HANDLE GetProcessHandle(const char* filename, DWORD* dwProcessID)
{
HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);
if (!ImprovePrivilege())
{
return FALSE;
}
PROCESSENTRY32 pEntry;
pEntry.dwSize = sizeof (pEntry);
BOOL hRes = Process32First(hSnapShot, &pEntry);
DWORD dwExitCode = 0;
while (hRes){
if (strcmp(pEntry.szExeFile, filename) == 0){
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, 0, (DWORD) pEntry.th32ProcessID);
if (hProcess != NULL){
printf("Finded %s Process ID:%d\n", filename, pEntry.th32ProcessID);
*dwProcessID = (DWORD) pEntry.th32ProcessID;
CloseHandle(hSnapShot);
return hProcess;
}
}
hRes = Process32Next(hSnapShot, &pEntry);
}
CloseHandle(hSnapShot);
return NULL;
}
BOOL NTPauseResumeThreadList(const char* filename, BOOL bResumeThread){
_NtSuspendProcess NtSuspendProcess = 0;
_NtResumeProcess NtResumeProcess = 0;
//
// Obtain our function imports.
//
NtSuspendProcess = (_NtSuspendProcess) GetProcAddress( GetModuleHandle( "ntdll" ), "NtSuspendProcess" );
NtResumeProcess = (_NtResumeProcess) GetProcAddress( GetModuleHandle( "ntdll" ), "NtResumeProcess" );
HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);
if (!ImprovePrivilege())
{
return FALSE;
}
PROCESSENTRY32 pEntry;
pEntry.dwSize = sizeof (pEntry);
BOOL hRes = Process32First(hSnapShot, &pEntry);
DWORD dwExitCode = 0;
while (hRes){
if (strcmp(pEntry.szExeFile, filename) == 0){
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, (DWORD) pEntry.th32ProcessID);
if (hProcess != NULL){
if (bResumeThread){
if( NtResumeProcess){
printf("Resume Process:%d\n", pEntry.th32ProcessID);
NtResumeProcess( hProcess);
}
}else{
if( NtSuspendProcess ){
printf("Suspend Process:%d\n", pEntry.th32ProcessID);
NtSuspendProcess( hProcess );
}
}
CloseHandle(hProcess);
CloseHandle(hSnapShot);
return TRUE;
}
}
hRes = Process32Next(hSnapShot, &pEntry);
}
CloseHandle(hSnapShot);
return FALSE;
}
//读取魔兽内存,判断是否处于聊天状态
bool ReadChatFlag(bool& isChatting)
{
isChatting = false;
if(g_hwnd==NULL)
return false;
DWORD pid; //魔兽进程ID
GetWindowThreadProcessId(g_hwnd,&pid); //获取进程的ID
//如果特权没有提升,则提升权限,否则无法读取魔兽内存
if(!g_bPrivilegeImproved)
{
ImprovePrivilege();
}
HANDLE hProcess; //魔兽进程句柄
if(g_bPrivilegeImproved) //权限提高成功
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS,false,pid); //打开进程
}
int res=0;
BYTE buf = 0; //存储读取的内存地址
if(hProcess)
{
res = ReadProcessMemory(hProcess,(LPVOID)CHAT_ADDRESS_24E , &buf,1,NULL); //读取内存
if(res!=0) //读取成功
{
isChatting = buf==1 ? true : false;
return true;
}
else
{
isChatting = false;
return true;
}
}
else
return false;
return true;
}
BOOL ProcessList()
{
HANDLE hProcessSnap = NULL;
BOOL bRet = FALSE;
PROCESSENTRY32 pe32 = {0};
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (!ImprovePrivilege())
{
return FALSE;
}
if (hProcessSnap == INVALID_HANDLE_VALUE)
return (FALSE);
// Fill in the size of the structure before using it.
pe32.dwSize = sizeof(PROCESSENTRY32);
// Walk the snapshot of the processes, and for each process,
// display information.
if (Process32First(hProcessSnap, &pe32))
{
do
{
printf("PID \t%d\t%s\n", pe32.th32ProcessID, pe32.szExeFile);
//cout << _T("PID\t") << pe32.th32ProcessID << '\t' << pe32.szExeFile << '\n';
}
while (Process32Next(hProcessSnap, &pe32));
bRet = TRUE;
}
else
bRet = FALSE; // could not walk the list of processes
// Do not forget to clean up the snapshot object.
CloseHandle (hProcessSnap);
return (bRet);
}
bool OpenMap()
{
if(g_hwnd==NULL)
return false;
DWORD pid; //魔兽进程ID
GetWindowThreadProcessId(g_hwnd,&pid); //获取进程的ID
//如果特权没有提升,则提升权限,否则无法读取魔兽内存
if(!g_bPrivilegeImproved)
{
ImprovePrivilege();
}
HANDLE hProcess; //魔兽进程句柄
if(g_bPrivilegeImproved) //权限提高成功
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS,false,pid); //打开进程
}
int res=0;
int nMapType = 1; //总是可见
if(hProcess)
{
// res = ReadProcessMemory(hProcess,(LPVOID)CHAT_ADDRESS_24E , &buf,1,NULL); //读取内存
res = WriteProcessMemory(hProcess,(LPVOID)0x09A50478,&nMapType,4,NULL);
if(res!=0) //写入成功
{
return true;
}
else
{
return true;
}
}
else
return false;
return true;
}
BOOL PauseResumeThreadList(DWORD dwOwnerPID, BOOL bResumeThread)
{
HANDLE hThreadSnap = NULL;
BOOL bRet = FALSE;
THREADENTRY32 te32 = {0};
// Take a snapshot of all threads currently in the system.
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (!ImprovePrivilege())
{
return FALSE;
}
if (hThreadSnap == INVALID_HANDLE_VALUE)
return (FALSE);
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32);
// Walk the thread snapshot to find all threads of the process.
// If the thread belongs to the process, add its information
// to the display list.
if (Thread32First(hThreadSnap, &te32))
{
do
{
if (te32.th32OwnerProcessID == dwOwnerPID)
{
//HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, TRUE, te32.th32ThreadID);
HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
if(hThread==NULL){
return FALSE;
}
if (bResumeThread)
{
//cout << _T("Resuming Thread 0x") << cout.setf( ios_base::hex ) << te32.th32ThreadID << '\n';
printf("Resuming Thread %d\n", te32.th32ThreadID);
ResumeThread(hThread);
}
else
{
//cout << _T("Suspending Thread 0x") << cout.setf( ios_base::hex ) << te32.th32ThreadID << '\n';
printf("Suspending Thread %d\n", te32.th32ThreadID);
SuspendThread(hThread);
//Wow64SuspendThread(hThread);
DWORD errCode;
errCode = GetLastError();
printf("Previous suspend count:%d\n", errCode);
}
CloseHandle(hThread);
}
}
while (Thread32Next(hThreadSnap, &te32));
bRet = TRUE;
}
else
bRet = FALSE; // could not walk the list of threads
// Do not forget to clean up the snapshot object.
CloseHandle (hThreadSnap);
return (bRet);
}
