VC中枚举进程及获取进程相关信息
2014-06-19 22:00:46|?次阅读|上传:wustguangh【已有?条评论】发表评论
关键词:C/C++, 操作系统|来源:唯设编程网
1.枚举系统所有进程
方法很多,这里用EnumProcesses这个方法
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return;
cProcesses = cbNeeded / sizeof(DWORD);
for ( i = 0; i < cProcesses; i++ )
PrintProcessNameAndID( aProcesses[i]);
aProcesses数组里包含了所有进程ID,使用EnumProcesses需要安装SDK,并且需要
Header: Declared in Psapi.h.
Library: Use Psapi.lib.
这个函数在msdn上有详细的说明
2.根据进程ID获取进程文件名
有了进程ID DWORD dwProcessID
TCHAR szProcessName[MAX_PATH] = _T("");
TCHAR szProcessPath[MAX_PATH] = _T("");
HANDLE hProcess = NULL;
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, dwProcessID);
if(hProcess != NULL)
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
&cbNeeded) )
{
DWORD dwRetVal = 0;
DWORD dwRetValEx = 0;
dwRetVal = GetModuleBaseName( hProcess, hMod, szProcessName,
sizeof(szProcessName) );
dwRetValEx = GetModuleFileNameEx( hProcess, hMod, szProcessPath,
sizeof(szProcessPath));
if(dwRetVal > 0 && dwRetValEx > 0)
{
bRetVal = TRUE;
}
else
{
bRetVal = FALSE;
}
}
}
GetModuleBaseName只是获得文件名如QQ.exe,
GetModuleFileNameEx是获得文件名,包括路径,如E:/tool/Tencent/qq/QQ.exe
3.根据进程的句柄来判断,该进程是否是系统进程
BOOL IsSysProcess(HANDLE hProcess)
{
BOOL bRetVal = FALSE;
//1.OpenProcessToken
HANDLE hToken = NULL;
if(hProcess != NULL)
{
bRetVal = ::OpenProcessToken(hProcess,TOKEN_QUERY,&hToken);
}
//2.GetTokenInformation
PTOKEN_USER pToken_User = NULL;
DWORD dwTokenUser = 0L;
if(hToken != NULL)
{
::GetTokenInformation(hToken, TokenUser, NULL,0L, &dwTokenUser);
}
if(dwTokenUser>0)
{
pToken_User = (PTOKEN_USER)::GlobalAlloc( GPTR, dwTokenUser );
}
if(pToken_User != NULL)
{
bRetVal = ::GetTokenInformation(hToken,
TokenUser,
pToken_User,
dwTokenUser,
&dwTokenUser);
}
//3.LookupAccountSid...
TCHAR szAccName[MAX_PATH] = {0};
TCHAR szDomainName[MAX_PATH] = {0};
if(bRetVal != FALSE && pToken_User != NULL)
{
SID_NAME_USE eUse = SidTypeUnknown;
DWORD dwAccName = 0L;
DWORD dwDomainName = 0L;
PSID pSid = pToken_User->User.Sid;
bRetVal = ::LookupAccountSid(NULL,
pSid,
NULL,
&dwAccName,
NULL,
&dwDomainName,
&eUse );
if(dwAccName>0 && dwAccName< MAX_PATH && dwDomainName>0 && dwDomainName <= MAX_PATH)
{
bRetVal = ::LookupAccountSid(NULL,
pSid,szAccName,
&dwAccName,
szDomainName,
&dwDomainName,
&eUse );
}
}
//4.Compant
if(bRetVal != FALSE)
{
if(::_tcsnicmp(szAccName,TEXT("SYSTEM"),6) != 0L)
{
bRetVal = FALSE;
}
}
//4.Free pToken_User
if (pToken_User != NULL)
{
::GlobalFree( pToken_User );
}
//5.CloseHandle
if(hToken != NULL)
{
::CloseHandle(hToken);
}
return bRetVal ;
}
返回TRUE,那么就说明是系统进程
如果返回FALSE,说明不是系统进程,是用户的
【发表评论0条 】
网友评论(共?条评论)..
VC中枚举进程及获取进程相关信息
CATIA/CAA
SWING
MFC
Unity3D
Android
JQuery
ASP.NET