我写了一个基本代码(通过VC ++)来检索Psapi中EnumProcesses()的进程列表。我在管理员模式下打开VS2012。在调试期间,代码成功检索所有进程句柄。在构建流程时,它无法将流程句柄作为独立的应用程序;大多数进程句柄返回NULL值。我试图在链接器中将“UAC执行级别”设置为requireAdministrator;但没有变化。有什么建议吗?
DWORD proc_id[1024]; // array for process id's
DWORD ret_bytes; // number of bytes returned from EnumProcesses()
FILE *proc_file; // to store the process list
// Get list of process id's
if ( !EnumProcesses( proc_id, sizeof(proc_id), &ret_bytes ) )
{
printf("Can not execute EnumProcesses()...\n");
system("pause");
return;
}
printf("Retriving process id list...\n");
// Calculate how many process identifiers were returned.
DWORD number_of_proc; // number of processes
number_of_proc = ret_bytes / sizeof(DWORD);
printf("%u working processes found...\n",number_of_proc);
// Read all the process' names
proc_file=fopen("process.txt","w");
for (unsigned int i=0;i<number_of_proc;i++)
{
if (proc_id[i]!=0) // if the id is not empty
{
TCHAR proc_name[MAX_PATH] = TEXT("<unknown>"); // array for storing name of process
TCHAR file_name[MAX_PATH] = TEXT("<unknown>"); // array for executable of process
HANDLE proc_handle = OpenProcess(PROCESS_ALL_ACCESS , false, proc_id[i]); // open the process
if(proc_handle==NULL) fprintf(proc_file,"%3u - NULL HANDLE (PID: %u) err %u\n\n",i,proc_id[i],GetLastError());
HMODULE hMod;
DWORD cbNeeded;
if(EnumProcessModulesEx( proc_handle, &hMod, sizeof(HMODULE),&cbNeeded,LIST_MODULES_ALL))
{
GetModuleBaseName( proc_handle, hMod, proc_name,sizeof(proc_name)/sizeof(TCHAR) ); // Get the name of the process
/*_tprintf( TEXT("%3u - %s (PID: %u)\n"),i, proc_name,proc_id[i] );*/
fprintf(proc_file,("%3u - %s (PID: %u)\n"),i, proc_name,proc_id[i]);
//GetProcessImageFileName(proc_handle,file_name,sizeof(file_name)/sizeof(TCHAR));
DWORD size=sizeof(file_name)/sizeof(TCHAR);
QueryFullProcessImageName(proc_handle,0,file_name,&size); // Get the name of the image base file
//_tprintf( TEXT("%s\n"),file_name );
fprintf(proc_file,("\t%s\n"),file_name);
}
else
if(proc_handle!=NULL)
fprintf(proc_file,"%3u - EnumProcessModules() not working... (PID: %u) err %u\n",i,proc_id[i],GetLastError());
//QueryFullProcessImageName(proc_handle,1,proc_name,sizeof(proc_name)/sizeof(TCHAR));
//GetProcessImageFileName(proc_handle,proc_name,sizeof(proc_name)/sizeof(TCHAR));
}
}
fclose(proc_file);
答案 0 :(得分:1)
要在您没有权限时获取PROCESS_ALL_ACCESS,请调用您的SeDebugPrivilege权限 参考 How To Use the SeDebugPrivilege to Acquire Any Process Handle
答案 1 :(得分:0)
感谢您的推荐,我能够对问题进行排序。以下是信息的工作代码
DWORD proc_id[1024]; // array for process id's
DWORD ret_bytes; // number of bytes returned from EnumProcesses()
FILE *proc_file; // to store the process list
HANDLE hProcess; // handle for current process
HANDLE hToken; // handle for token result
LUID Luid; // local unique identifier
TOKEN_PRIVILEGES TP; // token priviliges
TOKEN_PRIVILEGES TPprev;
DWORD cbprev;
hProcess = GetCurrentProcess(); // Get handle for current process
DWORD lResult = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY , &hToken); // Open process token for current process
if (lResult==0){
printf("Cannot open process token: %x\n",lResult);
system("pause");
return;}
else{
printf("Open process token: %x\n",hToken);
}
// Grab the LUID for the request privilege.
lResult = LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &Luid);
if (lResult==0){
printf("Cannot open look up priv. value: %x\n",lResult);
system("pause");
return;}
else{
printf("Priv. look up succesfull: %x\n",Luid);
}
cbprev=sizeof(TP);
TP.PrivilegeCount=1;
TP.Privileges[0].Luid = Luid;
TP.Privileges[0].Attributes = 0;
lResult = AdjustTokenPrivileges(hToken, FALSE, &TP, sizeof(TP), &TPprev, &cbprev );
if (lResult==0){
printf("Cannot retrieve privilege: %x (error:%u)\n",lResult,GetLastError());
system("pause");
return;}
else{
printf("Privilege retrieved succesfully\n");
}
// Adjust the token privilege
TPprev.PrivilegeCount=1;
TPprev.Privileges[0].Luid=Luid;
TPprev.Privileges[0].Attributes=2; //SE_PRIVILEGE_ENABLED
lResult = AdjustTokenPrivileges(hToken, FALSE, &TPprev, sizeof(TP), &TP, &cbprev);
if (lResult==0){
printf("Cannot adjust privilege: %x (error:%u)\n",lResult,GetLastError());
system("pause");
return;}
else{
printf("Privilege adjusted succesfully\n");
}
// Get list of process id's
if ( !EnumProcesses( proc_id, sizeof(proc_id), &ret_bytes ) )
{
printf("Can not execute EnumProcesses()...\n");
system("pause");
return;
}
printf("Retriving process id list...\n");
// Calculate how many process identifiers were returned.
DWORD number_of_proc; // number of processes
number_of_proc = ret_bytes / sizeof(DWORD);
printf("%u working processes found...\n",number_of_proc);
// Read all the process' names
proc_file=fopen("process.txt","w");
for (unsigned int i=0;i<number_of_proc;i++)
{
if (proc_id[i]!=0) // if the id is not empty
{
TCHAR proc_name[MAX_PATH] = TEXT("<unknown>"); // array for storing name of process
TCHAR file_name[MAX_PATH] = TEXT("<unknown>"); // array for executable of process
HANDLE proc_handle = OpenProcess(PROCESS_ALL_ACCESS , false, proc_id[i]); // open the process
if(proc_handle==NULL) fprintf(proc_file,"%3u - NULL HANDLE (PID: %u) err %u\n\n",i,proc_id[i],GetLastError());
HMODULE hMod;
DWORD cbNeeded;
if(EnumProcessModulesEx( proc_handle, &hMod, sizeof(HMODULE),&cbNeeded,LIST_MODULES_ALL))
{
GetModuleBaseName( proc_handle, hMod, proc_name,sizeof(proc_name)/sizeof(TCHAR) ); // Get the name of the process
fprintf(proc_file,("%3u - %s (PID: %u)\n"),i, proc_name,proc_id[i]);
DWORD size=sizeof(file_name)/sizeof(TCHAR);
QueryFullProcessImageName(proc_handle,0,file_name,&size); // Get the name of the image base file
fprintf(proc_file,("\t%s\n"),file_name);
}
else
if(proc_handle!=NULL)
fprintf(proc_file,"%3u - EnumProcessModules() not working... (PID: %u) err %u\n",i,proc_id[i],GetLastError());
}
}
fclose(proc_file);