeeded);
        
        if(Status == STATUS_INFO_LENGTH_MISMATCH) {
            VirtualFree(pProcesses, dwAllocedSize, MEM_DECOMMIT);
                        
            if (dwNeeded > dwAllocedSize) {
                dwAllocedSize = dwNeeded;
            }
            else {
                dwAllocedSize += 0x500;
                
            }
        }
        else if (NT_SUCCESS(Status)) {
            break;
        }
        else {
            break;
        }
    }
        
    while (pProcesses->NextEntryDelta != 0) {
        pProcesses = (PSYSTEM_PROCESSES)((char *)pProcesses + pProcesses->NextEntryDelta);
        // Print Process Information
        printf("PID:%d - %.*ws\n", 
            pProcesses->ProcessId, 
            pProcesses->ProcessName.Length / 2,
            pProcesses->ProcessName.Buffer);
    }
}
////////////////////////////////////////////////////////////////////////////////////////////
/*
return 0;
}

DWORD FindProcessEPROC(int PID)
{
    DWORD eproc=0x00000000;
    int current_PID=0;
    int start_PID=0;
    int i_count =0;
    PLIST_ENTRY plist_active_procs;
    
    
    if(PID ==0)
        return PID;
    
    
    eproc =(DWORD)PsGetCurrentProcess();
    start_PID = *((int *)(eproc+PIDOFFSET));
    current_PID=start_PID;
    while(1)
    {
        if(PID ==current_PID)
            return eproc;
        else if((i_count >= 1) && (start_PID ==current_PID))
        {
            return 0x0000000;
        }
        else{
            plist_active_procs=(LIST_ENTRY *)(eproc+FLINKOFFSET);
            eproc = (DWORD) plist_active_procs->Flink;
            eproc = eproc - FLINKOFFSET;
            current_PID = *((int *)(eproc+PIDOFFSET));
            i_count++;
        }
    }
}
*/
/////////////////////////////////////////////////////////////////////////////////////////////
저작자표시 (새창열림)

'Source' 카테고리의 다른 글

프로세스 절대 경로  (0) 2011.12.08
현재 실행중인 Process  (0) 2011.11.30
Syn Flooding  (0) 2011.11.30
/asm/thread_info.h  (0) 2011.11.30
/include/linux/sched.h  (0) 2011.11.30

+ Recent posts

티스토리툴바