C/C++ small tool for traversing processes and process IDs

When we write some destructive programs, we need to traverse the process and extract the ID

For the above functions, we first introduce several APIs

1.CreateToolhelp32Snapshout function

Get a snapshot of a process, module or thread

The syntax is as follows:

HANDLE WINAPI CreateToolhelp32Snapshot(  
  _In_ DWORD dwFlags,  
  _In_ DWORD th32ProcessID  
);

The first parameter: the snapshot contains part of the system , the parameters are as follows:

#We use TH32CS_SNAPPROCESS

snapshot included here All processes in the system.

The second one is about the PROCESSENTRY32 structure

The syntax is as follows:

typedef struct tagPROCESSENTRY32 {  
  DWORD     dwSize;  
  DWORD     cntUsage;  
  DWORD     th32ProcessID;  
  ULONG_PTR th32DefaultHeapID;  
  DWORD     th32ModuleID;  
  DWORD     cntThreads;  
  DWORD     th32ParentProcessID;  
  LONG      pcPriClassBase;  
  DWORD     dwFlags;  
  TCHAR     szExeFile[MAX_PATH];  
} PROCESSENTRY32, *PPROCESSENTRY32;

This describes an entry, which is used as a snapshot When called, the process in the system address space is read.

Only szExeFile[MAX_PATH] and

th32ParentProcessID are introduced here: This is the identity of the process (parent process) after the process is created

szExeFile: The name of the executable file in the process

The following is the source code! Some functions are not explained, but you can understand them through comments or literal meaning

#include <Windows.h>  
#include <stdio.h>  
#include <TlHelp32.h>  
  
int main()  
{  
    HANDLE hProceessnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);  
    if (hProceessnap == INVALID_HANDLE_VALUE)  
    {  
        printf_s("创建进行快照失败\n");  
        return -1;  
    }  
    else  
    {  
        PROCESSENTRY32 pe32;  
        pe32.dwSize = sizeof(pe32);  
        BOOL hProcess = Process32First(hProceessnap, &pe32);  
        char buff[1024];  
        while (hProcess)  
        {  
            wsprintf(buff, "进程名：%s--------------------进程ID：%d", pe32.szExeFile, pe32.th32ParentProcessID);  
            printf_s("%s\n", buff);  
            memset(buff, 0x00, 1024);  
            hProcess = Process32Next(hProceessnap, &pe32);  
        }  
    }  
    CloseHandle(hProceessnap);  
  
    return 0;  
}

The running results are as follows

##The above is the content of the C/C++ gadget for traversing processes and process IDs. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!