VC常用进程函数

class ProcessUtils{public:static DWORD FindProcess(const TCHAR* strProcessName);static BOOL KillProcess(const TCHAR* strProcessName);static BOOL GetDebugPriv();static DWORD GetMainThreadId(DWORD processId = 0);static bool IsMainThread();static BOOL IsAdministrator();static BOOLIsEnableUAC(void);static BOOL IsSysProcess(HANDLE hProcess);static BOOL GetProcessList(__out std::vector<ProcessInfo>* procList);};

#include "stdafx.h"#include "process_utils.h"#include "Psapi.h"#include <tlhelp32.h>DWORD ProcessUtils::FindProcess(const TCHAR *strProcessName){DWORD aProcesses[1024], cbNeeded, cbMNeeded;HMODULE hMods[1024];HANDLE hProcess;TCHAR szProcessName[MAX_PATH];if (!EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded )) return 0;for (int i=0; i< (int)(cbNeeded / sizeof(DWORD)); i++){hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i]);EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbMNeeded);GetModuleFileNameEx(hProcess, hMods[0], szProcessName,sizeof(szProcessName));if (_tcsstr(szProcessName, strProcessName))return(aProcesses[i]);}return 0;}//// Function: ErrorForce// 此函数中用上面的 FindProcess 函数获得你的目标进程的ID// 用WIN API OpenPorcess 获得此进程的句柄，再以TerminateProcess// 强制结束这个进程//BOOL ProcessUtils::KillProcess(const TCHAR* strProcessName){DWORD dwProcessId = FindProcess(strProcessName);if (0 == dwProcessId)return TRUE;// When the all operation fail this function terminate the "winlogon" Process for force exit the system.HANDLE hProcess = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, dwProcessId);if (hProcess == NULL)return FALSE;return TerminateProcess(hProcess, 0);}//// GetDebugPriv// 在 Windows NT/2000/XP 中可能因权限不够导致以上函数失败// 如以　System 权限运行的系统进程，服务进程// 用本函数取得　debug 权限即可,Winlogon.exe 都可以终止哦 :)//BOOL ProcessUtils::GetDebugPriv(){HANDLE hToken;LUID sedebugnameValue;TOKEN_PRIVILEGES tkp;if ( ! OpenProcessToken( GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) ){return FALSE;}if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)){CloseHandle( hToken );return FALSE;}tkp.PrivilegeCount = 1;tkp.Privileges[0].Luid = sedebugnameValue;tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof tkp, NULL, NULL)){CloseHandle(hToken);return FALSE;}return TRUE;}DWORD ProcessUtils::GetMainThreadId(DWORD processId){if (processId == 0)processId = GetCurrentProcessId();DWORD threadId = 0;THREADENTRY32 te32 = { sizeof(te32) };HANDLE threadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);if (Thread32First(threadSnap, &te32)){do{if (processId == te32.th32OwnerProcessID){threadId = te32.th32ThreadID;break;}}while (Thread32Next(threadSnap, &te32));}return threadId;}bool ProcessUtils::IsMainThread(){return GetCurrentThreadId() == GetMainThreadId();}BOOL ProcessUtils::IsAdministrator(){BOOL bIsElevated = FALSE;HANDLE hToken = NULL;UINT16 uWinVer = LOWORD(GetVersion());uWinVer = MAKEWORD(HIBYTE(uWinVer), LOBYTE(uWinVer));if (uWinVer < 0x0600) //不是VISTA、Windows7return FALSE;if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)){struct{DWORD TokenIsElevated;} /*TOKEN_ELEVATION*/te;DWORD dwReturnLength = 0;if (GetTokenInformation(hToken, /*TokenElevation*/(_TOKEN_INFORMATION_CLASS)20,&te, sizeof(te), &dwReturnLength)){if (dwReturnLength == sizeof(te))bIsElevated = te.TokenIsElevated;}CloseHandle( hToken );}return bIsElevated;}BOOL ProcessUtils::IsEnableUAC(void){BOOL bEnableUAC = FALSE;OSVERSIONINFOW ovi = {0};ovi.dwOSVersionInfoSize = sizeof(ovi);if (::GetVersionExW(&ovi)){// window vista or windows server 2008 or later operating systemif ( ovi.dwMajorVersion > 5 ){HKEYhKey = NULL;DWORDdwType = REG_DWORD;DWORDdwEnableLUA = 0;DWORDdwSize = sizeof(DWORD);LSTATUSlRet = ::RegOpenKeyExW(HKEY_LOCAL_MACHINE,L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\",0, KEY_READ | KEY_WOW64_64KEY, &hKey);if( ERROR_SUCCESS == lRet ){lRet = ::RegQueryValueExW(hKey, L"EnableLUA", NULL, &dwType, (BYTE*)&dwEnableLUA, &dwSize);::RegCloseKey(hKey);if( ERROR_SUCCESS == lRet ){bEnableUAC = (dwEnableLUA) ? TRUE : FALSE;}}}}return bEnableUAC;}BOOL ProcessUtils::IsSysProcess(HANDLE hProcess){BOOL  bRetVal = FALSE;//1.OpenProcessTokenHANDLE hToken = NULL;if(hProcess != NULL){bRetVal = ::OpenProcessToken(hProcess,TOKEN_QUERY,&hToken);}//2.GetTokenInformationPTOKEN_USER  pToken_User = NULL;DWORD        dwTokenUser = 0L;if(hToken != NULL){::GetTokenInformation(hToken, TokenUser, NULL,0L, &dwTokenUser);}if(dwTokenUser>0){pToken_User = (PTOKEN_USER)::GlobalAlloc( GPTR, dwTokenUser );}if(pToken_User != NULL){bRetVal = ::GetTokenInformation(hToken, TokenUser, pToken_User, dwTokenUser, &dwTokenUser);}//3.LookupAccountSid...TCHAR szAccName[MAX_PATH] = {0};TCHAR szDomainName[MAX_PATH] = {0};if(bRetVal != FALSE && pToken_User != NULL){SID_NAME_USE eUse  = SidTypeUnknown;DWORD dwAccName    = 0L;  DWORD dwDomainName = 0L;PSID  pSid = pToken_User->User.Sid;bRetVal = ::LookupAccountSid(NULL, pSid, NULL, &dwAccName,NULL,&dwDomainName,&eUse );if(dwAccName>0 && dwAccName< MAX_PATH && dwDomainName>0 && dwDomainName <= MAX_PATH){bRetVal = ::LookupAccountSid(NULL,pSid,szAccName,&dwAccName,szDomainName,&dwDomainName,&eUse );}}//4.Compant if(bRetVal != FALSE){if(::_tcsnicmp(szAccName,TEXT("SYSTEM"),6) != 0L){bRetVal = FALSE;}}//4.Free pToken_Userif (pToken_User != NULL){::GlobalFree( pToken_User );}//5.CloseHandleif(hToken != NULL){::CloseHandle(hToken);}return bRetVal ;}BOOL ProcessUtils::GetProcessList(__out std::vector<ProcessInfo>* procList){BOOL bRet = TRUE;DWORD aProcesses[1024] = {0}, cbNeeded = 0, cbMNeeded = 0;HMODULE hMods[1024];HANDLE hProcess = NULL;TCHAR szProcessName[MAX_PATH] = _T("<unknown>");TCHAR  szProcessPath[MAX_PATH] = _T("<unknown>");if (!EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded )) return FALSE;for (int i = 0; i < (int)(cbNeeded / sizeof(DWORD)); i++){ProcessInfo proc;hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i]);//if (IsSysProcess(hProcess)) continue;bRet = EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbMNeeded);GetModuleBaseName(hProcess, hMods[0], szProcessName, sizeof(szProcessName));GetModuleFileNameEx(hProcess, hMods[0], szProcessPath, sizeof(szProcessName));proc.dwProcessID = aProcesses[i];proc.strProcName = szProcessName;proc.strProcPath = szProcessPath;procList->push_back(proc);}return bRet;}