题目:
A "winPS" program: output information about all the running processes.
–output details about each process: such as PID, executable file name and path, etc.
A "kill" command: terminate processes.
Tips:
–Ref "CreateToolHelp32Snapshot", Process32First“, "Process32Next " & "TerminateProcess"
主要思路:对MSDN提供的样例代码进行改动。
1. 这儿tips给的太明显了,不查都不好意思了。一查第一个,就找到了样例代码(可做本实验的框架)。 大概看了下剩下的几个。
2. 研究了一下样例代码(贴在最后),大概对win32的一些函数和机制有了了解。比如handle是干啥用的,几个主要函数的相互调用,几个宏定义的意义等。
下面开始改。
3. 样例代码跑了一次,该有的几乎都有了,主要是进程创建时间、在kernel里运行时间和在user space里运行的时间。
这个时间方面的实现用到了GerProcessTimes这个函数(上篇博文转载了),查了MSDN,后来百度几篇打得开的技术博文无果,果断FQ,开被墙掉的。尼玛一开就中,一篇好文坑爹 = =(事实证明有时不是百度渣,而是搜到了好东西都被墙掉了,勇敢地翻吧,少年...)照着国外大牛的代码捣鼓了一下,发现程序crash掉了。不奇怪,第一次嘛= =。看了看发现是在上面就把进程的handle给close掉了,擦,太渣了= =。果断调了下位置,在来一发,妈的,又crash...好吧,也很正常。发现crash之前warning输出了,OpenProcess failed. 这个就怪了,加了段时间有关的代码,怎么把进程都弄开不了了。于是乎凭直觉把时间的那段代码搬到了上面的else块里,在原先的CloseHandle( hProcess )之前。跑呗,无错~ 这错的就蛋疼了,看了好一会没找出来,之好放一边了。以后对windows编程理解更进一步的时候再回来看看!至少现在能跑了。= =
4. 接下来是文件流输出。因为都放在黑框框里,就只能看到最后那一丁点,所以还是导到文件里吧。C语言的文件流还是比较好用的。
嗯....慢着出了点问题。_tprintf( TEXT("\nPROCESS NAME: %s"), pe32.szExeFile );这货太有违和感了。问题在_tprintf和TEXT这。MSDN真的太给力了,一查,出来了。和条件编译有关(百科有)。大概就是,比如有char和wchar_t两种类型,但是我们不想时时刻刻在意到底现在这个变量是char还是wchar_t。如果编译器能帮我们搞定就最好了,好吧,果断能。这里_tprintf就自动对应printf或wprintf(wchar_t输出用),具体哪个你不用管。嗯,然后再查文件流输出相应的就OK了。接着是TEXT,也是个类似的东西。wchar_t的字符串要用L""来表示(char是"")。这里也是个转换的作用吧,我猜。
5. 文件流弄完了。剩下就是Kill进程。这个我觉得应该很水的。
唯一的问题在弄清上面条件编译的东西就好解决了。我之前主要是不知道怎么用wchar_t输入,现在一个_tscanf就搞定了。不用管对比的到底是wchar_t还是char,wcscmp可以解决。然后...就木有然后了。kill进程的时候输的进程名记得带.exe,靠,开始还以为出bug了,坑爹,挫= =。
下面是MSDN上的样例代码:
#include <windows.h> #include <tlhelp32.h> #include <tchar.h> #include <stdio.h> // Forward declarations: BOOL GetProcessList( ); BOOL ListProcessModules( DWORD dwPID ); BOOL ListProcessThreads( DWORD dwOwnerPID ); void printError( TCHAR* msg ); void main( ) { GetProcessList( ); } BOOL GetProcessList( ) { HANDLE hProcessSnap; HANDLE hProcess; PROCESSENTRY32 pe32; DWORD dwPriorityClass; // Take a snapshot of all processes in the system. hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ); if( hProcessSnap == INVALID_HANDLE_VALUE ) { printError( TEXT("CreateToolhelp32Snapshot (of processes)") ); return( FALSE ); } // Set the size of the structure before using it. pe32.dwSize = sizeof( PROCESSENTRY32 ); // Retrieve information about the first process, // and exit if unsuccessful if( !Process32First( hProcessSnap, &pe32 ) ) { printError( TEXT("Process32First") ); // show cause of failure CloseHandle( hProcessSnap ); // clean the snapshot object return( FALSE ); } // Now walk the snapshot of processes, and // display information about each process in turn do { printf( "\n\n=====================================================" ); _tprintf( TEXT("\nPROCESS NAME: %s"), pe32.szExeFile ); printf( "\n-----------------------------------------------------" ); // Retrieve the priority class. dwPriorityClass = 0; hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID ); if( hProcess == NULL ) printError( TEXT("OpenProcess") ); else { dwPriorityClass = GetPriorityClass( hProcess ); if( !dwPriorityClass ) printError( TEXT("GetPriorityClass") ); CloseHandle( hProcess ); } printf( "\n Process ID = 0x%08X", pe32.th32ProcessID ); printf( "\n Thread count = %d", pe32.cntThreads ); printf( "\n Parent process ID = 0x%08X", pe32.th32ParentProcessID ); printf( "\n Priority base = %d", pe32.pcPriClassBase ); if( dwPriorityClass ) printf( "\n Priority class = %d", dwPriorityClass ); // List the modules and threads associated with this process ListProcessModules( pe32.th32ProcessID ); ListProcessThreads( pe32.th32ProcessID ); } while( Process32Next( hProcessSnap, &pe32 ) ); CloseHandle( hProcessSnap ); return( TRUE ); } BOOL ListProcessModules( DWORD dwPID ) { HANDLE hModuleSnap = INVALID_HANDLE_VALUE; MODULEENTRY32 me32; // Take a snapshot of all modules in the specified process. hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID ); if( hModuleSnap == INVALID_HANDLE_VALUE ) { printError( TEXT("CreateToolhelp32Snapshot (of modules)") ); return( FALSE ); } // Set the size of the structure before using it. me32.dwSize = sizeof( MODULEENTRY32 ); // Retrieve information about the first module, // and exit if unsuccessful if( !Module32First( hModuleSnap, &me32 ) ) { printError( TEXT("Module32First") ); // show cause of failure CloseHandle( hModuleSnap ); // clean the snapshot object return( FALSE ); } // Now walk the module list of the process, // and display information about each module do { _tprintf( TEXT("\n\n MODULE NAME: %s"), me32.szModule ); _tprintf( TEXT("\n Executable = %s"), me32.szExePath ); printf( "\n Process ID = 0x%08X", me32.th32ProcessID ); printf( "\n Ref count (g) = 0x%04X", me32.GlblcntUsage ); printf( "\n Ref count (p) = 0x%04X", me32.ProccntUsage ); printf( "\n Base address = 0x%08X", (DWORD) me32.modBaseAddr ); printf( "\n Base size = %d", me32.modBaseSize ); } while( Module32Next( hModuleSnap, &me32 ) ); CloseHandle( hModuleSnap ); return( TRUE ); } BOOL ListProcessThreads( DWORD dwOwnerPID ) { HANDLE hThreadSnap = INVALID_HANDLE_VALUE; THREADENTRY32 te32; // Take a snapshot of all running threads hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 ); if( hThreadSnap == INVALID_HANDLE_VALUE ) return( FALSE ); // Fill in the size of the structure before using it. te32.dwSize = sizeof(THREADENTRY32); // Retrieve information about the first thread, // and exit if unsuccessful if( !Thread32First( hThreadSnap, &te32 ) ) { printError( TEXT("Thread32First") ); // show cause of failure CloseHandle( hThreadSnap ); // clean the snapshot object return( FALSE ); } // Now walk the thread list of the system, // and display information about each thread // associated with the specified process do { if( te32.th32OwnerProcessID == dwOwnerPID ) { printf( "\n\n THREAD ID = 0x%08X", te32.th32ThreadID ); printf( "\n Base priority = %d", te32.tpBasePri ); printf( "\n Delta priority = %d", te32.tpDeltaPri ); } } while( Thread32Next(hThreadSnap, &te32 ) ); CloseHandle( hThreadSnap ); return( TRUE ); } void printError( TCHAR* msg ) { DWORD eNum; TCHAR sysMsg[256]; TCHAR* p; eNum = GetLastError( ); FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, eNum, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language sysMsg, 256, NULL ); // Trim the end of the line and terminate it with a null p = sysMsg; while( ( *p > 31 ) || ( *p == 9 ) ) ++p; do { *p-- = 0; } while( ( p >= sysMsg ) && ( ( *p == '.' ) || ( *p < 33 ) ) ); // Display the message _tprintf( TEXT("\n WARNING: %s failed with error %d (%s)"), msg, eNum, sysMsg ); }