CreateToolhelp32Snapshot没法获得system.exe的模块信息
CreateToolhelp32Snapshot无法获得system.exe的模块信息
求助!尝试使用toolhelp来获取system的进程信息,能够得到线程信息,但是无法得到模块信息。
先是提示错误,编号5,是权限的问题;然后提权,依然提示错误,编号8,说是堆空间不足的问题。
代码:
求助!尝试使用toolhelp来获取system的进程信息,能够得到线程信息,但是无法得到模块信息。
先是提示错误,编号5,是权限的问题;然后提权,依然提示错误,编号8,说是堆空间不足的问题。
代码:
- C/C++ code
#include <windows.h> #include <tlhelp32.h> #include <tchar.h> #include <stdio.h> #include <stdlib.h> BOOL EnableDebugPrivilege(BOOL fEnable) { // Enabling the debug privilege allows the application to see // information about service applications BOOL fOk = FALSE; // Assume function fails HANDLE hToken; // Try to open this process's access token if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) { // Attempt to modify the "Debug" privilege TOKEN_PRIVILEGES tp; tp.PrivilegeCount = 1; LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid); tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0; AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL); fOk = (GetLastError() == ERROR_SUCCESS); CloseHandle(hToken); } return(fOk); } // Forward declarations: BOOL ListProcessModules( DWORD dwPID ); BOOL ListProcessThreads( DWORD dwOwnerPID ); void printError( TCHAR* msg ); int main( void ) { // GetProcessList( ); EnableDebugPrivilege(TRUE); ListProcessThreads( 4 ); ListProcessModules( 4 ); EnableDebugPrivilege(FALSE); system("pause"); return 0; } BOOL ListProcessModules( DWORD dwPID ) { HANDLE hModuleSnap = INVALID_HANDLE_VALUE; MODULEENTRY32 me32; EnableDebugPrivilege(TRUE); // Take a snapshot of all modules in the specified process. hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID ); if( hModuleSnap == INVALID_HANDLE_VALUE ) { printError( TEXT("CreateToolhelp32Snapshot (of modules)") ); return( FALSE ); } // Set the size of the structure before using it. me32.dwSize = sizeof( MODULEENTRY32 ); // Retrieve information about the first module, // and exit if unsuccessful if( !Module32First( hModuleSnap, &me32 ) ) { printError( TEXT("Module32First") ); // show cause of failure CloseHandle( hModuleSnap ); // clean the snapshot object return( FALSE ); } // Now walk the module list of the process, // and display information about each module int i=1; do { _tprintf( TEXT("模块%d Base address:0x%08X"), i,(DWORD) me32.modBaseAddr); _tprintf( TEXT(" Path:%s\n"), me32.szExePath ); } while( Module32Next( hModuleSnap, &me32 ) ); EnableDebugPrivilege(FALSE); CloseHandle( hModuleSnap ); return( TRUE ); } BOOL ListProcessThreads( DWORD dwOwnerPID ) { HANDLE hThreadSnap = INVALID_HANDLE_VALUE; THREADENTRY32 te32; // Take a snapshot of all running threads hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 ); if( hThreadSnap == INVALID_HANDLE_VALUE ) return( FALSE ); // Fill in the size of the structure before using it. te32.dwSize = sizeof(THREADENTRY32); // Retrieve information about the first thread, // and exit if unsuccessful if( !Thread32First( hThreadSnap, &te32 ) ) { printError( TEXT("Thread32First") ); // show cause of failure CloseHandle( hThreadSnap ); // clean the snapshot object return( FALSE ); } // Now walk the thread list of the system, // and display information about each thread // associated with the specified process int i=1; do { if( te32.th32OwnerProcessID == dwOwnerPID ) { _tprintf( TEXT("线程%d Tid:%d\n"), i++,te32.th32ThreadID ); } } while( Thread32Next(hThreadSnap, &te32 ) ); CloseHandle( hThreadSnap ); return( TRUE ); } void printError( TCHAR* msg ) { DWORD eNum; TCHAR sysMsg[256]; TCHAR* p; eNum = GetLastError( ); FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, eNum, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language sysMsg, 256, NULL ); // Trim the end of the line and terminate it with a null p = sysMsg; while( ( *p > 31 ) || ( *p == 9 ) ) ++p; do { *p-- = 0; } while( ( p >= sysMsg ) && ( ( *p == '.' ) || ( *p < 33 ) ) ); // Display the message _tprintf( TEXT("\n WARNING: %s failed with error %d (%s)\n\n"), msg, eNum, sysMsg ); }