怎么获取 system 系统用户的进程信息

qq_22048927 2019-08-30 10:19:33

怎么获取 system 系统用户的进程信息
包括进程名 id 路径(含中文)

...全文

151 7 打赏收藏转发到动态举报

写回复

用AI写文章

7 条回复

切换为时间正序

请发表友善的回复…

发表回复

轻箬笠 2019-08-30

打赏
举报

引用 6 楼 qq_22048927 的回复:

[quote=引用 3 楼轻箬笠的回复:]

#include <WtsApi32.h>
#pragma comment(lib,"WtsApi32.lib")
 
        SID_NAME_USE sUse;
        WTS_PROCESS_INFO *pProInfo,*pTemp;
        DWORD dwRes;
        DWORD dwSize = MAX_PATH;
        WCHAR wzUserName[MAX_PATH];
        WCHAR wzDomainName[MAX_PATH];
 
        if(WTSEnumerateProcesses(WTS_CURRENT_SERVER_HANDLE,0,1,&pProInfo,&dwRes))
        {
            pTemp = pProInfo;
            for (DWORD i = 0; i < dwRes;i ++)
            {
                //if (pTemp->ProcessId == dwProcess)  //可以获取特定进程
                {
                    if(LookupAccountSid(NULL,pTemp->pUserSid,wzUserName,&dwSize,wzDomainName,&dwSize,&sUse))
                    {
                        wprintf(_T("%d %d %s %s %s\r\n"),i,pTemp->ProcessId,pTemp->pProcessName,wzUserName,wzDomainName);
                    }
                }
                pTemp ++;
            }
            WTSFreeMemory(pProInfo);
        }

出处https://blog.csdn.net/shen_001/article/details/79229026

你确定这点东西能运行吗?[/quote]

博主已经截图结果了，wzUserName为system的就是你要的进程。至于头文件，main函数之类的，楼主自己加下呗

qq_22048927 2019-08-30

打赏
举报

引用 3 楼轻箬笠的回复:

#include <WtsApi32.h>
#pragma comment(lib,"WtsApi32.lib")
 
        SID_NAME_USE sUse;
        WTS_PROCESS_INFO *pProInfo,*pTemp;
        DWORD dwRes;
        DWORD dwSize = MAX_PATH;
        WCHAR wzUserName[MAX_PATH];
        WCHAR wzDomainName[MAX_PATH];
 
        if(WTSEnumerateProcesses(WTS_CURRENT_SERVER_HANDLE,0,1,&pProInfo,&dwRes))
        {
            pTemp = pProInfo;
            for (DWORD i = 0; i < dwRes;i ++)
            {
                //if (pTemp->ProcessId == dwProcess)  //可以获取特定进程
                {
                    if(LookupAccountSid(NULL,pTemp->pUserSid,wzUserName,&dwSize,wzDomainName,&dwSize,&sUse))
                    {
                        wprintf(_T("%d %d %s %s %s\r\n"),i,pTemp->ProcessId,pTemp->pProcessName,wzUserName,wzDomainName);
                    }
                }
                pTemp ++;
            }
            WTSFreeMemory(pProInfo);
        }

出处https://blog.csdn.net/shen_001/article/details/79229026

你确定这点东西能运行吗?

窝米逗佛~ 2019-08-30

打赏
举报


#include <TlHelp32.h>
bool QueryModuleInfo( DWORD processid )
{
	DWORD testprocessid = 3212;
	bool ret = 0;
	
	HANDLE hSnap;
	MODULEENTRY32 me32;
	HANDLE m_hProcess = OpenProcess( PROCESS_ALL_ACCESS, 0, testprocessid );
	hSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, GetProcessId( m_hProcess ) );
	if ( hSnap != INVALID_HANDLE_VALUE )
	{
		me32.dwSize = sizeof( MODULEENTRY32 );
		if ( !Module32First( hSnap, &me32 ) )
			return false;
		CloseHandle( hSnap );
		
	}
	return true;
}

轻箬笠 2019-08-30

打赏
举报

BOOL GetProcessPathByPId( const DWORD dwProcessId, TCHAR *cstrPath )

{

        HANDLE hProcess = NULL;

        BOOL bSuccess = FALSE;

        hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ , FALSE, dwProcessId );

        do 

        {

            if ( NULL == hProcess )

            {

                break;

            }

            TCHAR szPath[MAX_PATH + 1] = {0};

            HMODULE hMod = NULL;

            DWORD cbNeeded = 0;

            if( FALSE == EnumProcessModules( hProcess, &hMod, sizeof( hMod ), &cbNeeded ) )

            {

                break;

            }

            if ( 0 == GetModuleFileNameEx( hProcess, hMod, szPath, MAX_PATH ) )

            {

                break;

            }

            wcscpy(cstrPath ,szPath);

            bSuccess = TRUE;

        } while( 0 );

        if ( NULL != hProcess )

        {

            CloseHandle( hProcess );

            hProcess = NULL;

        }

        return bSuccess;

}

VC 通过进程ID获取完整路径，出处https://blog.csdn.net/changshiyzj/article/details/83826060

轻箬笠 2019-08-30

打赏
举报

#include <WtsApi32.h>

#pragma comment(lib,"WtsApi32.lib")

 

        SID_NAME_USE sUse;

        WTS_PROCESS_INFO *pProInfo,*pTemp;

        DWORD dwRes;

        DWORD dwSize = MAX_PATH;

        WCHAR wzUserName[MAX_PATH];

        WCHAR wzDomainName[MAX_PATH];

 

        if(WTSEnumerateProcesses(WTS_CURRENT_SERVER_HANDLE,0,1,&pProInfo,&dwRes))

        {

            pTemp = pProInfo;

            for (DWORD i = 0; i < dwRes;i ++)

            {

                //if (pTemp->ProcessId == dwProcess)  //可以获取特定进程

                {

                    if(LookupAccountSid(NULL,pTemp->pUserSid,wzUserName,&dwSize,wzDomainName,&dwSize,&sUse))

                    {

                        wprintf(_T("%d %d %s %s %s\r\n"),i,pTemp->ProcessId,pTemp->pProcessName,wzUserName,wzDomainName);

                    }

                }

                pTemp ++;

            }

            WTSFreeMemory(pProInfo);

        }