工具函数
一些在编程中经常要用到的功能编写成函数,方便使用.
#include <windows.h>
//系统类型
typedef enum SystemType
{
WINDOWS_2000 = 1, //5.0
WINDOWS_XP, //5.1
WINDOWS__SERVER_2003, //5.2
WINDOWS__SERVER_2003_R2, //5.2
WINDOWS_VISTA, //6.0
WINDOWS__SERVER_2008, //6.0
WINDOWS__SERVER_2008_R2, //6.1
WINDOWS_7, //6.1
WINDOWS_SERVER_2012,//6.2
WINDOWS_8//6.2
}ST;
/*******获取系统类型*******/
ST GetSystemType()
{
OSVERSIONINFO osvi;
ST st;
ZeroMemory(&osvi, sizeof(OSVERSIONINFO));
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&osvi);
if (osvi.dwMajorVersion==5)
{
if (osvi.dwMinorVersion==0)
{
st = WINDOWS_2000; //5.0
}
else if (osvi.dwMinorVersion==1)
{
st = WINDOWS_XP; //5.1
}
else if (osvi.dwMinorVersion==2)
{
st = WINDOWS__SERVER_2003; //5.2
}
}
else if(osvi.dwMajorVersion==6)
{
if (osvi.dwMinorVersion==0)
{
st = WINDOWS_VISTA; //6.0
}
else if (osvi.dwMinorVersion==1)
{
st = WINDOWS_7; //6.1
}
else if (osvi.dwMinorVersion==2)
{
st = WINDOWS_8; //6.2
}
}
return st;
}
/*找到代码块的大小*/
DWORD GetCodeSize(HANDLE hModule)
{
if (!hModule) return 0;
unsigned int nSize = 0;
unsigned int v1;
DWORD result;
DWORD p = (DWORD)hModule;
if ( *(WORD *)p == 0x5A4D && (v1 = p + *(DWORD *)(p + 0x3c), *(WORD *)v1 == 0x4550) )
result = *(DWORD *)(v1 + 0x1c);
else
result = 0;
return result;
}
/*找到代码块起始地址*/
DWORD GetCodeStart(HANDLE hModule)
{
if (!hModule) return 0;
unsigned int nSize = 0;
unsigned int v1;
DWORD result;
DWORD p = (DWORD)hModule;
if ( *(WORD *)p == 0x5A4D && (v1 = p + *(DWORD *)(p + 0x3c), *(WORD *)v1 == 0x4550) )
result = *(DWORD *)(v1 + 0x2c);
else
result = 0;
return (DWORD)hModule + result;
}
/*搜索代码特征,找到挂钩地址*/
BYTE* SearchOpcode(BYTE* pOpcodeBytes, unsigned int nOpcodeLen, const char* pLibName)
{
BYTE * pCode = pOpcodeBytes;
int nCodeLen = nOpcodeLen;
HANDLE hModule;
hModule = GetModuleHandleA(pLibName);
DWORD dwCodeSize = GetCodeSize(hModule);
DWORD dwCodeStart = GetCodeStart(hModule);
for (DWORD i = 0; i<dwCodeSize; i++)
{
BYTE* p = (BYTE*)dwCodeStart+i;
int j;
for (j=0; j<nCodeLen; j++)
{
if (*(p+j)==pCode[j])
continue;
else
break;
}
if (j==nCodeLen)
return p;
else
continue;
}
return NULL;
}
BOOL Is64Bit_OS()
{
BOOL bRetVal = FALSE;
IsWow64Process(NULL, &bRetVal);
return bRetVal;
}
单字节转多字节:
BOOL ThreadCheckFileTrust(CHAR* lpfileName)
{
if (lpFileName == NULL)
{
return TRUE;
}
HCATADMIN hCatAdmin = NULL;
DWORD dwNum = MultiByteToWideChar(CP_ACP,0,lpFileName,-1,NULL,0);
wchar_t* pcwszFile = new wchar_t[dwNum];
if (!pcwszFile)
{
return FALSE;
}
MultiByteToWideChar(CP_ACP,0,lpFileName,-1,pcwszFile,dwNum);
BOOL bRet = ThreadCheckFileTrustW(pcwszFile);
delete pcwszFile;
return bRet;
}
根据进程名称枚举进程:
static DWORD GetProcessID(wchar_t *ProcessName) //获得进程PID
{
PROCESSENTRY32 pe32;
pe32.dwSize=sizeof(pe32);
//获得系统内所有进程快照
HANDLE hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnap==INVALID_HANDLE_VALUE)
{
OutputDebugStringA("CreateToolhelp32Snapshot error");
return 0;
}
//枚举列表中的第一个进程
BOOL bProcess=Process32First(hProcessSnap,&pe32);
while(bProcess)
{
//比较找到的进程名和我们要查找的进程名,一样则返回进程id
if(wcscmp(wcsupr(pe32.szExeFile),wcsupr(ProcessName))==0)
return pe32.th32ProcessID;
//继续查找
bProcess=Process32Next(hProcessSnap,&pe32);
}
CloseHandle(hProcessSnap);
return 0;
}
提升进程权限:
static int EnableDebugPriv(const char * name) //提升进程为DEBUG权限--"SeDebugPrivilege"
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
if(!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,
&hToken) )
{
printf("OpenProcessToken error\n");
return 1;
}
if(!LookupPrivilegeValueA(NULL,name,&luid))
{
printf("LookupPrivilege error!\n");
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;
tp.Privileges[0].Luid = luid;
if(!AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL) )
{
printf("AdjustTokenPrivileges error!\n");
return 1;
}
return 0;
}