// tt2.cpp : 定义控制台应用程序的入口点.
#include "stdafx.h"
#include <windows.h>
#include <iostream.h>
#include "Shlwapi.h"
#include "Psapi.h"
#pragma comment(lib,"Psapi.lib")
bool DebugPrivilege(const char *PName, BOOL bEnable)
{
bool bResult = TRUE;
HANDLE hToken;
TOKEN_PRIVILEGES TokenPrivileges;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
{
bResult = FALSE;
return bResult;
}
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
LookupPrivilegeValue(NULL, PName, &TokenPrivileges.Privileges[0].Luid);
AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
if (GetLastError() != ERROR_SUCCESS)
{
bResult = FALSE;
}
CloseHandle(hToken);
return bResult;
}
//我们以“计算器”这个实例来枚举该进程的所有用到的模块的句柄,并打印出来
int main()
{
DebugPrivilege(SE_DEBUG_NAME, TRUE);
HMODULE nHmodule[1024]={NULL};
char lpFilename[MAX_PATH]="";
DWORD cbNeeded=0;
HWND hwnd=::FindWindow(NULL,"计算器");//以计算机为例子,枚举它的模块句柄
DWORD idProcess=0;
::GetWindowThreadProcessId(hwnd,&idProcess);//获取计算器进程ID
HANDLE hCalc=::OpenProcess(PROCESS_ALL_ACCESS,NULL,idProcess);//获取进程的句柄
if (!hCalc)
{
CloseHandle(hwnd);
::MessageBox(NULL,"很遗憾,你没有运行计算器","EnumProcessModules",MB_OK);
}
else
{
BOOL bRetn= ::EnumProcessModules(hCalc,nHmodule,sizeof(nHmodule),&cbNeeded);
if (!bRetn)
{
CloseHandle(hCalc);
::MessageBox(NULL,"很遗憾,获取模块句柄失败","EnumProcessModules",MB_OK);
}
else
{
for (int i=0;i<((int)cbNeeded/sizeof(HMODULE));i++)
{
cout<<"第"<<i<<"个:";
GetModuleFileNameEx(hCalc,nHmodule[i],lpFilename,MAX_PATH);
cout<<lpFilename;
cout<<endl;
}
}
}
DebugPrivilege(SE_DEBUG_NAME, FALSE);
return 0;
}
浙公网安备 33010602011771号