// -----------------------// FileName: // ProcessInfo.h // remarks: // 基于应用层实现，有的进程，如杀软进程等获取不到调用的dll列表。 // ----------------------- #pragma once #include <vector> struct ProInfo {     // 保存进程PID     unsigned int uPID;     // 保存进程名     CString strPrceName;     // 保存进程路径     CString strFullPath;     // 保存该进程调用dll名和路径     std::vector<CString> strDLLNameArr; }; class CProcessInfo { private:     // 这个用于提权的     BOOL EnableDebugPrivilege (BOOL fEnable); public:     // 保存进程名     std::vector<ProInfo> strPrceInfoArr;     CProcessInfo();     ~CProcessInfo();     // 获取进程名     void GetProcessName (void); };

// ------------------------------------------------------------------------------------------------------------------------ // FileName: //     ProcessInfo.cpp // remarks: //      基于应用层实现，有的进程，如杀软进程等获取不到调用的dll列表。 // ------------------------------------------------------------------------------------------------------------------------ #include "stdafx.h" #include "ProcessInfo.h" #include "TlHelp32.h" #include "StrSafe.h" #include "Psapi.h" // 防止错误 error LNK2019 #pragma comment(lib, "psapi.lib") CProcessInfo::CProcessInfo() { } CProcessInfo::~CProcessInfo() { } BOOL CProcessInfo::EnableDebugPrivilege(BOOL fEnable) {      BOOL fOk = FALSE;       HANDLE hToken;     // 得到进程的访问令牌     if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES,&hToken))     {            TOKEN_PRIVILEGES tp;         tp.PrivilegeCount = 1;         // 查看系统特权值并返回一个LUID结构体         LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);         tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0;         // 启用/关闭 特权         AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);         fOk = (GetLastError() == ERROR_SUCCESS);         CloseHandle(hToken);     }     else     {         return 0;     }     return(fOk); } void CProcessInfo::GetProcessName (void) {     HANDLE hProcessSnap = NULL;     HANDLE hProcessDll = NULL;     BOOL bRet = FALSE;     // 初始化dwSize为0，不然Process32First执行失败     PROCESSENTRY32 pe32 = {0};     MODULEENTRY32 me32;     LPVOID lpMsgBuf;     LPVOID lpDisplayBuf;     DWORD dwError;     ProInfo proinfo;     LPCTSTR pszFormat = TEXT("开始服务时遇到错误! %s");     // 创建一个进程快照     if(!EnableDebugPrivilege(1))     {         MessageBox(NULL, _T("提权失败！"), _T("提示"), MB_OK|MB_ICONEXCLAMATION);     }     hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);     if (hProcessSnap == INVALID_HANDLE_VALUE)     {         dwError = GetLastError();         FormatMessage(             FORMAT_MESSAGE_ALLOCATE_BUFFER|             FORMAT_MESSAGE_FROM_SYSTEM|             FORMAT_MESSAGE_IGNORE_INSERTS,             NULL,             dwError,             MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),             LPTSTR(&lpMsgBuf),             0,             NULL);         lpDisplayBuf = (LPVOID)LocalAlloc(             LMEM_ZEROINIT,             (lstrlen((LPCTSTR)lpMsgBuf)+lstrlen(pszFormat))*sizeof(TCHAR));         // 格式化字符串         StringCchPrintf(             (LPTSTR)lpDisplayBuf,             LocalSize(lpDisplayBuf),            // 字节数             pszFormat,             lpMsgBuf);         CString strTemp;         strTemp.Format(TEXT("错误编码为:%d"), dwError);         ::MessageBox(NULL, (LPCTSTR)lpDisplayBuf, strTemp, MB_OK|MB_ICONEXCLAMATION);         // 清理分配的内存         LocalFree(lpMsgBuf);         LocalFree(lpDisplayBuf);         return;     }     pe32.dwSize = sizeof(PROCESSENTRY32);     Module32First(hProcessSnap, &me32);     if (Process32First(hProcessSnap, &pe32))     {         do         {                 WCHAR path[MAX_PATH]={0};             proinfo.uPID = pe32.th32ProcessID;             proinfo.strPrceName = pe32.szExeFile;             HMODULE hModule;             HANDLE hProcess;             DWORD needed;             hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pe32.th32ProcessID);             if (hProcess)             {                 // 枚举进程                 EnumProcessModules(hProcess, &hModule, sizeof(hModule), &needed);                 // 获取进程的全路径                 GetModuleFileNameEx(hProcess, hModule, path, sizeof(path));                 // 保存路径                 proinfo.strFullPath = path;             }             else             {                 proinfo.strFullPath = _T("无法获得进程路径");             }             strPrceInfoArr.push_back(proinfo);         }         while (Process32Next(hProcessSnap, &pe32));     }     std::vector<ProInfo>::iterator iter;     for (iter = strPrceInfoArr.begin(); iter != strPrceInfoArr.end(); iter++)     {         // 获取该进程的快照         hProcessDll = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, iter->uPID);         me32.dwSize = sizeof(MODULEENTRY32);         if (!Module32First(hProcessDll, &me32 ) || iter->uPID==0)         {             continue;         }         do         {              iter->strDLLNameArr.push_back(me32.szExePath);         }         while( Module32Next(hProcessDll, &me32));     }     // 关闭特权     EnableDebugPrivilege(0);     // 关闭内核对象     CloseHandle(hProcessSnap ); }