Easy to Find Hided PID Code -优快云博客

本文链接：https://blog.youkuaiyun.com/iiprogram/article/details/2205319

本文提供了一个C++程序示例，该程序能够枚举系统中所有进程，并检查隐藏的进程ID (PID)。通过使用Windows API函数，如EnumProcesses和OpenProcess，程序能够获取并打印每个进程的信息，包括那些试图隐藏其PID的进程。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

// Easy to Find Hided PID Code
// Author: Finback Jun.6,2006
// NOTE：this code needn't any driver supported

#include "stdafx.h"
#include <windows.h>
#include "psapi.h"

#pragma comment(lib,"psapi.lib")

int main(int argc, char* argv[])
{

printf("/nEasy to Find Hided PID Code /n");
printf("Author: Finback Jun.6,2006 <Finbackcpp@hotmail.com> /n");
printf("NOTE：this code needn't any driver supported /n");
printf(" /n");

DWORD aProcesses[1024], cbNeeded;

if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return 0;
DWORD cProcesses = cbNeeded / sizeof(DWORD);

DWORD PidFor;
for ( PidFor = 0x0c; PidFor < 0xFFFF; PidFor +=4 )
{
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, PidFor );

if (hProcess)
{
BOOL sHide = false;
unsigned int i;
char szName[MAX_PATH]="<Unknown>";
HMODULE hModule;

for ( i = 1; i <= cProcesses; i++ )
{
if (PidFor == aProcesses[i])
{
sHide = true;
break;
}

}

if(EnumProcessModules(hProcess,&hModule,sizeof(hModule),&cbNeeded))
{
GetModuleFileNameEx(hProcess,hModule,szName,sizeof(szName));
printf("%-5d - %16s %s/n", PidFor, szName, (sHide) ? "" : "--[Hidden]--");
}
else
{
GetProcessImageFileName(hProcess,szName,sizeof(szName));
printf("%-5d - %16s %s/n", PidFor, szName, "--[Zombie]--");
}

}

CloseHandle( hProcess );
}

return 0;
}