轻松找出隐藏在系统中的进程

好久没写代码了，无意间看到的，先收藏起来~~~

 

// Easy to Find Hided PID Code // Author: Finback Jun.6,2006 <[email protected]> // NOTE: Tthis code needn't any driver supported #include <windows.h> #include <stdio.h> #include "psapi.h" #pragma comment(lib,"psapi.lib") int main(int argc, char* argv[]) { printf("/nEasy to Find Hided PID Code /n"); printf("Author: Finback Jun.6,2006 <[email protected]> /n"); printf("NOTE this code needn't any driver supported /n"); printf(" /n"); DWORD aProcesses[1024], cbNeeded; if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) return 0; DWORD cProcesses = cbNeeded / sizeof(DWORD); DWORD PidFor; for ( PidFor = 0x0c; PidFor < 0xFFFF; PidFor +=1 ) { HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, PidFor ); if (hProcess) { BOOL sHide = false; unsigned int i; char szName[MAX_PATH]="<Unknown>"; HMODULE hModule; for ( i = 1; i <= cProcesses; i++ ) { if (PidFor == aProcesses[i]) { sHide = true; break; } } if(EnumProcessModules(hProcess,&hModule,sizeof(hModule),&cbNeeded)) { GetModuleFileNameEx(hProcess,hModule,szName,sizeof(szName)); printf("%-5d - %16s %s/n", PidFor, szName, (sHide) ? "" : "--[Hidden]--"); } else { GetProcessImageFileName(hProcess,szName,sizeof(szName)); printf("%-5d - %16s %s/n", PidFor, szName, "--[Zombie]--"); } } CloseHandle( hProcess ); } return 0; }

 

cl /O2 EasyToFind.cpp BufferOverFlowU.lib

link EasyToFind.obj /subsystem:console

 

运行效果: