+设为首页 +添加到收藏夹
BOOL hook_TerminateProcess(
HANDLE hProcess, // handle to the process
UINT uExitCode // exit code for the process
);
我怎么判断要结束的进程是我自己的进程?
我曾经尝试:
HMODULE hmod;
DWORD cbNeeded;
if(EnumProcessModules(hProcess,&hmod,sizeof(hmod),&cbNeeded)==0)
{
//GetLastError();
char buffer[30];
sprintf(buffer,"errorcode=%d",GetLastError());
MessageBox(NULL,buffer,"EnumProcessModules",MB_OK);
return FALSE;
}
if(GetModuleFileNameEx(hProcess,hmod,dir,sizeof(dir))==0)
{
char buffer[30];
sprintf(buffer,"errorcode=%d",GetLastError());
MessageBox(NULL,buffer,"GetModuleFileNameEx",MB_OK);
return FALSE;
}
但是EnumProcessModules()返回错误是:ERROR_ACCESS_DENIED
我怎么判断呢?请高手指点,很急
typedef struct _SYSTEM_HANDLE
{
DWORD ProcessID;
WORD HandleType;
WORD HandleNumber;
DWORD KernelAddress;
DWORD Flags; //?PROCESS_QUERY_INFORMATION | PROCESS_VM_READ
} SYSTEM_HANDLE;
typedef struct _SYSTEM_HANDLE_INFORMATION
{
DWORD Count;
SYSTEM_HANDLE Handles[1];
} SYSTEM_HANDLE_INFORMATION;
NtQuerySystemInfomation获得所有句柄的信息结构数组
NtQueryObject获取句柄对应的类型名字等信息,如果该名字是Process,
用SYSTEM_HANDLE.HandleNumber比较你要找的句柄.
DuplicateHandle( OpenProcess( PROCESS_DUP_HANDLE, TRUESYSTEM_HANDLE.processId ),
你要找的句柄,
GetCurrentProcess(),
&DstHandle,
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, 0 );
此时EnumProcessModules就可以用这个DstHandle枚举进程名了
