#include "stdafx.h"

#include <windows.h>

#include <iostream>

#include <COMDEF.H>

#include <stdio.h>

#include <Tlhelp32.h>

using namespace std;

typedef struct _UNICODE_STRING {

    USHORT Length;

    USHORT MaximumLength;

    PWSTR   Buffer;

} UNICODE_STRING, * PUNICODE_STRING;

//SystemProcessInformation

typedef struct _SYSTEM_PROCESS_INFORMATION

{

    DWORD             dwNextEntryOffset;

    DWORD             dwNumberOfThreads;

    LARGE_INTEGER     qSpareLi1;

    LARGE_INTEGER     qSpareLi2;

    LARGE_INTEGER     qSpareLi3;

    LARGE_INTEGER     qCreateTime;

    LARGE_INTEGER     qUserTime;

    LARGE_INTEGER     qKernelTime;

    UNICODE_STRING     ImageName;

    int                 nBasePriority;

    DWORD             dwProcessId;

    DWORD             dwInheritedFromUniqueProcessId;

    DWORD             dwHandleCount;

    DWORD             dwSessionId;

    ULONG             dwSpareUl3;

    SIZE_T             tPeakVirtualSize;

    SIZE_T             tVirtualSize;

    DWORD             dwPageFaultCount;

    DWORD             dwPeakWorkingSetSize;

    DWORD             dwWorkingSetSize;

    SIZE_T             tQuotaPeakPagedPoolUsage;

    SIZE_T             tQuotaPagedPoolUsage;

    SIZE_T             tQuotaPeakNonPagedPoolUsage;

    SIZE_T             tQuotaNonPagedPoolUsage;

    SIZE_T             tPagefileUsage;

    SIZE_T             tPeakPagefileUsage;

    SIZE_T             tPrivatePageCount;

    LARGE_INTEGER     qReadOperationCount;

    LARGE_INTEGER     qWriteOperationCount;

    LARGE_INTEGER     qOtherOperationCount;

    LARGE_INTEGER     qReadTransferCount;

    LARGE_INTEGER     qWriteTransferCount;

    LARGE_INTEGER     qOtherTransferCount;

}SYSTEM_PROCESS_INFORMATION;

/*----------------------------------------------------

       函数说明: 动态加载动库文件

           输入参数: pDllName 库文件名称,pProcName导出函数名字

           输出参数: 无

           返回值   : 返回函数的的地址

----------------------------------------------------*/

VOID* GetDllProc(const TCHAR* pDllName, const CHAR* pProcName)

{

    HMODULE         hMod;

    hMod = LoadLibrary(pDllName);

    if (hMod == NULL)

        return NULL;

    return GetProcAddress(hMod, pProcName);

}

//宏定义函数的指针

typedef LONG(WINAPI* Fun_NtQuerySystemInformation) (int   SystemInformationClass,

    OUT PVOID SystemInformation,

    IN ULONG SystemInformationLength,

    OUT ULONG* pReturnLength OPTIONAL);

typedef BYTE(WINAPI* Fun_WinStationGetProcessSid)(HANDLE hServer, DWORD   ProcessId,

    FILETIME   ProcessStartTime, PBYTE pProcessUserSid, PDWORD dwSidSize);

typedef VOID(WINAPI* Fun_CachedGetUserFromSid)(PSID pSid, PWCHAR pUserName, PULONG cbUserName);

#define STATUS_INFO_LENGTH_MISMATCH         ((LONG)0xC0000004L)

#define SystemProcessInformation         5 

/*------------------------------------------------------------------

     函数说明: 获取系统进程的信息

         输入参数: SYSTEM_PROCESS_INFORMATION

         输出参数: 无

--------------------------------------------------------------------*/

BOOL GetSysProcInfo(SYSTEM_PROCESS_INFORMATION * *ppSysProcInfo)

{

    Fun_NtQuerySystemInformation     _NtQuerySystemInformation;

    _NtQuerySystemInformation = (Fun_NtQuerySystemInformation)::GetDllProc(TEXT("NTDLL.DLL"), "NtQuerySystemInformation");

    if (_NtQuerySystemInformation == NULL)

        return FALSE;

    DWORD         dwSize =  * ;

    VOID* pBuf = NULL;

    LONG         lRetVal;

    while(true)

    {

        if (pBuf)

            free(pBuf);

        pBuf = (VOID*)malloc(dwSize);

        lRetVal = _NtQuerySystemInformation(SystemProcessInformation,pBuf, dwSize, NULL);

        if (STATUS_INFO_LENGTH_MISMATCH != lRetVal)

            break;

        dwSize *= ;

    }

    if (lRetVal == )

    {

        *ppSysProcInfo = (SYSTEM_PROCESS_INFORMATION*)pBuf;

        return TRUE;

    }

    free(pBuf);

    return FALSE;

}

BOOL GetProcessUser(DWORD dwPid, _bstr_t* pbStrUser)

{

    Fun_WinStationGetProcessSid         _WinStationGetProcessSid;

    Fun_CachedGetUserFromSid         _CachedGetUserFromSid;

    _WinStationGetProcessSid = (Fun_WinStationGetProcessSid)

        GetDllProc(TEXT("Winsta.dll"), "WinStationGetProcessSid");

    _CachedGetUserFromSid = (Fun_CachedGetUserFromSid)

        GetDllProc(TEXT("utildll.dll"), "CachedGetUserFromSid");

    if (_WinStationGetProcessSid == NULL || _CachedGetUserFromSid == NULL)

        return FALSE;

    BYTE         cRetVal;

    FILETIME     ftStartTime;

    DWORD         dwSize;

    BYTE* pSid;

    BOOL         bRetVal, bFind;

    SYSTEM_PROCESS_INFORMATION* pProcInfo, * pCurProcInfo;

    bRetVal = GetSysProcInfo(&pProcInfo);

    if (bRetVal == FALSE || pProcInfo == NULL)

        return FALSE;

    bFind = FALSE;

    pCurProcInfo = pProcInfo;

    for (;;)

    {

        if (pCurProcInfo->dwProcessId == dwPid)

        {

            memcpy(&ftStartTime, &pCurProcInfo->qCreateTime, sizeof(ftStartTime));

            bFind = TRUE;

            break;

        }

        if (pCurProcInfo->dwNextEntryOffset == )

            break;

        pCurProcInfo = (SYSTEM_PROCESS_INFORMATION*)((BYTE*)pCurProcInfo +

            pCurProcInfo->dwNextEntryOffset);

    }

    if (bFind == FALSE)

    {

        free(pProcInfo);

        return FALSE;

    }

    cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, NULL, &dwSize);

    if (cRetVal != )

        return FALSE;

    pSid = new BYTE[dwSize];

    cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, pSid, &dwSize);

    if (cRetVal == )

    {

        delete[] pSid;

        return FALSE;

    }

    WCHAR   szUserName[];

    _CachedGetUserFromSid(pSid, szUserName, &dwSize);

    delete[] pSid;

    if (dwSize == )

        return FALSE;

    *pbStrUser = szUserName;

    return TRUE;

}

void AdjustPrivilege()

{

    HANDLE hToken;

    if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))

    {

        printf("OpenProcessToken error\n");

        return;

    }

    LUID myLUID;

    LookupPrivilegeValue(NULL,SE_DEBUG_NAME, &myLUID);

    TOKEN_PRIVILEGES tp={sizeof(tp)};

    tp.PrivilegeCount=;

    tp.Privileges[].Luid=myLUID;

    tp.Privileges[].Attributes=SE_PRIVILEGE_ENABLED;

    if(AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL))

    {

        /*MessageBox(NULL,TEXT("权限提升成功"),TEXT(""),0);*/

    }

    CloseHandle(hToken);

}

int main()

{

    TCHAR szProcessName[] = TEXT("services.exe");

    BOOL bFind = FALSE;

    TCHAR ch[] = {  };

    _bstr_t bs;

    memcpy(&bs, ch, sizeof(bs));

    PROCESSENTRY32 pe32;

    pe32.dwSize = sizeof(pe32);

    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,);//获取进程快照

    if(hProcessSnap == INVALID_HANDLE_VALUE)

        return false;

    BOOL bResult = Process32First(hProcessSnap,&pe32);

    AdjustPrivilege();

    while (bResult)

    {

          GetProcessUser(, &bs);

          bResult = Process32Next(hProcessSnap,&pe32);

    }    

        //    GetProcessUser(pi.th32ProcessID, &bs); //第一个参数写的是你的进程ID 

}

获取服务进程server.exe的pid(0号崩溃)的更多相关文章

  1. 怎样在windows下和linux下获取文件(如exe文件)的具体信息和属性

    版权声明:本文为博主原创文章.未经博主同意不得转载. https://blog.csdn.net/xmt1139057136/article/details/25620685 程序猿都非常懒.你懂的! ...

  2. vs2010旗舰版后,运行调试一个项目时调试不了,提示的是:无法使用“pc”附加到应用程序“webdev.webserver40.exe(PID:2260”

    具体问题描述: vs2010旗舰版后,运行调试一个项目时调试不了,能编译,按ctrl+f5 可以运行,但是就是调试就不行,提示的是:无法使用“pc”附加到应用程序“webdev.webserver40 ...

  3. Windows Server 2003服务器.net4.0+IIS6.0的服务器,IE11浏览器访问的不兼容性

    工作中发生了一件诡异的事情: 程序在Win7+.NET4.0+IIS7.5的服务器部署,IE8和IE11请求时,响应的样式都正常. 但是在美的同事反映说,Windows Server 2003服务器. ...

  4. Linux下0号进程的前世(init_task进程)今生(idle进程)----Linux进程的管理与调度(五)【转】

    前言 Linux下有3个特殊的进程,idle进程(PID = 0), init进程(PID = 1)和kthreadd(PID = 2) idle进程由系统自动创建, 运行在内核态 idle进程其pi ...

  5. linux的0号进程和1号进程

    linux的 0号进程 和 1 号进程 Linux下有3个特殊的进程,idle进程(PID = 0), init进程(PID = 1)和kthreadd(PID = 2) * idle进程由系统自动创 ...

  6. nfs mount 故障 mount.nfs: access denied by server while mounting 10.0.100.208:/backup_usb

    生产环境: 服务端centos7.2,客户端:ubuntu16.04 挂载出现的故障: root@HDCtrl100:/mnt# mount -t nfs 10.0.100.208:/backup_u ...

  7. 创建1M-1T的虚拟磁盘(内存盘)——使用破解版 Primo Ramdisk Server Edition v5.6.0

    破解版 Primo Ramdisk Server Edition v5.6.0下载: https://pan.lanzou.com/i0sgcne 步骤: 下载并解压后安装“Primo.Ramdisk ...

  8. 【java异常】org.springframework.web.util.NestedServletException: Handler processing failed;Can't connect to X11 window server using 'localhost:10.0' as the value of th

    tomcat工程中创建二维码失败.抛出异常Can't connect to X11 window server using 'localhost:10.0' as the value of th 因为 ...

  9. [转]HTTP Error 500.21 - Internal Server Error Handler "ExtensionlessUrlHandler-Integrated-4.0" has a bad module "ManagedPipelineHandler" in its module list

    1.错误 HTTP Error 500.21 - Internal Server Error Handler "ExtensionlessUrlHandler-Integrated-4.0& ...

随机推荐

  1. #1126-JSP服务器响应

    JSP服务器响应 Response响应对象主要将JSP容器处理后的结果传回到客户端.可以通过response变量设置HTTP的状态和向客户端发送数据,如Cookie.HTTP文件头信息等. 一个典型的 ...

  2. 【转】SQL Pretty Printer for SSMS 很不错的SQL格式化插件

    源地址:https://www.cnblogs.com/leospace/archive/2012/09/04/SQL_Pretty_Printer_for_SSMS.html 写SQL语句或者脚本时 ...

  3. ECharts插件介绍(图表库)

    ECharts是一个非常好用的插件,用于进行 树状图,折线图,饼图,地图等等,系列视图的绘制.(详情看官网) 了解: AMD:模块化开发方式: 引入文件后:console.log(echarts) / ...

  4. svn 服务器操作

    mkdir /var/svn/svnrepos/aaasvnadmin create /var/svn/svnrepos/aaasvnserve -d -r /var/svn/svnrepos #启动 ...

  5. 词频分析 评论标签 nltp APP-分析买家评论的评分-高频词:二维关系

    0-定评论结果:好评.差评,1星.4星,二元化为“积极.消极”,取一元的数据为样本 1-得到词频结果:如手机类的“积极样本”得到前10的高频词:运行(run running ran).内存(memor ...

  6. 杂项-站点:SharePoint

    ylbtech-杂项-门户站点:SharePoint SharePoint Portal Server 2003 是一个门户站点,使得企业能够开发出智能的门户站点,这个站点能够无缝连接到用户.团队和知 ...

  7. MVC4:ajax Json 应用

    1)Json基础 2)Json 字符串和Json对象 3)应用例子 4)JsonHelper 1)Json 基础 JSON中对象通过"{}"来标识,一个"{}" ...

  8. python实现建立soap通信(调用及测试webservice接口)

    实现代码如下: #调用及测试webservice接口 import requests class SoapConnect: def get_soap(self,url,data): r = reque ...

  9. 【vim】vim的收藏集

    [vim]vim的收藏集 刚接触vim,还木有时间专门研究一下自己的配置,所以暂时贴下网上分享的配置 2019-07-13 14:22:08 无插件的版本 https://my.oschina.net ...

  10. Oracle删除表时候有外键 不能删除

    SELECT    A .constraint_name,    A .table_name,    b.constraint_nameFROM    user_constraints A,    u ...