16,473
社区成员
发帖
与我相关
我的任务
分享如何获取windows7系统进程audiodg.exe的全路径?
最近在做一个小程序,获取当前系统运行的每个进程的全路径,大部分进程的全路径都可以获取到,但是有个audiodg.exe的全路径获取不到,用AdjustTokenPrivileges提权也不行,OpenProcess总是失败,用GetLastError得到的错误码是5,权限不够,但是为啥提权之后也不够呢。
。
代码如下:
int _tmain(int argc, _TCHAR* argv[])
{
BOOL bRet = FALSE;
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
printf("OpenProcessToken Fail!\r\n");
return 0;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
{
printf("LookupPrivilegeValue Fail!\r\n");
CloseHandle(hToken);
return 0;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
{
printf("AdjustTokenPrivileges Fail!\r\n");
CloseHandle(hToken);
return 0;
}
char szLog[256] = {0};
char szProcessName[1024] = {0};
HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS,FALSE,processID);
if (NULL != hProcess)
{
bRet = EnumProcessModules(hProcess,&pHmod,sizeof(pHmod),&cbNeeded);
if(!bRet)
{
return 0;
}
if(!GetModuleFileNameEx(hProcess,pHmod,szProcessName,1024))
{
return 0;
}
char szTmpPath[1024] = {0};
sprintf_s(szTmpPath,1024,"The Path of Process is %s",szProcessName);
printf(szTmpPath);
}
else
{
ZeroMemory(szLog,256);
sprintf_s(szLog,256,"OpenProcess Fail!PID is %d,错误码:0x%08X\r\n",processID,GetLastError());
printf(szLog);
}
}
。代码如下:
int _tmain(int argc, _TCHAR* argv[])
{
BOOL bRet = FALSE;
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
printf("OpenProcessToken Fail!\r\n");
return 0;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
{
printf("LookupPrivilegeValue Fail!\r\n");
CloseHandle(hToken);
return 0;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
{
printf("AdjustTokenPrivileges Fail!\r\n");
CloseHandle(hToken);
return 0;
}
char szLog[256] = {0};
char szProcessName[1024] = {0};
HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS,FALSE,processID);
if (NULL != hProcess)
{
bRet = EnumProcessModules(hProcess,&pHmod,sizeof(pHmod),&cbNeeded);
if(!bRet)
{
return 0;
}
if(!GetModuleFileNameEx(hProcess,pHmod,szProcessName,1024))
{
return 0;
}
char szTmpPath[1024] = {0};
sprintf_s(szTmpPath,1024,"The Path of Process is %s",szProcessName);
printf(szTmpPath);
}
else
{
ZeroMemory(szLog,256);
sprintf_s(szLog,256,"OpenProcess Fail!PID is %d,错误码:0x%08X\r\n",processID,GetLastError());
printf(szLog);
}
}
...全文
请发表友善的回复…
发表回复
matrix2009 2012-11-25
- 打赏
- 举报
代码有点乱,重贴一下
int _tmain(int argc, _TCHAR* argv[])
{
BOOL bRet = FALSE;
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
char szLog[256] = {0};
char szProcessName[1024] = {0};
DWORD processID = 5972;
HMODULE pHmod = NULL;
DWORD cbNeeded;
HANDLE hProcess = NULL;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
printf("OpenProcessToken Fail!\r\n");
return 0;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
{
printf("LookupPrivilegeValue Fail!\r\n");
CloseHandle(hToken);
return 0;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
{
printf("AdjustTokenPrivileges Fail!\r\n");
CloseHandle(hToken);
return 0;
}
hProcess = OpenProcess( PROCESS_ALL_ACCESS,FALSE,processID);
if (NULL != hProcess)
{
bRet = EnumProcessModules(hProcess,&pHmod,sizeof(pHmod),&cbNeeded);
if(!bRet)
{
return 0;
}
if(!GetModuleFileNameEx(hProcess,pHmod,szProcessName,1024))
{
return 0;
}
char szTmpPath[1024] = {0};
sprintf_s(szTmpPath,1024,"The Path of Process is %s",szProcessName);
printf(szTmpPath);
}
else
{
ZeroMemory(szLog,256);
sprintf_s(szLog,256,"OpenProcess Fail!PID is %d,错误码:0x%08X\r\n",processID,GetLastError());
printf(szLog);
}
return 0;
}
matrix2009 2012-11-25
- 打赏
- 举报
上面的代码少写了一行,processID = 5972,是上图中的audiodg.exe的PID。
jianpanlanyue 2012-11-25
- 打赏
- 举报
audiodg.exe是音频驱动的模块进程,要从驱动入手吧。。
