The younger brother's starter's SDK time is not long, wrote a small thing .... Let's get together, don't write, don't you .....
This is recorded for the currently running process and can operate any process.
First, please enumerate all the processes, then record all the processes, use the showProcess function
ShowProcess operates all the processes, separates the information of each process into the ProcessAttribute structure
What information is required for depositing into a structure, I will explain it?
1. There are 1 id for each run, and you need this ID to be operated, and this ID is moving.
State randomly allocated, after 1 process, the address occupied by this process is released, and the ID number will also be released, and the liberated ID number may be used by the next prompt process.
2, the name of the process. As mentioned above, the ID of the process has time to lose with the process of demise.
Uniqueness, so use the ID number to determine the process is not possible, and it is necessary to reflect the uniqueness of the Delta ID number. This requires a structure, and this structure is to record a certain process name. ID, let the name are bind together with the ID, which can be operated for a process.
3. Since our process is generally a general user-level, it is impossible to operate some system processes, so we must improve the privilege of the process. Every process has a token, used to determine his level, we only need to improve this level Yes, you can also operate the system process after increasing.
In this program, I turned off 1 system process so that Windows could not use it normally, only heavy ... ..
I don't discuss it with random start ... I will delete the code, interested friends can write it yourself.
Now attached to code
#include
#include
#include
/ / =========================================================================================================================================================================================== ==========
// Structural Name: ProcessAttribute
// Function: The relevant properties of a single process is saved.
/ / =========================================================================================================================================================================================== ==========
Struct ProcessAttribute
{
DWORD ID; // Process ID
Char EXEFILE [100]; // The name of the process
INT TOTAL; / / The determination process is 1 to exist the rest of the value
}
/ / =========================================================================================================================================================================================== ================= // function name: showProcess
// Features: Write the process running within the system and store the process related information.
// Parameter: Pattribute Data Type: ProcessAttribute Type Pointer
// Features: Receive the ProcessAttribute structure
// Return value: Return 1 after the call is successful, return 0 after the failure;
/ / =========================================================================================================================================================================================== ================
Int ShowProcess (ProcessAttribute * Pattribute)
{
Handle snapshot; // Declare 1 handle variable, receive the return value of the CreateToolhelp32Snapshot function
TagProcesSsentry32 Process; // Declare structure (see MSDN's Process32First function)
Char * processinformation, * ptotal
File * fp; // Establish a file pointer
INT TOTAL = 0, n = 0;
ProcessAttribute * top;
TOP = Pattribute;
FP = fopen ("prcospsinformation.txt", "w "); // Establish or open 1 file named prcossionInformation
Process.dwsize = sizeof (tagprocesstry32);
Snapshot = CreateToolHelp32Snapshot (TH32CS_SNAPPROCESS, 0); // Receive handle value
IF (Process32First (Snapshot, & Process) == True) / / for abnormal processing
{
While (Process32Next (Snapshot, & Process))
{
Processinformation = ptotal = process.szexefile; // Point ProssionInformation points to process.szexefile strings
While (* ptotal! = '/ 0')
{
TOP-> EXEFILE [N] = * ptotal; // Pass the first address of the character array of the process name to the TOP structure EXEFILETAL ;
Ptotal ;
N ;
}
TOP-> EXEFILE [N] = '/ 0';
n = 0;
TOP-> ID = process.th32processid; // will be stored in the TOP structure in TOP structure in the TOP structure in the TOP structure.
TOP-> Total = 1; // Decision Process exists
FWRITE (ProcessInformation, Sizeof (Char), Total, FP);
Total = 0;
TOP ;
}
CloseHandle (Snapshot); // Close handle
Fclose (fp); // Close the file
Return 1;
}
Else
Return 0;
}
/ / =========================================================================================================================================================================================== ====================
// Function name: CheckProcess
// Features: Deconstimate whether the process now run is an illegal process provided by the illegal process table.
// Parameter: Processattribute data structure: Pattribute structure pointer
// Function: Incontinent in a Pattribute structure pointer, can only be passed to 1 process property, and then
// Incoming
// Return parameters: ID or 0, 1
// Description: 0 is not searching illegal process, ID is the ID number search for illegal processes
// 1 is not found to find an illegal process table file
/ / =========================================================================================================================================================================================== ====================
DWORD CheckProcess (ProcessAttribute * Pattribute)
{
File * fp;
DWORD ID;
Char data [100] = {"svchost.exe"}, * pdata, * init;
INT NTOP = 0, M = 0;
ProcessAttribute * top;
PDATA = INIT = DATA;
TOP = Pattribute;
IF (strcmp (pdata, top-> exec) == 0) {
ID = TOP-> ID;
Return ID;
}
Return 0;
}
/ / =========================================================================================================================================================================================== =============
// Function Name: CloseProcess
// Function: Turn off the selected process
/ / Parameter: ProcessID Data Type: DWORD
// Function: Select the process ID to be turned off
/ / =========================================================================================================================================================================================== =============
Void CloseProcess (DWORD Processid)
{
Handle HProcess; // Handle
HProcess = OpenProcess (process_terminate, true, processid); // Get the handle of the process
TerminateProcess (HProcess, 0);
CloseHandle (HPROCESS); // Close the handle
}
/ / =========================================================================================================================================================================================== ================
// Function Name: EnablePrivilege
// Function: Improvement Permissions
/ / =========================================================================================================================================================================================== ================
BOOL EnablePrivilege () {
Handle htokeen;
Luid Debugvalue;
Token_Privileges TKP;
IF (! openprocess (), token_adjust_privileges | token_query, & htokeen)
Return False;
IF (! Lookupprivilerage ((tchar *) NULL, SE_DEBUG_NAME, & DEBUGVALUE))
Return False;
Tkp.priVilegect = 1;
Tkp.privileges [0] .luid = Debugvalue;
Tkp.privileges [0] .attributes = se_privilege_enabled;
AdjustTokenPrivileges (HTOKEN,
False,
& TKP,
Sizeof (Token_Privileges),
(Ptoken_privileges) NULL,
(PDWORD) NULL
);
IF (getLastError () == error_success) {
CloseHandle (HTOKEN);
Return True;
}
Else {
CloseHandle (HTOKEN);
Return False;
}
}
void main ()
{
ProcessAttribute Aprocess [100], * PAPROCESS
Paprocess = aprocess;
DWORD ID, ID;
ShowProcess (PAPROCESS);
EnablePrivilege ();
While (paprocess-> total == 1)
{
ID = CheckProcess (PAPROCESS);
IF (id! = 0)
CloseProcess (ID);
PAPROCESS ;
}
}
