获取服务进程server.exe的pid(0号崩溃)
Posted hshy
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了获取服务进程server.exe的pid(0号崩溃)相关的知识,希望对你有一定的参考价值。
#include "stdafx.h" #include <windows.h> #include <iostream> #include <COMDEF.H> #include <stdio.h> #include <Tlhelp32.h> using namespace std; typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; } UNICODE_STRING, * PUNICODE_STRING; //SystemProcessInformation typedef struct _SYSTEM_PROCESS_INFORMATION { DWORD dwNextEntryOffset; DWORD dwNumberOfThreads; LARGE_INTEGER qSpareLi1; LARGE_INTEGER qSpareLi2; LARGE_INTEGER qSpareLi3; LARGE_INTEGER qCreateTime; LARGE_INTEGER qUserTime; LARGE_INTEGER qKernelTime; UNICODE_STRING ImageName; int nBasePriority; DWORD dwProcessId; DWORD dwInheritedFromUniqueProcessId; DWORD dwHandleCount; DWORD dwSessionId; ULONG dwSpareUl3; SIZE_T tPeakVirtualSize; SIZE_T tVirtualSize; DWORD dwPageFaultCount; DWORD dwPeakWorkingSetSize; DWORD dwWorkingSetSize; SIZE_T tQuotaPeakPagedPoolUsage; SIZE_T tQuotaPagedPoolUsage; SIZE_T tQuotaPeakNonPagedPoolUsage; SIZE_T tQuotaNonPagedPoolUsage; SIZE_T tPagefileUsage; SIZE_T tPeakPagefileUsage; SIZE_T tPrivatePageCount; LARGE_INTEGER qReadOperationCount; LARGE_INTEGER qWriteOperationCount; LARGE_INTEGER qOtherOperationCount; LARGE_INTEGER qReadTransferCount; LARGE_INTEGER qWriteTransferCount; LARGE_INTEGER qOtherTransferCount; }SYSTEM_PROCESS_INFORMATION; /*---------------------------------------------------- 函数说明: 动态加载动库文件 输入参数: pDllName 库文件名称,pProcName导出函数名字 输出参数: 无 返回值 : 返回函数的的地址 ----------------------------------------------------*/ VOID* GetDllProc(const TCHAR* pDllName, const CHAR* pProcName) { HMODULE hMod; hMod = LoadLibrary(pDllName); if (hMod == NULL) return NULL; return GetProcAddress(hMod, pProcName); } //宏定义函数的指针 typedef LONG(WINAPI* Fun_NtQuerySystemInformation) (int SystemInformationClass, OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT ULONG* pReturnLength OPTIONAL); typedef BYTE(WINAPI* Fun_WinStationGetProcessSid)(HANDLE hServer, DWORD ProcessId, FILETIME ProcessStartTime, PBYTE pProcessUserSid, PDWORD dwSidSize); typedef VOID(WINAPI* Fun_CachedGetUserFromSid)(PSID pSid, PWCHAR pUserName, PULONG cbUserName); #define STATUS_INFO_LENGTH_MISMATCH ((LONG)0xC0000004L) #define SystemProcessInformation 5 /*------------------------------------------------------------------ 函数说明: 获取系统进程的信息 输入参数: SYSTEM_PROCESS_INFORMATION 输出参数: 无 --------------------------------------------------------------------*/ BOOL GetSysProcInfo(SYSTEM_PROCESS_INFORMATION * *ppSysProcInfo) { Fun_NtQuerySystemInformation _NtQuerySystemInformation; _NtQuerySystemInformation = (Fun_NtQuerySystemInformation)::GetDllProc(TEXT("NTDLL.DLL"), "NtQuerySystemInformation"); if (_NtQuerySystemInformation == NULL) return FALSE; DWORD dwSize = 1024 * 1024; VOID* pBuf = NULL; LONG lRetVal; while(true) { if (pBuf) free(pBuf); pBuf = (VOID*)malloc(dwSize); lRetVal = _NtQuerySystemInformation(SystemProcessInformation,pBuf, dwSize, NULL); if (STATUS_INFO_LENGTH_MISMATCH != lRetVal) break; dwSize *= 2; } if (lRetVal == 0) { *ppSysProcInfo = (SYSTEM_PROCESS_INFORMATION*)pBuf; return TRUE; } free(pBuf); return FALSE; } BOOL GetProcessUser(DWORD dwPid, _bstr_t* pbStrUser) { Fun_WinStationGetProcessSid _WinStationGetProcessSid; Fun_CachedGetUserFromSid _CachedGetUserFromSid; _WinStationGetProcessSid = (Fun_WinStationGetProcessSid) GetDllProc(TEXT("Winsta.dll"), "WinStationGetProcessSid"); _CachedGetUserFromSid = (Fun_CachedGetUserFromSid) GetDllProc(TEXT("utildll.dll"), "CachedGetUserFromSid"); if (_WinStationGetProcessSid == NULL || _CachedGetUserFromSid == NULL) return FALSE; BYTE cRetVal; FILETIME ftStartTime; DWORD dwSize; BYTE* pSid; BOOL bRetVal, bFind; SYSTEM_PROCESS_INFORMATION* pProcInfo, * pCurProcInfo; bRetVal = GetSysProcInfo(&pProcInfo); if (bRetVal == FALSE || pProcInfo == NULL) return FALSE; bFind = FALSE; pCurProcInfo = pProcInfo; for (;;) { if (pCurProcInfo->dwProcessId == dwPid) { memcpy(&ftStartTime, &pCurProcInfo->qCreateTime, sizeof(ftStartTime)); bFind = TRUE; break; } if (pCurProcInfo->dwNextEntryOffset == 0) break; pCurProcInfo = (SYSTEM_PROCESS_INFORMATION*)((BYTE*)pCurProcInfo + pCurProcInfo->dwNextEntryOffset); } if (bFind == FALSE) { free(pProcInfo); return FALSE; } cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, NULL, &dwSize); if (cRetVal != 0) return FALSE; pSid = new BYTE[dwSize]; cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, pSid, &dwSize); if (cRetVal == 0) { delete[] pSid; return FALSE; } WCHAR szUserName[1024]; _CachedGetUserFromSid(pSid, szUserName, &dwSize); delete[] pSid; if (dwSize == 0) return FALSE; *pbStrUser = szUserName; return TRUE; } void AdjustPrivilege() { HANDLE hToken; if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)) { printf("OpenProcessToken error "); return; } LUID myLUID; LookupPrivilegeValue(NULL,SE_DEBUG_NAME, &myLUID); TOKEN_PRIVILEGES tp={sizeof(tp)}; tp.PrivilegeCount=1; tp.Privileges[0].Luid=myLUID; tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; if(AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL)) { /*MessageBox(NULL,TEXT("权限提升成功"),TEXT(""),0);*/ } CloseHandle(hToken); } int main() { TCHAR szProcessName[] = TEXT("services.exe"); BOOL bFind = FALSE; TCHAR ch[256] = { 0 }; _bstr_t bs; memcpy(&bs, ch, sizeof(bs)); PROCESSENTRY32 pe32; pe32.dwSize = sizeof(pe32); HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);//获取进程快照 if(hProcessSnap == INVALID_HANDLE_VALUE) return false; BOOL bResult = Process32First(hProcessSnap,&pe32); AdjustPrivilege(); while (bResult) { GetProcessUser(804, &bs); bResult = Process32Next(hProcessSnap,&pe32); } // GetProcessUser(pi.th32ProcessID, &bs); //第一个参数写的是你的进程ID }
以上是关于获取服务进程server.exe的pid(0号崩溃)的主要内容,如果未能解决你的问题,请参考以下文章
CentOS7 uwsgi重启(通过shell脚本获取进程号并kill)