windows api的一些总结(进程与线程)
创建进程:
CreateProcess("C:\\windows\\notepad.exe",0,0,0,0,0,0,0,&si,&pi);
WinExec("notepad",SW_SHOW);//exe文件
ShellExcute(0,"open","notepad","c:\\a.txt","",SW_SHOW);
创建线程:
CreateThread(0,0,startAddr,&Para,0,&tid);
CrateRemoteThread(hProc,0,0,startAddr,&Para,0,&tid);
_beginthread(startAddr,0,0);
_beginthreadex(0,0,startaddr,0,0,&tid);
打开进程:
OpenProcess(PROCESS_ALL_ACCESS,0,pid);
打开线程:
OpenThread(THREAD_ALL_ACCESS,0,&tid);
遍历进程:
CreateToolhelp32SnapShot(TH32CS_SNAPPROCESS,0);
Process32First(hsnap,&pe32);
Process32Next(hsnap,&pe32);
遍历线程:
CreateToolhelp32SnapShot(TH32CS_SNAPTHREADED,0);
Thread32First(hsnap,&mdl32);
Thread32Next(hsnap,&mdl32);
终止进程:
ExitProcess(0);
TerminateProcess(hProcess,0);
终止线程:
ExitThread(5);
TerminateThread(5);
关闭线程句柄:
CloseHandle(handle);
获取当前进程句柄(伪句柄)
GetCurrentProcess();返回值-1
获取当前线程句柄
GetCurrentThread();返回值-2
获取当前进程ID
GetProcessId();
获取当前线程 ID
GetThreadId();
读写远程进程数据
ReadProcessMemory(
hProcess, //远程进程句柄
baseAddr, //远程进程中的内存地址,从具体何处读取
Buf, //本地进程中内存地址,函数将读取的内容写入此处
len, //要读取的长度
&size //实际读取的长度
);
WriteProcessMemory(
hProcess, //要写入的进程的句柄,由OpenProcess返回
baseAddr, //要写入的目标进程的内存首地址,这里是目的地!
Buf, //指向要写入的数据的指针,数据从哪儿来,就从这个指针所指向的那个地方!这里是源头!
len, //要写入的字节数
&size //实际写入的字节数
);
申请内存
VirtualAlloc(0,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
申请远程内存
VirtualAllocEx(hprocess,0,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
修改内存属性
VirtualProtect(addr,Size,PAGE_EXECUTE_READWRITE,&lpflOldProtect );
VirtualProtectEx(hproc,addr,Size,PAGE_EXECUTE_READWRITE,&lpflOldProtect );
释放内存:
VirtualFree(addr,size,MEM_RELEASE);
VirtualFreeEx(hProcess,addr,size,MEM_RELEASE);
读写进程优先级
SetPriorityclass(hproc,Normal);
GetPriority(hproc);
读取线程优先级:
SetThreadPriority(hthread,Normal);
GetThreadPriority(hthread);
SetThreadPriorityBoost(hproc,true);
GetThreadPriorityBoost(hproc,pBoost);
获取系统新版本:(WinNT/2K/XP<0x80000000)
getVersion();
挂起与激活线程(维护暂停次数)
SuspendThread(hthread);
ResumeThread(hthread);
等待线程退出
WaitForSingleObject(hthread,1000);
WaitForMultipleObject(num,handles,true,INFINITE);
获取线程退出码
GetExitCode(hthread,&code);
获取线程函数地址入口
ZwQueryInformationThread(hthread,ThreadQuerySetWin32StartAddress,&Buf,4,NULL)
GetModuleFileName() :函数返回当前进程已加载可执行或DLL文件的完整路径名(以'\0'终止),该模块必须由当前进程地址空间加载。
DWORD WINAPI GetModuleFileName(
_In_opt_ HMODULE hModule, //应用程序或DLL实例句柄,NULL则为获取当前程序可执行文件路径名
_Out_ LPTSTR lpFilename, //接收路径的字符串缓冲区
_In_ DWORD nSize //接收路径的字符缓冲区的大小
);
线程同步事件内核对象:
OpenEvent(EVENT_ALL_ACCESS,false,Name);
CreateEvent(NULL,false,true,NULL);
WaitForSingleObject(hEvent,INFINITE);
SetEvent(hevent);
ReSetEvent(hevent);
线程同步互斥内核对象:
OpenMutex(MUTEX_ALL_ACCESS,false,name);
CreateMutex(NULL,false,NULL);
WaitForSingleObject(hmutex,INFINITE);
ReleaseMutex(hmutex);
