C#查询进程所有者(Windows 7 x64)
[英]C# query for process owner (Windows 7 x64)
问题描述
I would like to know how to query for a process's owner in (or via) C#. 
我想知道如何在(或通过)C#中查询进程的所有者。 I've tried the example at http://www.codeproject.com/KB/cs/processownersid.aspx . 我已经在http://www.codeproject.com/KB/cs/processownersid.aspx上尝试了该示例。
WMI: Can query all process and their owners, but it's far too slow. WMI:可以查询所有进程及其所有者,但这太慢了。
WIN32: Fast, but I get a permission denied exception when querying for owner of any process but my own. WIN32:很快,但是查询除我自己以外的任何进程的所有者时,我都获得了拒绝权限的异常。
I've tried to implement impersonation to solve the WIN32 issue, no go. 我已经尝试实施模拟来解决WIN32问题,但不能。 I've also tried running the compiled .exe as an administrator, no go. 我也尝试过以管理员身份运行已编译的.exe,这是不行的。 I'm only a few months into this C# thing, so go easy. 我只花了几个月的时间来学习C#,所以轻松一点。
2 个解决方案
解决方案1
0 2012-01-14 08:57:10
Seems like I've misunderstood the question first, sorry. 抱歉,我似乎先误解了这个问题。 Just found an interesting topic on the subject which may help you. 刚刚找到了一个有趣的话题 ,可能对您有所帮助。
解决方案2
0 已采纳 2012-01-14 17:49:02
I added the following to the Win32 example from: http://www.codeproject.com/KB/cs/processownersid.aspx 我将以下内容添加到Win32示例中: http : //www.codeproject.com/KB/cs/processownersid.aspx
static void ProcessSID(Process process)
{
string sid;
ExGetProcessInfoByPID(process.Id, out sid);
Console.WriteLine("{0} {1} {2}", process.Id, process.ProcessName, sid);
}
static void Main(string[] args)
{
foreach (Process process in Process.GetProcesses())
{
ProcessSID(process);
}
}
and when I run it as administrator it successfully prints the SIDs for all processes (except System and protected processes such as audiodg). 当我以管理员身份运行它时,它会成功打印所有进程的SID(系统和受保护的进程,例如audiodg除外)。 It doesn't produce an access-denied error. 它不会产生拒绝访问的错误。
Does this code work for you? 这些代码在你那正常吗?
I'm also using Windows 7 x64. 我也在使用Windows 7 x64。
Update 更新资料
This works for all processes except RunAs processes. 这适用于RunAs进程以外的所有进程。 The problem is the internals of Process.Handle, which ask for too many permissions. 问题出在Process.Handle的内部,要求太多的权限。
If you replace the call to Process.Handle with 如果将对Process.Handle的调用替换为
IntPtr procHandle=OpenProcess(ProcessAccessFlags.QueryInformation, false, PID);
and add the following definitions then the code also works with RunAs processes. 并添加以下定义,则代码也可用于RunAs流程。
[Flags]
enum ProcessAccessFlags : uint
{
All = 0x001F0FFF,
Terminate = 0x00000001,
CreateThread = 0x00000002,
VMOperation = 0x00000008,
VMRead = 0x00000010,
VMWrite = 0x00000020,
DupHandle = 0x00000040,
SetInformation = 0x00000200,
QueryInformation = 0x00000400,
Synchronize = 0x00100000,
ReadControl = 0x00020000
}
[DllImport("kernel32.dll")]
static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.