windows api的一些總結(jié)(進(jìn)程與線程)
創(chuàng)建進(jìn)程:
CreateProcess("C:\\windows\\notepad.exe",0,0,0,0,0,0,0,&si,&pi);
WinExec("notepad",SW_SHOW);//exe文件
ShellExcute(0,"open","notepad","c:\\a.txt","",SW_SHOW);
創(chuàng)建線程:
CreateThread(0,0,startAddr,&Para,0,&tid);
CrateRemoteThread(hProc,0,0,startAddr,&Para,0,&tid);
_beginthread(startAddr,0,0);
_beginthreadex(0,0,startaddr,0,0,&tid);
打開進(jìn)程:
OpenProcess(PROCESS_ALL_ACCESS,0,pid);
打開線程:
OpenThread(THREAD_ALL_ACCESS,0,&tid);
遍歷進(jìn)程:
CreateToolhelp32SnapShot(TH32CS_SNAPPROCESS,0);
Process32First(hsnap,&pe32);
Process32Next(hsnap,&pe32);
遍歷線程:
CreateToolhelp32SnapShot(TH32CS_SNAPTHREADED,0);
Thread32First(hsnap,&mdl32);
Thread32Next(hsnap,&mdl32);
終止進(jìn)程:
ExitProcess(0);
TerminateProcess(hProcess,0);
終止線程:
ExitThread(5);
TerminateThread(5);
關(guān)閉線程句柄:
CloseHandle(handle);
獲取當(dāng)前進(jìn)程句柄(偽句柄)
GetCurrentProcess();返回值-1
獲取當(dāng)前線程句柄
GetCurrentThread();返回值-2
獲取當(dāng)前進(jìn)程ID
GetProcessId();
獲取當(dāng)前線程 ID
GetThreadId();
讀寫遠(yuǎn)程進(jìn)程數(shù)據(jù)
ReadProcessMemory(
hProcess, //遠(yuǎn)程進(jìn)程句柄
baseAddr, //遠(yuǎn)程進(jìn)程中的內(nèi)存地址,從具體何處讀取
Buf, //本地進(jìn)程中內(nèi)存地址,函數(shù)將讀取的內(nèi)容寫入此處
len, //要讀取的長(zhǎng)度
&size //實(shí)際讀取的長(zhǎng)度
);
WriteProcessMemory(
hProcess, //要寫入的進(jìn)程的句柄,由OpenProcess返回
baseAddr, //要寫入的目標(biāo)進(jìn)程的內(nèi)存首地址,這里是目的地螺句!
Buf, //指向要寫入的數(shù)據(jù)的指針,數(shù)據(jù)從哪兒來,就從這個(gè)指針?biāo)赶虻哪莻€(gè)地方!這里是源頭!
len, //要寫入的字節(jié)數(shù)
&size //實(shí)際寫入的字節(jié)數(shù)
);
申請(qǐng)內(nèi)存
VirtualAlloc(0,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
申請(qǐng)遠(yuǎn)程內(nèi)存
VirtualAllocEx(hprocess,0,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
修改內(nèi)存屬性
VirtualProtect(addr,Size,PAGE_EXECUTE_READWRITE,&lpflOldProtect );
VirtualProtectEx(hproc,addr,Size,PAGE_EXECUTE_READWRITE,&lpflOldProtect );
釋放內(nèi)存:
VirtualFree(addr,size,MEM_RELEASE);
VirtualFreeEx(hProcess,addr,size,MEM_RELEASE);
讀寫進(jìn)程優(yōu)先級(jí)
SetPriorityclass(hproc,Normal);
GetPriority(hproc);
讀取線程優(yōu)先級(jí):
SetThreadPriority(hthread,Normal);
GetThreadPriority(hthread);
SetThreadPriorityBoost(hproc,true);
GetThreadPriorityBoost(hproc,pBoost);
獲取系統(tǒng)新版本:(WinNT/2K/XP<0x80000000)
getVersion();
掛起與激活線程(維護(hù)暫停次數(shù))
SuspendThread(hthread);
ResumeThread(hthread);
等待線程退出
WaitForSingleObject(hthread,1000);
WaitForMultipleObject(num,handles,true,INFINITE);
獲取線程退出碼
GetExitCode(hthread,&code);
獲取線程函數(shù)地址入口
ZwQueryInformationThread(hthread,ThreadQuerySetWin32StartAddress,&Buf,4,NULL)
GetModuleFileName() :函數(shù)返回當(dāng)前進(jìn)程已加載可執(zhí)行或DLL文件的完整路徑名(以'\0'終止),該模塊必須由當(dāng)前進(jìn)程地址空間加載瞧毙。
DWORD WINAPI GetModuleFileName(
_In_opt_ HMODULE hModule, //應(yīng)用程序或DLL實(shí)例句柄,NULL則為獲取當(dāng)前程序可執(zhí)行文件路徑名
_Out_ LPTSTR lpFilename, //接收路徑的字符串緩沖區(qū)
_In_ DWORD nSize //接收路徑的字符緩沖區(qū)的大小
);
線程同步事件內(nèi)核對(duì)象:
OpenEvent(EVENT_ALL_ACCESS,false,Name);
CreateEvent(NULL,false,true,NULL);
WaitForSingleObject(hEvent,INFINITE);
SetEvent(hevent);
ReSetEvent(hevent);
線程同步互斥內(nèi)核對(duì)象:
OpenMutex(MUTEX_ALL_ACCESS,false,name);
CreateMutex(NULL,false,NULL);
WaitForSingleObject(hmutex,INFINITE);
ReleaseMutex(hmutex);
