我使用EnumProcess函数来枚举进程,如下:
void CInjectDlg::OnListprocess()
{
// TODO: Add your control notification handler code here
::SendMessage(::GetDlgItem(this->GetSafeHwnd(),IDC_PROCESSLIST),LB_RESETCONTENT,(WPARAM)0,(LPARAM)0);
DWORD dwProcesses[512];
char szBuffer[256];
DWORD dwRet;
HANDLE hProcess;
if(!::EnumProcesses(dwProcesses,sizeof(dwProcesses),&dwRet))
{
MessageBox("Can not EnumProcesses","Failure");
return;
}
int iProcess=dwRet/sizeof(DWORD);
for(int i=0;i<iProcess;i++)
{
memset(szBuffer,0,sizeof(szBuffer));
hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,dwProcesses[i]);
DWORD dwErr=GetLastError();
dwRet=::GetModuleFileNameEx(hProcess,(HINSTANCE)0,szBuffer,sizeof(szBuffer));
CloseHandle(hProcess);
if(dwRet!=0)
::SendMessage(::GetDlgItem(this->GetSafeHwnd(),IDC_PROCESSLIST),LB_ADDSTRING,(WPARAM)0,(LPARAM)szBuffer);
}
}在OpenProcess的时候大部分返回NULL,GetLastError返回87,参数错误,或者是5,访问拒绝.
最后显示出来的进程也比windows的任务管理器少了很多,怎么回事????????另外想请问的是,还有没有其他方面枚举系统进程?
void CInjectDlg::OnListprocess()
{
// TODO: Add your control notification handler code here
::SendMessage(::GetDlgItem(this->GetSafeHwnd(),IDC_PROCESSLIST),LB_RESETCONTENT,(WPARAM)0,(LPARAM)0);
DWORD dwProcesses[512];
char szBuffer[256];
DWORD dwRet;
HANDLE hProcess;
if(!::EnumProcesses(dwProcesses,sizeof(dwProcesses),&dwRet))
{
MessageBox("Can not EnumProcesses","Failure");
return;
}
int iProcess=dwRet/sizeof(DWORD);
for(int i=0;i<iProcess;i++)
{
memset(szBuffer,0,sizeof(szBuffer));
hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,dwProcesses[i]);
DWORD dwErr=GetLastError();
dwRet=::GetModuleFileNameEx(hProcess,(HINSTANCE)0,szBuffer,sizeof(szBuffer));
CloseHandle(hProcess);
if(dwRet!=0)
::SendMessage(::GetDlgItem(this->GetSafeHwnd(),IDC_PROCESSLIST),LB_ADDSTRING,(WPARAM)0,(LPARAM)szBuffer);
}
}在OpenProcess的时候大部分返回NULL,GetLastError返回87,参数错误,或者是5,访问拒绝.
最后显示出来的进程也比windows的任务管理器少了很多,怎么回事????????另外想请问的是,还有没有其他方面枚举系统进程?
PSAPI函数来实现。
WIN 9X下查找隐藏进程实现方法
http://it.rising.com.cn/safety/syjq/syjq/020324.htm
you can find what you want to get.http://www.csdn.net/Expert/TopicView1.asp?id=977793