[英]How to get owner of process running on remote machine without WMI
我正在创建远程任务管理器应用程序,我正在尝试弄清楚如何在没有 WMI 的情况下获得在远程机器上运行的进程的进程所有者。 使用 WMI 确实很容易,但它太慢了。 我试图使用 WTSQuerySessionInformation,但它只适用于本地机器。
为了更详细地说明,我的远程任务管理器应用程序将在工作站上运行,并将连接到另一个工作站以及同一网络中的服务器。 将运行应用程序的用户将是两台机器上的管理员。
请问,您知道如何获得远程进程的所有者的另一种方法,或者对我下面的代码进行一些改进/修复吗?
public static Dictionary<Process, string> GetOwners(this IEnumerable<Process> processes)
{
Dictionary<Process, string> result = new Dictionary<Process, string>();
if (processes == null || processes.Count() == 0) { return result; }
string select = "SELECT Handle, ProcessID FROM Win32_Process";
select += processes.Count() <= 10 ? string.Format(" WHERE ProcessID = {0}", string.Join(" OR ProcessID = ", processes.Select(p => p.Id))) : string.Empty;
ManagementScope scope = new ManagementScope(string.Format("\\\\{0}\\root\\cimv2", processes.ElementAt(0).MachineName));
SelectQuery selectQuery = new SelectQuery(select);
scope.Connect();
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, selectQuery))
{
using (ManagementObjectCollection objectCollection = searcher.Get())
{
foreach (ManagementObject managementObject in objectCollection)
{
try
{
int id = Convert.ToInt32(managementObject["ProcessID"]);
string owner = managementObject.InvokeMethod("GetOwner", null, null)["User"]?.ToString();
result.Add(processes.Single(p => p.Id == id), owner);
}
catch
{
}
}
}
}
return result;
}
public static Dictionary<Process, string> GetPInvokeProperties(this IEnumerable<Process> processes)
{
Dictionary<Process, string> result = new Dictionary<Process, string>();
if (processes == null || processes.Count() == 0) { return result; }
string machineName = processes.ElementAt(0).MachineName;
IntPtr serverHandle = (machineName == Environment.MachineName || machineName == ".") ? IntPtr.Zero : NativeMethods.OpenServer(machineName);
foreach (Process process in processes)
{
try
{
IntPtr buffer;
int strLen;
string username = "SYSTEM";
if (NativeMethods.QuerySessionInformation(serverHandle, process.SessionId, WTS_INFO_CLASS.WTSUserName, out buffer, out strLen) && strLen > 1)
{
username = Marshal.PtrToStringUni(buffer);
NativeMethods.FreeMemory(buffer);
}
result.Add(process, username);
}
catch
{}
}
NativeMethods.CloseServer(serverHandle);
return result;
}
public static class NativeMethods
{
#region Native Methods
[DllImport("wtsapi32.dll")]
private static extern IntPtr WTSOpenServer([MarshalAs(UnmanagedType.LPStr)] string pServerName);
[DllImport("wtsapi32.dll")]
private static extern void WTSCloseServer(IntPtr hServer);
[DllImport("Wtsapi32.dll")]
private static extern void WTSFreeMemory(IntPtr pointer);
[DllImport("Wtsapi32.dll")]
private static extern bool WTSQuerySessionInformationW(IntPtr hServer, int sessionId, WTS_INFO_CLASS wtsInfoClass, out IntPtr ppBuffer, out int pBytesReturned);
#endregion
#region Public Methods
public static IntPtr OpenServer(string Name)
{
IntPtr server = WTSOpenServer(Name);
return server;
}
public static void CloseServer(IntPtr ServerHandle)
{
WTSCloseServer(ServerHandle);
}
public static void FreeMemory(IntPtr pointer)
{
WTSFreeMemory(pointer);
}
public static bool QuerySessionInformation(IntPtr hServer, int sessionId, WTS_INFO_CLASS wtsInfoClass, out IntPtr ppBuffer, out int pBytesReturned)
{
return WTSQuerySessionInformationW(hServer, sessionId, wtsInfoClass, out ppBuffer, out pBytesReturned);
}
#endregion
}
我建议移到较新的命名空间,因为System.Management
较旧、较慢且无法扩展。 您所追求的较新框架是Microsoft.Management.Infrastructure
。 这是解释这一点的Microsoft 文档以及两者的示例。
所以你会使用这样的东西:
Using Microsoft.Management.Infrastructure;
CimSession Session = CimSession.Create("computer_name");
CimInstance Instance = Session.QueryInstances(@"root\cimv2", "WQL", "SELECT Name FROM Win32_ComputerSystem");
foreach (CimInstance i in Instance){
Console.WriteLine(i.CimInstanceProperties["Name"].Value);
}
或者
Using Microsoft.Management.Infrastructure;
CimSession Session = CimSession.Create("computer_name");
CimInstance Instance = Session.QueryInstances(@"root\cimv2", "WQL", "SELECT Name FROM Win32_ComputerSystem").First();
Console.WriteLine(Instance.CimInstanceProperties["Name"].Value);
我希望这会给你一些新的兔子洞来解决:-D 如果你需要其他任何东西,请告诉我们:)
经过一些测试并感谢@IT Delinquent 的精彩提示,我创建了获取流程所有者的最终方法。 它仍然不是超级快,但已经足够快了。 在我的问题中针对上述 WMI 方法是否有超过 60% 的加速,我相信仍有改进的空间。
示例:从另一个 VLAN 中的工作站获取数据(进程所有者、ID、句柄、ExecutablePath、描述、CommandLine ),但在相同的网络域中使用大约 200道工序:
public struct WMIProcessProperties
{
public string Owner;
public int ID;
}
public static async Task<Dictionary<Process, WMIProcessProperties>> GetWMIProperties(this IEnumerable<Process> processes)
{
Dictionary<Process, WMIProcessProperties> result = new Dictionary<Process, WMIProcessProperties>();
if (processes == null || processes.Count() == 0) { return result; }
string selectQuery = "SELECT Handle, ProcessID FROM Win32_Process";
selectQuery += processes.Count() <= 10 ? string.Format(" WHERE ProcessID = {0}", string.Join(" OR ProcessID = ", processes.Select(p => p.Id))) : string.Empty;
using (CimSession session = await Task.Run(() => CimSession.Create(processes.ElementAt(0).MachineName)))
{
List<CimInstance> instances = await Task.Run(() => session.QueryInstances(@"root\cimv2", "WQL", selectQuery).ToList());
List<Task<WMIProcessProperties>> tasks = new List<Task<WMIProcessProperties>>();
for (int i = 0; i < instances.Count; i++)
{
CimInstance currentInstance = instances[i];
tasks.Add(Task.Run(() =>
{
int id = Convert.ToInt32(currentInstance.CimInstanceProperties["ProcessID"].Value);
string owner;
using (CimMethodResult getOwnerResult = session.InvokeMethod(currentInstance, "GetOwner", null))
{
owner = getOwnerResult.OutParameters["User"]?.Value?.ToString();
}
currentInstance.Dispose();
return new WMIProcessProperties { Owner = owner, ID = id };
}));
}
WMIProcessProperties[] wmiProcessProperties = await Task.WhenAll(tasks).ConfigureAwait(false);
for (int i = 0; i < wmiProcessProperties.Length; i++)
{
result.Add(processes.Single(p => p.Id == wmiProcessProperties[i].ID), wmiProcessProperties[i]);
}
}
return result;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.