C++博客-tommy-随笔分类-进程与线程http://www.cppblog.com/tommy/category/180.htmlIt's hard to tell the world we live in is either a reality or a dreamzh-cnMon, 30 Mar 2009 04:15:07 GMTMon, 30 Mar 2009 04:15:07 GMT60Hook SSDThttp://www.cppblog.com/tommy/archive/2009/03/21/77415.htmlTommy LiangTommy LiangSat, 21 Mar 2009 08:19:00 GMThttp://www.cppblog.com/tommy/archive/2009/03/21/77415.htmlhttp://www.cppblog.com/tommy/comments/77415.htmlhttp://www.cppblog.com/tommy/archive/2009/03/21/77415.html#Feedback0http://www.cppblog.com/tommy/comments/commentRss/77415.htmlhttp://www.cppblog.com/tommy/services/trackbacks/77415.html阅读全文

Tommy Liang 2009-03-21 16:19 发表评论
]]>根据进程标识符显示其相关信息http://www.cppblog.com/tommy/archive/2005/10/22/792.htmlTommy LiangTommy LiangSat, 22 Oct 2005 03:01:00 GMThttp://www.cppblog.com/tommy/archive/2005/10/22/792.htmlhttp://www.cppblog.com/tommy/comments/792.htmlhttp://www.cppblog.com/tommy/archive/2005/10/22/792.html#Feedback0http://www.cppblog.com/tommy/comments/commentRss/792.htmlhttp://www.cppblog.com/tommy/services/trackbacks/792.html
// ProcessHelper.h: interface for the ProcessHelper class.
//
//////////////////////////////////////////////////////////////////////

#if !defined(AFX_PROCESSHELPER_H__EA2A87A6_5E54_4610_8EDD_C5F8119D2976__INCLUDED_)
#define AFX_PROCESSHELPER_H__EA2A87A6_5E54_4610_8EDD_C5F8119D2976__INCLUDED_

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000

#include <Tlhelp32.h>
#include <Psapi.h>

#define ProcessBasicInformation 0

typedef struct
{
    DWORD ExitStatus;
    DWORD PebBaseAddress;
    DWORD AffinityMask;
    DWORD BasePriority;
    ULONG UniqueProcessId;
    ULONG InheritedFromUniqueProcessId;
}   PROCESS_BASIC_INFORMATION;

// ntdll!NtQueryInformationProcess (NT specific!)
//
// The function copies the process information of the
// specified type into a buffer
//
// NTSYSAPI
// NTSTATUS
// NTAPI
// NtQueryInformationProcess(
//    IN HANDLE ProcessHandle,              // handle to process
//    IN PROCESSINFOCLASS InformationClass, // information type
//    OUT PVOID ProcessInformation,         // pointer to buffer
//    IN ULONG ProcessInformationLength,    // buffer size in bytes
//    OUT PULONG ReturnLength OPTIONAL      // pointer to a 32-bit
//                                          // variable that receives
//                                          // the number of bytes
//                                          // written to the buffer 
// );
typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);

class ProcessHelper  
{
public:
    ProcessHelper();
    virtual ~ProcessHelper();

    DWORD GetParentProcessID(DWORD dwId);

    DWORD GetProcessFileName( DWORD dwId,LPTSTR lpImageFileName);

private:
    PROCNTQSIP NtQueryInformationProcess;


};


ProcessHelper::ProcessHelper()
{
    NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(
        GetModuleHandle("ntdll"),
        "NtQueryInformationProcess"
        );
}

ProcessHelper::~ProcessHelper()
{
    
}

DWORD ProcessHelper::GetProcessFileName( DWORD dwId,LPTSTR lpImageFileName)
{
    HANDLE hSnapshot = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,dwId);
    if (hSnapshot == INVALID_HANDLE_VALUE) 
        return (FALSE); 

    MODULEENTRY32 me32        = {0}
    me32.dwSize = sizeof(MODULEENTRY32); 

    if(! Module32First(hSnapshot,&me32))
    {
        CloseHandle(hSnapshot); 
        return (DWORD) -1;
    }

    strcpy(lpImageFileName,me32.szModule);

    CloseHandle(hSnapshot);
    return (DWORD)0;
}

DWORD ProcessHelper::GetParentProcessID(DWORD dwId)
{
    if (!NtQueryInformationProcess)  return -1;
    
    LONG                      status;
    DWORD                     dwParentPID = (DWORD)-1;
    HANDLE                    hProcess;
    PROCESS_BASIC_INFORMATION pbi;
    
    // Get process handle
    hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwId);
    if (!hProcess)
        return (DWORD)-1;
    
    // Retrieve information
    status = NtQueryInformationProcess( hProcess,
        ProcessBasicInformation,
        (PVOID)&pbi,
        sizeof(PROCESS_BASIC_INFORMATION),
        NULL
        );
    
    // Copy parent Id on success
    if  (!status)
        dwParentPID = pbi.InheritedFromUniqueProcessId;
    
    CloseHandle (hProcess);
    
    return dwParentPID;
}


#endif



Tommy Liang 2005-10-22 11:01 发表评论
]]>取得内存中的实例数http://www.cppblog.com/tommy/archive/2005/10/22/791.htmlTommy LiangTommy LiangSat, 22 Oct 2005 02:47:00 GMThttp://www.cppblog.com/tommy/archive/2005/10/22/791.htmlhttp://www.cppblog.com/tommy/comments/791.htmlhttp://www.cppblog.com/tommy/archive/2005/10/22/791.html#Feedback0http://www.cppblog.com/tommy/comments/commentRss/791.htmlhttp://www.cppblog.com/tommy/services/trackbacks/791.html#include <Tlhelp32.h>

//取得内存中的实例数
int GetMemoryProcessCount(LPCSTR peFileName)
{
    int result = 0;

    HANDLE hSnapshot;
    PROCESSENTRY32 pe;
    pe.dwSize=sizeof(pe);
    BOOL blExist=FALSE;
    char sPath[MAX_PATH] = "";
    strcpy(sPath,peFileName);

    size_t len = strlen(sPath);    
    hSnapshot=::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    if(hSnapshot<0goto L1;

    if(::Process32First(hSnapshot,&pe)==FALSE)
    {
        ::CloseHandle(hSnapshot); goto L1;
    }
    if(_strnicmp(sPath,pe.szExeFile,len)==0)
    {        
        ++ result;
    }

    while(::Process32Next(hSnapshot,&pe))
    {
        if(_strnicmp(sPath,pe.szExeFile,len)==0)
        {
            ++ result;
        } 
    }

L1: 
    ::CloseHandle(hSnapshot);
    return result;
}

Tommy Liang 2005-10-22 10:47 发表评论
]]>