幾種獲取進(jìn)程列表的方法

guoliyan1 2012-02-04

展開(kāi)全文

幾種獲取進(jìn)程列表的方法

1.CreateToolhelp32Snapshot法：

// //////////////////////////////////////////////////////////////////////////
// // CreateToolhelp32Snapshot 法 #include <Tlhelp32.h>
// //////////////////////////////////////////////////////////////////////////
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
BOOL bRet;
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
bRet = Process32First(hProcessSnap,&pe32);
while (bRet)
{
bRet = Process32Next(hProcessSnap,&pe32);
printf("%s\n",&pe32.szExeFile);
}
return 0;

復(fù)制代碼

如果想輸出文件路徑，在其中加入提權(quán)代碼后再OpenProcess,，GetModuleFileNameEx即可,。

2.EnumProcesses 法

//////////////////////////////////////////////////////////////////////////
// EnumProcesses 法 #include <Psapi.h> #pragma comment(lib,"Psapi.lib")
//////////////////////////////////////////////////////////////////////////
DWORD PID[1024];
DWORD needed,NumProcess;
EnumProcesses(PID,sizeof(PID),&needed);
NumProcess = needed/sizeof(DWORD);
char FilePatch[MAX_PATH];
for (DWORD i=0;i<NumProcess;i++)
{
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,PID[i]);
if (hProcess)
{
GetModuleFileNameEx(hProcess,NULL,FilePatch,sizeof(FilePatch));
printf("%s\n",FilePatch);
}
}
CloseHandle(hProcess);
printf("一共%d個(gè)進(jìn)程\n",NumProcess);
return 0;

復(fù)制代碼

3.WTSOpenServer 法

//////////////////////////////////////////////////////////////////////////
// WTSOpenServer 法 #include <Wtsapi32.h> #pragma comment(lib,"Wtsapi32.lib") 用nbtstat -an獲取本機(jī)NetBios名稱，并在命令行下輸入即可
//////////////////////////////////////////////////////////////////////////
char *szServerName = argv[1];
PWTS_PROCESS_INFO wts;
DWORD dwCount;
HANDLE hWtsServer = WTSOpenServer(szServerName);
if(!WTSEnumerateProcesses(hWtsServer,0,1,&wts,&dwCount))
return 0;
for (DWORD i=0;i<dwCount;i++)
{
printf("%s\n",wts[i].pProcessName);
}
return 0;

復(fù)制代碼

4. ZwQuerySystemInformation 法

//////////////////////////////////////////////////////////////////////////
// ZwQuerySystemInformation 法
//////////////////////////////////////////////////////////////////////////
/*
* Author: Leng_que
* Date: 2010年1月26日23:44:28
* E-mail: [email][email protected][/email]
* Description: 演示了如何通過(guò)ZwQuerySystemInformation這個(gè)函數(shù)獲取系統(tǒng)的相關(guān)信息
*/
#include <stdio.h>
#include <windows.h>
typedef LONG NTSTATUS;
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L)
#define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L)
#define STATUS_INVALID_INFO_CLASS ((NTSTATUS)0xC0000003L)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
typedef enum _SYSTEM_INFORMATION_CLASS
{
SystemBasicInformation, // 0 Y N
SystemProcessorInformation, // 1 Y N
SystemPerformanceInformation, // 2 Y N
SystemTimeOfDayInformation, // 3 Y N
SystemNotImplemented1, // 4 Y N
SystemProcessesAndThreadsInformation, // 5 Y N
SystemCallCounts, // 6 Y N
SystemConfigurationInformation, // 7 Y N
SystemProcessorTimes, // 8 Y N
SystemGlobalFlag, // 9 Y Y
SystemNotImplemented2, // 10 Y N
SystemModuleInformation, // 11 Y N
SystemLockInformation, // 12 Y N
SystemNotImplemented3, // 13 Y N
SystemNotImplemented4, // 14 Y N
SystemNotImplemented5, // 15 Y N
SystemHandleInformation, // 16 Y N
SystemObjectInformation, // 17 Y N
SystemPagefileInformation, // 18 Y N
SystemInstructionEmulationCounts, // 19 Y N
SystemInvalidInfoClass1, // 20
SystemCacheInformation, // 21 Y Y
SystemPoolTagInformation, // 22 Y N
SystemProcessorStatistics, // 23 Y N
SystemDpcInformation, // 24 Y Y
SystemNotImplemented6, // 25 Y N
SystemLoadImage, // 26 N Y
SystemUnloadImage, // 27 N Y
SystemTimeAdjustment, // 28 Y Y
SystemNotImplemented7, // 29 Y N
SystemNotImplemented8, // 30 Y N
SystemNotImplemented9, // 31 Y N
SystemCrashDumpInformation, // 32 Y N
SystemExceptionInformation, // 33 Y N
SystemCrashDumpStateInformation, // 34 Y Y/N
SystemKernelDebuggerInformation, // 35 Y N
SystemContextSwitchInformation, // 36 Y N
SystemRegistryQuotaInformation, // 37 Y Y
SystemLoadAndCallImage, // 38 N Y
SystemPrioritySeparation, // 39 N Y
SystemNotImplemented10, // 40 Y N
SystemNotImplemented11, // 41 Y N
SystemInvalidInfoClass2, // 42
SystemInvalidInfoClass3, // 43
SystemTimeZoneInformation, // 44 Y N
SystemLookasideInformation, // 45 Y N
SystemSetTimeSlipEvent, // 46 N Y
SystemCreateSession, // 47 N Y
SystemDeleteSession, // 48 N Y
SystemInvalidInfoClass4, // 49
SystemRangeStartInformation, // 50 Y N
SystemVerifierInformation, // 51 Y Y
SystemAddVerifier, // 52 N Y
SystemSessionProcessesInformation // 53 Y N
} SYSTEM_INFORMATION_CLASS;
typedef struct _LSA_UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING;
typedef struct _CLIENT_ID
{
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID;
typedef enum _THREAD_STATE
{
StateInitialized,
StateReady,
StateRunning,
StateStandby,
StateTerminated,
StateWait,
StateTransition,
StateUnknown
} THREAD_STATE;
typedef enum _KWAIT_REASON
{
Executive,
FreePage,
PageIn,
PoolAllocation,
DelayExecution,
Suspended,
UserRequest,
WrExecutive,
WrFreePage,
WrPageIn,
WrPoolAllocation,
WrDelayExecution,
WrSuspended,
WrUserRequest,
WrEventPair,
WrQueue,
WrLpcReceive,
WrLpcReply,
WrVirtualMemory,
WrPageOut,
WrRendezvous,
Spare2,
Spare3,
Spare4,
Spare5,
Spare6,
WrKernel
} KWAIT_REASON;
typedef struct _IO_COUNTERS
{
LARGE_INTEGER ReadOperationCount; //I/O讀操作數(shù)目
LARGE_INTEGER WriteOperationCount; //I/O寫(xiě)操作數(shù)目
LARGE_INTEGER OtherOperationCount; //I/O其他操作數(shù)目
LARGE_INTEGER ReadTransferCount; //I/O讀數(shù)據(jù)數(shù)目
LARGE_INTEGER WriteTransferCount; //I/O寫(xiě)數(shù)據(jù)數(shù)目
LARGE_INTEGER OtherTransferCount; //I/O其他操作數(shù)據(jù)數(shù)目
} IO_COUNTERS, *PIO_COUNTERS;
typedef struct _VM_COUNTERS
{
ULONG PeakVirtualSize; //虛擬存儲(chǔ)峰值大小
ULONG VirtualSize; //虛擬存儲(chǔ)大小
ULONG PageFaultCount; //頁(yè)故障數(shù)目
ULONG PeakWorkingSetSize; //工作集峰值大小
ULONG WorkingSetSize; //工作集大小
ULONG QuotaPeakPagedPoolUsage; //分頁(yè)池使用配額峰值
ULONG QuotaPagedPoolUsage; //分頁(yè)池使用配額
ULONG QuotaPeakNonPagedPoolUsage; //非分頁(yè)池使用配額峰值
ULONG QuotaNonPagedPoolUsage; //非分頁(yè)池使用配額
ULONG PagefileUsage; //頁(yè)文件使用情況
ULONG PeakPagefileUsage; //頁(yè)文件使用峰值
} VM_COUNTERS, *PVM_COUNTERS;
typedef LONG KPRIORITY;
typedef struct _SYSTEM_THREADS
{
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
KPRIORITY Priority;
KPRIORITY BasePriority;
ULONG ContextSwitchCount;
THREAD_STATE State;
KWAIT_REASON WaitReason;
} SYSTEM_THREADS, *PSYSTEM_THREADS;
typedef struct _SYSTEM_PROCESSES
{
ULONG NextEntryDelta;
ULONG ThreadCount;
ULONG Reserved1[6];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ProcessName;
KPRIORITY BasePriority;
ULONG ProcessId;
ULONG InheritedFromProcessId;
ULONG HandleCount;
ULONG Reserved2[2];
VM_COUNTERS VmCounters;
IO_COUNTERS IoCounters;
SYSTEM_THREADS Threads[1];
} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;
typedef struct _SYSTEM_BASIC_INFORMATION
{
BYTE Reserved1[24];
PVOID Reserved2[4];
CCHAR NumberOfProcessors;
} SYSTEM_BASIC_INFORMATION;
typedef NTSTATUS (WINAPI *NTQUERYSYSTEMINFORMATION)(IN SYSTEM_INFORMATION_CLASS, IN OUT PVOID, IN ULONG, OUT PULONG OPTIONAL);
int main(void)
{
HINSTANCE ntdll_dll = GetModuleHandle("ntdll.dll");
if ( ntdll_dll!=NULL )
{
NTQUERYSYSTEMINFORMATION dwFunAddress = (NTQUERYSYSTEMINFORMATION)GetProcAddress(ntdll_dll, "ZwQuerySystemInformation");
if ( dwFunAddress!=NULL )
{
//執(zhí)行 SystemBasicInformation
SYSTEM_BASIC_INFORMATION sbi = {0};
NTSTATUS status = dwFunAddress(SystemBasicInformation, (PVOID)&sbi, sizeof(sbi), NULL);
if ( status == STATUS_SUCCESS )
{
printf("處理器個(gè)數(shù)：%d\r\n", sbi.NumberOfProcessors);
printf("\r\n");
}
else
{
printf("\r\n SystemBasicInformation error");
}
//執(zhí)行 SystemProcessesAndThreadsInformation
PSYSTEM_PROCESSES pSp=NULL;
ULONG retureSize=0;
status = dwFunAddress(SystemProcessesAndThreadsInformation, NULL, 0, &retureSize);
if ( status == STATUS_INFO_LENGTH_MISMATCH )
{
unsigned char *buf = new unsigned char[retureSize];
if ( buf!=NULL )
{
status = dwFunAddress(SystemProcessesAndThreadsInformation, (PVOID)buf, retureSize, NULL);
if ( status == STATUS_SUCCESS )
{
pSp = (PSYSTEM_PROCESSES)buf;
printf("===============所有進(jìn)程信息=============\r\n");
do {
printf("進(jìn)程ID：%d\r\n", pSp->ProcessId);
printf("進(jìn)程名：");
wprintf(L"%s\r\n", pSp->ProcessName.Buffer);
printf("線程數(shù)：%d\r\n", pSp->ThreadCount);
printf("工作集大小：%dKB\r\n", pSp->VmCounters.WorkingSetSize/1024);
printf("\r\n\r\n");
pSp = (PSYSTEM_PROCESSES)( (unsigned long)pSp + pSp->NextEntryDelta );
} while ( pSp->NextEntryDelta != 0 );
printf("========================================\r\n");
delete[] buf;
buf = NULL;
pSp = NULL;
}
else if ( status == STATUS_UNSUCCESSFUL )
{
printf("\r\n STATUS_UNSUCCESSFUL");
}
else if ( status == STATUS_NOT_IMPLEMENTED )
{
printf("\r\n STATUS_NOT_IMPLEMENTED");
}
else if ( status == STATUS_INVALID_INFO_CLASS )
{
printf("\r\n STATUS_INVALID_INFO_CLASS");
}
else if ( status == STATUS_INFO_LENGTH_MISMATCH )
{
printf("\r\n STATUS_INFO_LENGTH_MISMATCH");
}
}
else
{
printf("\r\n new operation error!");
}
}
}
else
{
printf("\r\n get ZwQuerySystemInformation address error!");
}
FreeLibrary(ntdll_dll);
}
system("pause > nul");
return 0;
}

復(fù)制代碼

本站是提供個(gè)人知識(shí)管理的網(wǎng)絡(luò)存儲(chǔ)空間，所有內(nèi)容均由用戶發(fā)布,，不代表本站觀點(diǎn)。請(qǐng)注意甄別內(nèi)容中的聯(lián)系方式,、誘導(dǎo)購(gòu)買等信息,，謹(jǐn)防詐騙。如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容,，請(qǐng)點(diǎn)擊一鍵舉報(bào),。

轉(zhuǎn)藏 分享

QQ空間 QQ好友新浪微博微信

獻(xiàn)花（0） +1

來(lái)自： guoliyan1 > 《vc》

舉報(bào)/認(rèn)領(lǐng)