HANDLE GetProcessHandle(const char* filename, DWORD* dwProcessID) { HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL); if (!ImprovePrivilege()) { return FALSE; } PROCESSENTRY32 pEntry; pEntry.dwSize = sizeof (pEntry); BOOL hRes = Process32First(hSnapShot, &pEntry); DWORD dwExitCode = 0; while (hRes){ if (strcmp(pEntry.szExeFile, filename) == 0){ HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, 0, (DWORD) pEntry.th32ProcessID); if (hProcess != NULL){ printf("Finded %s Process ID:%d\n", filename, pEntry.th32ProcessID); *dwProcessID = (DWORD) pEntry.th32ProcessID; CloseHandle(hSnapShot); return hProcess; } } hRes = Process32Next(hSnapShot, &pEntry); } CloseHandle(hSnapShot); return NULL; }
BOOL NTPauseResumeThreadList(const char* filename, BOOL bResumeThread){ _NtSuspendProcess NtSuspendProcess = 0; _NtResumeProcess NtResumeProcess = 0; // // Obtain our function imports. // NtSuspendProcess = (_NtSuspendProcess) GetProcAddress( GetModuleHandle( "ntdll" ), "NtSuspendProcess" ); NtResumeProcess = (_NtResumeProcess) GetProcAddress( GetModuleHandle( "ntdll" ), "NtResumeProcess" ); HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL); if (!ImprovePrivilege()) { return FALSE; } PROCESSENTRY32 pEntry; pEntry.dwSize = sizeof (pEntry); BOOL hRes = Process32First(hSnapShot, &pEntry); DWORD dwExitCode = 0; while (hRes){ if (strcmp(pEntry.szExeFile, filename) == 0){ HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, (DWORD) pEntry.th32ProcessID); if (hProcess != NULL){ if (bResumeThread){ if( NtResumeProcess){ printf("Resume Process:%d\n", pEntry.th32ProcessID); NtResumeProcess( hProcess); } }else{ if( NtSuspendProcess ){ printf("Suspend Process:%d\n", pEntry.th32ProcessID); NtSuspendProcess( hProcess ); } } CloseHandle(hProcess); CloseHandle(hSnapShot); return TRUE; } } hRes = Process32Next(hSnapShot, &pEntry); } CloseHandle(hSnapShot); return FALSE; }
//读取魔兽内存,判断是否处于聊天状态 bool ReadChatFlag(bool& isChatting) { isChatting = false; if(g_hwnd==NULL) return false; DWORD pid; //魔兽进程ID GetWindowThreadProcessId(g_hwnd,&pid); //获取进程的ID //如果特权没有提升,则提升权限,否则无法读取魔兽内存 if(!g_bPrivilegeImproved) { ImprovePrivilege(); } HANDLE hProcess; //魔兽进程句柄 if(g_bPrivilegeImproved) //权限提高成功 { hProcess = OpenProcess(PROCESS_ALL_ACCESS,false,pid); //打开进程 } int res=0; BYTE buf = 0; //存储读取的内存地址 if(hProcess) { res = ReadProcessMemory(hProcess,(LPVOID)CHAT_ADDRESS_24E , &buf,1,NULL); //读取内存 if(res!=0) //读取成功 { isChatting = buf==1 ? true : false; return true; } else { isChatting = false; return true; } } else return false; return true; }
BOOL ProcessList() { HANDLE hProcessSnap = NULL; BOOL bRet = FALSE; PROCESSENTRY32 pe32 = {0}; // Take a snapshot of all processes in the system. hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (!ImprovePrivilege()) { return FALSE; } if (hProcessSnap == INVALID_HANDLE_VALUE) return (FALSE); // Fill in the size of the structure before using it. pe32.dwSize = sizeof(PROCESSENTRY32); // Walk the snapshot of the processes, and for each process, // display information. if (Process32First(hProcessSnap, &pe32)) { do { printf("PID \t%d\t%s\n", pe32.th32ProcessID, pe32.szExeFile); //cout << _T("PID\t") << pe32.th32ProcessID << '\t' << pe32.szExeFile << '\n'; } while (Process32Next(hProcessSnap, &pe32)); bRet = TRUE; } else bRet = FALSE; // could not walk the list of processes // Do not forget to clean up the snapshot object. CloseHandle (hProcessSnap); return (bRet); }
bool OpenMap() { if(g_hwnd==NULL) return false; DWORD pid; //魔兽进程ID GetWindowThreadProcessId(g_hwnd,&pid); //获取进程的ID //如果特权没有提升,则提升权限,否则无法读取魔兽内存 if(!g_bPrivilegeImproved) { ImprovePrivilege(); } HANDLE hProcess; //魔兽进程句柄 if(g_bPrivilegeImproved) //权限提高成功 { hProcess = OpenProcess(PROCESS_ALL_ACCESS,false,pid); //打开进程 } int res=0; int nMapType = 1; //总是可见 if(hProcess) { // res = ReadProcessMemory(hProcess,(LPVOID)CHAT_ADDRESS_24E , &buf,1,NULL); //读取内存 res = WriteProcessMemory(hProcess,(LPVOID)0x09A50478,&nMapType,4,NULL); if(res!=0) //写入成功 { return true; } else { return true; } } else return false; return true; }
BOOL PauseResumeThreadList(DWORD dwOwnerPID, BOOL bResumeThread) { HANDLE hThreadSnap = NULL; BOOL bRet = FALSE; THREADENTRY32 te32 = {0}; // Take a snapshot of all threads currently in the system. hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); if (!ImprovePrivilege()) { return FALSE; } if (hThreadSnap == INVALID_HANDLE_VALUE) return (FALSE); // Fill in the size of the structure before using it. te32.dwSize = sizeof(THREADENTRY32); // Walk the thread snapshot to find all threads of the process. // If the thread belongs to the process, add its information // to the display list. if (Thread32First(hThreadSnap, &te32)) { do { if (te32.th32OwnerProcessID == dwOwnerPID) { //HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, TRUE, te32.th32ThreadID); HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID); if(hThread==NULL){ return FALSE; } if (bResumeThread) { //cout << _T("Resuming Thread 0x") << cout.setf( ios_base::hex ) << te32.th32ThreadID << '\n'; printf("Resuming Thread %d\n", te32.th32ThreadID); ResumeThread(hThread); } else { //cout << _T("Suspending Thread 0x") << cout.setf( ios_base::hex ) << te32.th32ThreadID << '\n'; printf("Suspending Thread %d\n", te32.th32ThreadID); SuspendThread(hThread); //Wow64SuspendThread(hThread); DWORD errCode; errCode = GetLastError(); printf("Previous suspend count:%d\n", errCode); } CloseHandle(hThread); } } while (Thread32Next(hThreadSnap, &te32)); bRet = TRUE; } else bRet = FALSE; // could not walk the list of threads // Do not forget to clean up the snapshot object. CloseHandle (hThreadSnap); return (bRet); }