- 阿啵呲嘚
-
//进程加载
private void button13_Click(object sender, EventArgs e)
{
listBox2.Items.Clear();
can1();
panel20.Show();
panel20.Location = new Point(200, 40);
panel20.Height = 485; panel20.Width = 625;
Process[] m = Process.GetProcesses();
foreach (Process i in m)
{
listBox2.Items.Add(i.ProcessName);
}
label2.Text = ~进程数:~ + listBox2.Items.Count;
this.listBox2.SelectedIndex = 0;
}
//进程详细信息更新
private void SearchProcess_Click(object sender, EventArgs e)
{
button13_Click( sender, e);
}
//显示选择的系统进程详细信息
private void listBox2_SelectedIndexChanged(object sender, EventArgs e)
{
try
{
string ProcessName = this.listBox2.Text;
this.groupBox9.Text = ProcessName + ~进程的详细信息~;
Process[] MyProcess = Process.GetProcessesByName(ProcessName);
this.label21.Text = ~CPU占用时间:~ + MyProcess[0].TotalProcessorTime.Hours +~:~+ MyProcess[0].TotalProcessorTime.Minutes +~:~+ MyProcess[0].TotalProcessorTime.Seconds +~.~+ MyProcess[0].TotalProcessorTime.Milliseconds;
this.label24.Text = ~进程映像名:~ + MyProcess[0].ProcessName;
this.label23.Text = ~进程ID:~ + MyProcess[0].Id;
this.label22.Text = ~启动线程数:~ + MyProcess[0].Threads.Count.ToString();
//MessageBox.Show(MyProcess[0].TotalProcessorTime.ToString());
this.label20.Text = ~线程优先级:~ + MyProcess[0].PriorityClass.ToString();
this.label19.Text = ~启动时间:~ + MyProcess[0].StartTime.ToLongTimeString();
this.label18.Text = ~专用内存:~ + (MyProcess[0].PrivateMemorySize / 1024).ToString() + ~K~;
this.label17.Text = ~峰值虚拟内存:~ + (MyProcess[0].PeakVirtualMemorySize / 1024).ToString() + ~K~;
this.label16.Text = ~峰值分页内存:~ + (MyProcess[0].PeakPagedMemorySize / 1024).ToString() + ~K~;
this.label15.Text = ~分页系统内存:~ + (MyProcess[0].PagedSystemMemorySize / 1024).ToString() + ~K~;
this.label11.Text = ~分页内存:~ + (MyProcess[0].PagedMemorySize / 1024).ToString() + ~K~;
this.label12.Text = ~未分页系统内存:~ + (MyProcess[0].NonpagedSystemMemorySize / 1024).ToString() + ~K~;
this.label13.Text = ~物理内存:~ + (MyProcess[0].WorkingSet / 1024).ToString() + ~K~;
this.label14.Text = ~虚拟内存:~ + (MyProcess[0].VirtualMemorySize / 1024).ToString() + ~K~;
}
catch (Exception Err)
{
//不处理产生的异常
MessageBox.Show(Err.ToString());
}
}
//鼠标结束进程
private void 结束进程ToolStripMenuItem_Click(object sender, EventArgs e)
{
Process[] MyProcess = Process.GetProcessesByName(this.listBox2.Text);
try
{
MyProcess[0].Kill();
button13_Click(sender, e);
}
catch(Exception o)
{
MessageBox.Show(o.ToString());
}
}
//焦点刷新
private void open_Activated(object sender, EventArgs e)
{
listBox2.Items.Clear();
Process[] m = Process.GetProcesses();
foreach (Process i in m)
{
listBox2.Items.Add(i.ProcessName);
}
label2.Text = ~进程数:~ + listBox2.Items.Count;
this.listBox2.SelectedIndex = 0;
}
//结束进程
private void button46_Click(object sender, EventArgs e)
{
结束进程ToolStripMenuItem_Click(sender,e);
}
- 皮皮
-
编译环境:winxpsp2+vc6
Copycode#include<stdio.h>#include<windows.h>
/*
//一些编译选项
#pragmacomment(linker,"/ENTRY:main")
#pragmacomment(linker,"/ALIGN:0x400")
#pragmacomment(linker,"/SECTION:.text,ERW/ALIGN:0x1000")
#pragmacomment(linker,"/merge:.data=.text")
#pragmacomment(linker,"/merge:.rdata=.text")
#pragmacomment(linker,"/Filealign:0x200")
#pragmacomment(linker,"/OPT:REF")
#pragmacomment(linker,"/OPT:ICF")
#pragmaoptimize("gsy",on)
#pragmacomment(linker,"/merge:.rsrc=.text")
#pragmacomment(linker,"/ALIGN:16")
#pragmacomment(linker,"/OPT:NOWIN98")
*/
#defineSTATUS_SUCCESS(0)
#defineObjectNameInformation(1)
#defineBLOCKSIZE(0x1000)
#defineCurrentProcessHandle ((HANDLE)(0xFFFFFFFF))
#defineNT_PROCESS_LIST 5
#defineSTATUS_INFO_LEN_MISMATCH 0xC0000004
typedefunsignedlongNTSTATUS;
typedefunsignedlongSYSTEM_INFORMATION_CLASS;
typedefunsignedlongOBJECT_INFORMATION_CLASS;
typedefstruct{
USHORTLength;
USHORTMaxLen;
USHORT*Buffer;
}UNICODE_STRING,*PUNICODE_STRING;
typedefstruct_OBJECT_NAME_INFORMATION{//InformationClass1
UNICODE_STRINGName;
}OBJECT_NAME_INFORMATION,*POBJECT_NAME_INFORMATION;
typedefstruct_RemoteParam{
LPVOID lpFunAddr;
DWORD dwParamSize;
LPVOID lpHeapAlloc;
LPVOID lpGetProcessHeap;
LPVOID lpHeapReAlloc;
LPVOID lpHeapFree;
LPVOID lpwsprintf;
LPVOID lpZwQueryObject;
LPVOID lpMessageBox;
LPVOID lpWriteProcessMemory;
wchar_t wProcessName[36];
unsignedchar szOldCode[12];
unsignedchar szNewCode[12];
LPVOID lpResumeThread;
LPVOID lpCreateEvent;
LPVOID lpOpenEvent;
LPVOID lpOpenFileMapping;
LPVOID lpMapViewOfFile;
LPVOID lpUnMapViewOfFile;
LPVOID lpOpenMutex;
LPVOID lpWaitForSingleObject;
LPVOID lpSetEvent;
LPVOID lpReleaseMutex;
LPVOID lpCloseHandle;
LPVOID lpGetProcessId;
LPVOID lpGetLastError;
}RemoteParam,*PRemoteParam;
typedefstruct_SYSTEM_PROCESSES{
ULONG NextEntryDelta; //构成结构序列的偏移量;
ULONG ThreadCount; //线程数目;
ULONG Reserved1[6];
LARGE_INTEGER CreateTime; //创建时间;
LARGE_INTEGER UserTime; //用户模式(Ring3)的CPU时间;
LARGE_INTEGER KernelTime; //内核模式(Ring0)的CPU时间;
UNICODE_STRING ProcessName; //进程名称;
ULONG BasePriority; //进程优先权;
ULONG ProcessId; //进程标识符;
}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;
typedef
NTSTATUS
(__stdcall*NTQUERYSYSTEMINFORMATION)(
INSYSTEM_INFORMATION_CLASS,
OUTPVOID,
INULONG,
OUTPULONG);
typedef
BOOL
(__stdcall*PFN_WRITEPROCESSMEMORY)(
INHANDLEhProcess,
INLPVOIDlpBaseAddress,
INLPCVOIDlpBuffer,
INSIZE_TnSize,
OUTSIZE_T*lpNumberOfBytesWritten
);
typedef
int
(__stdcall*PFN_MESSAGEBOX)(
INHWNDhWnd,
INLPCWSTRlpText,
INLPCWSTRlpCaption,
INUINTuType
);
typedef
int
(__cdecl*PFN_WSPRINTF)(
INLPWSTRlpOut,
INLPCWSTRlpFmt,
...);
typedef
HANDLE
(__stdcall*PFN_GETPROCESSHEAP)(void);
typedef
LPVOID
(__stdcall*PFN_HEAPALLOC)(
INHANDLEhHeap,
INDWORDdwFlags,
INSIZE_TdwBytes
);
typedef
LPVOID
(__stdcall*PFN_HEAPREALLOC)(
INHANDLEhHeap,
INDWORDdwFlags,
INLPVOIDlpMem,
INDWORDdwBytes
);
typedef
BOOL
(__stdcall*PFN_HEAPFREE)(
INHANDLEhHeap,
INDWORDdwFlags,
INLPVOIDlpMem
);
typedef
NTSTATUS
(__stdcall*PFN_ZWSETVALUEKEY)(
INHANDLEKeyHandle,
INPUNICODE_STRINGValueName,
INULONGTitleIndex,
INULONGtype1,
INPVOIDData,
INULONGDataSize
);
typedef
NTSTATUS
(__stdcall*PFN_ZWQUERYOBJECT)(
INHANDLEObjectHandle,
INOBJECT_INFORMATION_CLASSObjectInformationClass,
OUTPVOIDObjectInformation,
INULONGObjectInformationLength,
OUTPULONGReturnLength
);
typedef
NTSTATUS
(__stdcall*PFN_ZWCREATEPROCESSEX)(
OUTPHANDLEProcessHandle,
INACCESS_MASKDesiredAccess,
INLPVOIDObjectAttributes,
INHANDLEInheritFromProcessHandle,
INBOOLEANInheritHandles,
INHANDLESectionHandle,
INHANDLEDebugPort,
INHANDLEExceptionPort,
INHANDLEreserv
);
typedef
BOOL
(__stdcall*PFN_CREATEPROCESSW)(
INLPCTSTRpszApplicationName,
INPTSTRpszCommandLine,
INPSECURITY_ATTRIBUTESpsaProcess,
INPSECURITY_ATTRIBUTESpsaThread,
INBOOLbInheritHandles,
INDWORDfdwCreate,
INPVOIDpvEnvironment,
INLPCTSTRpszCurDir,
OUTLPSTARTUPINFOpsiStartInfo,
OUTPPROCESS_INFORMATIONppiProcInfo
);
typedef
DWORD
(__stdcall*PFN_RESUMETHREAD)(
INHANDLEhThread
);
typedef
HANDLE
(__stdcall*PFN_CREATEEVENT)(
INLPSECURITY_ATTRIBUTESlpEventAttributes,
INBOOLbManualReset,
INBOOLbInitialState,
INLPCTSTRlpName
);
typedef
HANDLE
(__stdcall*PFN_OPENEVENT)(
INDWORDdwDesiredAccess,
INBOOLbInheritHandle,
INLPCTSTRlpName
);
typedef
HANDLE
(__stdcall*PFN_OPENFILEMAPPING)(
INDWORDdwDesiredAccess,
INBOOLbInheritHandle,
INLPCTSTRlpName
);
typedef
LPVOID
(__stdcall*PFN_MAPVIEWOFFILE)(
INHANDLEhFileMappingObject,
INDWORDdwDesiredAccess,
INDWORDdwFileOffsetHigh,
INDWORDdwFileOffsetLow,
INSIZE_TdwNumberOfBytesToMap
);
typedef
BOOL
(__stdcall*PFN_UNMAPVIEWOFFILE)(
INLPCVOIDlpBaseAddress
);
typedef
HANDLE
(__stdcall*PFN_OPENMUTEX)(
INDWORDdwDesiredAccess,
INBOOLbInheritHandle,
INLPCTSTRlpName
);
typedef
DWORD
(__stdcall*PFN_WAITFORSINGLEOBJECT)(
INHANDLEhHandle,
INDWORDdwMilliseconds
);
typedef
BOOL
(__stdcall*PFN_SETEVENT)(
INHANDLEhEvent
);
typedef
BOOL
(__stdcall*PFN_RELEASEMUTEX)(
INHANDLEhMutex
);
typedef
BOOL
(__stdcall*PFN_CLOSEHANDLE)(
INHANDLEhObject
);
typedef
DWORD
(__stdcall*PFN_GETPROCESSID)(
INHANDLEProcess
);
typedef
DWORD
(__stdcall*PFN_GETLASTERROR)(void);
//////////////////////////////////////////////////////////////////////////
//HookCreateProcessW
//ReturnsTrue
//////////////////////////////////////////////////////////////////////////
voidHookCreateProcessW(LPVOIDlParam)
{
RemoteParam*Rpm=(RemoteParam*)lParam;
PFN_CREATEPROCESSWpfnCreateProcessW=(PFN_CREATEPROCESSW)Rpm->lpFunAddr;
PFN_WRITEPROCESSMEMORYpfnWriteProcessMemory=(PFN_WRITEPROCESSMEMORY)Rpm->lpWriteProcessMemory;
PFN_MESSAGEBOXpfnMessageBox=(PFN_MESSAGEBOX)Rpm->lpMessageBox;
PFN_RESUMETHREADpfnResumeThread=(PFN_RESUMETHREAD)Rpm->lpResumeThread;
LPCTSTRpszApplicationName=NULL;
PTSTRpszCommandLine=NULL;
PSECURITY_ATTRIBUTESpsaProcess=NULL;
PSECURITY_ATTRIBUTESpsaThread=NULL;
BOOLbInheritHandles=TRUE;
DWORDfdwCreate=0;
PVOIDpvEnvironment=NULL;
LPCTSTRpszCurDir=NULL;
LPSTARTUPINFOpsiStartInfo=NULL;
PPROCESS_INFORMATIONppiProcInfo=NULL;
BOOLRetvalue=TRUE;//定义要拦截的api的默认返回植
DWORDNextIpAddr=0;
DWORDdwParamaAddr=0;
longtemp1=0;
__asm
{
MOVEAX,[EBP+12]
MOV[NextIpAddr],EAX
MOVEAX,[EBP+16]
MOV[pszApplicationName],EAX
MOVEAX,[EBP+20]
MOV[pszCommandLine],EAX
MOVEAX,[EBP+24]
MOV[psaProcess],EAX
MOVEAX,[EBP+28]
MOV[psaThread],EAX
MOVEAX,[EBP+32]
MOV[temp1],EAX
MOVEAX,[EBP+36]
MOV[fdwCreate],EAX
MOVEAX,[EBP+40]
MOV[pvEnvironment],EAX
MOVEAX,[EBP+44]
MOV[pszCurDir],EAX
MOVEAX,[EBP+48]
MOV[psiStartInfo],EAX
MOVEAX,[EBP+52]
MOV[ppiProcInfo],EAX
}
bInheritHandles=(BOOL)temp1;
// fdwCreate=fdwCreate|CREATE_SUSPENDED;
//这里可以做你的事情了,比如我只想弹出一个对话框,其实也可以在让api完成之后再做些东西
- 小菜G
-
同求 QQ398336868