获取服务进程server.exe的pid(0号崩溃)

Posted hshy

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了获取服务进程server.exe的pid(0号崩溃)相关的知识,希望对你有一定的参考价值。

#include "stdafx.h"
#include <windows.h> 
#include <iostream>
#include <COMDEF.H> 
#include <stdio.h> 
#include <Tlhelp32.h>
using namespace std;


typedef struct _UNICODE_STRING {
    USHORT Length;
    USHORT MaximumLength;
    PWSTR   Buffer;
} UNICODE_STRING, * PUNICODE_STRING;

//SystemProcessInformation 
typedef struct _SYSTEM_PROCESS_INFORMATION
{
    DWORD             dwNextEntryOffset;
    DWORD             dwNumberOfThreads;
    LARGE_INTEGER     qSpareLi1;
    LARGE_INTEGER     qSpareLi2;
    LARGE_INTEGER     qSpareLi3;
    LARGE_INTEGER     qCreateTime;
    LARGE_INTEGER     qUserTime;
    LARGE_INTEGER     qKernelTime;
    UNICODE_STRING     ImageName;
    int                 nBasePriority;
    DWORD             dwProcessId;
    DWORD             dwInheritedFromUniqueProcessId;
    DWORD             dwHandleCount;
    DWORD             dwSessionId;
    ULONG             dwSpareUl3;
    SIZE_T             tPeakVirtualSize;
    SIZE_T             tVirtualSize;
    DWORD             dwPageFaultCount;
    DWORD             dwPeakWorkingSetSize;
    DWORD             dwWorkingSetSize;
    SIZE_T             tQuotaPeakPagedPoolUsage;
    SIZE_T             tQuotaPagedPoolUsage;
    SIZE_T             tQuotaPeakNonPagedPoolUsage;
    SIZE_T             tQuotaNonPagedPoolUsage;
    SIZE_T             tPagefileUsage;
    SIZE_T             tPeakPagefileUsage;
    SIZE_T             tPrivatePageCount;
    LARGE_INTEGER     qReadOperationCount;
    LARGE_INTEGER     qWriteOperationCount;
    LARGE_INTEGER     qOtherOperationCount;
    LARGE_INTEGER     qReadTransferCount;
    LARGE_INTEGER     qWriteTransferCount;
    LARGE_INTEGER     qOtherTransferCount;
}SYSTEM_PROCESS_INFORMATION;


/*----------------------------------------------------
       函数说明: 动态加载动库文件
           输入参数: pDllName 库文件名称,pProcName导出函数名字
           输出参数: 无
           返回值   : 返回函数的的地址
----------------------------------------------------*/

VOID* GetDllProc(const TCHAR* pDllName, const CHAR* pProcName)
{
    HMODULE         hMod;
    hMod = LoadLibrary(pDllName);
    if (hMod == NULL)
        return NULL;

    return GetProcAddress(hMod, pProcName);
}

//宏定义函数的指针 
typedef LONG(WINAPI* Fun_NtQuerySystemInformation) (int   SystemInformationClass,
    OUT PVOID SystemInformation,
    IN ULONG SystemInformationLength,
    OUT ULONG* pReturnLength OPTIONAL);

typedef BYTE(WINAPI* Fun_WinStationGetProcessSid)(HANDLE hServer, DWORD   ProcessId,

    FILETIME   ProcessStartTime, PBYTE pProcessUserSid, PDWORD dwSidSize);

typedef VOID(WINAPI* Fun_CachedGetUserFromSid)(PSID pSid, PWCHAR pUserName, PULONG cbUserName);

#define STATUS_INFO_LENGTH_MISMATCH         ((LONG)0xC0000004L)

#define SystemProcessInformation         5 


/*------------------------------------------------------------------
     函数说明: 获取系统进程的信息
         输入参数: SYSTEM_PROCESS_INFORMATION
         输出参数: 无

--------------------------------------------------------------------*/
BOOL GetSysProcInfo(SYSTEM_PROCESS_INFORMATION * *ppSysProcInfo)
{
    Fun_NtQuerySystemInformation     _NtQuerySystemInformation;
    _NtQuerySystemInformation = (Fun_NtQuerySystemInformation)::GetDllProc(TEXT("NTDLL.DLL"), "NtQuerySystemInformation");
    if (_NtQuerySystemInformation == NULL)
        return FALSE;

    DWORD         dwSize = 1024 * 1024;
    VOID* pBuf = NULL;
    LONG         lRetVal;

    while(true)
    {
        if (pBuf)
            free(pBuf);

        pBuf = (VOID*)malloc(dwSize);

        lRetVal = _NtQuerySystemInformation(SystemProcessInformation,pBuf, dwSize, NULL);

        if (STATUS_INFO_LENGTH_MISMATCH != lRetVal)
            break;
        dwSize *= 2;
    }

    if (lRetVal == 0)
    {
        *ppSysProcInfo = (SYSTEM_PROCESS_INFORMATION*)pBuf;
        return TRUE;
    }
    free(pBuf);
    return FALSE;
}



BOOL GetProcessUser(DWORD dwPid, _bstr_t* pbStrUser)
{
    Fun_WinStationGetProcessSid         _WinStationGetProcessSid;
    Fun_CachedGetUserFromSid         _CachedGetUserFromSid;

    _WinStationGetProcessSid = (Fun_WinStationGetProcessSid)
        GetDllProc(TEXT("Winsta.dll"), "WinStationGetProcessSid");
    _CachedGetUserFromSid = (Fun_CachedGetUserFromSid)
        GetDllProc(TEXT("utildll.dll"), "CachedGetUserFromSid");

    if (_WinStationGetProcessSid == NULL || _CachedGetUserFromSid == NULL)
        return FALSE;

    BYTE         cRetVal;
    FILETIME     ftStartTime;
    DWORD         dwSize;
    BYTE* pSid;
    BOOL         bRetVal, bFind;
    SYSTEM_PROCESS_INFORMATION* pProcInfo, * pCurProcInfo;

    bRetVal = GetSysProcInfo(&pProcInfo);
    if (bRetVal == FALSE || pProcInfo == NULL)
        return FALSE;

    bFind = FALSE;
    pCurProcInfo = pProcInfo;
    for (;;)
    {
        if (pCurProcInfo->dwProcessId == dwPid)
        {
            memcpy(&ftStartTime, &pCurProcInfo->qCreateTime, sizeof(ftStartTime));
            bFind = TRUE;
            break;
        }

        if (pCurProcInfo->dwNextEntryOffset == 0)
            break;
        pCurProcInfo = (SYSTEM_PROCESS_INFORMATION*)((BYTE*)pCurProcInfo +
            pCurProcInfo->dwNextEntryOffset);
    }
    if (bFind == FALSE)
    {
        free(pProcInfo);
        return FALSE;
    }

    
    cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, NULL, &dwSize);
    if (cRetVal != 0)
        return FALSE;

    pSid = new BYTE[dwSize];
    cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, pSid, &dwSize);
    if (cRetVal == 0)
    {
        delete[] pSid;
        return FALSE;
    }

    WCHAR   szUserName[1024];
    
    _CachedGetUserFromSid(pSid, szUserName, &dwSize);
    delete[] pSid;
    if (dwSize == 0)
        return FALSE;

    *pbStrUser = szUserName;
    return TRUE;
}

void AdjustPrivilege()
{

    HANDLE hToken;

    if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))
    {
        printf("OpenProcessToken error
");
        return;
    }
    LUID myLUID;
    LookupPrivilegeValue(NULL,SE_DEBUG_NAME, &myLUID);
    TOKEN_PRIVILEGES tp={sizeof(tp)};
    tp.PrivilegeCount=1;
    tp.Privileges[0].Luid=myLUID;
    tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
    if(AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL))
    {
        /*MessageBox(NULL,TEXT("权限提升成功"),TEXT(""),0);*/
    }
    CloseHandle(hToken);
}

int main()
{
 
    TCHAR szProcessName[] = TEXT("services.exe");
    BOOL bFind = FALSE;
    TCHAR ch[256] = { 0 };
    _bstr_t bs;
    memcpy(&bs, ch, sizeof(bs));

    PROCESSENTRY32 pe32;
    pe32.dwSize = sizeof(pe32);
    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);//获取进程快照
    if(hProcessSnap == INVALID_HANDLE_VALUE)
        return false;
    BOOL bResult = Process32First(hProcessSnap,&pe32);
    AdjustPrivilege();
    while (bResult)
    {
          GetProcessUser(804, &bs);
          bResult = Process32Next(hProcessSnap,&pe32);
    }    


        //    GetProcessUser(pi.th32ProcessID, &bs); //第一个参数写的是你的进程ID 
            
}

 

以上是关于获取服务进程server.exe的pid(0号崩溃)的主要内容,如果未能解决你的问题,请参考以下文章

CentOS7 uwsgi重启(通过shell脚本获取进程号并kill)

多任务-进程之PID

windows10 怎么看进程的pid

linux进程控制

如何从 iOS 系统上的进程 pid 中获取其他应用程序图标?

当父母在python中崩溃时杀死子进程