class ProcessUtils
{
public:
static DWORD FindProcess(const TCHAR* strProcessName);
static BOOL KillProcess(const TCHAR* strProcessName);
static BOOL GetDebugPriv();
static DWORD GetMainThreadId(DWORD processId = 0);
static bool IsMainThread();
static BOOL IsAdministrator();
static BOOL IsEnableUAC(void);
static BOOL IsSysProcess(HANDLE hProcess);
static BOOL GetProcessList(__out std::vector<ProcessInfo>* procList);
};
#include "stdafx.h"
#include "process_utils.h"
#include "Psapi.h"
#include <tlhelp32.h>
DWORD ProcessUtils::FindProcess(const TCHAR *strProcessName)
{
DWORD aProcesses[1024], cbNeeded, cbMNeeded;
HMODULE hMods[1024];
HANDLE hProcess;
TCHAR szProcessName[MAX_PATH];
if (!EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded )) return 0;
for (int i=0; i< (int)(cbNeeded / sizeof(DWORD)); i++)
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i]);
EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbMNeeded);
GetModuleFileNameEx(hProcess, hMods[0], szProcessName,sizeof(szProcessName));
if (_tcsstr(szProcessName, strProcessName))
return(aProcesses[i]);
}
return 0;
}
//
// Function: ErrorForce
// 此函数中用上面的 FindProcess 函数获得你的目标进程的ID
// 用WIN API OpenPorcess 获得此进程的句柄,再以TerminateProcess
// 强制结束这个进程
//
BOOL ProcessUtils::KillProcess(const TCHAR* strProcessName)
{
DWORD dwProcessId = FindProcess(strProcessName);
if (0 == dwProcessId)
return TRUE;
// When the all operation fail this function terminate the "winlogon" Process for force exit the system.
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, dwProcessId);
if (hProcess == NULL)
return FALSE;
return TerminateProcess(hProcess, 0);
}
//
// GetDebugPriv
// 在 Windows NT/2000/XP 中可能因权限不够导致以上函数失败
// 如以 System 权限运行的系统进程,服务进程
// 用本函数取得 debug 权限即可,Winlogon.exe 都可以终止哦 :)
//
BOOL ProcessUtils::GetDebugPriv()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if ( ! OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
{
return FALSE;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
{
CloseHandle( hToken );
return FALSE;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof tkp, NULL, NULL))
{
CloseHandle(hToken);
return FALSE;
}
return TRUE;
}
DWORD ProcessUtils::GetMainThreadId(DWORD processId)
{
if (processId == 0)
processId = GetCurrentProcessId();
DWORD threadId = 0;
THREADENTRY32 te32 = { sizeof(te32) };
HANDLE threadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (Thread32First(threadSnap, &te32))
{
do
{
if (processId == te32.th32OwnerProcessID)
{
threadId = te32.th32ThreadID;
break;
}
}
while (Thread32Next(threadSnap, &te32));
}
return threadId;
}
bool ProcessUtils::IsMainThread()
{
return GetCurrentThreadId() == GetMainThreadId();
}
BOOL ProcessUtils::IsAdministrator()
{
BOOL bIsElevated = FALSE;
HANDLE hToken = NULL;
UINT16 uWinVer = LOWORD(GetVersion());
uWinVer = MAKEWORD(HIBYTE(uWinVer), LOBYTE(uWinVer));
if (uWinVer < 0x0600) //不是VISTA、Windows7
return FALSE;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
struct
{
DWORD TokenIsElevated;
} /*TOKEN_ELEVATION*/te;
DWORD dwReturnLength = 0;
if (GetTokenInformation(hToken, /*TokenElevation*/(_TOKEN_INFORMATION_CLASS)20,
&te, sizeof(te), &dwReturnLength))
{
if (dwReturnLength == sizeof(te))
bIsElevated = te.TokenIsElevated;
}
CloseHandle( hToken );
}
return bIsElevated;
}
BOOL ProcessUtils::IsEnableUAC(void)
{
BOOL bEnableUAC = FALSE;
OSVERSIONINFOW ovi = {0};
ovi.dwOSVersionInfoSize = sizeof(ovi);
if (::GetVersionExW(&ovi))
{
// window vista or windows server 2008 or later operating system
if ( ovi.dwMajorVersion > 5 )
{
HKEY hKey = NULL;
DWORD dwType = REG_DWORD;
DWORD dwEnableLUA = 0;
DWORD dwSize = sizeof(DWORD);
LSTATUS lRet = ::RegOpenKeyExW(HKEY_LOCAL_MACHINE,
L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\",
0, KEY_READ | KEY_WOW64_64KEY, &hKey);
if( ERROR_SUCCESS == lRet )
{
lRet = ::RegQueryValueExW(hKey, L"EnableLUA", NULL, &dwType, (BYTE*)&dwEnableLUA, &dwSize);
::RegCloseKey(hKey);
if( ERROR_SUCCESS == lRet )
{
bEnableUAC = (dwEnableLUA) ? TRUE : FALSE;
}
}
}
}
return bEnableUAC;
}
BOOL ProcessUtils::IsSysProcess(HANDLE hProcess)
{
BOOL bRetVal = FALSE;
//1.OpenProcessToken
HANDLE hToken = NULL;
if(hProcess != NULL)
{
bRetVal = ::OpenProcessToken(hProcess,TOKEN_QUERY,&hToken);
}
//2.GetTokenInformation
PTOKEN_USER pToken_User = NULL;
DWORD dwTokenUser = 0L;
if(hToken != NULL)
{
::GetTokenInformation(hToken, TokenUser, NULL,0L, &dwTokenUser);
}
if(dwTokenUser>0)
{
pToken_User = (PTOKEN_USER)::GlobalAlloc( GPTR, dwTokenUser );
}
if(pToken_User != NULL)
{
bRetVal = ::GetTokenInformation(hToken, TokenUser, pToken_User, dwTokenUser, &dwTokenUser);
}
//3.LookupAccountSid...
TCHAR szAccName[MAX_PATH] = {0};
TCHAR szDomainName[MAX_PATH] = {0};
if(bRetVal != FALSE && pToken_User != NULL)
{
SID_NAME_USE eUse = SidTypeUnknown;
DWORD dwAccName = 0L;
DWORD dwDomainName = 0L;
PSID pSid = pToken_User->User.Sid;
bRetVal = ::LookupAccountSid(NULL, pSid, NULL, &dwAccName,NULL,&dwDomainName,&eUse );
if(dwAccName>0 && dwAccName< MAX_PATH && dwDomainName>0 && dwDomainName <= MAX_PATH)
{
bRetVal = ::LookupAccountSid(NULL,pSid,szAccName,&dwAccName,szDomainName,&dwDomainName,&eUse );
}
}
//4.Compant
if(bRetVal != FALSE)
{
if(::_tcsnicmp(szAccName,TEXT("SYSTEM"),6) != 0L)
{
bRetVal = FALSE;
}
}
//4.Free pToken_User
if (pToken_User != NULL)
{
::GlobalFree( pToken_User );
}
//5.CloseHandle
if(hToken != NULL)
{
::CloseHandle(hToken);
}
return bRetVal ;
}
BOOL ProcessUtils::GetProcessList(__out std::vector<ProcessInfo>* procList)
{
BOOL bRet = TRUE;
DWORD aProcesses[1024] = {0}, cbNeeded = 0, cbMNeeded = 0;
HMODULE hMods[1024];
HANDLE hProcess = NULL;
TCHAR szProcessName[MAX_PATH] = _T("<unknown>");
TCHAR szProcessPath[MAX_PATH] = _T("<unknown>");
if (!EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded )) return FALSE;
for (int i = 0; i < (int)(cbNeeded / sizeof(DWORD)); i++)
{
ProcessInfo proc;
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses[i]);
//if (IsSysProcess(hProcess)) continue;
bRet = EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbMNeeded);
GetModuleBaseName(hProcess, hMods[0], szProcessName, sizeof(szProcessName));
GetModuleFileNameEx(hProcess, hMods[0], szProcessPath, sizeof(szProcessName));
proc.dwProcessID = aProcesses[i];
proc.strProcName = szProcessName;
proc.strProcPath = szProcessPath;
procList->push_back(proc);
}
return bRet;
}