获取Windows中另一个进程的命令行参数
发布时间:2020-12-13 22:32:28 所属栏目:Windows 来源:网络整理
导读:如何使用C语言中的WMI获取 Windows中所有正在运行的进程的命令行参数? 解决方法 您必须使用 Win32_Process WMI类并检查CommandLine属性的值,还要看一下这篇文章 How do I get the command line of another process ,它解释了字符串是……只是“预初始化变量
|
如何使用C语言中的WMI获取
Windows中所有正在运行的进程的命令行参数?
解决方法
您必须使用
Win32_Process WMI类并检查CommandLine属性的值,还要看一下这篇文章
How do I get the command line of another process,它解释了字符串是……只是“预初始化变量”,原则上是一个过程(并且很多在实践中,虽然通常是无意中)写入保存命令行的内存
更新 C样本 #define _WIN32_WINNT 0x0400
#define _WIN32_DCOM
#include <stdio.h>
#include <tchar.h>
#include <windows.h>
#include <wbemidl.h>
void _tmain(int argc,_TCHAR* argv[])
{
HRESULT hr = 0;
IWbemLocator *WbemLocator = NULL;
IWbemServices *WbemServices = NULL;
IEnumWbemClassObject *EnumWbem = NULL;
//initializate the Windows security
hr = CoInitializeEx(0,COINIT_MULTITHREADED);
hr = CoInitializeSecurity(NULL,-1,NULL,RPC_C_AUTHN_LEVEL_DEFAULT,RPC_C_IMP_LEVEL_IMPERSONATE,EOAC_NONE,NULL);
hr = CoCreateInstance(&CLSID_WbemLocator,CLSCTX_INPROC_SERVER,&IID_IWbemLocator,(LPVOID *) &WbemLocator);
//connect to the WMI
hr = WbemLocator->lpVtbl->ConnectServer(WbemLocator,L"ROOTCIMV2",&WbemServices);
//Run the WQL Query
hr = WbemServices->lpVtbl->ExecQuery(WbemServices,L"WQL",L"SELECT ProcessId,CommandLine FROM Win32_Process",WBEM_FLAG_FORWARD_ONLY,&EnumWbem);
// Iterate over the enumerator
if (EnumWbem != NULL) {
IWbemClassObject *result = NULL;
ULONG returnedCount = 0;
while((hr = EnumWbem->lpVtbl->Next(EnumWbem,WBEM_INFINITE,1,&result,&returnedCount)) == S_OK) {
VARIANT ProcessId;
VARIANT CommandLine;
// access the properties
hr = result->lpVtbl->Get(result,L"ProcessId",&ProcessId,0);
hr = result->lpVtbl->Get(result,L"CommandLine",&CommandLine,0);
if (!(CommandLine.vt==VT_NULL))
wprintf(L"%u %s rn",ProcessId.uintVal,CommandLine.bstrVal);
result->lpVtbl->Release(result);
}
}
// Release the resources
EnumWbem->lpVtbl->Release(EnumWbem);
WbemServices->lpVtbl->Release(WbemServices);
WbemLocator->lpVtbl->Release(WbemLocator);
CoUninitialize();
getchar();
}
Borland C样本 #pragma hdrstop
#include <iostream>
using namespace std;
#include <wbemcli.h>
#include <comdef.h>
//CREDENTIAL structure
//http://msdn.microsoft.com/en-us/library/windows/desktop/aa374788%28v=vs.85%29.aspx
#define CRED_MAX_USERNAME_LENGTH 513
#define CRED_MAX_CREDENTIAL_BLOB_SIZE 512
#define CREDUI_MAX_USERNAME_LENGTH CRED_MAX_USERNAME_LENGTH
#define CREDUI_MAX_PASSWORD_LENGTH (CRED_MAX_CREDENTIAL_BLOB_SIZE / 2)
// The Win32_Process class represents a sequence of events on a Win32 system. Any sequence consisting of the interaction of one or more processors or interpreters,some executable code,and a set of inputs,is a descendent (or member) of this class.
// Example: A client application running on a Win32 system.
#pragma argsused
int main(int argc,char* argv[])
{
wchar_t pszName[CREDUI_MAX_USERNAME_LENGTH+1] = L"user";
wchar_t pszPwd[CREDUI_MAX_PASSWORD_LENGTH+1] = L"password";
BSTR strNetworkResource;
//To use a WMI remote connection set localconn to false and configure the values of the pszName,pszPwd and the name of the remote machine in strNetworkResource
bool localconn = true;
strNetworkResource = localconn ? L"\.rootCIMV2" : L"\remote--machinerootCIMV2";
COAUTHIDENTITY *userAcct = NULL ;
COAUTHIDENTITY authIdent;
// Initialize COM. ------------------------------------------
HRESULT hres;
hres = CoInitializeEx(0,COINIT_MULTITHREADED);
if (FAILED(hres))
{
cout << "Failed to initialize COM library. Error code = 0x" << hex << hres << endl;
cout << _com_error(hres).ErrorMessage() << endl;
cout << "press enter to exit" << endl;
cin.get();
return 1; // Program has failed.
}
// Set general COM security levels --------------------------
if (localconn)
hres = CoInitializeSecurity(
NULL,// COM authentication
NULL,// Authentication services
NULL,// Reserved
RPC_C_AUTHN_LEVEL_DEFAULT,// Default authentication
RPC_C_IMP_LEVEL_IMPERSONATE,// Default Impersonation
NULL,// Authentication info
EOAC_NONE,// Additional capabilities
NULL // Reserved
);
else
hres = CoInitializeSecurity(
NULL,// Default authentication
RPC_C_IMP_LEVEL_IDENTIFY,// Additional capabilities
NULL // Reserved
);
if (FAILED(hres))
{
cout << "Failed to initialize security. Error code = 0x" << hex << hres << endl;
cout << _com_error(hres).ErrorMessage() << endl;
CoUninitialize();
cout << "press enter to exit" << endl;
cin.get();
return 1; // Program has failed.
}
// Obtain the initial locator to WMI -------------------------
IWbemLocator *pLoc = NULL;
hres = CoCreateInstance(CLSID_WbemLocator,IID_IWbemLocator,(LPVOID *) &pLoc);
if (FAILED(hres))
{
cout << "Failed to create IWbemLocator object." << " Err code = 0x" << hex << hres << endl;
cout << _com_error(hres).ErrorMessage() << endl;
CoUninitialize();
cout << "press enter to exit" << endl;
cin.get();
return 1; // Program has failed.
}
// Connect to WMI through the IWbemLocator::ConnectServer method
IWbemServices *pSvc = NULL;
if (localconn)
hres = pLoc->ConnectServer(
strNetworkResource,// Object path of WMI namespace
NULL,// User name. NULL = current user
NULL,// User password. NULL = current
0,// Locale. NULL indicates current
NULL,// Security flags.
0,// Authority (e.g. Kerberos)
0,// Context object
&pSvc // pointer to IWbemServices proxy
);
else
hres = pLoc->ConnectServer(
strNetworkResource,// Object path of WMI namespace
pszName,// User name
pszPwd,// User password
NULL,// Locale
NULL,// Security flags
NULL,// Authority
NULL,// Context object
&pSvc // IWbemServices proxy
);
if (FAILED(hres))
{
cout << "Could not connect. Error code = 0x" << hex << hres << endl;
cout << _com_error(hres).ErrorMessage() << endl;
pLoc->Release();
CoUninitialize();
cout << "press enter to exit" << endl;
cin.get();
return 1; // Program has failed.
}
cout << "Connected to rootCIMV2 WMI namespace" << endl;
// Set security levels on the proxy -------------------------
if (localconn)
hres = CoSetProxyBlanket(
pSvc,// Indicates the proxy to set
RPC_C_AUTHN_WINNT,// RPC_C_AUTHN_xxx
RPC_C_AUTHZ_NONE,// RPC_C_AUTHZ_xxx
NULL,// Server principal name
RPC_C_AUTHN_LEVEL_CALL,// RPC_C_AUTHN_LEVEL_xxx
RPC_C_IMP_LEVEL_IMPERSONATE,// RPC_C_IMP_LEVEL_xxx
NULL,// client identity
EOAC_NONE // proxy capabilities
);
else
{
// Create COAUTHIDENTITY that can be used for setting security on proxy
memset(&authIdent,sizeof(COAUTHIDENTITY));
authIdent.PasswordLength = wcslen (pszPwd);
authIdent.Password = (USHORT*)pszPwd;
authIdent.User = (USHORT*)pszName;
authIdent.UserLength = wcslen(pszName);
authIdent.Domain = 0;
authIdent.DomainLength = 0;
authIdent.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
userAcct = &authIdent;
hres = CoSetProxyBlanket(
pSvc,// Indicates the proxy to set
RPC_C_AUTHN_DEFAULT,// RPC_C_AUTHN_xxx
RPC_C_AUTHZ_DEFAULT,// RPC_C_AUTHZ_xxx
COLE_DEFAULT_PRINCIPAL,// Server principal name
RPC_C_AUTHN_LEVEL_PKT_PRIVACY,// RPC_C_IMP_LEVEL_xxx
userAcct,// client identity
EOAC_NONE // proxy capabilities
);
}
if (FAILED(hres))
{
cout << "Could not set proxy blanket. Error code = 0x" << hex << hres << endl;
cout << _com_error(hres).ErrorMessage() << endl;
pSvc->Release();
pLoc->Release();
CoUninitialize();
cout << "press enter to exit" << endl;
cin.get();
return 1; // Program has failed.
}
// Use the IWbemServices pointer to make requests of WMI ----
IEnumWbemClassObject* pEnumerator = NULL;
hres = pSvc->ExecQuery( L"WQL",L"SELECT CommandLine,ProcessId FROM Win32_Process",WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,&pEnumerator);
if (FAILED(hres))
{
cout << "ExecQuery failed" << " Error code = 0x" << hex << hres << endl;
cout << _com_error(hres).ErrorMessage() << endl;
pSvc->Release();
pLoc->Release();
CoUninitialize();
cout << "press enter to exit" << endl;
cin.get();
return 1; // Program has failed.
}
// Secure the enumerator proxy
if (!localconn)
{
hres = CoSetProxyBlanket(
pEnumerator,// Indicates the proxy to set
RPC_C_AUTHN_DEFAULT,// RPC_C_AUTHN_xxx
RPC_C_AUTHZ_DEFAULT,// RPC_C_AUTHZ_xxx
COLE_DEFAULT_PRINCIPAL,// Server principal name
RPC_C_AUTHN_LEVEL_PKT_PRIVACY,// RPC_C_AUTHN_LEVEL_xxx
RPC_C_IMP_LEVEL_IMPERSONATE,// RPC_C_IMP_LEVEL_xxx
userAcct,// client identity
EOAC_NONE // proxy capabilities
);
if (FAILED(hres))
{
cout << "Could not set proxy blanket on enumerator. Error code = 0x" << hex << hres << endl;
cout << _com_error(hres).ErrorMessage() << endl;
pEnumerator->Release();
pSvc->Release();
pLoc->Release();
CoUninitialize();
cout << "press enter to exit" << endl;
cin.get();
return 1; // Program has failed.
}
}
// Get the data from the WQL sentence
IWbemClassObject *pclsObj = NULL;
ULONG uReturn = 0;
while (pEnumerator)
{
HRESULT hr = pEnumerator->Next(WBEM_INFINITE,&pclsObj,&uReturn);
if(0 == uReturn || FAILED(hr))
break;
VARIANT vtProp;
hr = pclsObj->Get(L"CommandLine",&vtProp,0);// String
if (!FAILED(hr))
{
if ((vtProp.vt==VT_NULL) || (vtProp.vt==VT_EMPTY))
wcout << "CommandLine : " << ((vtProp.vt==VT_NULL) ? "NULL" : "EMPTY") << endl;
else
if ((vtProp.vt & VT_ARRAY))
wcout << "CommandLine : " << "Array types not supported (yet)" << endl;
else
wcout << "CommandLine : " << vtProp.bstrVal << endl;
}
VariantClear(&vtProp);
hr = pclsObj->Get(L"ProcessId",0);// Uint32
if (!FAILED(hr))
{
if ((vtProp.vt==VT_NULL) || (vtProp.vt==VT_EMPTY))
wcout << "ProcessId : " << ((vtProp.vt==VT_NULL) ? "NULL" : "EMPTY") << endl;
else
if ((vtProp.vt & VT_ARRAY))
wcout << "ProcessId : " << "Array types not supported (yet)" << endl;
else
wcout << "ProcessId : " << vtProp.uintVal << endl;
}
VariantClear(&vtProp);
pclsObj->Release();
pclsObj=NULL;
}
// Cleanup
pSvc->Release();
pLoc->Release();
pEnumerator->Release();
if (pclsObj!=NULL)
pclsObj->Release();
CoUninitialize();
cout << "press enter to exit" << endl;
cin.get();
return 0; // Program successfully completed.
}
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- windows-server-2012-r2 – 将服务器链接到RD授权服务器
- windows – 无法在我的桌面和远程桌面之间复制粘贴
- windows – 是否可以在NASM中使用DB指令在.text段中创建可写
- windows – 在Rmd文件中包含apsrtable(或stargazer)输出
- windows-10 – 在WSL Windows 10中安装Virtualbox
- 用于Windows更新的Centos Squid代理服务器
- windows – Struct sockaddr,sin_family不是成员
- windows-server-2008 – Amazon EC2实例/卷的简单备份策略?
- windows-7 – 如何使用PowerShell递归替换文件和文件和文件
- 在不使用单独程序的情况下自动更新Windows应用程序
推荐文章
站长推荐
热点阅读