C++ CreateToolhelp32Snapshot函数代码示例

void ListProcessThreads(DWORD dwOwnerPID)
{
    HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
    THREADENTRY32 te32;

    hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);

    if (hThreadSnap == INVALID_HANDLE_VALUE)
        return;

    te32.dwSize = sizeof(THREADENTRY32);

    if (!Thread32First(hThreadSnap, &te32))
    {
        CloseHandle(hThreadSnap);
        return;
    }

    DWORD result = 0;
    do
    {
        if (te32.th32OwnerProcessID == dwOwnerPID)
        {
            printf("\n     THREAD ID = 0x%08X", te32.th32ThreadID);

            HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, te32.th32ThreadID);
            PTEB pTeb = GetTeb(hThread);
            printf("\n     TEB = %p\n", pTeb);

            CloseHandle(hThread);
        }
    } while (Thread32Next(hThreadSnap, &te32));

    printf("\n");
    CloseHandle(hThreadSnap);
}

PIDList GetProcessIDsByName(const char* processName)
{
    // list of correct PIDs
    PIDList pids;

    // gets a snapshot from 32 bit processes
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hSnapshot == INVALID_HANDLE_VALUE)
    {
        printf("ERROR: Can't get snapshot from 32 bit processes, ");
        printf("ErrorCode: %u\n", GetLastError());
        return pids;
    }

    // a 32 bit process entry from a snapshot
    PROCESSENTRY32 processEntry;
    // from MSDN: The calling application must set the
    // dwSize member of PROCESSENTRY32 to the size, in bytes, of the structure.
    processEntry.dwSize = sizeof(PROCESSENTRY32);

    // checks the first process from the snapshot
    if (Process32First(hSnapshot, &processEntry))
    {
        do
        {
            // process found
            if (!strcmp(processEntry.szExeFile, lookingProcessName))
                pids.push_back(processEntry.th32ProcessID);
        }
        // loops over the snapshot
        while (Process32Next(hSnapshot, &processEntry));
    }
    CloseHandle(hSnapshot);

    return pids;
}

void ProcessList()
{
	// 1. ListBox 초기화(비워주기)
	SendMessage(hMainList, LVM_DELETEALLITEMS, 0, 0);

	// 2. Process 리스트 나열  
	HANDLE	hSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0);
	if( hSnap == 0 )
		return ;

	PROCESSENTRY32 ppe;
	BOOL	b     = Process32First(hSnap, &ppe);
	while( b )
	{
		int i=0;
		// ListBox Ctrl에 데이터 추가 
		ListBoxAddData(i, ppe);

		b = Process32Next(hSnap, &ppe);
	}
	SetWindowText(hStaticLog, "프로세스 리스트를 초기화 하였습니다.");

	CloseHandle(hSnap);
}

bool CMDIClient::killKernel(bool bKill)
{
	bool bReturn = false;
	wchar_t p[260] = {L"moneyhub.exe"};
	this->getPriviledge();

	HANDLE hand = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
	if(hand != INVALID_HANDLE_VALUE)
	{
		PROCESSENTRY32W pew = {sizeof(PROCESSENTRY32W)};
		bool bHaveOther=false;
		Process32FirstW(hand,&pew );	

		do{
			_wcslwr_s(pew.szExeFile, 260);

			if(!wcscmp(pew.szExeFile,p) && GetCurrentProcessId()!=pew.th32ProcessID)
			{
				HANDLE h = OpenProcess(PROCESS_TERMINATE, FALSE, pew.th32ProcessID);
				if( h )
				{
					if( TerminateProcess(h, 1) )
						bReturn = true;

					CloseHandle(h);
				}
			}

		}while(Process32NextW(hand,&pew));


		CloseHandle(hand);	
	}

	return bReturn ;
}

// Return None to represent NoSuchProcess, else return NULL for
// other exception or the name as a Python string
PyObject*
psutil_get_name(long pid)
{
    HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    PROCESSENTRY32 pe = { 0 };
    pe.dwSize = sizeof(PROCESSENTRY32);

    if( Process32First(h, &pe)) {
        do {
            if (pe.th32ProcessID == pid) {
                CloseHandle(h);
                return Py_BuildValue("s", pe.szExeFile);
            }
        } while(Process32Next(h, &pe));

        // the process was never found, set NoSuchProcess exception
        NoSuchProcess();
        CloseHandle(h);
        return NULL;
    }

    CloseHandle(h);
    return PyErr_SetFromWindowsErr(0);
}

DWORD FindProcess(TCHAR *szName) 
{ 
  HINSTANCE            hProcessSnap   = NULL; 
  PROCESSENTRY32    pe32           = {0}; 
  DWORD                dwTaskCount    = 0; 
  
  hProcessSnap = (HINSTANCE)CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0); 
  if (hProcessSnap == (HANDLE)-1) return 0; 

  dwTaskCount = 0; 
  pe32.dwSize = sizeof(PROCESSENTRY32);   // must be filled out before use 
  if (Process32First(hProcessSnap, &pe32)) { 
    do { 
      if (_wcsicmp(pe32.szExeFile,szName)==0) 
     { 
        CloseToolhelp32Snapshot(hProcessSnap); 
        return pe32.th32ProcessID; 
     } 
    } 
    while (Process32Next(hProcessSnap, &pe32)); 
  } 
  CloseToolhelp32Snapshot(hProcessSnap); 
  return 0; 
} 

//通过进程PID获取线程TID
DWORD GetTIDbyPID(DWORD PID)
{
	if (PID != NULL)
	{
		DWORD dwThreadID=NULL;
		THREADENTRY32 te32 = { sizeof(te32) };
		HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
		if (Thread32First(hThreadSnap, &te32))
		{
			do
			{
				if (PID == te32.th32OwnerProcessID)
				{
					dwThreadID = te32.th32ThreadID;
					break;
				}
			} while (Thread32Next(hThreadSnap, &te32));
		}
		wprintf(L"ThreadId:%d\n", dwThreadID);
		return dwThreadID;
	}
	else
		return NULL;
}

//------------------------------------------------------
// ComboBox 에 현재의 process 목록을 저장하는 함수
//-------------------------------------------------------
void Refresh( HWND hCombo )
{
    // 1. ComboBox 초기화(비워주기)
    SendMessage(hCombo, CB_RESETCONTENT, 0, 0);

    // 2. ComboBox 채우기
    HANDLE	hSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0);

    PROCESSENTRY32 ppe;
    BOOL	b     = Process32First(hSnap, &ppe);
    while( b )
    {
        // LPARAM : 집어넣을 process명.
        int index = SendMessage(hCombo, CB_ADDSTRING, 0, (LPARAM)ppe.szExeFile);

        SendMessage(hCombo, CB_SETITEMDATA, index, (LPARAM)ppe.th32ProcessID);

        b = Process32Next(hSnap, &ppe);
    }
    CloseHandle(hSnap);

    // 3. ComboBox 데이터 선택
    SendMessage(hCombo, CB_SETCURSEL, 1, 0);
}

int DetectCheats(const char **names, int n, DWORD *pids)
{
	int found = 0;
	HANDLE snapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (snapShot == INVALID_HANDLE_VALUE)
	{
		return found;
	}

	PROCESSENTRY32 processEntry;
	processEntry.dwSize = sizeof(PROCESSENTRY32);
	ZeroMemory(&processEntry.cntUsage, sizeof(PROCESSENTRY32) - sizeof(DWORD));
	if (Process32First(snapShot, &processEntry))
	{
		do
		{
			int i;
			for (i = 0; i < n; ++i)
			{
				if (!StrICmp(GetBaseName(processEntry.szExeFile), names[i]))
				{
					continue;
				}
				else
				{
					pids[found] = processEntry.th32ProcessID;
					++found;
					DebugOutput(names[i]);
					break;
				}
			}
		} while (Process32Next(snapShot, &processEntry));
	}
	CloseHandle(snapShot);
	return found;
}

unsigned long GetProcIdByProcName(const std::string& procName)
{
	PROCESSENTRY32 entry;
	DWORD dwPID = 0;

	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (hSnapshot == 0 || hSnapshot == INVALID_HANDLE_VALUE)
		return dwPID;

	entry.dwSize = sizeof(entry);
	Process32First(hSnapshot, &entry);

	while (Process32Next(hSnapshot, &entry))
	{
		if (boost::iequals(entry.szExeFile, procName))
		{
			dwPID = entry.th32ProcessID;
			break;
		}
	}

	CloseHandle(hSnapshot);
	return dwPID;
}

//Based on http://stackoverflow.com/a/1173396
void Process::kill(id_type id, bool force) {
  if(id==0)
    return;
  HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  if(snapshot) {
    PROCESSENTRY32 process;
    ZeroMemory(&process, sizeof(process));
    process.dwSize = sizeof(process);
    if(Process32First(snapshot, &process)) {
      do {
        if(process.th32ParentProcessID==id) {
          HANDLE process_handle = OpenProcess(PROCESS_TERMINATE, FALSE, process.th32ProcessID);
          if(process_handle) {
            TerminateProcess(process_handle, 2);
            CloseHandle(process_handle);
          }
        }
      } while (Process32Next(snapshot, &process));
    }
    CloseHandle(snapshot);
  }
  HANDLE process_handle = OpenProcess(PROCESS_TERMINATE, FALSE, id);
  if(process_handle) TerminateProcess(process_handle, 2);
}

//Based on http://stackoverflow.com/a/1173396
void Process::kill(bool force) {
  std::lock_guard<std::mutex> lock(close_mutex);
  if(data.id>0 && !closed) {
    HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if(snapshot) {
      PROCESSENTRY32 process;
      ZeroMemory(&process, sizeof(process));
      process.dwSize = sizeof(process);
      if(Process32First(snapshot, &process)) {
        do {
          if(process.th32ParentProcessID==data.id) {
            HANDLE process_handle = OpenProcess(PROCESS_TERMINATE, FALSE, process.th32ProcessID);
            if(process_handle) {
              TerminateProcess(process_handle, 2);
              CloseHandle(process_handle);
            }
          }
        } while (Process32Next(snapshot, &process));
      }
      CloseHandle(snapshot);
    }
    TerminateProcess(data.handle, 2);
  }
}

void getProcList(){
	for (int i=0; i<32; i++)
		wsprintf(procLIST[i].szName, L"");
	PROCESSENTRY32 pe32;
	DWORD dwPID=0;
	HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPNOHEAPS | TH32CS_SNAPPROCESS, dwPID);
	if(hProcessSnap ==INVALID_HANDLE_VALUE)
		return;
	pe32.dwSize=sizeof(PROCESSENTRY32);
	if( !Process32First( hProcessSnap, &pe32 ) ){
		CloseToolhelp32Snapshot(hProcessSnap);
		return;
	}
	do{
		procLIST[iLISToffset].dwID=pe32.th32ProcessID;
		wsprintf(procLIST[iLISToffset++].szName, L"%s", pe32.szExeFile);
	} while( Process32Next( hProcessSnap, &pe32 ) );

	CloseToolhelp32Snapshot(hProcessSnap);

	//for (int i=0; i<32; i++){
	//	DEBUGMSG(1, (L"%i\t0x%08x\t'%s'\n", i, procLIST[i].dwID, procLIST[i].szName));
	//}
}

/* not really optimal, or efficient, but it's easier this way, and it's not
like we are going to be killing thousands, or even tens or processes. */
static void
kill_all(DWORD pid, HANDLE process)
{
    HANDLE process_snapshot_h = INVALID_HANDLE_VALUE;
    if ( !pid )
    {
        pid = get_process_id(process);
    }
    process_snapshot_h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    
    if (INVALID_HANDLE_VALUE != process_snapshot_h)
    {
        BOOL ok = TRUE;
        PROCESSENTRY32 pinfo;
        pinfo.dwSize = sizeof(PROCESSENTRY32);
        for (
            ok = Process32First(process_snapshot_h,&pinfo);
            TRUE == ok;
            ok = Process32Next(process_snapshot_h,&pinfo) )
        {
            if (pinfo.th32ParentProcessID == pid)
            {
                /* found a child, recurse to kill it and anything else below it */
                HANDLE ph = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pinfo.th32ProcessID);
                if (NULL != ph)
                {
                    kill_all(pinfo.th32ProcessID,ph);
                    CloseHandle(ph);
                }
            }
        }
        CloseHandle(process_snapshot_h);
    }
    /* now that the children are all dead, kill the root */
    TerminateProcess(process,-2);
}

DWORD FindProcessID(DWORD InheritedFromUniqueProcessId)
{


	if (InheritedFromUniqueProcessId != -1 )
	{

		HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

		PROCESSENTRY32 pe32;

		pe32.dwSize = sizeof( PROCESSENTRY32 );

		Process32First( hSnapshot, &pe32 );
		do
		{

			if ( pe32.th32ProcessID == InheritedFromUniqueProcessId )
				break;
		}while (Process32Next( hSnapshot, &pe32 ));
		CloseHandle(hSnapshot);
	}
	return InheritedFromUniqueProcessId;
}