#include "stdafx.h"

#include <windows.h>

#include <iostream>

#include <COMDEF.H>

#include <stdio.h>

#include <Tlhelp32.h>

using namespace std;

typedef struct _UNICODE_STRING {

    USHORT Length;

    USHORT MaximumLength;

    PWSTR   Buffer;

} UNICODE_STRING, * PUNICODE_STRING;

//SystemProcessInformation

typedef struct _SYSTEM_PROCESS_INFORMATION

{

    DWORD             dwNextEntryOffset;

    DWORD             dwNumberOfThreads;

    LARGE_INTEGER     qSpareLi1;

    LARGE_INTEGER     qSpareLi2;

    LARGE_INTEGER     qSpareLi3;

    LARGE_INTEGER     qCreateTime;

    LARGE_INTEGER     qUserTime;

    LARGE_INTEGER     qKernelTime;

    UNICODE_STRING     ImageName;

    int                 nBasePriority;

    DWORD             dwProcessId;

    DWORD             dwInheritedFromUniqueProcessId;

    DWORD             dwHandleCount;

    DWORD             dwSessionId;

    ULONG             dwSpareUl3;

    SIZE_T             tPeakVirtualSize;

    SIZE_T             tVirtualSize;

    DWORD             dwPageFaultCount;

    DWORD             dwPeakWorkingSetSize;

    DWORD             dwWorkingSetSize;

    SIZE_T             tQuotaPeakPagedPoolUsage;

    SIZE_T             tQuotaPagedPoolUsage;

    SIZE_T             tQuotaPeakNonPagedPoolUsage;

    SIZE_T             tQuotaNonPagedPoolUsage;

    SIZE_T             tPagefileUsage;

    SIZE_T             tPeakPagefileUsage;

    SIZE_T             tPrivatePageCount;

    LARGE_INTEGER     qReadOperationCount;

    LARGE_INTEGER     qWriteOperationCount;

    LARGE_INTEGER     qOtherOperationCount;

    LARGE_INTEGER     qReadTransferCount;

    LARGE_INTEGER     qWriteTransferCount;

    LARGE_INTEGER     qOtherTransferCount;

}SYSTEM_PROCESS_INFORMATION;

/*----------------------------------------------------

       函数说明: 动态加载动库文件

           输入参数: pDllName 库文件名称,pProcName导出函数名字

           输出参数: 无

           返回值   : 返回函数的的地址

----------------------------------------------------*/

VOID* GetDllProc(const TCHAR* pDllName, const CHAR* pProcName)

{

    HMODULE         hMod;

    hMod = LoadLibrary(pDllName);

    if (hMod == NULL)

        return NULL;

    return GetProcAddress(hMod, pProcName);

}

//宏定义函数的指针

typedef LONG(WINAPI* Fun_NtQuerySystemInformation) (int   SystemInformationClass,

    OUT PVOID SystemInformation,

    IN ULONG SystemInformationLength,

    OUT ULONG* pReturnLength OPTIONAL);

typedef BYTE(WINAPI* Fun_WinStationGetProcessSid)(HANDLE hServer, DWORD   ProcessId,

    FILETIME   ProcessStartTime, PBYTE pProcessUserSid, PDWORD dwSidSize);

typedef VOID(WINAPI* Fun_CachedGetUserFromSid)(PSID pSid, PWCHAR pUserName, PULONG cbUserName);

#define STATUS_INFO_LENGTH_MISMATCH         ((LONG)0xC0000004L)

#define SystemProcessInformation         5 

/*------------------------------------------------------------------

     函数说明: 获取系统进程的信息

         输入参数: SYSTEM_PROCESS_INFORMATION

         输出参数: 无

--------------------------------------------------------------------*/

BOOL GetSysProcInfo(SYSTEM_PROCESS_INFORMATION * *ppSysProcInfo)

{

    Fun_NtQuerySystemInformation     _NtQuerySystemInformation;

    _NtQuerySystemInformation = (Fun_NtQuerySystemInformation)::GetDllProc(TEXT("NTDLL.DLL"), "NtQuerySystemInformation");

    if (_NtQuerySystemInformation == NULL)

        return FALSE;

    DWORD         dwSize =  * ;

    VOID* pBuf = NULL;

    LONG         lRetVal;

    while(true)

    {

        if (pBuf)

            free(pBuf);

        pBuf = (VOID*)malloc(dwSize);

        lRetVal = _NtQuerySystemInformation(SystemProcessInformation,pBuf, dwSize, NULL);

        if (STATUS_INFO_LENGTH_MISMATCH != lRetVal)

            break;

        dwSize *= ;

    }

    if (lRetVal == )

    {

        *ppSysProcInfo = (SYSTEM_PROCESS_INFORMATION*)pBuf;

        return TRUE;

    }

    free(pBuf);

    return FALSE;

}

BOOL GetProcessUser(DWORD dwPid, _bstr_t* pbStrUser)

{

    Fun_WinStationGetProcessSid         _WinStationGetProcessSid;

    Fun_CachedGetUserFromSid         _CachedGetUserFromSid;

    _WinStationGetProcessSid = (Fun_WinStationGetProcessSid)

        GetDllProc(TEXT("Winsta.dll"), "WinStationGetProcessSid");

    _CachedGetUserFromSid = (Fun_CachedGetUserFromSid)

        GetDllProc(TEXT("utildll.dll"), "CachedGetUserFromSid");

    if (_WinStationGetProcessSid == NULL || _CachedGetUserFromSid == NULL)

        return FALSE;

    BYTE         cRetVal;

    FILETIME     ftStartTime;

    DWORD         dwSize;

    BYTE* pSid;

    BOOL         bRetVal, bFind;

    SYSTEM_PROCESS_INFORMATION* pProcInfo, * pCurProcInfo;

    bRetVal = GetSysProcInfo(&pProcInfo);

    if (bRetVal == FALSE || pProcInfo == NULL)

        return FALSE;

    bFind = FALSE;

    pCurProcInfo = pProcInfo;

    for (;;)

    {

        if (pCurProcInfo->dwProcessId == dwPid)

        {

            memcpy(&ftStartTime, &pCurProcInfo->qCreateTime, sizeof(ftStartTime));

            bFind = TRUE;

            break;

        }

        if (pCurProcInfo->dwNextEntryOffset == )

            break;

        pCurProcInfo = (SYSTEM_PROCESS_INFORMATION*)((BYTE*)pCurProcInfo +

            pCurProcInfo->dwNextEntryOffset);

    }

    if (bFind == FALSE)

    {

        free(pProcInfo);

        return FALSE;

    }

    cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, NULL, &dwSize);

    if (cRetVal != )

        return FALSE;

    pSid = new BYTE[dwSize];

    cRetVal = _WinStationGetProcessSid(NULL, dwPid, ftStartTime, pSid, &dwSize);

    if (cRetVal == )

    {

        delete[] pSid;

        return FALSE;

    }

    WCHAR   szUserName[];

    _CachedGetUserFromSid(pSid, szUserName, &dwSize);

    delete[] pSid;

    if (dwSize == )

        return FALSE;

    *pbStrUser = szUserName;

    return TRUE;

}

void AdjustPrivilege()

{

    HANDLE hToken;

    if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))

    {

        printf("OpenProcessToken error\n");

        return;

    }

    LUID myLUID;

    LookupPrivilegeValue(NULL,SE_DEBUG_NAME, &myLUID);

    TOKEN_PRIVILEGES tp={sizeof(tp)};

    tp.PrivilegeCount=;

    tp.Privileges[].Luid=myLUID;

    tp.Privileges[].Attributes=SE_PRIVILEGE_ENABLED;

    if(AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL))

    {

        /*MessageBox(NULL,TEXT("权限提升成功"),TEXT(""),0);*/

    }

    CloseHandle(hToken);

}

int main()

{

    TCHAR szProcessName[] = TEXT("services.exe");

    BOOL bFind = FALSE;

    TCHAR ch[] = {  };

    _bstr_t bs;

    memcpy(&bs, ch, sizeof(bs));

    PROCESSENTRY32 pe32;

    pe32.dwSize = sizeof(pe32);

    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,);//获取进程快照

    if(hProcessSnap == INVALID_HANDLE_VALUE)

        return false;

    BOOL bResult = Process32First(hProcessSnap,&pe32);

    AdjustPrivilege();

    while (bResult)

    {

          GetProcessUser(, &bs);

          bResult = Process32Next(hProcessSnap,&pe32);

    }    

        //    GetProcessUser(pi.th32ProcessID, &bs); //第一个参数写的是你的进程ID 

}

获取服务进程server.exe的pid(0号崩溃)的更多相关文章

  1. 怎样在windows下和linux下获取文件(如exe文件)的具体信息和属性

    版权声明:本文为博主原创文章.未经博主同意不得转载. https://blog.csdn.net/xmt1139057136/article/details/25620685 程序猿都非常懒.你懂的! ...

  2. vs2010旗舰版后,运行调试一个项目时调试不了,提示的是:无法使用“pc”附加到应用程序“webdev.webserver40.exe(PID:2260”

    具体问题描述: vs2010旗舰版后,运行调试一个项目时调试不了,能编译,按ctrl+f5 可以运行,但是就是调试就不行,提示的是:无法使用“pc”附加到应用程序“webdev.webserver40 ...

  3. Windows Server 2003服务器.net4.0+IIS6.0的服务器,IE11浏览器访问的不兼容性

    工作中发生了一件诡异的事情: 程序在Win7+.NET4.0+IIS7.5的服务器部署,IE8和IE11请求时,响应的样式都正常. 但是在美的同事反映说,Windows Server 2003服务器. ...

  4. Linux下0号进程的前世(init_task进程)今生(idle进程)----Linux进程的管理与调度(五)【转】

    前言 Linux下有3个特殊的进程,idle进程(PID = 0), init进程(PID = 1)和kthreadd(PID = 2) idle进程由系统自动创建, 运行在内核态 idle进程其pi ...

  5. linux的0号进程和1号进程

    linux的 0号进程 和 1 号进程 Linux下有3个特殊的进程,idle进程(PID = 0), init进程(PID = 1)和kthreadd(PID = 2) * idle进程由系统自动创 ...

  6. nfs mount 故障 mount.nfs: access denied by server while mounting 10.0.100.208:/backup_usb

    生产环境: 服务端centos7.2,客户端:ubuntu16.04 挂载出现的故障: root@HDCtrl100:/mnt# mount -t nfs 10.0.100.208:/backup_u ...

  7. 创建1M-1T的虚拟磁盘(内存盘)——使用破解版 Primo Ramdisk Server Edition v5.6.0

    破解版 Primo Ramdisk Server Edition v5.6.0下载: https://pan.lanzou.com/i0sgcne 步骤: 下载并解压后安装“Primo.Ramdisk ...

  8. 【java异常】org.springframework.web.util.NestedServletException: Handler processing failed;Can't connect to X11 window server using 'localhost:10.0' as the value of th

    tomcat工程中创建二维码失败.抛出异常Can't connect to X11 window server using 'localhost:10.0' as the value of th 因为 ...

  9. [转]HTTP Error 500.21 - Internal Server Error Handler "ExtensionlessUrlHandler-Integrated-4.0" has a bad module "ManagedPipelineHandler" in its module list

    1.错误 HTTP Error 500.21 - Internal Server Error Handler "ExtensionlessUrlHandler-Integrated-4.0& ...

随机推荐

  1. D - Cheerleaders(第三周)

    D - Cheerleaders 题目链接:https://vjudge.net/contest/154063#problem/D 题目大意: 给你一个 n∗m 的方格,现在有 k 个相同石子,我们要 ...

  2. xuyaojiade

    <script src="https://res.wx.qq.com/open/js/jweixin-1.2.0.js"></script><scri ...

  3. How to call javascript function on page load in asp.net

    How to call javascript function on page load in asp.net 解答1,使用RegisterStartupScript来运行 需要注意的是,下面的dem ...

  4. pthon之mock应用

    研发过程中常见分工合作开发接口,但互相之间接口有依赖,这时候便可以使用mock 目录 1.安装 2.使用mock调试自己写的方法 3.使用mock解除依赖关系 1.安装 由于我的是python2.7, ...

  5. delphi 静态3维数组。 严重占用堆栈 切记。 应该用动态数组, 非要用静态数组的话, 要在编译器里 把 堆栈 调大

    delphi 代码正确, 但是运行就崩溃. 原因为 定义了  一些   静态3维数组. 应该扩大 软件的 堆栈 设置.    然后正常解决问题 静态3维数组.   严重占用堆栈   切记. 应该用动态 ...

  6. C# datatable 与 xml文件之间的转换

    /// <summary> /// datatable转XML文件 /// </summary> /// <param name="dtTable"& ...

  7. selenium验证码处理之cookie登录

    在实际测试中会经常见到登录操作需要验证码验证登录 常见验证有以下几种: 验证码登录 图片识别   图片滑块识别验证   4.简单验证码计算 针对上面的登录验证解决办法有以下几种: 1.让开发去掉验证码 ...

  8. bootstrap-select控件全选,全不选,查询功能实现

    先引入先在你的页面引入 bootstrap-select.css 和 bootstrap-select.js <link href="~/Content/plugins/bootstr ...

  9. Mac019--Ubuntu上安装Rancher

    首先安装:VisualBox虚拟机. 下载:ubuntu镜像 (ubuntu基于linux的免费开源桌面PC操作系统) ======================================== ...

  10. java锁的概念

    在学习或者使用Java的过程中进程会遇到各种各样的锁的概念:公平锁.非公平锁.自旋锁.可重入锁.偏向锁.轻量级锁.重量级锁.读写锁.互斥锁等待.这里整理了Java中的各种锁,若有不足之处希望大家在下方 ...