如何修复SYSTEM_PROCESS_INFORMATION错误
How to Fix SYSTEM_PROCESS_INFORMATION Errors
帮助我修复此错误
#include <Windows.h>
#include <stdio.h>
#include <Psapi.h>
td_NtQuerySystemInformation NtQuerySystemInformation = NULL;
td_NtQueryObject NtQueryObject = NULL;
td_NtDuplicateObject NtDuplicateObject = NULL;
BOOL Init() {
HMODULE hNtdll = GetModuleHandle(TEXT("ntdll.dll"));
if(!hNtdll)
return FALSE;
NtQuerySystemInformation = (td_NtQuerySystemInformation)GetProcAddress(hNtdll, "NtQuerySystemInformation");
NtQueryObject = (td_NtQueryObject)GetProcAddress(hNtdll, "NtQueryObject");
NtDuplicateObject = (td_NtDuplicateObject)GetProcAddress(hNtdll, "NtDuplicateObject");
return (NtQuerySystemInformation && NtQueryObject && NtDuplicateObject);
}
BOOL AcquireDebugPrivilege() {
HANDLE hToken = NULL;
if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
return FALSE;
BOOL bSuccess = FALSE;
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
if(LookupPrivilegeValue(0, SE_DEBUG_NAME, &tp.Privileges[0].Luid)) {
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(AdjustTokenPrivileges(hToken, 0, &tp, sizeof(tp), 0, 0))
bSuccess = TRUE;
}
CloseHandle(hToken);
return bSuccess;
}
BOOL IsProcessFound(DWORD dwProcessId, PSYSTEM_PROCESS_INFORMATION pInfos) {
PSYSTEM_PROCESS_INFORMATION pCurrent = pInfos;
while(TRUE) {
if((DWORD)pCurrent->UniqueProcessId == dwProcessId)
return TRUE;
if(pCurrent->NextEntryOffset == 0)
break;
pCurrent = (PSYSTEM_PROCESS_INFORMATION)((DWORD_PTR)pCurrent + pCurrent- >NextEntryOffset);
}
return FALSE;
}
BOOL DetectHiddenProcesses(PUINT piCount) {
if(!piCount)
return FALSE;
*piCount = 0;
// first, we retrieve the process list (this is dirty but the only way)
DWORD dwLen = sizeof(SYSTEM_PROCESS_INFORMATION);
PSYSTEM_PROCESS_INFORMATION pProcessInfos = (PSYSTEM_PROCESS_INFORMATION)malloc(dwLen);
while(pProcessInfos) {
NTSTATUS status = NtQuerySystemInformation(SystemProcessInformation, pProcessInfos, dwLen, &dwLen);
if(NT_SUCCESS(status))
break;
else if(status != STATUS_INFO_LENGTH_MISMATCH) {
free(pProcessInfos);
return FALSE;
}
free(pProcessInfos);
pProcessInfos = (PSYSTEM_PROCESS_INFORMATION)malloc(dwLen);
}
if(!pProcessInfos)
return FALSE;
// secondly, we retreive all open handle
dwLen = sizeof(SYSTEM_HANDLE_INFORMATION);
PSYSTEM_HANDLE_INFORMATION pHandleInfos = (PSYSTEM_HANDLE_INFORMATION)malloc(dwLen);
while(pHandleInfos) {
NTSTATUS status = NtQuerySystemInformation(SystemHandleInformation, pHandleInfos, dwLen, &dwLen);
if(NT_SUCCESS(status))
break;
else if(status != STATUS_INFO_LENGTH_MISMATCH) {
free(pHandleInfos);
return FALSE;
}
free(pHandleInfos);
pHandleInfos = (PSYSTEM_HANDLE_INFORMATION)malloc(dwLen);
}
if(!pHandleInfos)
return FALSE;
// now, we find all handle to a process
POBJECT_TYPE_INFORMATION pType = (POBJECT_TYPE_INFORMATION)malloc(4096);
if(!pType) {
free(pHandleInfos);
free(pProcessInfos);
return FALSE;
}
for(ULONG i = 0; i < pHandleInfos->HandleCount; i++) {
DWORD dwOwner = pHandleInfos->Handles[i].ProcessId;
HANDLE hHandle = (HANDLE)pHandleInfos->Handles[i].Handle;
HANDLE hOwner = OpenProcess(PROCESS_DUP_HANDLE, FALSE, dwOwner);
if(hOwner == NULL)
continue;
// we duplicate the handle so we can query it
HANDLE hHandleLocal = NULL;
NTSTATUS status = NtDuplicateObject(hOwner, hHandle, GetCurrentProcess(), &hHandleLocal, 0, 0, DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES);
if(NT_SUCCESS(status)) {
// now we query its type
status = NtQueryObject(hHandleLocal, ObjectTypeInformation, pType, 4096, NULL);
if(NT_SUCCESS(status)) {
if(pType->TypeName.Buffer && wcscmp(pType->TypeName.Buffer, L"Process") == 0) {
DWORD dwProcessId = GetProcessId(hHandleLocal);
// check if the process is not hidden
if(!IsProcessFound(dwProcessId, pProcessInfos)) {
// hoho here we go
wchar_t szProcess[MAX_PATH];
if(GetProcessImageFileNameW(hHandleLocal, szProcess, MAX_PATH) == 0)
wcscpy_s(szProcess, L"<Unknown>");
printf("[%0.4d] %wsn", dwProcessId, szProcess);
(*piCount)++;
}
}
}
}
CloseHandle(hOwner);
}
free(pType);
free(pHandleInfos);
free(pProcessInfos);
return TRUE;
}
int main(int argc, char* argv[]) {
UINT iHiddenCount = 0;
if(!AcquireDebugPrivilege()) {
printf("Unable to acquire debug privilege.n");
return EXIT_FAILURE;
}
if(!Init()) {
printf("Initialization failure.rn");
return EXIT_FAILURE;
}
DetectHiddenProcesses(&iHiddenCount);
printf("Found %d hidden process%s.rn", iHiddenCount, (iHiddenCount > 1 ? "es" : ""));
return EXIT_SUCCESS;
}
代码
1>------ Build started: Project: mand, Configuration: Release Win32 ------
1> Main.cpp
1>Main.cpp(5): error C2146: syntax error : missing ';' before identifier 'NtQuerySystemInformation'
1>Main.cpp(5): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>Main.cpp(5): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>Main.cpp(6): error C2146: syntax error : missing ';' before identifier 'NtQueryObject'
1>Main.cpp(6): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>Main.cpp(6): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>Main.cpp(7): error C2146: syntax error : missing ';' before identifier 'NtDuplicateObject'
1>Main.cpp(7): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>Main.cpp(7): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>Main.cpp(14): error C2146: syntax error : missing ';' before identifier 1>Main.cpp(15): error C2146: syntax error : missing ';' before identifier 'GetProcAddress'
1>Main.cpp(16): error C2146: syntax error : missing ';' before identifier 'GetProcAddress'
1>Main.cpp(41): error C2061: syntax error : identifier 'PSYSTEM_PROCESS_INFORMATION'
1>Main.cpp(42): error C2065: 'PSYSTEM_PROCESS_INFORMATION' : undeclared identifier
1>Main.cpp(42): error C2146: syntax error : missing ';' before identifier 'pCurrent'
1>Main.cpp(42): error C2065: 'pCurrent' : undeclared identifier
1>Main.cpp(42): error C2065: 'pInfos' : undeclared identifier
1>Main.cpp(45): error C2065: 'pCurrent' : undeclared identifier
1>Main.cpp(45): error C2227: left of '->UniqueProcessId' must point to class/struct/union/generic type
1> type is ''unknown-type''
1>Main.cpp(48): error C2065: 'pCurrent' : undeclared identifier
1>Main.cpp(48): error C2227: left of '->NextEntryOffset' must point to class/struct/union/generic type
1> type is ''unknown-type''
1>Main.cpp(50): error C2065: 'pCurrent' : undeclared identifier
1>Main.cpp(50): error C2065: 'PSYSTEM_PROCESS_INFORMATION' : undeclared identifier
1>Main.cpp(50): error C2065: 'pCurrent' : undeclared identifier
1>Main.cpp(50): error C2065: 'pCurrent' : undeclared identifier
1>Main.cpp(50): error C2227: left of '->NextEntryOffset' must point to class/struct/union/generic type
1> type is ''unknown-type''
1>Main.cpp(62): error C2065: 'SYSTEM_PROCESS_INFORMATION' : undeclared identifier
1>Main.cpp(62): error C2070: ''unknown-type'': illegal sizeof operand
1>Main.cpp(63): error C2065: 'PSYSTEM_PROCESS_INFORMATION' : undeclared identifier
1>Main.cpp(63): error C2146: syntax error : missing ';' before identifier 'pProcessInfos'
1>Main.cpp(63): error C2065: 'pProcessInfos' : undeclared identifier
1>Main.cpp(63): error C2065: 'PSYSTEM_PROCESS_INFORMATION' : undeclared identifier
1>Main.cpp(63): error C2146: syntax error : missing ';' before identifier 'malloc'
1>Main.cpp(65): error C2065: 'pProcessInfos' : undeclared identifier
1>Main.cpp(66): error C2065: 'SystemProcessInformation' : undeclared identifier
1>Main.cpp(66): error C2065: 'pProcessInfos' : undeclared identifier
1>Main.cpp(67): error C3861: 'NT_SUCCESS': identifier not found
1>Main.cpp(69): error C2065: 'STATUS_INFO_LENGTH_MISMATCH' : undeclared identifier
1>Main.cpp(70): error C2065: 'pProcessInfos' : undeclared identifier
1>Main.cpp(74): error C2065: 'pProcessInfos' : undeclared identifier
1>Main.cpp(75): error C2065: 'pProcessInfos' : undeclared identifier
1>Main.cpp(75): error C2065: 'PSYSTEM_PROCESS_INFORMATION' : undeclared identifier
1>Main.cpp(75): error C2146: syntax error : missing ';' before identifier 'malloc'
1>Main.cpp(78): error C2065: 'pProcessInfos' : undeclared identifier
1>Main.cpp(82): error C2065: 'SYSTEM_HANDLE_INFORMATION' : undeclared identifier
1>Main.cpp(82): error C2070: ''unknown-type'': illegal sizeof operand
1>Main.cpp(83): error C2065: 'PSYSTEM_HANDLE_INFORMATION' : undeclared identifier
1>Main.cpp(83): error C2146: syntax error : missing ';' before identifier 'pHandleInfos'
1>Main.cpp(83): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(83): error C2065: 'PSYSTEM_HANDLE_INFORMATION' : undeclared identifier
1>Main.cpp(83): error C2146: syntax error : missing ';' before identifier 'malloc'
1>Main.cpp(85): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(86): error C2065: 'SystemHandleInformation' : undeclared identifier
1>Main.cpp(86): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(87): error C3861: 'NT_SUCCESS': identifier not found
1>Main.cpp(89): error C2065: 'STATUS_INFO_LENGTH_MISMATCH' : undeclared identifier
1>Main.cpp(90): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(94): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(95): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(95): error C2065: 'PSYSTEM_HANDLE_INFORMATION' : undeclared identifier
1>Main.cpp(95): error C2146: syntax error : missing ';' before identifier 'malloc'
1>Main.cpp(98): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(102): error C2065: 'POBJECT_TYPE_INFORMATION' : undeclared identifier
1>Main.cpp(102): error C2146: syntax error : missing ';' before identifier 'pType'
1>Main.cpp(102): error C2065: 'pType' : undeclared identifier
1>Main.cpp(102): error C2065: 'POBJECT_TYPE_INFORMATION' : undeclared identifier
1>Main.cpp(102): error C2146: syntax error : missing ';' before identifier 'malloc'
1>Main.cpp(103): error C2065: 'pType' : undeclared identifier
1>Main.cpp(104): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(105): error C2065: 'pProcessInfos' : undeclared identifier
1>Main.cpp(109): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(109): error C2227: left of '->HandleCount' must point to class/struct/union/generic type
1> type is ''unknown-type''
1>Main.cpp(110): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(110): error C2227: left of '->Handles' must point to class/struct/union/generic type
1>Main.cpp(110): error C2228: left of '.ProcessId' must have class/struct/union
1>Main.cpp(111): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(111): error C2227: left of '->Handles' must point to class/struct/union/generic type
1> type is ''unknown-type''
1>Main.cpp(111): error C2228: left of '.Handle' must have class/struct/union
1>Main.cpp(119): error C2065: 'DUPLICATE_SAME_ATTRIBUTES' : undeclared identifier
1>Main.cpp(119): error C2064: term does not evaluate to a function taking 7 arguments
1>Main.cpp(120): error C3861: 'NT_SUCCESS': identifier not found
1>Main.cpp(122): error C2065: 'ObjectTypeInformation' : undeclared identifier
1>Main.cpp(122): error C2065: 'pType' : undeclared identifier
1>Main.cpp(123): error C3861: 'NT_SUCCESS': identifier not found
1>Main.cpp(124): error C2065: 'pType' : undeclared identifier
1>Main.cpp(124): error C2227: left of '->TypeName' must point to class/struct/union/generic type
1> type is ''unknown-type''
1>Main.cpp(124): error C2228: left of '.Buffer' must have class/struct/union
1>Main.cpp(124): error C2065: 'pType' : undeclared identifier
1>Main.cpp(124): error C2227: left of '->TypeName' must point to class/struct/union/generic type
1> type is ''unknown-type''
1>Main.cpp(124): error C2228: left of '.Buffer' must have class/struct/union
1>Main.cpp(127): error C2065: 'pProcessInfos' : undeclared identifier
1>Main.cpp(142): error C2065: 'pType' : undeclared identifier
1>Main.cpp(144): error C2065: 'pHandleInfos' : undeclared identifier
1>Main.cpp(145): error C2065: 'pProcessInfos' : undeclared identifier
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
这些类型是未定义的,因此编译器未知:
td_NtQuerySystemInformation NtQuerySystemInformation = NULL;
td_NtQueryObject NtQueryObject = NULL;
td_NtDuplicateObject NtDuplicateObject = NULL;
与PSYSTEM_PROCESS_INFORMATION、POBJECT_TYPE_INFORMATION等相同
你需要包括他们的定义。
相关文章:
- 警告处理为错误这里有什么问题
- "error: no matching function for call to"构造函数错误
- boost::进程间消息队列引发错误
- C++,OpenCV,尝试显示图像时"OpenCV(4.3.0) Error: Assertion failed (size.width>0 && size.height>0)"此错误
- 有关插入适配器的错误。[错误]请求从 'back_insert_iterator<vector<>>' 类型转换为非标量类型
- QT在错误的班级中寻找空位
- vector.resize()中的分配错误
- 代码在main()中运行,但在函数中出现错误
- 释放错误后堆使用
- (C++)分析树以计算返回错误值的简单算术表达式
- Project Euler问题4的错误解决方案
- 我的字符计数代码计算错误.为什么
- 从"int*"强制转换为"unsigned int"会丢失精度错误
- 尝试导入pybind-opencv模块时出现libgtk错误
- CMake项目Boost库错误:Boost/config/compiler/gcc.hpp:165:10:致命错误:cs
- 在某些循环内使用vector.push_back时出现分段错误
- MSVC多行宏编译器错误
- 静态数据成员的问题-修复链接错误会导致编译器错误
- 为什么在运行时没有向我们提供有关分段错误的更多信息?
- QT "relocation error" / "no version information available"运行时错误
