-
-
[求助]列举进程用户名用WINDOWS 32汇编怎样实现主要是GetTokenInformation的参数在WINDOWS 32汇编是没有定义
-
发表于: 2008-4-26 00:55
-
BOOL ProcessAll()
{
BOOL bResult;
DWORD dwTotal;
HANDLE hProcessSnap;
PROCESSENTRY32 ProcessEntry32;
HANDLE hProcess;
FILETIME CreateTime;
FILETIME ExitTime;
FILETIME KernelTime;
FILETIME UserTime;
FILETIME CPUTime;
SYSTEMTIME SystemTime;
DWORD dwPriority;
PROCESS_MEMORY_COUNTERS PMCounter;
HANDLE hToken;
PTOKEN_USER pTokenUser;
char szName[256];
char szDomain[256];
DWORD dwSize;
DWORD dwName;
DWORD dwDomain;
SID_NAME_USE SNU;
dwTotal = 0;
bResult = TRUE;
hProcessSnap = NULL;
DebugPrivilege(TRUE);
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
printf("CreateToolhelp32Snapshot for Process Error: %d\n",GetLastError());
bResult = FALSE;
}
ProcessEntry32.dwSize = sizeof(PROCESSENTRY32);
if(Process32First(hProcessSnap,&ProcessEntry32))
{
printf("\t\t===== Processes Information =====\n\n");
printf("%-20s%5s%10s%9s%18s%10s\n\n","ImageName","ProID","CPUTime","MemUsage","BasePriority","UserName");
do
{
if(ProcessEntry32.th32ProcessID == 0)
{
continue;
}
else
{
printf("%-20s",ProcessEntry32.szExeFile);
}
printf("%5d",ProcessEntry32.th32ProcessID);
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,ProcessEntry32.th32ProcessID);
if(hProcess == NULL)
{
printf("\n");
continue;
}
if(!GetProcessTimes(hProcess,&CreateTime,&ExitTime,&KernelTime,&UserTime))
{
printf("GetProcessTimes Error: %d\n",GetLastError());
bResult = FALSE;
}
else
{
CPUTime.dwHighDateTime = KernelTime.dwHighDateTime + UserTime.dwHighDateTime;
CPUTime.dwLowDateTime = KernelTime.dwLowDateTime + UserTime.dwLowDateTime;
FileTimeToSystemTime(&CPUTime,&SystemTime);
printf(" %.2d:%.2d:%.2d",SystemTime.wHour,SystemTime.wMinute,SystemTime.wSecond);
}
if(!GetProcessMemoryInfo(hProcess,&PMCounter,sizeof(PMCounter)))
{
printf("GetProcessMemoryInfo Error: %d\n",GetLastError());
bResult = FALSE;
}
else
{
printf(" %7d",PMCounter.WorkingSetSize/1024);
}
dwPriority = GetPriorityClass(hProcess);
if(dwPriority == 0)
{
printf("GetPriorityClass Error: %d\n",GetLastError());
bResult = FALSE;
}
switch(dwPriority)
{
case ABOVE_NORMAL_PRIORITY_CLASS:
printf("%13s","AboveNormal");
break;
case BELOW_NORMAL_PRIORITY_CLASS:
printf("%13s","BelowNormal");
break;
case HIGH_PRIORITY_CLASS:
printf("%13s","High");
break;
case IDLE_PRIORITY_CLASS:
printf("%13s","Low");
break;
case NORMAL_PRIORITY_CLASS:
printf("%13s","Normal");
break;
case REALTIME_PRIORITY_CLASS:
printf("%13s","RealTime");
break;
default:
printf("%13s","N/A");
break;
}
printf(" (%.2d)",ProcessEntry32.pcPriClassBase);
dwSize = 0;
dwName = 256;
dwDomain = 256;
if(ProcessEntry32.th32ProcessID == 4 || ProcessEntry32.th32ProcessID == 8)
{
printf(" SYSTEM\n");
continue;
}
__try
{
if(!OpenProcessToken(hProcess,TOKEN_QUERY,&hToken))
{
bResult = FALSE;
__leave;
}
if(!GetTokenInformation(hToken,TokenUser,pTokenUser,dwSize,&dwSize))
{
if(GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
bResult = FALSE ;
__leave;
}
}
pTokenUser = NULL;
pTokenUser = (PTOKEN_USER)malloc(dwSize);
if(pTokenUser == NULL)
{
bResult = FALSE;
__leave;
}
if(!GetTokenInformation(hToken,TokenUser,pTokenUser,dwSize,&dwSize))
{
bResult = FALSE;
__leave;
}
if(LookupAccountSid(NULL,pTokenUser->User.Sid,szName,&dwName,szDomain,&dwDomain,&SNU) != 0)
{
printf(" %s",szName);
}
}
__finally
{
printf("\n");
}
dwTotal++;
}
while(Process32Next(hProcessSnap,&ProcessEntry32));
}
else
{
printf("ProcessEntry32First Error: %d\n",GetLastError());
bResult = FALSE;
}
printf("\nTotal Processes %d\n",dwTotal);
CloseHandle(hProcessSnap);
DebugPrivilege(FALSE);
return bResult;
}
牛人最好给出列举进程和所属进程的用户名WINDOWS 32汇编代码
{
BOOL bResult;
DWORD dwTotal;
HANDLE hProcessSnap;
PROCESSENTRY32 ProcessEntry32;
HANDLE hProcess;
FILETIME CreateTime;
FILETIME ExitTime;
FILETIME KernelTime;
FILETIME UserTime;
FILETIME CPUTime;
SYSTEMTIME SystemTime;
DWORD dwPriority;
PROCESS_MEMORY_COUNTERS PMCounter;
HANDLE hToken;
PTOKEN_USER pTokenUser;
char szName[256];
char szDomain[256];
DWORD dwSize;
DWORD dwName;
DWORD dwDomain;
SID_NAME_USE SNU;
dwTotal = 0;
bResult = TRUE;
hProcessSnap = NULL;
DebugPrivilege(TRUE);
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
printf("CreateToolhelp32Snapshot for Process Error: %d\n",GetLastError());
bResult = FALSE;
}
ProcessEntry32.dwSize = sizeof(PROCESSENTRY32);
if(Process32First(hProcessSnap,&ProcessEntry32))
{
printf("\t\t===== Processes Information =====\n\n");
printf("%-20s%5s%10s%9s%18s%10s\n\n","ImageName","ProID","CPUTime","MemUsage","BasePriority","UserName");
do
{
if(ProcessEntry32.th32ProcessID == 0)
{
continue;
}
else
{
printf("%-20s",ProcessEntry32.szExeFile);
}
printf("%5d",ProcessEntry32.th32ProcessID);
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,ProcessEntry32.th32ProcessID);
if(hProcess == NULL)
{
printf("\n");
continue;
}
if(!GetProcessTimes(hProcess,&CreateTime,&ExitTime,&KernelTime,&UserTime))
{
printf("GetProcessTimes Error: %d\n",GetLastError());
bResult = FALSE;
}
else
{
CPUTime.dwHighDateTime = KernelTime.dwHighDateTime + UserTime.dwHighDateTime;
CPUTime.dwLowDateTime = KernelTime.dwLowDateTime + UserTime.dwLowDateTime;
FileTimeToSystemTime(&CPUTime,&SystemTime);
printf(" %.2d:%.2d:%.2d",SystemTime.wHour,SystemTime.wMinute,SystemTime.wSecond);
}
if(!GetProcessMemoryInfo(hProcess,&PMCounter,sizeof(PMCounter)))
{
printf("GetProcessMemoryInfo Error: %d\n",GetLastError());
bResult = FALSE;
}
else
{
printf(" %7d",PMCounter.WorkingSetSize/1024);
}
dwPriority = GetPriorityClass(hProcess);
if(dwPriority == 0)
{
printf("GetPriorityClass Error: %d\n",GetLastError());
bResult = FALSE;
}
switch(dwPriority)
{
case ABOVE_NORMAL_PRIORITY_CLASS:
printf("%13s","AboveNormal");
break;
case BELOW_NORMAL_PRIORITY_CLASS:
printf("%13s","BelowNormal");
break;
case HIGH_PRIORITY_CLASS:
printf("%13s","High");
break;
case IDLE_PRIORITY_CLASS:
printf("%13s","Low");
break;
case NORMAL_PRIORITY_CLASS:
printf("%13s","Normal");
break;
case REALTIME_PRIORITY_CLASS:
printf("%13s","RealTime");
break;
default:
printf("%13s","N/A");
break;
}
printf(" (%.2d)",ProcessEntry32.pcPriClassBase);
dwSize = 0;
dwName = 256;
dwDomain = 256;
if(ProcessEntry32.th32ProcessID == 4 || ProcessEntry32.th32ProcessID == 8)
{
printf(" SYSTEM\n");
continue;
}
__try
{
if(!OpenProcessToken(hProcess,TOKEN_QUERY,&hToken))
{
bResult = FALSE;
__leave;
}
if(!GetTokenInformation(hToken,TokenUser,pTokenUser,dwSize,&dwSize))
{
if(GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
bResult = FALSE ;
__leave;
}
}
pTokenUser = NULL;
pTokenUser = (PTOKEN_USER)malloc(dwSize);
if(pTokenUser == NULL)
{
bResult = FALSE;
__leave;
}
if(!GetTokenInformation(hToken,TokenUser,pTokenUser,dwSize,&dwSize))
{
bResult = FALSE;
__leave;
}
if(LookupAccountSid(NULL,pTokenUser->User.Sid,szName,&dwName,szDomain,&dwDomain,&SNU) != 0)
{
printf(" %s",szName);
}
}
__finally
{
printf("\n");
}
dwTotal++;
}
while(Process32Next(hProcessSnap,&ProcessEntry32));
}
else
{
printf("ProcessEntry32First Error: %d\n",GetLastError());
bResult = FALSE;
}
printf("\nTotal Processes %d\n",dwTotal);
CloseHandle(hProcessSnap);
DebugPrivilege(FALSE);
return bResult;
}
牛人最好给出列举进程和所属进程的用户名WINDOWS 32汇编代码
|
|
|---|---|
