16,470
社区成员
发帖
与我相关
我的任务
分享一个急待解决的问题
在我的程序中,想在同一时刻最多启动两个其它的应用程序,我原来用枚举系统进程的方法编写出来后,但在WINDOWS终端服务器上列出的是所有用户开出的进程。因而无法控制,故求助各位高手。
...全文
请发表友善的回复…
发表回复
SUZJ 2000-02-14
- 打赏
- 举报
谢谢!我用枚举系统中进程的ProcessID和用CreateProcess启动应用程序时返回的ProcessID比较完成了任务。
lu0 2000-02-13
- 打赏
- 举报
使用NATIVE API,下面乃是一老外的做法.需要SE_TCB_PRIVELE.你尝试一下吧.:)
Or all one needs the header attached to this message!
NtQuerySystemsInformation (in NTDLL.DLL) is at the heart of many of
Microsoft's utilities; including the PSAPI DLL. I wanted to use it; so,
I figured out how it works. You are getting the benefit of my hard work.
To use NtQuerySystemInformation, one either has to a) create an import
library from NTDLL.DLL, or b) use LoadLibrary + GetProcAddress.
NtQuerySystemInformation is like a lot of NT calls, you need to call it
repeatedly until you have passed a large enough buffer to hold the
result.
Example:
char* snapshot;
ULONG snapshotSize;
ULONG bytesNeeded;
NT_PROCESS_INFO* processInfo;
Example:
while
(NtQuerySystemInformation(ProcessInformation,snapshot,snapshotSize,&bytesNeeded))
{
delete [] snapshot;
snapshotSize *= 2;
snapshot = new char[snapshotSize];
}
// After the call has completed successfully, all one needs to do is walk the shapshot.
processInfo = (NT_PROCESS_INFO*)snapshot;
do
{
// do something with the process-information
processInfo = pProcessInfo->OffsetToNextProcess ?(NT_PROCESS_INFO*)((char*)processInfo +
processInfo->OffsetToNextProcess) : NULL;
}
while (processInfo);
Merry Christmas! :-)
Mark
P.S. I have also included a few other goodies in this hearder. have
fun!
--- cut this code and place in a file called ntdll.h ---
/*
-----------------------------------------------------------------------------
-- Unit Name : ntdll.h
-- Purpose : This unit defines an interface to NTDLL.DLL.
-- Software Engineer : Mark T. Van Ditta
-----------------------------------------------------------------------------
-- R e v i s i o n H i s t o r y
-----------------------------------------------------------------------------
*/
#ifndef _NTDLL_H_
#define _NTDLL_H_
#ifdef __cplusplus
extern "C" {
#endif
#pragma option push
#pragma pack(1)
// I named this structure because I have not found its documented name.
// It and the NtReadVirtualMemory prototype were created via an all-night
// session.
// Mark T. Van Ditta
typedef struct _NT_MODULE_CONTROL_BLOCK
{
void* Unknown0;
void* Unknown1;
void* NextBlockAddressPlusEightBytes;
void* Unknown2;
void* Unknown3;
void* Unknown4;
void* ModuleHandle;
void* Unknown5;
void* Unknown6;
void* Unknown7;
void* Unknown8;
short NameLength;
short NameLengthIncludingZero;
WCHAR* Name;
void* Unknown10;
void* Unknown11;
void* Unknown12;
void* Unknown13;
void* Unknown14;
} NT_MODULE_CONTROL_BLOCK;
#pragma option pop
ULONG __stdcall NtReadVirtualMemory(HANDLE ProcessHandle, void*
FromAddress,
void* ToAddress, ULONG NumberOfBytes, ULONG* NumberOfBytesRead);
typedef ULONG __stdcall (*PNtReadVirtualMemory)(HANDLE ProcessHandle,
void* FromAddress, void* ToAddress, ULONG NumberOfBytes,
ULONG* NumberOfBytesRead);
typedef enum { ProcessInformation = 5 } NT_SYSTEM_INFO_CLASS;
typedef struct
{
DWORD OffsetToNextProcess;
DWORD ThreadCount;
DWORD Unknown0;
DWORD Unknown1;
DWORD Unknown2;
DWORD Unknown3;
DWORD Unknown4;
DWORD Unknown5;
__int64 CreateTime;
__int64 UserTime;
__int64 KernelTime;
DWORD Unknown6;
WCHAR* ProcessName;
DWORD BasePriority;
DWORD ProcessID;
DWORD ParentProcessID;
DWORD HandleCount;
DWORD Unknown7;
DWORD Unknown8;
DWORD PeakVirtualMemorySize;
DWORD VirtualMemorySize;
DWORD PageFaultCount;
DWORD PeakWorkingSetSize;
DWORD WorkingSetSize;
DWORD QuotaPeakPagedPoolUsage;
DWORD QuotaPagedPoolUsage;
DWORD QuotaPeakNonPagedPoolUsage;
DWORD QuotaNonPagedPoolUsage;
DWORD PagefileUsage;
DWORD PeakPagefileUsage;
DWORD PrivateBytes;
} NT_PROCESS_INFO;
typedef NT_PROCESS_INFO *PNT_PROCESS_INFO;
ULONG __stdcall NtQuerySystemInformation(NT_SYSTEM_INFO_CLASS
SystemInformationClass,
void* SystemInformation, ULONG SystemInformationLength, ULONG*
returnLength);
typedef ULONG __stdcall
(*PNtQuerySystemInformation)(NT_SYSTEM_INFO_CLASS,
void*, ULONG, ULONG*);
typedef enum _NT_PROCESS_INFO_CLASS
{
ProcessBasicInformation,
ProcessQuotaLimits,
ProcessIoCounters,
ProcessVmCounters,
ProcessTimes,
ProcessBasePriority,
ProcessRaisePriority,
ProcessDebugPort,
ProcessExceptionPort,
ProcessAccessToken,
ProcessLdtInformation,
ProcessLdtSize,
ProcessDefaultHardErrorMode,
ProcessIoPortHandlers, // Note: this is kernel mode only
ProcessPooledUsageAndLimits,
ProcessWorkingSetWatch,
ProcessUserModeIOPL,
ProcessEnableAlignmentFaultFixup,
ProcessPriorityClass,
ProcessWx86Information,
ProcessHandleCount,
ProcessAffinityMask,
ProcessPriorityBoost,
MaxProcessInfoClass
} NT_PROCESS_INFO_CLASS;
typedef enum _NT_THREAD_INFO_CLASS
{
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
MaxThreadInfoClass
} NT_THREAD_INFO_CLASS;
typedef struct _NT_PROCESS_WS_WATCH_INFORMATION
{
PVOID FaultingPc;
PVOID FaultingVa;
} NT_PROCESS_WS_WATCH_INFORMATION, *PNT_PROCESS_WS_WATCH_INFORMATION;
typedef struct _NT_PROCESS_BASIC_INFORMATION
{
ULONG ExitStatus;
void* PebBaseAddress;
ULONG AffinityMask;
LONG BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
} NT_PROCESS_BASIC_INFORMATION;
typedef NT_PROCESS_BASIC_INFORMATION *PNT_PROCESS_BASIC_INFORMATION;
typedef struct _NT_QUOTA_LIMITS
{
ULONG PagedPoolLimit;
ULONG NonPagedPoolLimit;
ULONG MinimumWorkingSetSize;
ULONG MaximumWorkingSetSize;
ULONG PagefileLimit;
__int64 TimeLimit;
} NT_QUOTA_LIMITS;
typedef NT_QUOTA_LIMITS *PNT_QUOTA_LIMITS;
typedef struct _NT_IO_COUNTERS
{
ULONG ReadOperationCount;
ULONG WriteOperationCount;
ULONG OtherOperationCount;
__int64 ReadTransferCount;
__int64 WriteTransferCount;
__int64 OtherTransferCount;
} NT_IO_COUNTERS;
typedef NT_IO_COUNTERS *PNT_IO_COUNTERS;
typedef struct _NT_VM_COUNTERS
{
ULONG PeakVirtualSize;
ULONG VirtualSize;
ULONG PageFaultCount;
ULONG PeakWorkingSetSize;
ULONG WorkingSetSize;
ULONG QuotaPeakPagedPoolUsage;
ULONG QuotaPagedPoolUsage;
ULONG QuotaPeakNonPagedPoolUsage;
ULONG QuotaNonPagedPoolUsage;
ULONG PagefileUsage;
ULONG PeakPagefileUsage;
} NT_VM_COUNTERS;
typedef NT_VM_COUNTERS *PNT_VM_COUNTERS;
typedef struct _NT_POOLED_USAGE_AND_LIMITS
{
ULONG PeakPagedPoolUsage;
ULONG PagedPoolUsage;
ULONG PagedPoolLimit;
ULONG PeakNonPagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG NonPagedPoolLimit;
ULONG PeakPagefileUsage;
ULONG PagefileUsage;
ULONG PagefileLimit;
} NT_POOLED_USAGE_AND_LIMITS;
typedef NT_POOLED_USAGE_AND_LIMITS *PNT_POOLED_USAGE_AND_LIMITS;
typedef struct _NT_PROCESS_ACCESS_TOKEN
{
HANDLE Token;
HANDLE Thread;
} NT_PROCESS_ACCESS_TOKEN, *PNT_PROCESS_ACCESS_TOKEN;
typedef struct _NT_KERNEL_USER_TIMES
{
__int64 CreateTime;
__int64 ExitTime;
__int64 KernelTime;
__int64 UserTime;
} NT_KERNEL_USER_TIMES;
typedef NT_KERNEL_USER_TIMES *PNT_KERNEL_USER_TIMES;
ULONG __stdcall NtQueryInformationProcess(HANDLE ProcessHandle,
NT_PROCESS_INFO_CLASS ProcessInformationClass, void*
ProcessInformation,
ULONG ProcessInformationLength, ULONG* ReturnLength);
typedef ULONG __stdcall (*PNtQueryInformationProcess)(HANDLE,
NT_PROCESS_INFO_CLASS, void*,ULONG, ULONG*);
#ifdef __cplusplus
}
#endif
#endif // _NTDLL_H_
--- end of cut this code and place in a file called ntdll.h ---
As promised earlier, here is some code to read the process name out of
memory (it requires the header I posted a couple of days ago.)
NT_PROCESS_BASIC_INFORMATION basicInfo;
NT_MODULE_CONTROL_BLOCK moduleControlBlock;
WCHAR fileName[256];
void* block1;
void* block2;
// this code assumes one already has a handle open the the process
if (ERROR_SUCCESS == NtQueryInformationProcess(processHandle,
ProcessBasicInformation,(void*)&basicInfo,
sizeof(NT_PROCESS_BASIC_INFORMATION),NULL))
if (ERROR_SUCCESS == NtReadVirtualMemory(processHandle,
(char*)basicInfo.PebBaseAddress + 0x0000000c,
&block1,sizeof(void*),NULL))
if (ERROR_SUCCESS == NtReadVirtualMemory(processHandle,
(char*)block1 + 0x00000014,&block2, sizeof(void*),NULL))
if (block1 != block2)
if (ERROR_SUCCESS ==
NtReadVirtualMemory(processHandle,
(char*)block2 - 0x00000008,&moduleControlBlock,
sizeof(NT_MODULE_CONTROL_BLOCK),NULL))
NtReadVirtualMemory(processHandle,moduleControlBlock.Name,
fileName,moduleControlBlock.NameLengthIncludingZero,
NULL));
Mark
Or all one needs the header attached to this message!
NtQuerySystemsInformation (in NTDLL.DLL) is at the heart of many of
Microsoft's utilities; including the PSAPI DLL. I wanted to use it; so,
I figured out how it works. You are getting the benefit of my hard work.
To use NtQuerySystemInformation, one either has to a) create an import
library from NTDLL.DLL, or b) use LoadLibrary + GetProcAddress.
NtQuerySystemInformation is like a lot of NT calls, you need to call it
repeatedly until you have passed a large enough buffer to hold the
result.
Example:
char* snapshot;
ULONG snapshotSize;
ULONG bytesNeeded;
NT_PROCESS_INFO* processInfo;
Example:
while
(NtQuerySystemInformation(ProcessInformation,snapshot,snapshotSize,&bytesNeeded))
{
delete [] snapshot;
snapshotSize *= 2;
snapshot = new char[snapshotSize];
}
// After the call has completed successfully, all one needs to do is walk the shapshot.
processInfo = (NT_PROCESS_INFO*)snapshot;
do
{
// do something with the process-information
processInfo = pProcessInfo->OffsetToNextProcess ?(NT_PROCESS_INFO*)((char*)processInfo +
processInfo->OffsetToNextProcess) : NULL;
}
while (processInfo);
Merry Christmas! :-)
Mark
P.S. I have also included a few other goodies in this hearder. have
fun!
--- cut this code and place in a file called ntdll.h ---
/*
-----------------------------------------------------------------------------
-- Unit Name : ntdll.h
-- Purpose : This unit defines an interface to NTDLL.DLL.
-- Software Engineer : Mark T. Van Ditta
-----------------------------------------------------------------------------
-- R e v i s i o n H i s t o r y
-----------------------------------------------------------------------------
*/
#ifndef _NTDLL_H_
#define _NTDLL_H_
#ifdef __cplusplus
extern "C" {
#endif
#pragma option push
#pragma pack(1)
// I named this structure because I have not found its documented name.
// It and the NtReadVirtualMemory prototype were created via an all-night
// session.
// Mark T. Van Ditta
typedef struct _NT_MODULE_CONTROL_BLOCK
{
void* Unknown0;
void* Unknown1;
void* NextBlockAddressPlusEightBytes;
void* Unknown2;
void* Unknown3;
void* Unknown4;
void* ModuleHandle;
void* Unknown5;
void* Unknown6;
void* Unknown7;
void* Unknown8;
short NameLength;
short NameLengthIncludingZero;
WCHAR* Name;
void* Unknown10;
void* Unknown11;
void* Unknown12;
void* Unknown13;
void* Unknown14;
} NT_MODULE_CONTROL_BLOCK;
#pragma option pop
ULONG __stdcall NtReadVirtualMemory(HANDLE ProcessHandle, void*
FromAddress,
void* ToAddress, ULONG NumberOfBytes, ULONG* NumberOfBytesRead);
typedef ULONG __stdcall (*PNtReadVirtualMemory)(HANDLE ProcessHandle,
void* FromAddress, void* ToAddress, ULONG NumberOfBytes,
ULONG* NumberOfBytesRead);
typedef enum { ProcessInformation = 5 } NT_SYSTEM_INFO_CLASS;
typedef struct
{
DWORD OffsetToNextProcess;
DWORD ThreadCount;
DWORD Unknown0;
DWORD Unknown1;
DWORD Unknown2;
DWORD Unknown3;
DWORD Unknown4;
DWORD Unknown5;
__int64 CreateTime;
__int64 UserTime;
__int64 KernelTime;
DWORD Unknown6;
WCHAR* ProcessName;
DWORD BasePriority;
DWORD ProcessID;
DWORD ParentProcessID;
DWORD HandleCount;
DWORD Unknown7;
DWORD Unknown8;
DWORD PeakVirtualMemorySize;
DWORD VirtualMemorySize;
DWORD PageFaultCount;
DWORD PeakWorkingSetSize;
DWORD WorkingSetSize;
DWORD QuotaPeakPagedPoolUsage;
DWORD QuotaPagedPoolUsage;
DWORD QuotaPeakNonPagedPoolUsage;
DWORD QuotaNonPagedPoolUsage;
DWORD PagefileUsage;
DWORD PeakPagefileUsage;
DWORD PrivateBytes;
} NT_PROCESS_INFO;
typedef NT_PROCESS_INFO *PNT_PROCESS_INFO;
ULONG __stdcall NtQuerySystemInformation(NT_SYSTEM_INFO_CLASS
SystemInformationClass,
void* SystemInformation, ULONG SystemInformationLength, ULONG*
returnLength);
typedef ULONG __stdcall
(*PNtQuerySystemInformation)(NT_SYSTEM_INFO_CLASS,
void*, ULONG, ULONG*);
typedef enum _NT_PROCESS_INFO_CLASS
{
ProcessBasicInformation,
ProcessQuotaLimits,
ProcessIoCounters,
ProcessVmCounters,
ProcessTimes,
ProcessBasePriority,
ProcessRaisePriority,
ProcessDebugPort,
ProcessExceptionPort,
ProcessAccessToken,
ProcessLdtInformation,
ProcessLdtSize,
ProcessDefaultHardErrorMode,
ProcessIoPortHandlers, // Note: this is kernel mode only
ProcessPooledUsageAndLimits,
ProcessWorkingSetWatch,
ProcessUserModeIOPL,
ProcessEnableAlignmentFaultFixup,
ProcessPriorityClass,
ProcessWx86Information,
ProcessHandleCount,
ProcessAffinityMask,
ProcessPriorityBoost,
MaxProcessInfoClass
} NT_PROCESS_INFO_CLASS;
typedef enum _NT_THREAD_INFO_CLASS
{
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
MaxThreadInfoClass
} NT_THREAD_INFO_CLASS;
typedef struct _NT_PROCESS_WS_WATCH_INFORMATION
{
PVOID FaultingPc;
PVOID FaultingVa;
} NT_PROCESS_WS_WATCH_INFORMATION, *PNT_PROCESS_WS_WATCH_INFORMATION;
typedef struct _NT_PROCESS_BASIC_INFORMATION
{
ULONG ExitStatus;
void* PebBaseAddress;
ULONG AffinityMask;
LONG BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
} NT_PROCESS_BASIC_INFORMATION;
typedef NT_PROCESS_BASIC_INFORMATION *PNT_PROCESS_BASIC_INFORMATION;
typedef struct _NT_QUOTA_LIMITS
{
ULONG PagedPoolLimit;
ULONG NonPagedPoolLimit;
ULONG MinimumWorkingSetSize;
ULONG MaximumWorkingSetSize;
ULONG PagefileLimit;
__int64 TimeLimit;
} NT_QUOTA_LIMITS;
typedef NT_QUOTA_LIMITS *PNT_QUOTA_LIMITS;
typedef struct _NT_IO_COUNTERS
{
ULONG ReadOperationCount;
ULONG WriteOperationCount;
ULONG OtherOperationCount;
__int64 ReadTransferCount;
__int64 WriteTransferCount;
__int64 OtherTransferCount;
} NT_IO_COUNTERS;
typedef NT_IO_COUNTERS *PNT_IO_COUNTERS;
typedef struct _NT_VM_COUNTERS
{
ULONG PeakVirtualSize;
ULONG VirtualSize;
ULONG PageFaultCount;
ULONG PeakWorkingSetSize;
ULONG WorkingSetSize;
ULONG QuotaPeakPagedPoolUsage;
ULONG QuotaPagedPoolUsage;
ULONG QuotaPeakNonPagedPoolUsage;
ULONG QuotaNonPagedPoolUsage;
ULONG PagefileUsage;
ULONG PeakPagefileUsage;
} NT_VM_COUNTERS;
typedef NT_VM_COUNTERS *PNT_VM_COUNTERS;
typedef struct _NT_POOLED_USAGE_AND_LIMITS
{
ULONG PeakPagedPoolUsage;
ULONG PagedPoolUsage;
ULONG PagedPoolLimit;
ULONG PeakNonPagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG NonPagedPoolLimit;
ULONG PeakPagefileUsage;
ULONG PagefileUsage;
ULONG PagefileLimit;
} NT_POOLED_USAGE_AND_LIMITS;
typedef NT_POOLED_USAGE_AND_LIMITS *PNT_POOLED_USAGE_AND_LIMITS;
typedef struct _NT_PROCESS_ACCESS_TOKEN
{
HANDLE Token;
HANDLE Thread;
} NT_PROCESS_ACCESS_TOKEN, *PNT_PROCESS_ACCESS_TOKEN;
typedef struct _NT_KERNEL_USER_TIMES
{
__int64 CreateTime;
__int64 ExitTime;
__int64 KernelTime;
__int64 UserTime;
} NT_KERNEL_USER_TIMES;
typedef NT_KERNEL_USER_TIMES *PNT_KERNEL_USER_TIMES;
ULONG __stdcall NtQueryInformationProcess(HANDLE ProcessHandle,
NT_PROCESS_INFO_CLASS ProcessInformationClass, void*
ProcessInformation,
ULONG ProcessInformationLength, ULONG* ReturnLength);
typedef ULONG __stdcall (*PNtQueryInformationProcess)(HANDLE,
NT_PROCESS_INFO_CLASS, void*,ULONG, ULONG*);
#ifdef __cplusplus
}
#endif
#endif // _NTDLL_H_
--- end of cut this code and place in a file called ntdll.h ---
As promised earlier, here is some code to read the process name out of
memory (it requires the header I posted a couple of days ago.)
NT_PROCESS_BASIC_INFORMATION basicInfo;
NT_MODULE_CONTROL_BLOCK moduleControlBlock;
WCHAR fileName[256];
void* block1;
void* block2;
// this code assumes one already has a handle open the the process
if (ERROR_SUCCESS == NtQueryInformationProcess(processHandle,
ProcessBasicInformation,(void*)&basicInfo,
sizeof(NT_PROCESS_BASIC_INFORMATION),NULL))
if (ERROR_SUCCESS == NtReadVirtualMemory(processHandle,
(char*)basicInfo.PebBaseAddress + 0x0000000c,
&block1,sizeof(void*),NULL))
if (ERROR_SUCCESS == NtReadVirtualMemory(processHandle,
(char*)block1 + 0x00000014,&block2, sizeof(void*),NULL))
if (block1 != block2)
if (ERROR_SUCCESS ==
NtReadVirtualMemory(processHandle,
(char*)block2 - 0x00000008,&moduleControlBlock,
sizeof(NT_MODULE_CONTROL_BLOCK),NULL))
NtReadVirtualMemory(processHandle,moduleControlBlock.Name,
fileName,moduleControlBlock.NameLengthIncludingZero,
NULL));
Mark
