Loading... 在某些时候需要进程与进程进行交互,这个示例的功能是。只能打开一个控制台程序,当打开控制到的时候当前进程ID会被写入共享内存,下一个进程运行会结束掉上个进程 # 共享内存 不可跨用户session交流 ```cpp int main(void) { //IsWxVersionValid(); DWORD Parentid = GetCurrentProcessId(); //创建共享内存将暂停的PID分享,后门的进程杀掉 G_ShareMapping(Parentid); //参数2:若为TRUE时对进程中的所有线程调用SuspendThread, 挂起线程 //若为FALSE时对进程中的所有线程调用ResumeThread, 恢复线程 SuspendProcess(Parentid, TRUE); while (true) { Sleep(1); } } int KillProcess(int id); //传入需要放入已经挂起进程的ID BOOL G_ShareMapping(DWORD dwFatherPID) { wchar_t MapingName[] = { L"MMD_FFK" }; HANDLE shared_file = NULL; shared_file = OpenFileMappingW( FILE_MAP_ALL_ACCESS,//访问模式:可读写 FALSE, //共享内存名称 MapingName ); //如果没打开就创建 if (shared_file == NULL) { //printf("CreateFileMappingW=%d\n", GetLastError()); shared_file = CreateFileMappingW((HANDLE)0xFFFFFFFF, NULL, PAGE_READWRITE, 0, 1024, MapingName); //拷贝数据到共享文件里。 LPTSTR lpMapAddr = (LPTSTR)MapViewOfFile(shared_file, FILE_MAP_ALL_ACCESS, 0, 0, 0); memset(lpMapAddr, 0, 1024); FlushViewOfFile(lpMapAddr, 1024); } LPVOID lpMapAddr = (LPVOID)MapViewOfFile(shared_file, FILE_MAP_ALL_ACCESS, 0, 0, 0); DWORD dwFatherPid = *(DWORD*)lpMapAddr; if (dwFatherPid) { //杀掉原来的进程 KillProcess(dwFatherPid); } *(DWORD*)lpMapAddr = dwFatherPID; FlushViewOfFile(lpMapAddr, 1024); return 0; } int KillProcess(int id) { //printf("KillProcess=%d\n",id); HANDLE hProcess = NULL; hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, id); if (hProcess == NULL) { return -1; } DWORD ret = TerminateProcess(hProcess, 0); if (ret == 0) { } //printf("Error=%s\n", GetLastError()); return -1; } VOID SuspendProcess(DWORD dwProcessID, BOOL fSuspend) { HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, dwProcessID); if (hSnapshot != INVALID_HANDLE_VALUE) { THREADENTRY32 te = { sizeof(te) }; BOOL fOk = Thread32First(hSnapshot, &te); for (; fOk; fOk = Thread32Next(hSnapshot, &te)) { if (te.th32OwnerProcessID == dwProcessID) { HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te.th32ThreadID); if (hThread != NULL) { if (fSuspend) { SuspendThread(hThread); } else { ResumeThread(hThread); } } CloseHandle(hThread); } } CloseHandle(hSnapshot); } } ``` # 全局共享内存 可以跨Session进行数据交流 https://blog.csdn.net/anranjingsi/article/details/116070796?utm_source=app&app_version=5.1.1&code=app_1562916241&uLinkId=usr1mkqgl919blen ```cpp const char* shareName = "Global\\testGlobalMemory"; const char* shareSSDL = "D:P(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GA;;;IU)"; //创建安全描述符 SECURITY_ATTRIBUTES security; ZeroMemory(&security, sizeof(security)); security.nLength = sizeof(security); ConvertStringSecurityDescriptorToSecurityDescriptorA( shareSSDL , SDDL_REVISION_1, &security.lpSecurityDescriptor, NULL); //以指定的安全描述符去创建共享内存 HANDLE tmp = CreateFileMappingA(INVALID_HANDLE_VALUE, &security, PAGE_READWRITE, 0, SHAMEM_MAX, shareName ); ``` # 通道 可以跨Session进行数据交流 这是一个线程,线程会检测是否有其他的管道名称,如果没有就会创建当前一个并把当前的PID写入,等待下一个程序打开并把当前的杀死。 ```cpp static DWORD WINAPI ThreadPro1(LPVOID lpThreadParameter) { char buf[256] = ""; DWORD rLen = 0; DWORD wLen = 0; DWORD dwFatherPid = 0; HANDLE hPipe = NULL; DWORD NowPid = GetCurrentProcessId(); RE: hPipe = CreateFile( //创建管道文件,即链接管道 TEXT("\\\\.\\Pipe\\pipeTest"), //管道名称 GENERIC_READ | GENERIC_WRITE, //文件模式 0, //是否共享 NULL, //指向一个SECURITY_ATTRIBUTES结构的指针 OPEN_EXISTING, //创建参数 FILE_ATTRIBUTE_NORMAL, //文件属性,NORMAL为默认属性 NULL); //模板创建文件的句柄 if (INVALID_HANDLE_VALUE == hPipe) { hPipe = CreateNamedPipe( TEXT("\\\\.\\Pipe\\pipeTest"), //管道名 PIPE_ACCESS_DUPLEX, //管道类型,双向通信 PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, //管道参数 PIPE_UNLIMITED_INSTANCES, //管道能创建的最大实例数量 0, //输出缓冲区长度 0表示默认 0, //输入缓冲区长度 0表示默认 NMPWAIT_WAIT_FOREVER, //超时时间,NMPWAIT_WAIT_FOREVER为不限时等待 NULL); if (INVALID_HANDLE_VALUE == hPipe) { exit(0); } while (TRUE) { WriteFile(hPipe, (char*)&NowPid, sizeof(NowPid), &wLen, 0); //向客户端发送数据 Sleep(1000); } } else { ::ConnectNamedPipe(hPipe, NULL); ReadFile(hPipe, (char*)&dwFatherPid, sizeof(dwFatherPid), &rLen, NULL); if (dwFatherPid) { OutputDebugStringA("KillProcess(dwFatherPid);"); HANDLE hProcess = NULL; hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, dwFatherPid); //打开目标进程 if (hProcess == NULL) { return -1; } TerminateProcess(hProcess, 0); //结束目标进程 DisconnectNamedPipe(hPipe); CancelIo(hPipe); CloseHandle(hPipe); } goto RE; } return 0; } ``` 最后修改:2022 年 03 月 16 日 © 允许规范转载 赞 0 如果觉得我的文章对你有用,请随意赞赏