进程与线程API

windows api的一些总结(进程与线程)

创建进程:
CreateProcess("C:\\windows\\notepad.exe",0,0,0,0,0,0,0,&si,&pi);
WinExec("notepad",SW_SHOW);//exe文件
ShellExcute(0,"open","notepad","c:\\a.txt","",SW_SHOW);

创建线程:
CreateThread(0,0,startAddr,&Para,0,&tid);
CrateRemoteThread(hProc,0,0,startAddr,&Para,0,&tid);
_beginthread(startAddr,0,0);
_beginthreadex(0,0,startaddr,0,0,&tid);

打开进程:
OpenProcess(PROCESS_ALL_ACCESS,0,pid);
打开线程:
OpenThread(THREAD_ALL_ACCESS,0,&tid);

遍历进程：
CreateToolhelp32SnapShot(TH32CS_SNAPPROCESS,0);
Process32First(hsnap,&pe32);
Process32Next(hsnap,&pe32);

遍历线程:
CreateToolhelp32SnapShot(TH32CS_SNAPTHREADED,0);
Thread32First(hsnap,&mdl32);
Thread32Next(hsnap,&mdl32);

终止进程:
ExitProcess(0);
TerminateProcess(hProcess,0);

终止线程:
ExitThread(5);
TerminateThread(5);
关闭线程句柄:
CloseHandle(handle);

获取当前进程句柄(伪句柄)
GetCurrentProcess();返回值-1
获取当前线程句柄
GetCurrentThread();返回值-2

获取当前进程ID
GetProcessId();
获取当前线程 ID
GetThreadId();

读写远程进程数据
ReadProcessMemory(
hProcess,            //远程进程句柄
baseAddr,            //远程进程中的内存地址,从具体何处读取
Buf,                    //本地进程中内存地址,函数将读取的内容写入此处
len,                     //要读取的长度
&size                  //实际读取的长度
);

 WriteProcessMemory(
hProcess,              //要写入的进程的句柄,由OpenProcess返回
baseAddr,                //要写入的目标进程的内存首地址,这里是目的地！
Buf,                     //指向要写入的数据的指针,数据从哪儿来,就从这个指针所指向的那个地方！这里是源头!
len,                      //要写入的字节数
&size                  //实际写入的字节数
);

申请内存
VirtualAlloc(0,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
申请远程内存
VirtualAllocEx(hprocess,0,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE);

修改内存属性
VirtualProtect(addr,Size,PAGE_EXECUTE_READWRITE,&lpflOldProtect );
VirtualProtectEx(hproc,addr,Size,PAGE_EXECUTE_READWRITE,&lpflOldProtect );

释放内存:
VirtualFree(addr,size,MEM_RELEASE);
VirtualFreeEx(hProcess,addr,size,MEM_RELEASE);

读写进程优先级
SetPriorityclass(hproc,Normal);
GetPriority(hproc);

读取线程优先级:
SetThreadPriority(hthread,Normal);
GetThreadPriority(hthread);
SetThreadPriorityBoost(hproc,true);
GetThreadPriorityBoost(hproc,pBoost);

获取系统新版本:（WinNT/2K/XP<0x80000000）
getVersion();

挂起与激活线程(维护暂停次数)
SuspendThread(hthread);
ResumeThread(hthread);
等待线程退出
WaitForSingleObject(hthread,1000);
WaitForMultipleObject(num,handles,true,INFINITE);
获取线程退出码
GetExitCode(hthread,&code);
获取线程函数地址入口
ZwQueryInformationThread(hthread,ThreadQuerySetWin32StartAddress,&Buf,4,NULL)


GetModuleFileName() :函数返回当前进程已加载可执行或DLL文件的完整路径名(以'\0'终止)，该模块必须由当前进程地址空间加载。
DWORD WINAPI GetModuleFileName(
  _In_opt_  HMODULE hModule,   //应用程序或DLL实例句柄,NULL则为获取当前程序可执行文件路径名
  _Out_     LPTSTR lpFilename, //接收路径的字符串缓冲区
  _In_      DWORD nSize        //接收路径的字符缓冲区的大小
);

线程同步事件内核对象:
OpenEvent(EVENT_ALL_ACCESS,false,Name);
CreateEvent(NULL,false,true,NULL);
WaitForSingleObject(hEvent,INFINITE);
SetEvent(hevent);
ReSetEvent(hevent);

线程同步互斥内核对象:
OpenMutex(MUTEX_ALL_ACCESS,false,name);
CreateMutex(NULL,false,NULL);
WaitForSingleObject(hmutex,INFINITE);
ReleaseMutex(hmutex);