#include "stdafx.h"

#include <windows.h>

#include <iostream>

#include <COMDEF.H>

#include <stdio.h>

#include <Tlhelp32.h>

using namespace std;

typedef struct _UNICODE_STRING {

    USHORT Length;

    USHORT MaximumLength;

    PWSTR   Buffer;

} UNICODE_STRING, * PUNICODE_STRING;

//SystemProcessInformation

typedef struct _SYSTEM_PROCESS_INFORMATION

{

    DWORD             dwNextEntryOffset;

    DWORD             dwNumberOfThreads;

    LARGE_INTEGER     qSpareLi1;

    LARGE_INTEGER     qSpareLi2;

    LARGE_INTEGER     qSpareLi3;

    LARGE_INTEGER     qCreateTime;

    LARGE_INTEGER     qUserTime;

    LARGE_INTEGER     qKernelTime;

    UNICODE_STRING     ImageName;

    int                 nBasePriority;

    DWORD             dwProcessId;

    DWORD             dwInheritedFromUniqueProcessId;

    DWORD             dwHandleCount;

    DWORD             dwSessionId;

    ULONG             dwSpareUl3;

    SIZE_T             tPeakVirtualSize;

    SIZE_T             tVirtualSize;

    DWORD             dwPageFaultCount;

    DWORD             dwPeakWorkingSetSize;

    DWORD             dwWorkingSetSize;

    SIZE_T             tQuotaPeakPagedPoolUsage;

    SIZE_T             tQuotaPagedPoolUsage;

    SIZE_T             tQuotaPeakNonPagedPoolUsage;

    SIZE_T             tQuotaNonPagedPoolUsage;

    SIZE_T             tPagefileUsage;

    SIZE_T             tPeakPagefileUsage;

    SIZE_T             tPrivatePageCount;

    LARGE_INTEGER     qReadOperationCount;

    LARGE_INTEGER     qWriteOperationCount;

    LARGE_INTEGER     qOtherOperationCount;

    LARGE_INTEGER     qReadTransferCount;

    LARGE_INTEGER     qWriteTransferCount;

    LARGE_INTEGER     qOtherTransferCount;

}SYSTEM_PROCESS_INFORMATION;

/*----------------------------------------------------

       函数说明: 动态加载动库文件

           输入参数: pDllName 库文件名称,pProcName导出函数名字

           输出参数: 无

           返回值   : 返回函数的的地址

----------------------------------------------------*/

VOID* GetDllProc(const TCHAR* pDllName, const CHAR* pProcName)

{

    HMODULE         hMod;

    hMod = LoadLibrary(pDllName);

    if (hMod == NULL)

        return NULL;

    return GetProcAddress(hMod, pProcName);

}

//宏定义函数的指针

typedef LONG(WINAPI* Fun_NtQuerySystemInformation) (int   SystemInformationClass,

    OUT PVOID SystemInformation,

    IN ULONG SystemInformationLength,

    OUT ULONG* pReturnLength OPTIONAL);

typedef BYTE(WINAPI* Fun_WinStationGetProcessSid)(HANDLE hServer, DWORD   ProcessId,

    FILETIME   ProcessStartTime, PBYTE pProcessUserSid, PDWORD dwSidSize);

typedef VOID(WINAPI* Fun_CachedGetUserFromSid)(PSID pSid, PWCHAR pUserName, PULONG cbUserName);

#define STATUS_INFO_LENGTH_MISMATCH         ((LONG)0xC0000004L)

#define SystemProcessInformation         5 

/*------------------------------------------------------------------

     函数说明: 获取系统进程的信息

         输入参数: SYSTEM_PROCESS_INFORMATION

         输出参数: 无

--------------------------------------------------------------------*/

BOOL GetSysProcInfo(SYSTEM_PROCESS_INFORMATION * *ppSysProcInfo)

{

    Fun_NtQuerySystemInformation     _NtQuerySystemInformation;

    _NtQuerySystemInformation = (Fun_NtQuerySystemInformation)::GetDllProc(TEXT("NTDLL.DLL"), "NtQuerySystemInformation");

    if (_NtQuerySystemInformation == NULL)

        return FALSE;

    DWORD         dwSize =  * ;

    VOID* pBuf = NULL;

    LONG         lRetVal;

    while(true)

    {

        if (pBuf)

            free(pBuf);

        pBuf = (VOID*)malloc(dwSize);

        lRetVal = _NtQuerySystemInformation(SystemProcessInformation,pBuf, dwSize, NULL);

        if (STATUS_INFO_LENGTH_MISMATCH != lRetVal)

            break;

        dwSize *= ;

    }

    if (lRetVal == )

    {

        *ppSysProcInfo = (SYSTEM_PROCESS_INFORMATION*)pBuf;

        return TRUE;

    }

    free(pBuf);

    return FALSE;

}

BOOL GetProcessUser(DWORD dwPid, _bstr_t* pbStrUser)

{

    Fun_WinStationGetProcessSid         _WinStationGetProcessSid;

    Fun_CachedGetUserFromSid         _CachedGetUserFromSid;

    _WinStationGetProcessSid = (Fun_WinStationGetProcessSid)

        GetDllProc(TEXT("Winsta.dll"), "WinStationGetProcessSid");

    _CachedGetUserFromSid = (Fun_CachedGetUserFromSid)

        GetDllProc(TEXT("utildll.dll"), "CachedGetUserFromSid");

    if (_WinStationGetProcessSid == NULL || _CachedGetUserFromSid == NULL)

        return FALSE;

    BYTE         cRetVal;

    FILETIME     ftStartTime;

    DWORD         dwSize;

    BYTE* pSid;

    BOOL         bRetVal, bFind;

    SYSTEM_PROCESS_INFORMATION* pProcInfo, * pCurProcInfo;

    bRetVal = GetSysProcInfo(&pProcInfo);

    if (bRetVal == FALSE || pProcInfo == NULL)

        return FALSE;

    bFind = FALSE;

    pCurProcInfo = pProcInfo;

    for (;;)

    {

        if (pCurProcInfo->dwProcessId == dwPid)

        {

            memcpy(&ftStartTime, &pCurProcInfo->qCreateTime, sizeof(ftStartTime));

            bFind = TRUE;

            break;

        }

        if (pCurProcInfo->dwNextEntryOffset == )

            break;

        pCurProcInfo = (SYSTEM_PROCESS_INFORMATION*)((BYTE*)pCurProcInfo +

            pCurProcInfo->dwNextEntryOffset);

    }

    if (bFind == FALSE)

    {

        free(pProcInfo);

        return FALSE;

    }

    cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, NULL, &dwSize);

    if (cRetVal != )

        return FALSE;

    pSid = new BYTE[dwSize];

    cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, pSid, &dwSize);

    if (cRetVal == )

    {

        delete[] pSid;

        return FALSE;

    }

    WCHAR   szUserName[];

    _CachedGetUserFromSid(pSid, szUserName, &dwSize);

    delete[] pSid;

    if (dwSize == )

        return FALSE;

    *pbStrUser = szUserName;

    return TRUE;

}

void AdjustPrivilege()

{

    HANDLE hToken;

    if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))

    {

        printf("OpenProcessToken error\n");

        return;

    }

    LUID myLUID;

    LookupPrivilegeValue(NULL,SE_DEBUG_NAME, &myLUID);

    TOKEN_PRIVILEGES tp={sizeof(tp)};

    tp.PrivilegeCount=;

    tp.Privileges[].Luid=myLUID;

    tp.Privileges[].Attributes=SE_PRIVILEGE_ENABLED;

    if(AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL))

    {

        /*MessageBox(NULL,TEXT("权限提升成功"),TEXT(""),0);*/

    }

    CloseHandle(hToken);

}

int main()

{

    TCHAR szProcessName[] = TEXT("services.exe");

    BOOL bFind = FALSE;

    TCHAR ch[] = {  };

    _bstr_t bs;

    memcpy(&bs, ch, sizeof(bs));

    PROCESSENTRY32 pe32;

    pe32.dwSize = sizeof(pe32);

    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,);//获取进程快照

    if(hProcessSnap == INVALID_HANDLE_VALUE)

        return false;

    BOOL bResult = Process32First(hProcessSnap,&pe32);

    AdjustPrivilege();

    while (bResult)

    {

          GetProcessUser(, &bs);

          bResult = Process32Next(hProcessSnap,&pe32);

    }    

        //    GetProcessUser(pi.th32ProcessID, &bs); //第一个参数写的是你的进程ID 

}

获取服务进程server.exe的pid(0号崩溃)的更多相关文章

  1. 怎样在windows下和linux下获取文件(如exe文件)的具体信息和属性

    版权声明:本文为博主原创文章.未经博主同意不得转载. https://blog.csdn.net/xmt1139057136/article/details/25620685 程序猿都非常懒.你懂的! ...

  2. vs2010旗舰版后,运行调试一个项目时调试不了,提示的是:无法使用“pc”附加到应用程序“webdev.webserver40.exe(PID:2260”

    具体问题描述: vs2010旗舰版后,运行调试一个项目时调试不了,能编译,按ctrl+f5 可以运行,但是就是调试就不行,提示的是:无法使用“pc”附加到应用程序“webdev.webserver40 ...

  3. Windows Server 2003服务器.net4.0+IIS6.0的服务器,IE11浏览器访问的不兼容性

    工作中发生了一件诡异的事情: 程序在Win7+.NET4.0+IIS7.5的服务器部署,IE8和IE11请求时,响应的样式都正常. 但是在美的同事反映说,Windows Server 2003服务器. ...

  4. Linux下0号进程的前世(init_task进程)今生(idle进程)----Linux进程的管理与调度(五)【转】

    前言 Linux下有3个特殊的进程,idle进程(PID = 0), init进程(PID = 1)和kthreadd(PID = 2) idle进程由系统自动创建, 运行在内核态 idle进程其pi ...

  5. linux的0号进程和1号进程

    linux的 0号进程 和 1 号进程 Linux下有3个特殊的进程,idle进程(PID = 0), init进程(PID = 1)和kthreadd(PID = 2) * idle进程由系统自动创 ...

  6. nfs mount 故障 mount.nfs: access denied by server while mounting 10.0.100.208:/backup_usb

    生产环境: 服务端centos7.2,客户端:ubuntu16.04 挂载出现的故障: root@HDCtrl100:/mnt# mount -t nfs 10.0.100.208:/backup_u ...

  7. 创建1M-1T的虚拟磁盘(内存盘)——使用破解版 Primo Ramdisk Server Edition v5.6.0

    破解版 Primo Ramdisk Server Edition v5.6.0下载: https://pan.lanzou.com/i0sgcne 步骤: 下载并解压后安装“Primo.Ramdisk ...

  8. 【java异常】org.springframework.web.util.NestedServletException: Handler processing failed;Can't connect to X11 window server using 'localhost:10.0' as the value of th

    tomcat工程中创建二维码失败.抛出异常Can't connect to X11 window server using 'localhost:10.0' as the value of th 因为 ...

  9. [转]HTTP Error 500.21 - Internal Server Error Handler "ExtensionlessUrlHandler-Integrated-4.0" has a bad module "ManagedPipelineHandler" in its module list

    1.错误 HTTP Error 500.21 - Internal Server Error Handler "ExtensionlessUrlHandler-Integrated-4.0& ...

随机推荐

  1. 续上文,Unity3D面试ABC

    http://www.unitymanual.com/blog-3573-685.html 最先执行的方法是: 1.(激活时的初始化代码)Awake,2.Start.3.Update[FixUpdat ...

  2. 原生javascript代码懒加载

    1.先定义需要懒加载的样式: class="lazyload" 2.设置初始透明度为0.1: .lazyload{ filter: Alpha(opacity=10); -moz- ...

  3. element的隐藏组件滚动条el-scrollbar使用

    elementui中有个隐藏的组件,就是element官网使用的滚动条,tree 左右滑动滚动条 ①首先全局引入element,import ElementUI from 'element-ui'; ...

  4. 杂项-职位-DBA:DBA

    ylbtech-杂项-职位-DBA:DBA  数据库管理员(Database Administrator,简称DBA),是从事管理和维护数据库管理系统(DBMS)的相关工作人员的统称,属于运维工程师的 ...

  5. sqlalchemy批量添加数据-数据源是json(小算法)

    需求: 想要写1个增加case的接口 问题: sqlalchemy添加case的方式,只能是1条数据1条数据的插入,像这样: ro2 = Role(name='user') db.session.ad ...

  6. vCenter 部件关系简介 & 网络原理

    目录 目录 主机和集群 vCenter Datacenter Cluster Host Virtual Machine Folder Resource Pool Template 数据存储 Datas ...

  7. 桌面应用开发用到的Framework

    桌面应用开发用到的Framework https://github.com/zhangqs008/Framework_Winform

  8. ubuntu环境下重启mysql服务报错“No directory, logging in with HOME=-”

    前提:使用系统的环境 3.13.0-24-generic mysql的版本:5.6.33 错误描述: 首先用mysqld_safe启动报错如下: root@zabbix-forFunction:~# ...

  9. 基于PyQt5的Python-Gui开发

    环境搭建 电脑环境 win10 64位系统 Python3.5安装 从Python官网下载python3.5安装文件,选择windows 64位版本python-3.6.5-amd64.exe.双击安 ...

  10. 【AndroidFramework】ATV9遥控器红外模式下,机顶盒在假待机阶段会响应遥控器语音键

    [问题描述] 测试部反馈,红外模式下,按power键进入假待机,按红外语音键会唤醒. 背景交代:红外语言键是我们自定义的按键,键值225.在红外模式下按会弹提示框"没连蓝牙,请连蓝牙使用语音 ...