PeTools开发(一)
2017-12-21 流沙团
介绍:
完成进程的列举和模块的列举(1221)
主要功能介绍:
01对话框的载入DialogBox
02按钮的响应 WM_COMMAND
03加载listBox
04listBox的初始化
05WM_NOTIFY (List的响应)
06进程的权限提升
07CreateToolhelp32Snapshot
08Module32Next
主要是一些知识点的运用
展示图片:
主要代码:
// 20171217_01.cpp : Defines the entry point for the application.
//
#include "stdafx.h"
#include "resource.h"
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include "tlhelp32.h"
#include <commctrl.h>
#include <shellapi.h>
#pragma comment(lib,"comctl32.lib")
HINSTANCE hAppInstance;
//提升进程权限
BOOL EnableDebugPrivilege(BOOL bEnable)
{
BOOL status=FALSE;
HANDLE hToken;
//打开当前进程的访问令牌
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))
{
LUID uID;
LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&uID);
//调整特权级别
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount =1;
tp.Privileges[0].Luid=uID;
tp.Privileges[0].Attributes=bEnable?SE_PRIVILEGE_ENABLED:0;
AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL);
status =(GetLastError() ==ERROR_SUCCESS);
CloseHandle(hToken);
}
return status;
}
BOOL EnumProcess(HWND hListProcess)
{
HWND hProLV =hListProcess;
LVITEM lvi;
DWORD dwIdx=0;
TCHAR szPath[MAX_PATH]; //进程路径
TCHAR szPID[10]; //PID
TCHAR szBaseAddr[10]; //镜像基址
TCHAR szBaseSize[10]; //镜像大小
HANDLE hProSnapshot =NULL; //进程快照句柄
HANDLE hModSnapshot=NULL; //模块快照句柄
PROCESSENTRY32 pe32={0};
MODULEENTRY32 me32 = {0};
//SHFILEINFO fi;
//清空列表
ListView_DeleteAllItems(hProLV);
//创建进程快照
hProSnapshot =CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
if(hProSnapshot==INVALID_HANDLE_VALUE)
{
return FALSE;
}
pe32.dwSize =sizeof(pe32);
ZeroMemory(&lvi,sizeof(lvi));
lvi.mask = LVIF_TEXT | LVIF_IMAGE | LVIF_PARAM | LVIF_STATE;
lvi.state = 0;
lvi.stateMask = 0;
//枚举进程
BOOL fOk =Process32First(hProSnapshot,&pe32);
for (; fOk; fOk =Process32Next(hProSnapshot,&pe32),dwIdx++)
{
//StringCchPrintf(szPID,sizeof(szPID),_T("%08x"),pe32.th32ProcessID);
sprintf(szPID,"%d",pe32.th32ProcessID);
hModSnapshot =CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pe32.th32ProcessID);
if (hModSnapshot !=INVALID_HANDLE_VALUE)
{
ZeroMemory(&me32,sizeof(me32));
me32.dwSize = sizeof(me32);
if(Module32First(hModSnapshot, &me32) && pe32.th32ProcessID !=0)
{
sprintf(szBaseAddr,"%08X",me32.modBaseAddr);
sprintf(szBaseSize,"%08X",me32.modBaseSize);
sprintf(szPath,"%s",pe32.szExeFile);
}else{
sprintf(szBaseAddr,"%08X",0);
sprintf(szBaseSize,"%08X",0);
sprintf(szPath,"%s",pe32.szExeFile);
}
}else{
sprintf(szBaseAddr,"%08X",0);
sprintf(szBaseSize,"%08X",0);
sprintf(szPath,"%s",pe32.szExeFile);
}
lvi.pszText =szPath;
lvi.cchTextMax=MAX_PATH;
lvi.iItem =dwIdx;
ListView_InsertItem(hProLV,&lvi);
ListView_SetItemText(hProLV,dwIdx,1,szPID);
ListView_SetItemText(hProLV,dwIdx,2,szBaseAddr);
ListView_SetItemText(hProLV,dwIdx,3,szBaseSize);
}
return TRUE;
}
BOOL EnumModules(HWND hListProcess,HWND hListModule,WPARAM wParam,LPARAM lParam)
{
DWORD dwRowId;
TCHAR szPid[0x20];
LV_ITEM lv;
//HWND hListModule;
ListView_DeleteAllItems(hListModule);
memset(&lv,0,sizeof(LV_ITEM));
memset(szPid,0,0x20);
dwRowId = SendMessage(hListProcess,LVM_GETNEXTITEM,-1,LVNI_SELECTED);
//HWND hWnd = AfxGetMainWnd()->m_hWnd;
//hListModule = GetDlgItem((HWND)hAppInstance,IDC_LIST_MODULE);
if(dwRowId == -1)
{
MessageBox(NULL,TEXT("请选择进程"),TEXT("出错了"),MB_OK);
return FALSE;
}
//获取PID
lv.iSubItem = 1;
lv.pszText = szPid;
lv.cchTextMax = 0x20;
SendMessage(hListProcess,LVM_GETITEMTEXT,dwRowId,(DWORD)&lv);
DWORD dwPID = atoi(szPid);
//通过pid列出所有的Modules
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
//给进程所引用的模块信息设定一个快照
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if(hModuleSnap == INVALID_HANDLE_VALUE)
{
int i = GetLastError();
return FALSE;
}
me32.dwSize = sizeof(MODULEENTRY32);
if(!Module32First(hModuleSnap, &me32))
{
CloseHandle(hModuleSnap);
return FALSE;
}
DWORD dwIdx= 0;
do
{
/*
printf("\n\n MODULE NAME: %s", me32.szModule);
printf("\n executable = %s", me32.szExePath);
printf("\n process ID = 0x%08X", me32.th32ProcessID);
printf("\n ref count (g) = 0x%04X", me32.GlblcntUsage);
printf("\n ref count (p) = 0x%04X", me32.ProccntUsage);
printf("\n base address = 0x%08X", (DWORD)me32.modBaseAddr);
printf("\n base size = %d", me32.modBaseSize);
*/
lv.pszText =me32.szModule;
lv.iItem =dwIdx;
lv.iSubItem = 0;
SendMessage(hListModule,LVM_INSERTITEM,dwIdx,(DWORD)&lv);
lv.pszText = me32.szExePath;
lv.iItem=dwIdx;
lv.iSubItem = 1;
SendMessage(hListModule,LVM_SETITEM,dwIdx,(DWORD)&lv);
dwIdx++;
} while(Module32Next(hModuleSnap, &me32));
CloseHandle(hModuleSnap);
return TRUE;
//MessageBox(NULL,szPid,TEXT("pid"),MB_OK);
}
BOOL CALLBACK AboutDialogProc(
HWND hwndDlg, // handle to dialog box
UINT uMsg, // message
WPARAM wParam, // first message parameter
LPARAM lParam // second message parameter
)
{
switch(uMsg)
{
case WM_CLOSE:
{
//EndDeferWindowPos()
EndDialog(hwndDlg,0);
break;
}
}
return FALSE;
}
VOID InitProcessListView(HWND hDlg)
{
LV_COLUMN lv;
HWND hListProcess;
//初始化
memset(&lv,0,sizeof(LV_COLUMN));
hListProcess = GetDlgItem(hDlg,IDC_LIST_PROCESS);
SendMessage(hListProcess,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_FULLROWSELECT,LVS_EX_FULLROWSELECT);
//第一列
lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
lv.pszText = TEXT("进程");
lv.cx = 150;
lv.iSubItem = 0;
SendMessage(hListProcess,LVM_INSERTCOLUMN,0,(DWORD)&lv);
//第二列
lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
lv.pszText = TEXT("PID");
lv.cx = 50;
lv.iSubItem = 1;
SendMessage(hListProcess,LVM_INSERTCOLUMN,1,(DWORD)&lv);
//第三列
lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
lv.pszText = TEXT("镜像基址");
lv.cx = 100;
lv.iSubItem = 2;
SendMessage(hListProcess,LVM_INSERTCOLUMN,2,(DWORD)&lv);
//第四列
lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
lv.pszText = TEXT("镜像大小");
lv.cx = 100;
lv.iSubItem = 3 ;
SendMessage(hListProcess,LVM_INSERTCOLUMN,3,(DWORD)&lv);
EnumProcess(hListProcess);
}
VOID InitMuduleListView(HWND hDlg)
{
LV_COLUMN lv;
HWND hListModule;
//初始化
memset(&lv,0,sizeof(LV_COLUMN));
hListModule = GetDlgItem(hDlg,IDC_LIST_MODULE);
SendMessage(hListModule,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_FULLROWSELECT,LVS_EX_FULLROWSELECT);
//第一列
lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
lv.pszText = TEXT("模块名称");
lv.cx = 150;
lv.iSubItem = 0;
SendMessage(hListModule,LVM_INSERTCOLUMN,0,(DWORD)&lv);
//第二列
lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
lv.pszText = TEXT("模块位置");
lv.cx = 300;
lv.iSubItem = 1;
SendMessage(hListModule,LVM_INSERTCOLUMN,1,(DWORD)&lv);
}
BOOL CALLBACK MainDialogProc(
HWND hwndDlg, // handle to dialog box
UINT uMsg, // message
WPARAM wParam, // first message parameter
LPARAM lParam // second message parameter
)
{
HICON hSmallIcon = NULL;
HICON hBigIcon = NULL;
switch(uMsg)
{
case WM_CLOSE:
{
//EndDeferWindowPos()
EndDialog(hwndDlg,0);
break;
}
case WM_INITDIALOG:
{
//舒适化消息窗口
//图标加载
HICON hSmallIcon = LoadIcon(hAppInstance,MAKEINTRESOURCE(IDI_ICON_SMALL));
HICON hBigIcon = LoadIcon(hAppInstance,MAKEINTRESOURCE(IDI_ICON_BIG));
SendMessage(hwndDlg,WM_SETICON,ICON_BIG,(long)hBigIcon);
SendMessage(hwndDlg,WM_SETICON,ICON_SMALL,(long)hSmallIcon);
InitProcessListView(hwndDlg);
InitMuduleListView(hwndDlg);
break;
}
case WM_COMMAND:
{
switch(LOWORD(wParam))
{
case IDC_BUTTON_EXIT:
{
EndDialog(hwndDlg,0);
break;
}
case IDC_BUTTON_ABOUT:
{
//MessageBox(0,0,0,0);
DialogBox(hAppInstance,MAKEINTRESOURCE(IDD_DIALOG_ABOUT),NULL,AboutDialogProc);
break;
}
}
break;
}
case WM_NOTIFY:
{
NMHDR* pNMHDR = (NMHDR*)lParam;
if(wParam == IDC_LIST_PROCESS && pNMHDR->code == NM_CLICK)
{
EnumModules(GetDlgItem(hwndDlg,IDC_LIST_PROCESS),GetDlgItem(hwndDlg,IDC_LIST_MODULE),wParam,lParam);
}
break;
}
}
return FALSE;
}
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
// TODO: Place code here.
hAppInstance = hInstance;
INITCOMMONCONTROLSEX icex;
icex.dwSize = sizeof(INITCOMMONCONTROLSEX);
icex.dwICC = ICC_WIN95_CLASSES;
InitCommonControlsEx(&icex);
EnableDebugPrivilege(TRUE);
DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG_MAIN),NULL,MainDialogProc);
return 0;
}
发表评论: