2023年6月22日发(作者：)

Windows编程常⽤api

转载⽹络⿊客常⽤WIN API函数整理⼀、进程创建进程：CreateProcess ("C:",0,0,0,0,0,0,0,&si,&pi);WinExec("notepad",SW_SHOW);ShellExecute(0,"open","notepad","c:","",SW_SHOW);ShellExecuteEx(&sei);遍历进程：CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);Process32First(hsnap,&pe32);Process32Next(hsnap,&pe32);终⽌进程：ExitProcess(0);TerminateProcess(hProc,0);打开进程：OpenProcess(PROCESS_ALL_ACCESS,0,pid);获取进程ID：GetCurrentProcesssId();获取进程可执⾏⽂件路径：GetModuleFileName(NULL,buf,len);GetProcessImageFileName(hproc,buf,len);遍历进程模块信息：CreateToolhelp32Snapshot(TH32CS_SNAPMODILE,pid);Module32First(hsnap,&mdl32);Module32Next(hsnap,&mdl2);获取指定模块句柄：GetModuleHandle(“ ”);获取模块内函数地址：GetProcessAddr(hmdl,”MessageBox ”);动态加载DLL：LoadLibrary(“”);卸载DLL：FreeLibrary(hDll);获取进程命令⾏参数：GetCommandLine();任何进 程GetCommandLine函数地址后偏移⼀个字节后 的4字节地址为命令⾏地址。读写远程进程数据：ReadProcessMemory(hproc,baseAddr,buf,len,&size);WriteProcessMemory(hproc,baseAddr,buf,len,&size);申请内存：VirtualAlloc(0,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE);VirtualAllocEx(hproc,0,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE);修改内存属性：VirtualProtect(addr,size,PAGE_EXECUTE_READWRITE,&oldAddr);VirtualProtectEx(hproc,addr,size,PAGE_EXECUTE_READWRITE,&oldAddr);释放内存：VirtualFree(addr,size,MEM_RELEASE);VirtualFreeEx(hproc,addr,size,MEM_RELEASE);获取系统版本(WinNT/2K/XP<0x80000000)：getVersion();读写进程优先级：SetPriorityClass(hproc,Normal);GetPriority(hproc);SetProcessPriorityBoost(hproc,true);GetProcessPriorityBoost(hproc,pBool);⼆、线程创建线程(CreateThread的线程函数调⽤了strtok、rand等需使⽤_endthread()释放内存)：CreateThread(0,0,startAddr,¶,0,&tid);_beginthread(startAddr,0,0);_beginthreadex(0,0,startAddr,0,0,&tid);CreateRemoteThread(hproc,0,0,func,¶,0,&tid);获取线程ID：GetCurrentThreadId();关闭线程句柄（减少内核对象使⽤次数，防⽌内存泄漏） ：CloseHandle(hthread);挂起与激活线程(维护暂停次数)：SuspendThread(hthread);ResumeThread(hthread);获取线程退出代码：GetExitCode(hthread,&code);等待线程退出(线程受信状态或超时)：WaitForSignleObject(htread,1000);WaitForMultipleObjects(num,handles,true,INFINITE);遍历线程：CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);Thread32First(hsnap,&mdl32);Thread32Next(hsnap,&mdl2);获取线程函数⼊⼝：ZwQueryInfomationThread(hthread,ThreadQuerySetWin32StartAddress,&buf,4,NULL);打开线程OpenThread(THREAD_ALL_ACCESS,false,&tid);获取线程函数地址所属模块：GetMappedFileName(hproc,addr,buf,256);读写线程优先级：SetThreadPriority(hthread,Normal);GetThreadPriority(hthread);SetThreadPriorityBoost(hproc,true);GetThreadPriorityBoost(hproc,pBool);终⽌线程：ExitThread(5);TerminateThread(hthread,5);线程同步临界区对象：InitializeCriticalSection(&cs);EnterCriticalSection(&cs);LeaveCriticalSection(&cs);DeleteCriticalSection(&cs);线程同步事件内核对象：OpenEvent(EVENT_ALL_ACCESS,false,name);CreateEvent(NULL,false,true,NULL);WaitForSingleObject(hevnt,INFINITE);SetEvent(hevnt);ResetEvent(hevnt);线程同步互斥内核对象：CreateMutex(NULL,false,NULL);WaitForSingleObject(hmutex,INFINITE);ReleaseMutex(hmutex);OpenMutex(MUTEX_ALL_ACCESS,false,name);三、注册表创建键：RegCreateKeyEx(HKEY_CURRENT_USER, ”TestNewKey”,0,0,REG_OPTION_VOLATILE,KEY_ALL_ACCESS,0,&subkey,&state);打开键：RegCreateKeyEx(HKEY_CURRENT_USER, ”ControlPanel ”,0,KEY_ALL_ACCESS,&subkey);关闭键：RegCloseKey(hkey);遍历键：RegEnumKeyEx(hsubkey,index,keyname,&nameSize,0,0,0,&time);FileTimeToSystemTime(&time,&systime);RegQueryInfo(hsubkey,0,0,0,&count,0,0,0,0,0,0,0);删除键：RegDeleteKeyEx(hmainkey,subkeyName);创建值：RegSetValueEx(hsubkey, ”test ”,0,REG_WORD,(BYTE*)&value,4);遍历值：RegEnumValue(hsubkey,index,name,&nameSize,0,&type,valuebuf,valueLen);RegQueryValueEx(hsubkey,name,0,type,buf,&size);删除值：RegDeleteValue(hsubkey,valuename);四、⽂件创建/打开⽂件：CreateFile(“ ”,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);设置⽂件指针：SetFilePointer(hFile,0,NULL,FILE_END);读写⽂件：ReadFile(hFile,buf,len,&size,0);WriteFile(hFile,buf,len,&size,0);强制⽂件写⼊磁盘，清空⽂件⾼速缓冲区：FlushFileuffers(hFile);[解]锁⽂件区域：LockFile(hFile,0,0,100,0);UnlockFile(hFile,0,0,100,0);复制⽂件：CopyFile(src,des,true);CopyFileEx(src,des,func,¶,false,COPY_FILE_FAIL_IF_EXISTS);移动⽂件：MoveFile(src,des);MoveFileEx(src,des,false);MoveFileWithProgress(src,des,fun,¶,MOVEFILE_COPY_ALLOWED);删除⽂件：DeleteFile(filename);获取⽂件类型(FILE_TYPE_PIPE)：GetFileType(hFile);获取⽂件⼤⼩：GetFileSize(hFile,&high);获取⽂件属性(例如FILE_ATTRIBUTE_DIRECTORY进⾏&运算)：GetFileAttributes(hFile);遍历⽂件：FindFirstFile(nameMode,&wfd);FindNextFile(hFile,&wfd);创建管道：CreatePipe(&hRead,&hWrite,&sa,0);创建内存映射⽂件：CreateFile(“ d:”,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,”myMap”);加载内存映射⽂件：MapViewOfFile(hmap,FILE_MAP_ALL_ACCESS,0,0,0);打开内存映射⽂件：OpenFileMapping(FILE_AMP_ALL_ACCESS,false, ”myMap”);卸载内存映射⽂件：UnmapViewOfFile(baseAddr);强制写⼊内存映射⽂件到磁盘：FlushViewOfFile(baseAddr,len);创建⽂件夹(只能创建⼀层)：CreateDirectory( “D:a”,NULL);CreateDirectory( “C:a”,”D:b”,NULL);删除⽂件夹(只能删除空⽂件夹)：RemoveDirectory( “ C:a ”);检测逻辑驱动器：GetLogicalDrives();GetLogicalDriveStrings(len,buf);获取驱动器类型(DRIVE_CDROM)：GetDriveType( “D:”);五、⽹络打开⽹络资源枚举过程（winnetwk.h、） ：WNetOpenEnum(RESOURCE_GLOBAL,RESOURCETYPE_ANY,0,NULL,hnet);枚举⽹络资源：WNetEnumResource(hnet,&count,pNetRsc,&size);关闭⽹络资源枚举过程：WNetCloseEnum(hnet);打开关闭WinSocket库：WSAStartup(version,&wsa);WSACleanup();创建套接字：socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);绑定套接字IP和端⼝：bind(sock,&addr,len);监听TCP连接：listen(sock,10);接收TCP连接请求：accept(sock,&addr,&len);客户端连接：connect(sock,&addr,len);发送TCP数据：send(sock,buf,len,0);接收TCP数据：recv(sock,buf,len,0);发送UDP数据：sendto(sock,buf,len,0,&addr,len);接收UDP数据：recvfrom(sock,buf,len,0,&addr,&len);六、服务打开SCM服务控制管理器：OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);创建服务：CreateService(mgr,"MyService","MyService",SERVICE_ALL_ACCESS,SERVICE_WIN32_OWN_PROCESS,SERVICE_AUTO_START,SERVICE_ERROR_IGNORE,path,NULL,NULL,NULL,NULL,NULL);打开服务对象：OpenService(mgr,"MyService",SERVICE_START);启动服务：StartService(serv,0,NULL);查询服务状态：QueryServiceStatus(serv,&state);关闭服务句柄：CloseServiceHandle(hdl);连接到SCM：StartServiceCtrlDispatcher(DispatchTable);注册服务控制函数：RegisterServiceCtrlHandler("MyServicer",ServiceCtrl);设置服务状态：SetServiceStatus(hss,&ServiceStatus);控制服务：ControlService(serv,SERVICE_CONTROL_STOP,&state);删除服务：DeleteService(serv);遍历服务：EnumServicesStatus(hscm,SERVICE_WIN32|SERVICE_DRIVER,SERVICE_STATE_ALL,&srvSts,len,&size,&count,NULL);查询服务配置：QueryServiceConfig(hserv,&srvcfg,size,&size);七、消息发送消息：SendMessage(HWND_BROADCAST,WM_LBUTTONDOWN,0,0);接收消息：GetMessage(&msg,NULL,0,0);投递消息：PostMessage(HWND_BROADCAST,WM_LBUTTONDOWN,0,0);获取消息：PeekMessage(&msg,NULL,0,0);转换消息：TranslateMessage(&msg);分发消息：DispatchMessage(&msg);等待消息：WaitMessage();发送退出消息：PostQuitMessage(0);安装消息钩⼦：SetWindowsHookEx(WH_KEYBOARD,keyBoardProc,0,tid);卸载消息钩⼦：UnhookWindowsHookEx(hhk);