70,026
社区成员
发帖
与我相关
我的任务
分享
...全文
请发表友善的回复…
发表回复
doolin 2004-08-11
- 打赏
- 举报
#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>
// Forward declarations:
BOOL GetProcessList( );
BOOL ListProcessModules( DWORD dwPID );
BOOL ListProcessThreads( DWORD dwOwnerPID );
void printError( TCHAR* msg );
void main( )
{
GetProcessList( );
}
BOOL GetProcessList( )
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
printError( "CreateToolhelp32Snapshot (of processes)" );
return( FALSE );
}
// Set the size of the structure before using it.
pe32.dwSize = sizeof( PROCESSENTRY32 );
// Retrieve information about the first process,
// and exit if unsuccessful
if( !Process32First( hProcessSnap, &pe32 ) )
{
printError( "Process32First" ); // Show cause of failure
CloseHandle( hProcessSnap ); // Must clean up the snapshot object!
return( FALSE );
}
// Now walk the snapshot of processes, and
// display information about each process in turn
do
{
printf( "\n\n=====================================================" );
printf( "\nPROCESS NAME: %s", pe32.szExeFile );
printf( "\n-----------------------------------------------------" );
// Retrieve the priority class.
dwPriorityClass = 0;
hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
if( hProcess == NULL )
printError( "OpenProcess" );
else
{
dwPriorityClass = GetPriorityClass( hProcess );
if( !dwPriorityClass )
printError( "GetPriorityClass" );
CloseHandle( hProcess );
}
printf( "\n process ID = 0x%08X", pe32.th32ProcessID );
printf( "\n thread count = %d", pe32.cntThreads );
printf( "\n parent process ID = 0x%08X", pe32.th32ParentProcessID );
printf( "\n Priority Base = %d", pe32.pcPriClassBase );
if( dwPriorityClass )
printf( "\n Priority Class = %d", dwPriorityClass );
// List the modules and threads associated with this process
ListProcessModules( pe32.th32ProcessID );
ListProcessThreads( pe32.th32ProcessID );
} while( Process32Next( hProcessSnap, &pe32 ) );
// Don't forget to clean up the snapshot object!
CloseHandle( hProcessSnap );
return( TRUE );
}
BOOL ListProcessModules( DWORD dwPID )
{
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
// Take a snapshot of all modules in the specified process.
hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID );
if( hModuleSnap == INVALID_HANDLE_VALUE )
{
printError( "CreateToolhelp32Snapshot (of modules)" );
return( FALSE );
}
// Set the size of the structure before using it.
me32.dwSize = sizeof( MODULEENTRY32 );
// Retrieve information about the first module,
// and exit if unsuccessful
if( !Module32First( hModuleSnap, &me32 ) )
{
printError( "Module32First" ); // Show cause of failure
CloseHandle( hModuleSnap ); // Must clean up the snapshot object!
return( FALSE );
}
// Now walk the module list of the process,
// and display information about each module
do
{
printf( "\n\n MODULE NAME: %s", me32.szModule );
printf( "\n executable = %s", me32.szExePath );
printf( "\n process ID = 0x%08X", me32.th32ProcessID );
printf( "\n ref count (g) = 0x%04X", me32.GlblcntUsage );
printf( "\n ref count (p) = 0x%04X", me32.ProccntUsage );
printf( "\n base address = 0x%08X", (DWORD) me32.modBaseAddr );
printf( "\n base size = %d", me32.modBaseSize );
} while( Module32Next( hModuleSnap, &me32 ) );
// Don't forget to clean up the snapshot object.
CloseHandle( hModuleSnap );
return( TRUE );
}
BOOL ListProcessThreads( DWORD dwOwnerPID )
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 );
if( hThreadSnap == INVALID_HANDLE_VALUE )
return( FALSE );
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32 );
// Retrieve information about the first thread,
// and exit if unsuccessful
if( !Thread32First( hThreadSnap, &te32 ) )
{
printError( "Thread32First" ); // Show cause of failure
CloseHandle( hThreadSnap ); // Must clean up the snapshot object!
return( FALSE );
}
// Now walk the thread list of the system,
// and display information about each thread
// associated with the specified process
do
{
if( te32.th32OwnerProcessID == dwOwnerPID )
{
printf( "\n\n THREAD ID = 0x%08X", te32.th32ThreadID );
printf( "\n base priority = %d", te32.tpBasePri );
printf( "\n delta priority = %d", te32.tpDeltaPri );
}
} while( Thread32Next(hThreadSnap, &te32 ) );
// Don't forget to clean up the snapshot object.
CloseHandle( hThreadSnap );
return( TRUE );
}
void printError( TCHAR* msg )
{
DWORD eNum;
TCHAR sysMsg[256];
TCHAR* p;
eNum = GetLastError( );
FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, eNum,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
sysMsg, 256, NULL );
// Trim the end of the line and terminate it with a null
p = sysMsg;
while( ( *p > 31 ) || ( *p == 9 ) )
++p;
do { *p-- = 0; } while( ( p >= sysMsg ) &&
( ( *p == '.' ) || ( *p < 33 ) ) );
// Display the message
printf( "\n WARNING: %s failed with error %d (%s)", msg, eNum, sysMsg );
}
这一段完整的代码(MSDN上的),只要拷到一个CPP文件里面然后编译就可以执行。
不但可以得到进程的信息,还可以得到该进程所引用的DLL模块及其线程。
#include <tlhelp32.h>
#include <stdio.h>
// Forward declarations:
BOOL GetProcessList( );
BOOL ListProcessModules( DWORD dwPID );
BOOL ListProcessThreads( DWORD dwOwnerPID );
void printError( TCHAR* msg );
void main( )
{
GetProcessList( );
}
BOOL GetProcessList( )
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
printError( "CreateToolhelp32Snapshot (of processes)" );
return( FALSE );
}
// Set the size of the structure before using it.
pe32.dwSize = sizeof( PROCESSENTRY32 );
// Retrieve information about the first process,
// and exit if unsuccessful
if( !Process32First( hProcessSnap, &pe32 ) )
{
printError( "Process32First" ); // Show cause of failure
CloseHandle( hProcessSnap ); // Must clean up the snapshot object!
return( FALSE );
}
// Now walk the snapshot of processes, and
// display information about each process in turn
do
{
printf( "\n\n=====================================================" );
printf( "\nPROCESS NAME: %s", pe32.szExeFile );
printf( "\n-----------------------------------------------------" );
// Retrieve the priority class.
dwPriorityClass = 0;
hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
if( hProcess == NULL )
printError( "OpenProcess" );
else
{
dwPriorityClass = GetPriorityClass( hProcess );
if( !dwPriorityClass )
printError( "GetPriorityClass" );
CloseHandle( hProcess );
}
printf( "\n process ID = 0x%08X", pe32.th32ProcessID );
printf( "\n thread count = %d", pe32.cntThreads );
printf( "\n parent process ID = 0x%08X", pe32.th32ParentProcessID );
printf( "\n Priority Base = %d", pe32.pcPriClassBase );
if( dwPriorityClass )
printf( "\n Priority Class = %d", dwPriorityClass );
// List the modules and threads associated with this process
ListProcessModules( pe32.th32ProcessID );
ListProcessThreads( pe32.th32ProcessID );
} while( Process32Next( hProcessSnap, &pe32 ) );
// Don't forget to clean up the snapshot object!
CloseHandle( hProcessSnap );
return( TRUE );
}
BOOL ListProcessModules( DWORD dwPID )
{
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
// Take a snapshot of all modules in the specified process.
hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID );
if( hModuleSnap == INVALID_HANDLE_VALUE )
{
printError( "CreateToolhelp32Snapshot (of modules)" );
return( FALSE );
}
// Set the size of the structure before using it.
me32.dwSize = sizeof( MODULEENTRY32 );
// Retrieve information about the first module,
// and exit if unsuccessful
if( !Module32First( hModuleSnap, &me32 ) )
{
printError( "Module32First" ); // Show cause of failure
CloseHandle( hModuleSnap ); // Must clean up the snapshot object!
return( FALSE );
}
// Now walk the module list of the process,
// and display information about each module
do
{
printf( "\n\n MODULE NAME: %s", me32.szModule );
printf( "\n executable = %s", me32.szExePath );
printf( "\n process ID = 0x%08X", me32.th32ProcessID );
printf( "\n ref count (g) = 0x%04X", me32.GlblcntUsage );
printf( "\n ref count (p) = 0x%04X", me32.ProccntUsage );
printf( "\n base address = 0x%08X", (DWORD) me32.modBaseAddr );
printf( "\n base size = %d", me32.modBaseSize );
} while( Module32Next( hModuleSnap, &me32 ) );
// Don't forget to clean up the snapshot object.
CloseHandle( hModuleSnap );
return( TRUE );
}
BOOL ListProcessThreads( DWORD dwOwnerPID )
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 );
if( hThreadSnap == INVALID_HANDLE_VALUE )
return( FALSE );
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32 );
// Retrieve information about the first thread,
// and exit if unsuccessful
if( !Thread32First( hThreadSnap, &te32 ) )
{
printError( "Thread32First" ); // Show cause of failure
CloseHandle( hThreadSnap ); // Must clean up the snapshot object!
return( FALSE );
}
// Now walk the thread list of the system,
// and display information about each thread
// associated with the specified process
do
{
if( te32.th32OwnerProcessID == dwOwnerPID )
{
printf( "\n\n THREAD ID = 0x%08X", te32.th32ThreadID );
printf( "\n base priority = %d", te32.tpBasePri );
printf( "\n delta priority = %d", te32.tpDeltaPri );
}
} while( Thread32Next(hThreadSnap, &te32 ) );
// Don't forget to clean up the snapshot object.
CloseHandle( hThreadSnap );
return( TRUE );
}
void printError( TCHAR* msg )
{
DWORD eNum;
TCHAR sysMsg[256];
TCHAR* p;
eNum = GetLastError( );
FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, eNum,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
sysMsg, 256, NULL );
// Trim the end of the line and terminate it with a null
p = sysMsg;
while( ( *p > 31 ) || ( *p == 9 ) )
++p;
do { *p-- = 0; } while( ( p >= sysMsg ) &&
( ( *p == '.' ) || ( *p < 33 ) ) );
// Display the message
printf( "\n WARNING: %s failed with error %d (%s)", msg, eNum, sysMsg );
}
这一段完整的代码(MSDN上的),只要拷到一个CPP文件里面然后编译就可以执行。
不但可以得到进程的信息,还可以得到该进程所引用的DLL模块及其线程。
zhangkan440 2004-08-11
- 打赏
- 举报
谢谢,我试下
BroncoSpeedCoursing 2004-08-11
- 打赏
- 举报
获得当前进程所有者的信息
主要设计代码如下:
#include <tlhelp32.h>
.......
CListCtrl m_strList;
CString m_strValue;
.......
//获取当前进程的所有者的信息
void OnGetUser()
{
// TODO: Add your control notification handler code here
UpdateData();
if(m_strValue.IsEmpty())
{
AfxMessageBox(_T("Process Id is empty!"));
return ;
}
int nId = atol(m_strValue);
CString str;
GetProcessAuth(str, nId);
if(strPathValid.IsEmpty())
{
AfxMessageBox(_T("Get the path Failed!"));
}
else
{
AfxMessageBox(strPathValid);
}
}
//读取当前进程的所有者的信息
void GetProcessAuth(CString strPath,long pid)
{
//获得运行进程的用户身份,此处对于8以上的进程没问题,对于8,0进程无法列出(8是Win2000下的,WinXP下为4)
SID_NAME_USE peUse;
HANDLE hp;
HANDLE hToken;
int isok;
char buf[0x400];
char buf1[100];
char buf2[100];
DWORD dwNumBytesRet;
DWORD dwNumBytesRet1;
hp=OpenProcess(0x400, 0, pid);//0x400 is PROCESS_QUERY_INFORMATION
isok=OpenProcessToken(hp, 0x20008, &hToken);//这个0x20008不知道什么,TOKEN_QUERY?
if(isok)
{
isok=GetTokenInformation(hToken, TokenUser, &buf, 0x400, &dwNumBytesRet);
if(isok)
{
dwNumBytesRet=100;
dwNumBytesRet1=100;
isok=LookupAccountSid(NULL, (DWORD *) (*(DWORD *)buf), buf1, &dwNumBytesRet, buf2, &dwNumBytesRet1, &peUse);
if(isok)
{
strPath.Format("Run Auth:%s\\%s", buf2, buf1);
strPathValid = strPath;
}
CloseHandle(hToken);
}
}
CloseHandle(hp);
}
//获取当前的进程列表
void ListProcess()
{
m_strList.DeleteAllItems();
while(m_strList.DeleteColumn(0));
m_strList.ModifyStyle(0,LVS_REPORT);
m_strList.InsertColumn(0,"进程ID",LVCFMT_LEFT,80);
m_strList.InsertColumn(1,"进程名称",LVCFMT_LEFT,150);
HANDLE handle=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32* info=new PROCESSENTRY32;
info->dwSize=sizeof(PROCESSENTRY32);
int i=0;
if(Process32First(handle,info))
{
if(GetLastError()==ERROR_NO_MORE_FILES )
{
AfxMessageBox("No More Process");
}
else
{
CString id;
id.Format("%d",info->th32ProcessID);
m_strList.InsertItem(i,id);
m_strList.SetItemData(i,info->th32ProcessID);
id.Format("%s",info->szExeFile);
m_strList.SetItemText(i,1,id);
i++;
while(Process32Next(handle,info)!=FALSE)
{
id.Format("%5d",info->th32ProcessID);
m_strList.InsertItem(i,id);
m_strList.SetItemData(i,info->th32ProcessID);
id.Format("%s",info->szExeFile);
m_strList.SetItemText(i,1,id);
i++;
}
}
}
CloseHandle(handle);
delete info;
}
//获取点击list的进程的进程标识
void CGetProcessUserMfcDlg::OnClickListctrl(NMHDR* pNMHDR, LRESULT* pResult)
{
// TODO: Add your control notification handler code here
POSITION pos = m_strList.GetFirstSelectedItemPosition();
int select=m_strList.GetNextSelectedItem(pos);
SetDlgItemInt(IDC_PROCESS_ID,m_strList.GetItemData(select));
*pResult = 0;
}
主要设计代码如下:
#include <tlhelp32.h>
.......
CListCtrl m_strList;
CString m_strValue;
.......
//获取当前进程的所有者的信息
void OnGetUser()
{
// TODO: Add your control notification handler code here
UpdateData();
if(m_strValue.IsEmpty())
{
AfxMessageBox(_T("Process Id is empty!"));
return ;
}
int nId = atol(m_strValue);
CString str;
GetProcessAuth(str, nId);
if(strPathValid.IsEmpty())
{
AfxMessageBox(_T("Get the path Failed!"));
}
else
{
AfxMessageBox(strPathValid);
}
}
//读取当前进程的所有者的信息
void GetProcessAuth(CString strPath,long pid)
{
//获得运行进程的用户身份,此处对于8以上的进程没问题,对于8,0进程无法列出(8是Win2000下的,WinXP下为4)
SID_NAME_USE peUse;
HANDLE hp;
HANDLE hToken;
int isok;
char buf[0x400];
char buf1[100];
char buf2[100];
DWORD dwNumBytesRet;
DWORD dwNumBytesRet1;
hp=OpenProcess(0x400, 0, pid);//0x400 is PROCESS_QUERY_INFORMATION
isok=OpenProcessToken(hp, 0x20008, &hToken);//这个0x20008不知道什么,TOKEN_QUERY?
if(isok)
{
isok=GetTokenInformation(hToken, TokenUser, &buf, 0x400, &dwNumBytesRet);
if(isok)
{
dwNumBytesRet=100;
dwNumBytesRet1=100;
isok=LookupAccountSid(NULL, (DWORD *) (*(DWORD *)buf), buf1, &dwNumBytesRet, buf2, &dwNumBytesRet1, &peUse);
if(isok)
{
strPath.Format("Run Auth:%s\\%s", buf2, buf1);
strPathValid = strPath;
}
CloseHandle(hToken);
}
}
CloseHandle(hp);
}
//获取当前的进程列表
void ListProcess()
{
m_strList.DeleteAllItems();
while(m_strList.DeleteColumn(0));
m_strList.ModifyStyle(0,LVS_REPORT);
m_strList.InsertColumn(0,"进程ID",LVCFMT_LEFT,80);
m_strList.InsertColumn(1,"进程名称",LVCFMT_LEFT,150);
HANDLE handle=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32* info=new PROCESSENTRY32;
info->dwSize=sizeof(PROCESSENTRY32);
int i=0;
if(Process32First(handle,info))
{
if(GetLastError()==ERROR_NO_MORE_FILES )
{
AfxMessageBox("No More Process");
}
else
{
CString id;
id.Format("%d",info->th32ProcessID);
m_strList.InsertItem(i,id);
m_strList.SetItemData(i,info->th32ProcessID);
id.Format("%s",info->szExeFile);
m_strList.SetItemText(i,1,id);
i++;
while(Process32Next(handle,info)!=FALSE)
{
id.Format("%5d",info->th32ProcessID);
m_strList.InsertItem(i,id);
m_strList.SetItemData(i,info->th32ProcessID);
id.Format("%s",info->szExeFile);
m_strList.SetItemText(i,1,id);
i++;
}
}
}
CloseHandle(handle);
delete info;
}
//获取点击list的进程的进程标识
void CGetProcessUserMfcDlg::OnClickListctrl(NMHDR* pNMHDR, LRESULT* pResult)
{
// TODO: Add your control notification handler code here
POSITION pos = m_strList.GetFirstSelectedItemPosition();
int select=m_strList.GetNextSelectedItem(pos);
SetDlgItemInt(IDC_PROCESS_ID,m_strList.GetItemData(select));
*pResult = 0;
}
qwertasdfg123 2004-08-11
- 打赏
- 举报
http://search.csdn.net/Expert/topic/660/660566.xml?temp=.1191828
zhangkan440 2004-08-11
- 打赏
- 举报
peter9606 http://bbs.blueidea.com/computer/soft/2003/532.asp上不去撒
peter9606 2004-08-11
- 打赏
- 举报
http://bbs.blueidea.com/computer/soft/2003/532.asp
