phead->Disk=(WCHAR)i;
break;
}
}
szModPath[0]=phead->Disk;
szModPath[1]=':';
szModPath[2]='\0';
wcscpy(Path,szModPath+23);
wcscat(szModPath,Path);
delete phead;
delete Temp3;
return 0;
}
BOOL EnableDebugPrivilege(BOOL fEnable)//这个用于提权的
{
BOOL fOk = FALSE;
HANDLE hToken;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES,&hToken))
{
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
LookupPrivilegeva lue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.Privileges[0].Attributes = fEnable SE_PRIVILEGE_ENABLED : 0;
AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
fOk = (GetLastError() == ERROR_SUCCESS);
CloseHandle(hToken);
}
else
{
return 0;
}
return(fOk);
}
void EnumModlueAll(DWORD dwPID)
{
HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,dwPID);
if(hProcess==INVALID_HANDLE_VALUE)
{ printf(" open process failed!\n");
return;
}
DWORD size=0,ret=0;
EnumProcessModules(hProcess,NULL,size,&ret);
HMODULE *parry=(HMODULE*)malloc(ret+4);
memset(parry,0,ret+4);
if(EnumProcessModules(hProcess,parry,ret+4,&ret))
{
char* path=new char[MAX_PATH];
memset(path,0,MAX_PATH);
UINT i=0;
while(GetModuleFileNameEx(hProcess,parry[i],path,MAX_PATH))
{
printf("方法3模块:%s\n",path);
memset(path,0,MAX_PATH);
i++;
}
delete path;
}
free(parry);
CloseHandle(hProcess);
}
void EnumModuleEx(DWORD dwPID)
{
DWORD status;
HMODULE hMod=GetModuleHandle("ntdll.dll");
RTLCREATEQUERYDEBUGBUFFER RtlCreateQueryDebugBuffer=(RTLCREATEQUERYDEBUGBUFFER )GetProcAddress(hMod,"RtlCreateQueryDebugBuffer");
RTLQUERYPROCESSDEBUGINFORMATION RtlQueryProcessDebugInformation=(RTLQUERYPROCESSDEBUGINFORMATION)GetProcAddress(hMod,"RtlQueryProcessDebugInformation");
RTLDESTROYDEBUGBUFFER RtlDestroyQueryDebugBuffer =(RTLDESTROYDEBUGBUFFER )GetProcAddress(hMod,"RtlDestroyQueryDebugBuffer");
if((hMod==NULL)||(RtlDestroyQueryDebugBuffer==NULL)||(RtlQueryProcessDebugInformation==NULL)||(RtlCreateQueryDebugBuffer==NULL))
{
printf("函数定位失败!\n");
return ;
}
PDEBUG_BUFFER Buffer=RtlCreateQueryDebugBuffer(0,FALSE);
status=RtlQueryProcessDebugInformation(dwPID,PDI_MODULES ,Buffer);
if(status<0)
{
printf("RtlQueryProcessDebugInformation函数调用失败,进程开了保护\n");
return ;
}
ULONG count=*(PULONG)(Buffer->ModuleInformation);
ULONG hModule=NULL;
PDEBUG_MODULE_INFORMATION ModuleInfo=(PDEBUG_MODULE_INFORMATION)((ULONG)Buffer->ModuleInformation+4);
for(ULONG i=0;i {
printf("方法4列出的模块:%s\n",ModuleInfo->ImageName);
ModuleInfo++;
}
RtlDestroyQueryDebugBuffer(Buffer);
}
void EnumSelfModule()
{
|