取进程的用户(所有进程)
来源:互联网 发布:网络直播怎么赚钱 编辑:程序博客网 时间:2024/05/16 07:08
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
//SystemProcessInformation
typedef struct _SYSTEM_PROCESS_INFORMATION
{
DWORD dwNextEntryOffset;
DWORD dwNumberOfThreads;
LARGE_INTEGER qSpareLi1;
LARGE_INTEGER qSpareLi2;
LARGE_INTEGER qSpareLi3;
LARGE_INTEGER qCreateTime;
LARGE_INTEGER qUserTime;
LARGE_INTEGER qKernelTime;
UNICODE_STRING ImageName;
int nBasePriority;
DWORD dwProcessId;
DWORD dwInheritedFromUniqueProcessId;
DWORD dwHandleCount;
DWORD dwSessionId;
ULONG dwSpareUl3;
SIZE_T tPeakVirtualSize;
SIZE_T tVirtualSize;
DWORD dwPageFaultCount;
DWORD dwPeakWorkingSetSize;
DWORD dwWorkingSetSize;
SIZE_T tQuotaPeakPagedPoolUsage;
SIZE_T tQuotaPagedPoolUsage;
SIZE_T tQuotaPeakNonPagedPoolUsage;
SIZE_T tQuotaNonPagedPoolUsage;
SIZE_T tPagefileUsage;
SIZE_T tPeakPagefileUsage;
SIZE_T tPrivatePageCount;
LARGE_INTEGER qReadOperationCount;
LARGE_INTEGER qWriteOperationCount;
LARGE_INTEGER qOtherOperationCount;
LARGE_INTEGER qReadTransferCount;
LARGE_INTEGER qWriteTransferCount;
LARGE_INTEGER qOtherTransferCount;
}SYSTEM_PROCESS_INFORMATION;
#define SystemProcessInformation 5
#define SystemTimeOfDayInformation 3
#define SystemHandleInformation 16
#define STATUS_INFO_LENGTH_MISMATCH ((LONG)0xC0000004L)
VOID *GetDllProc(CHAR * pDllName, CHAR *pProcName)
{
HMODULE hMod;
hMod = LoadLibraryA(pDllName);
if(hMod == NULL)
return NULL;
return GetProcAddress(hMod, pProcName);
}
typedef LONG (WINAPI *Fun_NtQuerySystemInformation) (
int SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT ULONG * pReturnLength OPTIONAL);
BOOL NSystem::GetSysProcInfo(SYSTEM_PROCESS_INFORMATION ** ppSysProcInfo)
{
Fun_NtQuerySystemInformation _NtQuerySystemInformation;
_NtQuerySystemInformation = (Fun_NtQuerySystemInformation)::GetDllProc("NTDLL.DLL", "NtQuerySystemInformation");
if(_NtQuerySystemInformation == NULL)
return FALSE;
DWORD dwSize = 1024*1024;
VOID * pBuf = NULL;
LONG lRetVal;
for(;;)
{
if(pBuf)
free(pBuf);
pBuf = (VOID *)malloc(dwSize);
lRetVal = _NtQuerySystemInformation(SystemProcessInformation,
pBuf, dwSize, NULL);
if(STATUS_INFO_LENGTH_MISMATCH != lRetVal)
break;
dwSize *= 2;
}
if(lRetVal == 0)
{
*ppSysProcInfo = (SYSTEM_PROCESS_INFORMATION *)pBuf;
return TRUE;
}
free(pBuf);
return FALSE;
}
typedef BYTE (WINAPI *Fun_WinStationGetProcessSid)(HANDLE hServer,DWORD ProcessId , FILETIME ProcessStartTime,PBYTE pProcessUserSid ,PDWORD dwSidSize);
typedef VOID (WINAPI *Fun_CachedGetUserFromSid)( PSID pSid , PWCHAR pUserName,PULONG cbUserName);
BOOL NSystem::GetProcessUser(DWORD dwPid, _bstr_t *pbStrUser)
{
Fun_WinStationGetProcessSid _WinStationGetProcessSid;
Fun_CachedGetUserFromSid _CachedGetUserFromSid;
_WinStationGetProcessSid = (Fun_WinStationGetProcessSid)
GetDllProc("Winsta.dll", "WinStationGetProcessSid");
_CachedGetUserFromSid = (Fun_CachedGetUserFromSid)
GetDllProc("utildll.dll", "CachedGetUserFromSid");
if(_WinStationGetProcessSid == NULL || _CachedGetUserFromSid == NULL)
return FALSE;
BYTE cRetVal;
FILETIME ftStartTime;
DWORD dwSize;
BYTE * pSid;
BOOL bRetVal, bFind;
SYSTEM_PROCESS_INFORMATION * pProcInfo, * pCurProcInfo;
bRetVal = GetSysProcInfo(&pProcInfo);
if(bRetVal == FALSE || pProcInfo == NULL)
return FALSE;
bFind = FALSE;
pCurProcInfo = pProcInfo;
for(;;)
{
if(pCurProcInfo->dwProcessId == dwPid)
{
memcpy(&ftStartTime, &pCurProcInfo->qCreateTime, sizeof(ftStartTime));
bFind = TRUE;
break;
}
if(pCurProcInfo->dwNextEntryOffset == 0)
break;
pCurProcInfo = (SYSTEM_PROCESS_INFORMATION *)((BYTE *)pCurProcInfo +
pCurProcInfo->dwNextEntryOffset);
}
if(bFind == FALSE)
{
free(pProcInfo);
return FALSE;
}
cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, NULL, &dwSize);
if(cRetVal != 0)
return FALSE;
pSid = new BYTE[dwSize];
cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, pSid, &dwSize);
if(cRetVal == 0)
{
delete [] pSid;
return FALSE;
}
WCHAR szUserName[1024];
dwSize = 1024;
_CachedGetUserFromSid(pSid, szUserName, &dwSize);
delete [] pSid;
if(dwSize == 0)
return FALSE;
*pbStrUser = szUserName;
return TRUE;
}
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
//SystemProcessInformation
typedef struct _SYSTEM_PROCESS_INFORMATION
{
DWORD dwNextEntryOffset;
DWORD dwNumberOfThreads;
LARGE_INTEGER qSpareLi1;
LARGE_INTEGER qSpareLi2;
LARGE_INTEGER qSpareLi3;
LARGE_INTEGER qCreateTime;
LARGE_INTEGER qUserTime;
LARGE_INTEGER qKernelTime;
UNICODE_STRING ImageName;
int nBasePriority;
DWORD dwProcessId;
DWORD dwInheritedFromUniqueProcessId;
DWORD dwHandleCount;
DWORD dwSessionId;
ULONG dwSpareUl3;
SIZE_T tPeakVirtualSize;
SIZE_T tVirtualSize;
DWORD dwPageFaultCount;
DWORD dwPeakWorkingSetSize;
DWORD dwWorkingSetSize;
SIZE_T tQuotaPeakPagedPoolUsage;
SIZE_T tQuotaPagedPoolUsage;
SIZE_T tQuotaPeakNonPagedPoolUsage;
SIZE_T tQuotaNonPagedPoolUsage;
SIZE_T tPagefileUsage;
SIZE_T tPeakPagefileUsage;
SIZE_T tPrivatePageCount;
LARGE_INTEGER qReadOperationCount;
LARGE_INTEGER qWriteOperationCount;
LARGE_INTEGER qOtherOperationCount;
LARGE_INTEGER qReadTransferCount;
LARGE_INTEGER qWriteTransferCount;
LARGE_INTEGER qOtherTransferCount;
}SYSTEM_PROCESS_INFORMATION;
#define SystemProcessInformation 5
#define SystemTimeOfDayInformation 3
#define SystemHandleInformation 16
#define STATUS_INFO_LENGTH_MISMATCH ((LONG)0xC0000004L)
VOID *GetDllProc(CHAR * pDllName, CHAR *pProcName)
{
HMODULE hMod;
hMod = LoadLibraryA(pDllName);
if(hMod == NULL)
return NULL;
return GetProcAddress(hMod, pProcName);
}
typedef LONG (WINAPI *Fun_NtQuerySystemInformation) (
int SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT ULONG * pReturnLength OPTIONAL);
BOOL NSystem::GetSysProcInfo(SYSTEM_PROCESS_INFORMATION ** ppSysProcInfo)
{
Fun_NtQuerySystemInformation _NtQuerySystemInformation;
_NtQuerySystemInformation = (Fun_NtQuerySystemInformation)::GetDllProc("NTDLL.DLL", "NtQuerySystemInformation");
if(_NtQuerySystemInformation == NULL)
return FALSE;
DWORD dwSize = 1024*1024;
VOID * pBuf = NULL;
LONG lRetVal;
for(;;)
{
if(pBuf)
free(pBuf);
pBuf = (VOID *)malloc(dwSize);
lRetVal = _NtQuerySystemInformation(SystemProcessInformation,
pBuf, dwSize, NULL);
if(STATUS_INFO_LENGTH_MISMATCH != lRetVal)
break;
dwSize *= 2;
}
if(lRetVal == 0)
{
*ppSysProcInfo = (SYSTEM_PROCESS_INFORMATION *)pBuf;
return TRUE;
}
free(pBuf);
return FALSE;
}
typedef BYTE (WINAPI *Fun_WinStationGetProcessSid)(HANDLE hServer,DWORD ProcessId , FILETIME ProcessStartTime,PBYTE pProcessUserSid ,PDWORD dwSidSize);
typedef VOID (WINAPI *Fun_CachedGetUserFromSid)( PSID pSid , PWCHAR pUserName,PULONG cbUserName);
BOOL NSystem::GetProcessUser(DWORD dwPid, _bstr_t *pbStrUser)
{
Fun_WinStationGetProcessSid _WinStationGetProcessSid;
Fun_CachedGetUserFromSid _CachedGetUserFromSid;
_WinStationGetProcessSid = (Fun_WinStationGetProcessSid)
GetDllProc("Winsta.dll", "WinStationGetProcessSid");
_CachedGetUserFromSid = (Fun_CachedGetUserFromSid)
GetDllProc("utildll.dll", "CachedGetUserFromSid");
if(_WinStationGetProcessSid == NULL || _CachedGetUserFromSid == NULL)
return FALSE;
BYTE cRetVal;
FILETIME ftStartTime;
DWORD dwSize;
BYTE * pSid;
BOOL bRetVal, bFind;
SYSTEM_PROCESS_INFORMATION * pProcInfo, * pCurProcInfo;
bRetVal = GetSysProcInfo(&pProcInfo);
if(bRetVal == FALSE || pProcInfo == NULL)
return FALSE;
bFind = FALSE;
pCurProcInfo = pProcInfo;
for(;;)
{
if(pCurProcInfo->dwProcessId == dwPid)
{
memcpy(&ftStartTime, &pCurProcInfo->qCreateTime, sizeof(ftStartTime));
bFind = TRUE;
break;
}
if(pCurProcInfo->dwNextEntryOffset == 0)
break;
pCurProcInfo = (SYSTEM_PROCESS_INFORMATION *)((BYTE *)pCurProcInfo +
pCurProcInfo->dwNextEntryOffset);
}
if(bFind == FALSE)
{
free(pProcInfo);
return FALSE;
}
cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, NULL, &dwSize);
if(cRetVal != 0)
return FALSE;
pSid = new BYTE[dwSize];
cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, pSid, &dwSize);
if(cRetVal == 0)
{
delete [] pSid;
return FALSE;
}
WCHAR szUserName[1024];
dwSize = 1024;
_CachedGetUserFromSid(pSid, szUserName, &dwSize);
delete [] pSid;
if(dwSize == 0)
return FALSE;
*pbStrUser = szUserName;
return TRUE;
}
- 取进程的用户(所有进程)
- 取进程用户
- 列出用户A的所有进程
- 杀掉所有Oracle的用户进程
- kill某用户的所有进程
- Linux 杀死某个用户的所有进程
- c#获取当前登录用户的所有进程,而不是所有用户的进程
- kill 指定用户所有进程
- 杀死某个用户所有进程
- C#取得当前进程所有打开的窗体
- 4种kill某个用户所有进程的方法
- 4种kill某个用户所有进程的方法
- 4种kill某个用户所有进程的方法
- 手工kill掉当前用户的所有进程
- 一次性杀掉所有由“opensips”用户产生的进程。
- linux 杀死一个用户所有进程的方法
- 一个很好的命令(pkill),一次性杀死某用户所有进程。PS:其他杀进程命令
- 进程的用户身份
- C库函数手册
- 小结今天所学
- 字符串显示一个字符效果
- 取任务栏的窗体列表
- CDMA
- 取进程的用户(所有进程)
- JSF与Struts的比较 超易懂!
- 欢迎来的king的blog~! ------------- Blogcn | 中国博客网 | 博客(blog)托管商 | 网络日志 | 中国博客集中地
- CDMA
- 从后台写向前台并执行 innerHTML
- Windows容易中病毒么?
- 应用程序架构本质,第 1 部分: 关于需求建模您所需要了解的所有内容(转)
- 如何在Windows NT中隐藏自己[转]
- linux题目