获取系统进程快照 c语言实现

[cpp]  view plain copy /************************************************************************/   /* 云守护      email：542335496@qq.com                                                                     */   /************************************************************************/   #include <stdio.h>   #include <windows.h>   #include <TLHELP32.H>   #include <ntsecapi.h>   //需升级windows sdk,静态调用   #include    "psapi.h"   #pragma comment (lib,"psapi.lib")         //设置字体颜色   void SetColor(unsigned short ForeColor=4,unsigned short BackGroundColor=0)   {       HANDLE hCon = GetStdHandle(STD_OUTPUT_HANDLE);//获得缓冲区句柄       SetConsoleTextAttribute(hCon,ForeColor|BackGroundColor);//设置文本及背景颜色，可以使用color -?查看   };   //通过系统快照获取进程   BOOL GetProcessList(){          HANDLE hProcessSnap;       HANDLE hModuleSnap;       BOOL bRet=FALSE;       BOOL bModule=FALSE;       PROCESSENTRY32 pe32={0};       MODULEENTRY32 me32={0};       pe32.dwSize=sizeof(PROCESSENTRY32);       me32.dwSize=sizeof(MODULEENTRY32);       hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);       bRet=Process32First(hProcessSnap,&pe32);       while(bRet){                      SetColor(0,2);           printf("进程：%s\n",pe32.szExeFile);           SetColor(0,7);           hModuleSnap=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);           bModule=Module32First(hModuleSnap,&me32);           while(bModule){               printf("\t模块：%s\n",me32.szExePath);               bModule=Module32Next(hModuleSnap,&me32);              }           bRet=Process32Next(hProcessSnap,&pe32);       }       CloseHandle(hProcessSnap);       CloseHandle(hModuleSnap);          return TRUE;   }   //第二种方法 PSAPI 静态调用   BOOL GetProcessListByPSAPi(){          DWORD ProcessCount;       DWORD cbNeeded;       DWORD ProcessId[1024];              EnumProcesses(ProcessId,sizeof(ProcessId),&cbNeeded);       ProcessCount = cbNeeded/sizeof(DWORD);              HMODULE hModule;       char    szPath[MAX_PATH];              for(DWORD i = 0; i < ProcessCount; i ++)       {           HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,ProcessId[i]);           if(hProcess)           {               EnumProcessModules(hProcess,&hModule,sizeof(hModule),&cbNeeded);               GetModuleFileNameEx(hProcess,hModule,szPath,sizeof(szPath));               SetColor(0,6);               printf("PID:%d ",ProcessId[i]);               SetColor(0,7);               printf("\t%s\n",szPath);           }           else               continue;       }       return TRUE;      }      //第三种方法 WTSAPI   typedef struct _WTS_PROCESS_INFO{       DWORD SessionId;       DWORD ProcessId;       LPTSTR pProcessName;       PSID pUserSid;   }WTS_PROCESS_INFO,*PWTS_PROCESS_INFO;      typedef HANDLE (WINAPI *WTSOPENSERVER)(LPTSTR pServerName);      typedef BOOL (WINAPI *WTSENUMRATEPROCESSES)(HANDLE hServer,DWORD Reserved,DWORD Version,PWTS_PROCESS_INFO* ppProcessInfo,DWORD *pCount);      //动态调用,合适用于windows NT/2000终端服务   BOOL GetProcessByWTSAPI(){          HMODULE hWtsApi32 = LoadLibrary("wtsapi32.dll");       if(hWtsApi32==NULL){           printf("请升级sdk，没有找到wtsapi.dll");           return FALSE;       }       WTSOPENSERVER pWtsOpenServer = (WTSOPENSERVER)GetProcAddress(hWtsApi32,"WTSOpenSeverA");       WTSENUMRATEPROCESSES pWtsEnumrateProcesses = (WTSENUMRATEPROCESSES)GetProcAddress(hWtsApi32,"WTSEnumrateProcessesA");       //终端服务名字,可以使用nbtstat -an 命令查看       char *szServerName = " 1FB978629C104D4";       HANDLE hWtsServer = pWtsOpenServer(szServerName);              PWTS_PROCESS_INFO pWtsapi;       DWORD dwCount;              if(!pWtsEnumrateProcesses(hWtsServer,0,1,&pWtsapi,&dwCount))           return FALSE;              for(DWORD i = 0; i < dwCount; i ++)       {           printf("ProcessID: %d (%s)\n",pWtsapi[i].ProcessId,pWtsapi[i].pProcessName);       }          return TRUE;   }   //第四种方法   #define SystemProcessesAndThreadsInformation    5   // 动态调用   typedef DWORD (WINAPI *ZWQUERYSYSTEMINFORMATION) (DWORD,                                                     PVOID,                                                     DWORD,                                                     PDWORD);   // 结构定义   typedef struct _SYSTEM_PROCESS_INFORMATION{       DWORD       NextEntryDelta;       DWORD       ThreadCount;       DWORD       Reserved1[6];       FILETIME    ftCreateTime;       FILETIME    ftUserTime;       FILETIME    ftKernelTime;       UNICODE_STRING ProcessName;       DWORD       BasePriority;       DWORD       ProcessId;       DWORD       InheritedFromProcessId;       DWORD       HandleCount;       DWORD       Reserved2[2];       DWORD       VmCounters;       DWORD       dCommitCharge;       PVOID       ThreadInfos[1];   }SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;         BOOL GetProcessListByNTDLL(){          // 导出函数       HMODULE hNtDll = GetModuleHandle("ntdll.dll");       ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation = (ZWQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"ZwQuerySystemInformation");              ULONG  cbBuffer = 0x10000;       LPVOID pBuffer  = NULL;              pBuffer = malloc(cbBuffer);       if(pBuffer == NULL)           return -1;         // 获取进程信息       ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,pBuffer,cbBuffer,NULL);       // 指针指向链表头部       PSYSTEM_PROCESS_INFORMATION pInfo = (PSYSTEM_PROCESS_INFORMATION)pBuffer;          // 输出结果       for(;;)       {           SetColor(0,13);           printf("PID:%d  ",pInfo->ProcessId);           SetColor(0,7);           printf("\t%ls\n",pInfo->ProcessName.Buffer);           if(pInfo->NextEntryDelta == 0)               break;                 // 读取下一个节点           pInfo = (PSYSTEM_PROCESS_INFORMATION)(((PUCHAR)pInfo)+pInfo->NextEntryDelta);       }       // 释放缓冲区       free(pBuffer);          return TRUE;   }   void main(){          //GetProcessList();       //GetProcessListByPSAPi();       //GetProcessByWTSAPI();       GetProcessListByNTDLL();   }   原文地址

http://blog.csdn.net/earbao/article/details/8464715

相关资源：C语言 ExitWindowsEx()函数 调用多个API，获取关机进程特权，重新启动计算机