15,471
社区成员
发帖
与我相关
我的任务
分享
int CIisOperator::GetProcessUser(DWORD ProcessId,char *pUserName, int StrLen)
{
HANDLE hToken = NULL;
BOOL TokenRet = false;
PTOKEN_USER pTokenUser = NULL;
DWORD cb = 0;
SID_NAME_USE snu;
char domain[1024];
DWORD cbdomain = 1023;
memset(domain, 0, sizeof(domain));
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, 0, ProcessId);
if(!hProcess)
{
CString temp;
temp.Format("%d",GetLastError());
CString s=temp;
return -1;
}
TokenRet = OpenProcessToken(hProcess, TOKEN_QUERY, &hToken);
if(!TokenRet)
{
if (hProcess)
{
CloseHandle(hProcess);
hProcess = NULL;
}
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, ProcessId);
if(!hProcess) goto ERRORRETURN;
TokenRet = OpenProcessToken(hProcess,TOKEN_QUERY,&hToken);
}
TokenRet =GetTokenInformation(hToken, TokenUser, NULL, cb, &cb);
if(!TokenRet)
{
DWORD dwResult = GetLastError();
if (dwResult != ERROR_INSUFFICIENT_BUFFER) goto ERRORRETURN;
}
pTokenUser =(PTOKEN_USER) GlobalAlloc(GPTR, cb);
if (!pTokenUser) goto ERRORRETURN;
TokenRet = GetTokenInformation(hToken, TokenUser, pTokenUser, cb, &cb);
TokenRet = LookupAccountSid(NULL,pTokenUser->User.Sid,pUserName,
(unsigned long *)&StrLen, domain, &cbdomain, &snu);
if(!TokenRet) goto ERRORRETURN;
if (pTokenUser)
{
GlobalFree(pTokenUser);
pTokenUser = NULL;
}
if (hToken)
{
CloseHandle(hToken);
hToken = NULL;
}
if (hProcess)
{
CloseHandle(hProcess);
hProcess = NULL;
}
return 0;
ERRORRETURN:
if (pTokenUser)
{
GlobalFree(pTokenUser);
pTokenUser = NULL;
}
if (hToken)
{
CloseHandle(hToken);
hToken = NULL;
}
if (hProcess)
{
CloseHandle(hProcess);
hProcess = NULL;
}
return -1;
}
bool verifyProcess(LPCTSTR lpszProcessName)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == INVALID_HANDLE_VALUE) {
MessageBox(NULL, "Create process snapshot failed !", "Notice", MB_ICONINFORMATION | MB_OK);
return false;
}
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hSnapshot, &pe32)) {
MessageBox(NULL, "Process32Frist function runs failed !", "Notice", MB_ICONINFORMATION | MB_OK);
CloseHandle(hSnapshot);
return false;
}
WCHAR wszProcess[MAX_PATH];
MultiByteToWideChar(CP_ACP, 0, lpszProcessName,
strlen(lpszProcessName)+1, wszProcess, sizeof(wszProcess)/sizeof(wszProcess[0]));
do {
if (!lstrcmpi(lpszProcessName, pe32.szExeFile))
return true;
} while(Process32Next(hSnapshot, &pe32));
CloseHandle(hSnapshot);
return false;
}