// 列舉程序模組,不過如果你想列舉其他程序的模組可以使用
// openprocess、enumprocessmodules
// 不過需要提公升應用許可權,rtladjustprivilege(20, 1, 0, 0)
方法詳解:
建立程序快照
到模組首部
判斷迴圈檢查 not null type bool
剩下***
這個類似於
遍歷目錄檔案
namespace emod
public void freemoduleandthread(uint dwexitcode)
}public partial class process
[structlayout(layoutkind.sequential)]
public struct shfileinfo
[dllimportattribute("user32.dll")]
static extern int getwindowthreadprocessid(int hwnd, ref int lpdwprocessid);
[dllimportattribute("kernel32.dll")]
static extern int createtoolhelp32snapshot(int falge, int dwprocessid);
[dllimportattribute("kernel32.dll")]
static extern int module32first(int hsnapshot, ref lpmoduleentry32 lpme);
[dllimportattribute("kernel32.dll")]
static extern int module32next(int hsnapshot, ref lpmoduleentry32 lpme);
[dllimportattribute("kernel32.dll")]
static extern int getcurrentprocessid();
[dllimportattribute("kernel32.dll", entrypoint = "getmodulehandlea")]
static extern int getmodulehandle(string lpmodulename);
[dllimportattribute("ntdll.dll")]
static extern int rtladjustprivilege(int s, int t, int hprocess, ref int ret);
[dllimportattribute("psapi.dll")]
static extern int getmodulefilenameex(int hprocess, int hmodule, stringbuilder lpfilename, int nsize);
[dllimportattribute("kernel32.dll", entrypoint = "openprocess")]
static extern int openprocess(int dwdesiredaccess, int binherithandle, int dwprocessid);
[dllimportattribute("kernel32.dll", entrypoint = "exitprocess")]
static extern void exitprocess_(int uexitcode);
[dllimportattribute("kernel32.dll", entrypoint = "terminateprocess")]
static extern int terminateprocess_(int hprocess, int uexitcode);
[dllimportattribute("shell32.dll")]
static extern int shgetfileinfo(string pszpath, int dwfileattributes, ref shfileinfo psfi, int cbfileinfo, int uflags);
}public partial class process
public void exitprocess(int uexitcode)
public int id
set
}public int hprocess
set
}public int hinstance
}public bool open(bool readonly)
public int currentprocessid
}public int adjustprivilege(int mode)
public listmodules
var lpme = new lpmoduleentry32();
lpme.size = 1024;
var h = module32first(hsnapshot, ref lpme);
var mod = new module();
var sh = new shfileinfo();
var cod = encoding.default;
while (h != 0)
return ret;}}
public string path
}public string name}}
}
C 列舉結束程序
using system using system.diagnostics using system.management 列舉程序列表 private static void psst pid process starttime title for int i 0 istring strprocn...
列舉程序控制代碼
目前正在做的專案進行效能測試,被通知程序控制代碼數已經到達2600多,心中甚是一驚,用procexp檢視控制代碼表得知,為型別為key的控制代碼,名稱為 registry hklm microsoft ctf assemblyitem.基本上得知是輸入法關聯的登錄檔項,而後用procmon監視登錄檔...
列舉程序資訊
1.psapi法 include include include include psapi.h pragma comment lib,psapi.lib int main numofprocess cbneededprocess sizeof dword for uint i 0 i3.wtsop...