Eine gute Methode um an Prozess Informationen von WinNT zu kommen.
C
#include <windows.h>
#include <cstdio>
#include <wtsapi32.h>
#include <psapi.h>
char procs[4096];
/*/////////////////////////////////////
//Process username from Users sid
*//////////////////////////////////////
char* GetUserFromPID(PSID pUserSid)
{
if (pUserSid == NULL)
return false;
SID_NAME_USE snu;
char szUser[_MAX_PATH];
DWORD chUser = _MAX_PATH;
PDWORD pcchUser = &chUser;
char szDomain[_MAX_PATH];
DWORD chDomain = _MAX_PATH;
PDWORD pcchDomain = &chDomain;
strcpy(szUser, "Unknown");
if (::LookupAccountSid(NULL, pUserSid, szUser, pcchUser, szDomain, pcchDomain, &snu))
{
return(szUser);
}
else
{
return("Unknown");
}
return(szUser);
}
/*/////////////////////////////////////
//Exe path from process ID
*//////////////////////////////////////
char* PDirName(DWORD PID){
HANDLE Handle;
char buffer[MAX_PATH];
Handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, PID);
if (Handle != 0)
{
if (GetModuleFileNameEx(Handle, 0, buffer, MAX_PATH) != 0)
{
return (buffer);
}else{
return ("Unknown");
}
CloseHandle(Handle);
}
}
/*/////////////////////////////////////
//Process list
*//////////////////////////////////////
char* PrcList()
{
ZeroMemory(&procs,sizeof(procs));
PWTS_PROCESS_INFO pProcessInfo;
DWORD ProcessCount = 0;
char szUserName[255];
DWORD Id = -1;
char buffer[4096];
if (WTSEnumerateProcesses(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pProcessInfo, &ProcessCount))
{
for (DWORD CurrentProcess = 0; CurrentProcess < ProcessCount; CurrentProcess++)
{
Id = pProcessInfo[CurrentProcess].ProcessId;
sprintf(buffer,"Name: %s Process Id : %d Username: %s Path: %s\n",pProcessInfo[CurrentProcess].pProcessName,Id,GetUserFromPID(pProcessInfo[CurrentProcess].pUserSid),PDirName(Id));
strcat(procs,buffer);
}
}
ZeroMemory(&pProcessInfo,sizeof(pProcessInfo));
return (procs);
}
int main()
{
printf(PrcList());
return 0;
}Syler