珞珈山水BBS -- 单文区文章阅读

搜索

单文区文章阅读 [返回]
发信人: Stravadivaly (老子就是机器人), 信区: Programm 标题: Re: 枚举系统进程问题发信站: BBS 珞珈山水站 (Sun May 28 17:16:43 2006) 终于，七拼八凑的，搞定了： #include <windows.h> #include <tchar.h> #include <stdio.h> #include <stdlib.h> #define NT_SUCCESS(status) ((NTSTATUS)(status)>=0) #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) typedef LONG NTSTATUS; typedef struct _CLIENT_ID { DWORD UniqueProcess; DWORD UniqueThread; }CLIENT_ID,PCLIENT_ID; typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; }_UNICODE_STRING,PUNICODE_STRING; typedef _UNICODE_STRING UNICODE_STRING, PUNICODE_STRING; typedef struct _VM_COUNTERS { SIZE_T PeakVirtualSize; SIZE_T VirtualSize; ULONG PageFaultCount; SIZE_T PeakWorkingSetSize; SIZE_T WorkingSetSize; SIZE_T QuotaPeakPagedPoolUsage; SIZE_T QuotaPagedPoolUsage; SIZE_T QuotaPeakNonPagedPoolUsage; SIZE_T QuotaNonPagedPoolUsage; SIZE_T PagefileUsage; SIZE_T PeakPagefileUsage; } VM_COUNTERS; typedef struct _IO_COUNTERS{ LARGE_INTEGER ReadOperationCount; LARGE_INTEGER WriteOperationCount; LARGE_INTEGER OtherOperationCount; LARGE_INTEGER ReadTransferCount; LARGE_INTEGER WriteTransferCount; LARGE_INTEGER OtherTransferCount; } IO_COUNTERS, PIO_COUNTERS; typedef struct _SYSTEM_THREAD_INFORMATION { LARGE_INTEGER KernelTime; // time spent in kernel mode LARGE_INTEGER UserTime; // time spent in user mode LARGE_INTEGER CreateTime; // thread creation time ULONG WaitTime; // wait time PVOID StartAddress; // start address CLIENT_ID ClientId; // thread and process IDs DWORD Priority; // dynamic priority DWORD BasePriority; // base priority ULONG ContextSwitchCount; // number of context switches LONG State; // current state LONG WaitReason; // wait reason } SYSTEM_THREAD_INFORMATION, PSYSTEM_THREAD_INFORMATION; typedef struct _SYSTEM_PROCESS_INFORMATION { ULONG NextEntryDelta; // offset to the next entry ULONG ThreadCount; // number of threads ULONG Reserved1[6]; // reserved LARGE_INTEGER CreateTime; // process creation time LARGE_INTEGER UserTime; // time spent in user mode LARGE_INTEGER KernelTime; // time spent in kernel mode UNICODE_STRING ProcessName; // process name DWORD BasePriority; // base process priority ULONG ProcessId; // process identifier ULONG InheritedFromProcessId; // parent process identifier ULONG HandleCount; // number of handles ULONG Reserved2[2]; // reserved VM_COUNTERS VmCounters; // virtual memory counters IO_COUNTERS IoCounters; // i/o counters SYSTEM_THREAD_INFORMATION Threads[1]; // threads } SYSTEM_PROCESS_INFORMATION, PSYSTEM_PROCESS_INFORMATION; typedef enum _SYSTEM_INFORMATION_CLASS { SystemBasicInformation, // 0 Y N SystemProcessorInformation, // 1 Y N SystemPerformanceInformation, // 2 Y N SystemTimeOfDayInformation, // 3 Y N SystemNotImplemented1, // 4 Y N SystemProcessesAndThreadsInformation, // 5 Y N SystemCallCounts, // 6 Y N SystemConfigurationInformation, // 7 Y N SystemProcessorTimes, // 8 Y N SystemGlobalFlag, // 9 Y Y SystemNotImplemented2, // 10 Y N SystemModuleInformation, // 11 Y N SystemLockInformation, // 12 Y N SystemNotImplemented3, // 13 Y N SystemNotImplemented4, // 14 Y N SystemNotImplemented5, // 15 Y N SystemHandleInformation, // 16 Y N SystemObjectInformation, // 17 Y N SystemPagefileInformation, // 18 Y N SystemInstructionEmulationCounts, // 19 Y N SystemInvalidInfoClass1, // 20 SystemCacheInformation, // 21 Y Y SystemPoolTagInformation, // 22 Y N SystemProcessorStatistics, // 23 Y N SystemDpcInformation, // 24 Y Y SystemNotImplemented6, // 25 Y N SystemLoadImage, // 26 N Y SystemUnloadImage, // 27 N Y SystemTimeAdjustment, // 28 Y Y SystemNotImplemented7, // 29 Y N SystemNotImplemented8, // 30 Y N SystemNotImplemented9, // 31 Y N SystemCrashDumpInformation, // 32 Y N SystemExceptionInformation, // 33 Y N SystemCrashDumpStateInformation, // 34 Y Y/N SystemKernelDebuggerInformation, // 35 Y N SystemContextSwitchInformation, // 36 Y N SystemRegistryQuotaInformation, // 37 Y Y SystemLoadAndCallImage, // 38 N Y SystemPrioritySeparation, // 39 N Y SystemNotImplemented10, // 40 Y N SystemNotImplemented11, // 41 Y N SystemInvalidInfoClass2, // 42 SystemInvalidInfoClass3, // 43 SystemTimeZoneInformation, // 44 Y N SystemLookasideInformation, // 45 Y N SystemSetTimeSlipEvent, // 46 N Y SystemCreateSession, // 47 N Y SystemDeleteSession, // 48 N Y SystemInvalidInfoClass4, // 49 SystemRangeStartInformation, // 50 Y N SystemVerifierInformation, // 51 Y Y SystemAddVerifier, // 52 N Y SystemSessionProcessesInformation // 53 Y N } SYSTEM_INFORMATION_CLASS; typedef NTSTATUS (_stdcall PNtQuerySystemInformation)( IN SYSTEM_INFORMATION_CLASS SystemProcessesAndThreadsInformation, OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL); int main(void){ HMODULE hNtDll; NTSTATUS Status; ULONG cbBuffer=0x8000; LPVOID pBuffer = NULL; HANDLE hProcess; hNtDll=LoadLibrary(_T("ntdll.dll")); PNtQuerySystemInformation tNtQuerySystemInformation= (PNtQuerySystemInformation)GetProcAddress(hNtDll,_T("NtQuerySystemInfo rmation")); do{ pBuffer=malloc(cbBuffer); if (pBuffer==NULL) { _tprintf(_T("Not enough memory\n")); return 1; } Status=tNtQuerySystemInformation( SystemProcessesAndThreadsInformation, pBuffer, cbBuffer, NULL); if (Status==STATUS_INFO_LENGTH_MISMATCH) { free(pBuffer); cbBuffer=2; } else if (!NT_SUCCESS(Status)) { printf(_T("tNtQuerySystemInformation failed with") _T("status 0x%08X\n"), Status); free(pBuffer); return 1; } } while (Status==STATUS_INFO_LENGTH_MISMATCH); PSYSTEM_PROCESS_INFORMATION pInfo=(PSYSTEM_PROCESS_INFORMATION)pBuffer; for (;;) { hProcess=NULL; PCWSTR pszProcessName=pInfo->ProcessName.Buffer; if (pszProcessName==NULL) pszProcessName=L"Idle"; //输出进程名 _tprintf(_T("ProcessID: %d (%ws)\n"), pInfo->ProcessId, pszProcessName); if (pInfo->NextEntryDelta==0) break; //通过链表寻找 pInfo=(PSYSTEM_PROCESS_INFORMATION)(((PUCHAR)pInfo) + pInfo->NextEntryDelta); if(hProcess!=NULL) CloseHandle(hProcess); } free(pBuffer); return 0; } 参考文章： https://www.xfocus.net/bbs/index.php?act=ST&f=2&t=48527&view=old 感谢oyljerry :) -- 是吗? 不是吗? 对吗? 不对吗? 傻吗? ...... 的确很傻. 就像" 树动风欲静, 日涌大山流". ※ 修改:·Stravadivaly 於 May 28 17:28:31 2006 修改本文·[FROM: 221.232.28.] ※ 来源:·珞珈山水BBS站 http://bbs.whu.edu.cn·[FROM: 221.232.28.]
[返回单文区目录]

单文区文章阅读 [返回]

发信人: Stravadivaly (老子就是机器人), 信区: Programm
标  题: Re: 枚举系统进程问题
发信站: BBS 珞珈山水站 (Sun May 28 17:16:43 2006)

终于，七拼八凑的，搞定了：

#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <stdlib.h>

#define NT_SUCCESS(status)          ((NTSTATUS)(status)>=0)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
#define STATUS_SUCCESS              ((NTSTATUS)0x00000000L)

typedef LONG NTSTATUS;

typedef struct _CLIENT_ID
{
    DWORD UniqueProcess;
    DWORD UniqueThread;
}CLIENT_ID,*PCLIENT_ID;

typedef struct _UNICODE_STRING
{
    USHORT  Length;
    USHORT  MaximumLength;
    PWSTR   Buffer;
}_UNICODE_STRING,*PUNICODE_STRING;

typedef _UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;

typedef struct _VM_COUNTERS {
    SIZE_T PeakVirtualSize;
    SIZE_T VirtualSize;
    ULONG PageFaultCount;
    SIZE_T PeakWorkingSetSize;
    SIZE_T WorkingSetSize;
    SIZE_T QuotaPeakPagedPoolUsage;
    SIZE_T QuotaPagedPoolUsage;
    SIZE_T QuotaPeakNonPagedPoolUsage;
    SIZE_T QuotaNonPagedPoolUsage;
    SIZE_T PagefileUsage;
    SIZE_T PeakPagefileUsage;
} VM_COUNTERS;

typedef struct _IO_COUNTERS{
    LARGE_INTEGER ReadOperationCount;
    LARGE_INTEGER WriteOperationCount;
    LARGE_INTEGER OtherOperationCount;
    LARGE_INTEGER ReadTransferCount;
    LARGE_INTEGER WriteTransferCount;
    LARGE_INTEGER OtherTransferCount;
} IO_COUNTERS, *PIO_COUNTERS;

typedef struct _SYSTEM_THREAD_INFORMATION {
    LARGE_INTEGER   KernelTime;             // time spent in kernel mode
    LARGE_INTEGER   UserTime;               // time spent in user mode
    LARGE_INTEGER   CreateTime;             // thread creation time
    ULONG           WaitTime;               // wait time
    PVOID           StartAddress;           // start address
    CLIENT_ID       ClientId;               // thread and process IDs
    DWORD           Priority;               // dynamic priority
    DWORD           BasePriority;           // base priority
    ULONG           ContextSwitchCount;     // number of context switches
    LONG            State;                  // current state
    LONG            WaitReason;             // wait reason
} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;

typedef struct _SYSTEM_PROCESS_INFORMATION {
    ULONG           NextEntryDelta;         // offset to the next entry
    ULONG           ThreadCount;            // number of threads
    ULONG           Reserved1[6];           // reserved
    LARGE_INTEGER   CreateTime;             // process creation time
    LARGE_INTEGER   UserTime;               // time spent in user mode
    LARGE_INTEGER   KernelTime;             // time spent in kernel mode
    UNICODE_STRING  ProcessName;            // process name
    DWORD           BasePriority;           // base process priority
    ULONG           ProcessId;              // process identifier
    ULONG           InheritedFromProcessId; // parent process identifier
    ULONG           HandleCount;            // number of handles
    ULONG           Reserved2[2];           // reserved
    VM_COUNTERS     VmCounters;             // virtual memory counters
    IO_COUNTERS     IoCounters;             // i/o counters
    SYSTEM_THREAD_INFORMATION Threads[1];   // threads
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;

typedef enum _SYSTEM_INFORMATION_CLASS {
    SystemBasicInformation,              // 0        Y        N
    SystemProcessorInformation,          // 1        Y        N
    SystemPerformanceInformation,        // 2        Y        N
    SystemTimeOfDayInformation,          // 3        Y        N
    SystemNotImplemented1,               // 4        Y        N
    SystemProcessesAndThreadsInformation, // 5       Y        N
    SystemCallCounts,                    // 6        Y        N
    SystemConfigurationInformation,      // 7        Y        N
    SystemProcessorTimes,                // 8        Y        N
    SystemGlobalFlag,                    // 9        Y        Y
    SystemNotImplemented2,               // 10       Y        N
    SystemModuleInformation,             // 11       Y        N
    SystemLockInformation,               // 12       Y        N
    SystemNotImplemented3,               // 13       Y        N
    SystemNotImplemented4,               // 14       Y        N
    SystemNotImplemented5,               // 15       Y        N
    SystemHandleInformation,             // 16       Y        N
    SystemObjectInformation,             // 17       Y        N
    SystemPagefileInformation,           // 18       Y        N
    SystemInstructionEmulationCounts,    // 19       Y        N
    SystemInvalidInfoClass1,             // 20
    SystemCacheInformation,              // 21       Y        Y
    SystemPoolTagInformation,            // 22       Y        N
    SystemProcessorStatistics,           // 23       Y        N
    SystemDpcInformation,                // 24       Y        Y
    SystemNotImplemented6,               // 25       Y        N
    SystemLoadImage,                     // 26       N        Y
    SystemUnloadImage,                   // 27       N        Y
    SystemTimeAdjustment,                // 28       Y        Y
    SystemNotImplemented7,               // 29       Y        N
    SystemNotImplemented8,               // 30       Y        N
    SystemNotImplemented9,               // 31       Y        N
    SystemCrashDumpInformation,          // 32       Y        N
    SystemExceptionInformation,          // 33       Y        N
    SystemCrashDumpStateInformation,     // 34       Y        Y/N
    SystemKernelDebuggerInformation,     // 35       Y        N
    SystemContextSwitchInformation,      // 36       Y        N
    SystemRegistryQuotaInformation,      // 37       Y        Y
    SystemLoadAndCallImage,              // 38       N        Y
    SystemPrioritySeparation,            // 39       N        Y
    SystemNotImplemented10,              // 40       Y        N
    SystemNotImplemented11,              // 41       Y        N
    SystemInvalidInfoClass2,             // 42
    SystemInvalidInfoClass3,             // 43
    SystemTimeZoneInformation,           // 44       Y        N
    SystemLookasideInformation,          // 45       Y        N
    SystemSetTimeSlipEvent,              // 46       N        Y
    SystemCreateSession,                 // 47       N        Y
    SystemDeleteSession,                 // 48       N        Y
    SystemInvalidInfoClass4,             // 49
    SystemRangeStartInformation,         // 50       Y        N
    SystemVerifierInformation,           // 51       Y        Y
    SystemAddVerifier,                   // 52       N        Y
    SystemSessionProcessesInformation    // 53       Y        N
} SYSTEM_INFORMATION_CLASS;

typedef NTSTATUS (_stdcall *PNtQuerySystemInformation)(
  IN SYSTEM_INFORMATION_CLASS SystemProcessesAndThreadsInformation,
  OUT PVOID               SystemInformation,
  IN ULONG                SystemInformationLength,
  OUT PULONG              ReturnLength OPTIONAL);

int main(void){

    HMODULE hNtDll;
    NTSTATUS Status;
    ULONG cbBuffer=0x8000;
    LPVOID pBuffer = NULL;
    HANDLE hProcess;

    hNtDll=LoadLibrary(_T("ntdll.dll"));
    PNtQuerySystemInformation tNtQuerySystemInformation=
        (PNtQuerySystemInformation)GetProcAddress(hNtDll,_T("NtQuerySystemInfo
rmation"));

    do{
        pBuffer=malloc(cbBuffer);
        if (pBuffer==NULL)
        {
            _tprintf(_T("Not enough memory\n"));
            return 1;
        }

        Status=tNtQuerySystemInformation(
                   SystemProcessesAndThreadsInformation,
                   pBuffer, cbBuffer, NULL);

        if (Status==STATUS_INFO_LENGTH_MISMATCH)
        {
            free(pBuffer);
            cbBuffer*=2;
        }
        else if (!NT_SUCCESS(Status))
        {
            printf(_T("tNtQuerySystemInformation failed with")
                     _T("status 0x%08X\n"), Status);

            free(pBuffer);
            return 1;
        }
    }
    while (Status==STATUS_INFO_LENGTH_MISMATCH);

    PSYSTEM_PROCESS_INFORMATION pInfo=(PSYSTEM_PROCESS_INFORMATION)pBuffer;

    for (;;)
    {
        hProcess=NULL;
        PCWSTR pszProcessName=pInfo->ProcessName.Buffer;
        if (pszProcessName==NULL)
            pszProcessName=L"Idle";

        //输出进程名
        _tprintf(_T("ProcessID: %d (%ws)\n"), pInfo->ProcessId,
                 pszProcessName);
        if (pInfo->NextEntryDelta==0)
            break;

        //通过链表寻找
        pInfo=(PSYSTEM_PROCESS_INFORMATION)(((PUCHAR)pInfo)
                        + pInfo->NextEntryDelta);
        if(hProcess!=NULL)
        CloseHandle(hProcess);
    }

    free(pBuffer);
    return 0;
}

参考文章：

https://www.xfocus.net/bbs/index.php?act=ST&f=2&t=48527&view=old

感谢oyljerry :)

--
是吗? 不是吗? 对吗? 不对吗? 傻吗? ...... 的确很傻. 就像" 树动风欲静, 日涌大山流".

※ 修改:·Stravadivaly 於 May 28 17:28:31 2006 修改本文·[FROM: 221.232.28.*]
※ 来源:·珞珈山水BBS站

http://bbs.whu.edu.cn·[FROM: 221.232.28.*]

[返回单文区目录]