大家好,欢迎来到IT知识分享网。
目标:创建一个app,使用CreateToolhelp32Snapshot扫描所有的进程,并将进程的pid和exe名字映射到内存中,再在另一个app中使用OpenFileMapping打开该映射读取相关数据
Project 1:
#define _CRT_SECURE_NO_WARNINGS #include <Windows.h> #include <stdio.h> #include <Tlhelp32.h> #include <vector> struct InfoProces { DWORD pid; DWORD ppid; char exeName[256]; }; int main() { HANDLE hProcesses; PROCESSENTRY32 pe32; hProcesses = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcesses == INVALID_HANDLE_VALUE) { printf("CreateToolhelp32Snapshot failed. err = %d", GetLastError()); return -1; } pe32.dwSize = sizeof(PROCESSENTRY32); if (!Process32First(hProcesses, &pe32)) { printf("Process32First failed. err = %d", GetLastError()); CloseHandle(hProcesses); return -1; } HANDLE hdata = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, 1024 * 1024, "data"); if (hdata == NULL) { printf("Can't create a file mapping. err = %d", GetLastError()); return -1; } unsigned char* pdata = (unsigned char*)MapViewOfFile(hdata, FILE_MAP_WRITE, 0, 0, 0); if (pdata == NULL) { printf("cant get pointer to mapping file. err = %d", GetLastError()); return -1; } unsigned char* begin = pdata; DWORD count = 0; pdata += sizeof(DWORD); do { InfoProces pi; pi.pid = pe32.th32ProcessID; pi.ppid = pe32.th32ParentProcessID; strcpy(pi.exeName, pe32.szExeFile); memcpy(pdata, &pi, sizeof(InfoProces)); pdata += sizeof(InfoProces); count++; } while (Process32Next(hProcesses, &pe32)); memcpy(begin, &count, sizeof(DWORD)); getchar(); UnmapViewOfFile(begin); CloseHandle(hdata); CloseHandle(hProcesses); return 0; }
Project 2:
#define _CRT_SECURE_NO_WARNINGS #include <Windows.h> #include <vector> #include <stdio.h> struct InfoProces { DWORD pid; DWORD ppid; char exeName[256]; }; int main() { HANDLE hdata = OpenFileMapping(FILE_MAP_ALL_ACCESS, false, "data"); unsigned char* pdata = (unsigned char*)MapViewOfFile(hdata, FILE_MAP_READ, 0, 0, 0); if (pdata == NULL) { printf("cant get pointer to mapped file. err = %d", GetLastError()); return -1; } unsigned char* begin = pdata; DWORD count = 0; memcpy(&count, pdata, sizeof(DWORD)); pdata += sizeof(DWORD); std::vector<InfoProces>processes; processes.resize(count); memcpy(processes.data(), pdata, sizeof(InfoProces)*count); for (std::vector<InfoProces>::iterator i = processes.begin(); i < processes.end(); i++) printf("Process[%d](parinte[%d]): %s\n", i->pid, i->ppid, i->exeName); UnmapViewOfFile(begin); return 0; }
免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://yundeesoft.com/29444.html