#include <Windows.h>
#include <winternl.h>
#include <iostream>
using namespace std;
typedef NTSTATUS(NTAPI* QEURYINFORMATIONPROCESS)(
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
int main()
{
STARTUPINFO startupinfo = { 0 };
PROCESS_INFORMATION processInformation = { 0 };
BOOL bSucess = CreateProcess(TEXT("C:\\Windows\\py.exe"), NULL, NULL, NULL, FALSE, NULL, NULL, NULL, &startupinfo, &processInformation);
if (bSucess)
{
cout << "Process started." << endl << "Process ID:\t" << processInformation.dwProcessId << endl;
PROCESS_BASIC_INFORMATION pbi;
ULONG uLength = 0;
HMODULE hDll = LoadLibrary(TEXT("C:\\Windows\\System32\\ntdll.dll"));
if (hDll)
{
QEURYINFORMATIONPROCESS QueryInformationProcess = (QEURYINFORMATIONPROCESS)GetProcAddress(hDll, "NtQueryInformationProcess");\
if (QueryInformationProcess)
{
NTSTATUS ntStatus = QueryInformationProcess(processInformation.hProcess,
PROCESSINFOCLASS::ProcessBasicInformation, &pbi, sizeof(pbi), &uLength);
if (NT_SUCCESS(ntStatus))
{
cout << "Process ID (from PCB):\t" << pbi.UniqueProcessId << endl;
}
else
{
cout << "Cannot open PCB!" << endl
<< "Error code:\t" << GetLastError()
<< endl;
}
}
else
{
cout << "Cannot get"
<< "NtQueryInformationProcess function!"
<< endl << "Error code:\t"
<< GetLastError() << endl;
}
FreeLibrary(hDll);
}
else
{
cout << "Cannot load ntdll.dll!" << endl
<< "Error code:\t" << GetLastError() << endl;
}
}
else
{
cout << "Cannot start process!" << endl
<< "Error code:\t" << GetLastError() << endl;
}
return 0;
}
扫一扫
10-12
04-22
789
789
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
