有没有办法从 cpp 列出每个 Windows 进程?
[英]Is there a way to list every windows processes from cpp?
问题描述
I'm recently looking to list every processes of a machine to do some action.
我最近想列出一台机器的每个进程来做一些动作。 But I'm struggling with processes which are not launched from my user (eg: system, administrator or an other user).但是我正在努力处理不是从我的用户(例如:系统、管理员或其他用户)启动的进程。
I tried some codes and some solutions but there is still anything who works.我尝试了一些代码和一些解决方案,但仍然有任何可行的方法。
I am working on the code proposed by microsoft to enumerate all the processes.我正在研究微软提出的代码来枚举所有进程。
Here is the code :这是代码:
#include <windows.h>
#include <stdio.h>
#include <tchar.h>
#include <psapi.h>
// To ensure correct resolution of symbols, add Psapi.lib to TARGETLIBS
// and compile with -DPSAPI_VERSION=1
void PrintProcessNameAndID( DWORD processID )
{
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
// Get a handle to the process.
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
// Get the process name.
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
&cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, szProcessName,
sizeof(szProcessName)/sizeof(TCHAR) );
}
}
// Print the process name and identifier.
_tprintf( TEXT("%s (PID: %u)\n"), szProcessName, processID );
// Release the handle to the process.
CloseHandle( hProcess );
}
int main( void )
{
// Get the list of process identifiers.
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
{
return 1;
}
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name and process identifier for each process.
for ( i = 0; i < cProcesses; i++ )
{
if( aProcesses[i] != 0 )
{
PrintProcessNameAndID( aProcesses[i] );
}
}
return 0;
}
This code works but does not allow you to view the processes of other users.此代码有效,但不允许您查看其他用户的进程。 Do you have an idea?你有想法吗?
Thanks everyone for your time.感谢大家的时间。 Regards问候
2 个解决方案
解决方案1
0 2021-11-10 15:04:10
As a normal user, you are not going to get far by using OpenProcess on processes you don't own.作为普通用户,在不拥有的进程上使用OpenProcess不会走得太远。 If you elevate your process and enable the debug privilege you might have more luck.如果您提升进程并启用调试权限,您可能会更幸运。 You will probably still be denied access to DRM and AntiVirus processes.您可能仍会被拒绝访问 DRM 和 AntiVirus 进程。 In general the PSAPI functions expect a lot of access to the process with PROCESS_VM_READ being the biggest issue, Windows is not going to grant you memory read access to all other processes.一般来说,PSAPI 函数期望对进程进行大量访问,而PROCESS_VM_READ是最大的问题,Windows 不会授予您对所有其他进程的内存读取访问权限。 Some of the newer APIs like GetProcessImageFileName have been upgraded (in Vista+) to only require PROCESS_QUERY_LIMITED_INFORMATION which you might be able to get for more processes.一些较新的 API,如GetProcessImageFileName已经升级(在 Vista+ 中),只需要PROCESS_QUERY_LIMITED_INFORMATION ,您可能可以获得更多进程。
I would suggest using the Toolhelp API instead, it should provide a little more info than EnumProcesses + OpenProcess .我建议改用Toolhelp API ,它应该提供比EnumProcesses + OpenProcess多一点的信息。 You can also get some information from the Performance Counters and WMI.您还可以从性能计数器和 WMI 中获取一些信息。
As a side note;作为旁注; EnumProcesses is the most useless API ever. EnumProcesses是有史以来最无用的 API。 It uses the NT API to get information about all processes then throws away all that information except the process ids.它使用 NT API 获取有关所有进程的信息,然后丢弃除进程 ID 之外的所有信息。
If you are willing to use undocumented stuff, the NT Query/Information functions will give you more information than any documented API.如果您愿意使用未记录的内容,NT 查询/信息函数将为您提供比任何记录的 API 都多的信息。
解决方案2
0 2021-11-10 15:45:06
The most reasonable solution I think would be to use CreateToolhelp32Snapshot You can do some looking up on it at https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-createtoolhelp32snapshot我认为最合理的解决方案是使用 CreateToolhelp32Snapshot 您可以在https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-createtoolhelp32snapshot上进行一些查找
Heres a small example这是一个小例子
HANDLE hProcessSnap;
PROCESSENTRY32 pe32;
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
std::cout << "CreateToolhelp32Snapshot (of processes) failed with error " << GetLastError() << std::endl;
return;
pe32.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hProcessSnap, &pe32))
{
std::cout << "Failed getting first process" << std::endl;
CloseHandle(hProcessSnap);
return;
}
do
{
std::cout << "Process: " << pe32.szExeFile << std::endl;
} while (Process32Next(hProcessSnap, &pe32));
CloseHandle(hProcessSnap);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.