Enumeration local-remote NT System Process

 

 

　 In Windows, the tool taskmgr.exe can be used to view the process information of the current system in more detail. However, it is a Windows GUI program. sometimes do you think that the command line is more convenient? In fact, there are already many tools for listing system processes under the command line.

A process is usually defined as an instance of a running program. It consists of two parts:

 

　 <1> the kernel objects used by the operating system to manage processes. The kernel object is also used by the system to store statistics about processes.

 

　 <2> address space. It contains the code and data of all executable modules or DLL modules. It also contains space for dynamic memory allocation, such as the thread stack and heap allocation.

 

There are about four methods to implement enumeration system processes, one of which can be used to enumerate remoteThe process of the NT system must have the administrator privilege of the remote system.

 

 

 

<Part 1: calling the PSAPI function to enumerate system processes>

 

　　M $'s Windows NT Development Team developed its own Process Status function, which is included in the PSAPI. DLL file and can only be used in Versions later than NT4.0. There are 14 Functions in PSAPI [actual PSAPI. there are 19 DLL output functions, but five of them have two versions: ANSI and Unicode.] by calling these functions, we can easily obtain all information about the system process, such as the process name, process ID, parent process ID, process priority, and list of modules mapped to the process space. For convenience, the following example program only obtains the process name and ID.

 

A simple program is as follows:

 

/*************************************** **********************************

 

Module: ps. c

 

Description: CallThe PSAPI function enumeration system process name and ID, Only for NT/2000

 

**************************************** *********************************/

 

# Include

 

# Include

 

# Include "psapi. h"

 

 

 

# Pragma comment (lib, "psapi. lib ")

 

 

 

Void PrintProcessNameAndID (DWORD processID)

 

{

 

　　Char szProcessName [MAX_PATH] = "unknown ";

 

　　// Obtain the Process Handle

 

　　HANDLE hProcess = OpenProcess (PROCESS_QUERY_INFORMATION |

 

　　　　　　　　　　　　　　　　　PROCESS_VM_READ,

 

　　　　　　　　　 　　　　　　　FALSE, processID );

 

　　// Obtain the process name

 

　　If (hProcess)

 

　　{

 

　　　　HMODULE hMod;

 

　 　　DWORD cbNeeded;

 

　　　　If (EnumProcessModules (hProcess, & hMod, sizeof (hMod), & cbNeeded ))

 

　　　　　GetModuleBaseName (hProcess, hMod, szProcessName,

 

Sizeof (szProcessName ));

 

　　}

 

　　// Echo process name and ID

 

　　Printf ("%-20 s %-20d", szProcessName, processID );

 

　　CloseHandle (hProcess );

 

}

 

 

 

Void main ()

 

{

 

　　DWORD aProcesses [1024], cbNeeded, cProcesses;

 

　　Unsigned int I;