- 公开视频 -> 链接点击跳转公开课程
- 博客首页 -> 链接点击跳转博客主页
目录
遍历进程
CreateToolhelp32Snapshot
EnumProcesses
NtQuerySystemInformation
进程通信
clipboard
FileMapping
NamedPipe
Mailslot
遍历进程
CreateToolhelp32Snapshot
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>int main()
{HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);if (hSnap != INVALID_HANDLE_VALUE){setlocale(LC_ALL, "chs");PROCESSENTRY32 pe32 = { 0 };pe32.dwSize = sizeof(pe32);BOOL bRet = Process32First(hSnap, &pe32);while (bRet){wprintf(L"%s %d\r\n", pe32.szExeFile, pe32.th32ProcessID);if (lstrcmp(pe32.szExeFile, L"die.exe") == 0){HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);if (hProcess != NULL){TerminateProcess(hProcess, 0);CloseHandle(hProcess);}}bRet = Process32Next(hSnap, &pe32);}CloseHandle(hSnap);}return 0;
}EnumProcesses
#include <iostream>
#include <Windows.h>
#include <Psapi.h>int main()
{DWORD dwProcessCount = 0;DWORD dwProcessIdArr[1024] = { 0 };if (!EnumProcesses(dwProcessIdArr, sizeof(dwProcessIdArr), &dwProcessCount)){return 0;}for (size_t i = 0; i < dwProcessCount / 4; i++){printf("ProcessId -> [%d] \r\n", dwProcessIdArr[i]);HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwProcessIdArr[i]);if (hProcess != NULL){DWORD dwModuleCount = 0;HMODULE hMod = NULL;if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &dwModuleCount)){TCHAR szName[MAX_PATH] = { 0 };if (GetModuleBaseName(hProcess, hMod, szName, sizeof(szName) / sizeof(TCHAR))){printf("%ws \r\n", szName);}}}}return 0;
}NtQuerySystemInformation
#include <iostream>
#include <Windows.h>/*NTSTATUSNtQuerySystemInformation(__in SYSTEM_INFORMATION_CLASS SystemInformationClass,__out_bcount_opt(SystemInformationLength) PVOID SystemInformation,__in ULONG SystemInformationLength,__out_opt PULONG ReturnLength);
*/
#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
#define SystemProcessInformation 5
typedef LONG KPRIORITY;
typedef NTSTATUS(WINAPI* NtQuerySystemInformation)(DWORD, PVOID, ULONG, PULONG);
typedef struct _UNICODE_STRING {USHORT Length;USHORT MaximumLength; PWCH Buffer;
} UNICODE_STRING;
typedef struct _SYSTEM_PROCESS_INFORMATION {ULONG NextEntryOffset;ULONG NumberOfThreads;LARGE_INTEGER SpareLi1;LARGE_INTEGER SpareLi2;LARGE_INTEGER SpareLi3;LARGE_INTEGER CreateTime;LARGE_INTEGER UserTime;LARGE_INTEGER KernelTime;UNICODE_STRING ImageName;KPRIORITY BasePriority;HANDLE UniqueProcessId;HANDLE InheritedFromUniqueProcessId;ULONG HandleCount;ULONG SessionId;ULONG_PTR PageDirectoryBase;SIZE_T PeakVirtualSize;SIZE_T VirtualSize;ULONG PageFaultCount;SIZE_T PeakWorkingSetSize;SIZE_T WorkingSetSize;SIZE_T QuotaPeakPagedPoolUsage;SIZE_T QuotaPagedPoolUsage;SIZE_T QuotaPeakNonPagedPoolUsage;SIZE_T QuotaNonPagedPoolUsage;SIZE_T PagefileUsage;SIZE_T PeakPagefileUsage;SIZE_T PrivatePageCount;LARGE_INTEGER ReadOperationCount;LARGE_INTEGER WriteOperationCount;LARGE_INTEGER OtherOperationCount;LARGE_INTEGER ReadTransferCount;LARGE_INTEGER WriteTransferCount;LARGE_INTEGER OtherTransferCount;
} SYSTEM_PROCESS_INFORMATION, * PSYSTEM_PROCESS_INFORMATION;int main()
{NTSTATUS status = NULL;HMODULE hModule = NULL;ULONG uLength = 0xFFFFF;ULONG uRet = 0;NtQuerySystemInformation pFun = NULL;PSYSTEM_PROCESS_INFORMATION pInfo = NULL;//NtQuerySystemInformationhModule = LoadLibrary(TEXT("ntdll.dll"));pFun = (NtQuerySystemInformation)GetProcAddress(hModule, "NtQuerySystemInformation");pInfo = (PSYSTEM_PROCESS_INFORMATION)malloc(uLength);status = pFun(SystemProcessInformation, pInfo, uLength, &uRet);if (NT_SUCCESS(status)){while (pInfo->NextEntryOffset){printf("%ws %d \r\n", pInfo->ImageName.Buffer, pInfo->UniqueProcessId);pInfo = (PSYSTEM_PROCESS_INFORMATION)((PUCHAR)pInfo + pInfo->NextEntryOffset);}}return 0;
}进程通信
clipboard
#include <iostream>
#include <Windows.h>int main()
{//CTRL C#if 0const char* str = "Hello 0xCC";//打开剪贴板 OpenClipboardif (!OpenClipboard(NULL)) return 0;//清空剪贴板 EmptyClipboardif (!EmptyClipboard()){CloseClipboard();return 0;}//分配内存区 GlobalAllocHGLOBAL hMem = GlobalAlloc(GMEM_MOVEABLE, strlen(str) + 1);if (hMem == NULL){CloseClipboard();return 0;}PVOID pBuffer = GlobalLock(hMem);if (pBuffer == NULL){CloseClipboard();return 0;}memcpy(pBuffer, str, strlen(str) + 1);GlobalUnlock(hMem);//设置剪贴板 SetClipboardSetClipboardData(CF_TEXT, hMem);//关闭剪贴板 CloseClipboardCloseClipboard();#endif //CTRL V#if 0//打开剪贴板 OpenClipboardif (!OpenClipboard(NULL)) return 0;//获取剪贴板 GetClipboardDataHANDLE hData = GetClipboardData(CF_TEXT);if (hData == NULL){CloseClipboard();return 0;}PCHAR pStr = (PCHAR)GlobalLock(hData);std::cout << pStr << std::endl;GlobalUnlock(hData);//关闭剪贴板 CloseClipboardCloseClipboard();#endifreturn 0;
}FileMapping
#include <iostream>
#include <windows.h>int main()
{//创建文件映射对象HANDLE hMapFile = CreateFileMapping(INVALID_HANDLE_VALUE,NULL,PAGE_READWRITE,0,0xFF,TEXT("0xCCShare"));if (hMapFile == NULL){std::cout << "CreateFileMapping ErrorCode -> " << GetLastError() << std::endl;return 0;}//映射对象视图LPVOID lpBuffer = MapViewOfFile(hMapFile, FILE_MAP_ALL_ACCESS, 0, 0, 0);if (lpBuffer == NULL){std::cout << "MapViewOfFile ErrorCode -> " << GetLastError() << std::endl;return 0;}//写入共享内存数据char szStr[] = "Exit";memcpy(lpBuffer, szStr, sizeof(szStr));//等待进程读取std::cout << "Success Share Mem " << std::endl;std::cin.get();//释放资源UnmapViewOfFile(lpBuffer);CloseHandle(hMapFile);return 0;
}#include <iostream>
#include <windows.h>int main()
{//打开存在文件映射对象HANDLE hMapFile = OpenFileMapping(FILE_MAP_ALL_ACCESS, FALSE, TEXT("0xCCShare"));if (hMapFile == NULL){std::cout << "OpenFileMapping ErrorCode -> " << GetLastError() << std::endl;return 0;}//映射对象视图LPVOID lpBuffer = MapViewOfFile(hMapFile, FILE_MAP_ALL_ACCESS, 0, 0, 0);if (lpBuffer == NULL){std::cout << "MapViewOfFile ErrorCode -> " << GetLastError() << std::endl;return 0;}std::cout << "Read Info -> " << static_cast<char*>(lpBuffer) << std::endl;std::cin.get();//获取共享内存数据if (strcmp((PCHAR)lpBuffer, "Exit") == 0){ExitProcess(0);}//释放资源std::cout << "Free" << std::endl;UnmapViewOfFile(lpBuffer);CloseHandle(hMapFile);return 0;
}NamedPipe
#include <iostream>
#include <Windows.h>#define PIPE_NAME L"\\\\.\\pipe\\0xCCPipe"int main()
{//创建命名管道HANDLE hNamedPipe = CreateNamedPipe(PIPE_NAME,PIPE_ACCESS_DUPLEX,PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,PIPE_UNLIMITED_INSTANCES,4096,4096,NMPWAIT_USE_DEFAULT_WAIT,NULL);if (hNamedPipe == INVALID_HANDLE_VALUE){std::cout << "CreateNamedPipe ErrorCode -> " << GetLastError() << std::endl;return 0;}//等待客户连接std::cout << "Waiting for client Connection" << std::endl;BOOL bRet = ConnectNamedPipe(hNamedPipe, NULL);if (!bRet){std::cout << "ConnectNamedPipe ErrorCode -> " << GetLastError() << std::endl;CloseHandle(hNamedPipe);return 0;}std::cout << "Client Connected" << std::endl;//发送客户消息DWORD dwWrite = 0;char szBuffer[] = "Hello 0xCC";WriteFile(hNamedPipe, szBuffer, sizeof(szBuffer), &dwWrite, NULL);//接受客户消息CHAR szBuffer1[0xFF] = { 0 };DWORD dwRead = 0;ReadFile(hNamedPipe, szBuffer1, sizeof(szBuffer1), &dwRead, NULL);std::cout << szBuffer1 << std::endl;//清理资源CloseHandle(hNamedPipe);return 0;
}#include <iostream>
#include <Windows.h>#define PIPE_NAME L"\\\\.\\pipe\\0xCCPipe"int main()
{//连接命名管道HANDLE hNamedPipe = CreateFile(PIPE_NAME,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,NULL,NULL);if (hNamedPipe == INVALID_HANDLE_VALUE){std::cout << "CreateNamedPipe ErrorCode -> " << GetLastError() << std::endl;return 0;}//接受服务消息CHAR szBuffer[0xFF] = { 0 };DWORD dwRead = 0;ReadFile(hNamedPipe, szBuffer, sizeof(szBuffer), &dwRead, NULL);std::cout << szBuffer << std::endl;//发送服务消息DWORD dwWrite = 0;char szBuffer1[] = "Hello 0xCC";WriteFile(hNamedPipe, szBuffer1, sizeof(szBuffer1), &dwWrite, NULL);//清理资源CloseHandle(hNamedPipe);return 0;
}Mailslot
#include <iostream>
#include <windows.h>int main()
{//创建邮槽HANDLE hMailSlot = CreateMailslot(TEXT("\\\\.\\mailslot\\0xCCMailSlot"),0,MAILSLOT_WAIT_FOREVER,NULL);if (hMailSlot == INVALID_HANDLE_VALUE) return 0;//读取邮槽while (TRUE){DWORD dwRead = 0;char szBuffer[0xFF] = { 0 };BOOL bRet = ReadFile(hMailSlot, szBuffer, sizeof(szBuffer), &dwRead, NULL);if (!bRet) break;std::cout << szBuffer << std::endl;}//清理资源CloseHandle(hMailSlot);return 0;
}#include <iostream>
#include <Windows.h>int main()
{// 打开邮槽HANDLE hMailSlot = CreateFile(TEXT("\\\\.\\mailslot\\0xCCMailSlot"),GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);if (hMailSlot == INVALID_HANDLE_VALUE) return 0;// 写入邮槽DWORD dwWrite = 0;char szBuffer[] = "Hello 0xCC";WriteFile(hMailSlot, szBuffer, sizeof(szBuffer), &dwWrite, NULL);//清理资源CloseHandle(hMailSlot);return 0;
}
