|
Here is my code snippets ... it will works for the process having the username and domain attached to them having the same value for the user from the exe is called ...
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <stdio.h>
#include <Aclapi.h>
// Forward declarations:
BOOL GetProcessList();
BOOL ListProcessModules( DWORD dwPID );
BOOL ListProcessThreads( DWORD dwOwnerPID );
void printError( TCHAR* msg );
void getuserProcess(HANDLE);
char filename[250];
DWORD pid = 0;
int isAlive = 0;
void main( )
{
GetProcessList();
getchar();
}
BOOL GetProcessList()
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
HANDLE userhp;
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
printError( TEXT("CreateToolhelp32Snapshot (of processes)") );
return( FALSE );
}
// Set the size of the structure before using it.
pe32.dwSize = sizeof( PROCESSENTRY32 );
// Retrieve information about the first process,
// and exit if unsuccessful
if( !Process32First( hProcessSnap, &pe32 ) )
{
printError( TEXT("Process32First") ); // show cause of failure
CloseHandle( hProcessSnap ); // clean the snapshot object
return( FALSE );
}
// Now walk the snapshot of processes, and
// display information about each process in turn
do
{
isAlive =1 ;
dwPriorityClass = 0;
printf("\n-----------ProcessName [%s]\n ",pe32.szExeFile);
printf( "\n Process ID = %04d", pe32.th32ProcessID );
pid = pe32.th32ProcessID;
printf( "\n Thread count = %d", pe32.cntThreads );
printf( "\n Parent process ID = %d", pe32.th32ParentProcessID );
printf( "\n Priority base = %d", pe32.pcPriClassBase );
if( dwPriorityClass )
printf( "\n Priority class = %d", dwPriorityClass );
userhp = OpenProcess( PROCESS_ALL_ACCESS, TRUE, pe32.th32ProcessID );
getuserProcess(userhp);
} while( Process32Next( hProcessSnap, &pe32 ) );
CloseHandle( hProcessSnap );
return 0;
}
void getuserProcess( HANDLE pid)
{
PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PSID psidOwner = NULL; TCHAR lpName[256];
TCHAR lpReferencedDomainName[256];
SID_NAME_USE eUse;
if (ERROR_SUCCESS == GetSecurityInfo(pid,//GetCurrentProcess(),// HANDLE handle,
SE_KERNEL_OBJECT, //SE_OBJECT_TYPE ObjectType,
OWNER_SECURITY_INFORMATION, //SECURITY_INFORMATION SecurityInfo,
&psidOwner, //PSID* ppsidOwner,
NULL, //PSID* ppsidGroup,
NULL, //PACL* ppDacl,
NULL, //PACL* ppSacl,
&pSecurityDescriptor // PSECURITY_DESCRIPTOR* ppSecurityDescriptor
))
{ DWORD cchName = 256;
DWORD cchReferencedDomainName = 256;
if (LookupAccountSid( NULL, // LPCTSTR lpSystemName,
psidOwner, //PSID lpSid,
lpName, //LPTSTR lpName,
&cchName, //LPDWORD cchName,
lpReferencedDomainName, //LPTSTR lpReferencedDomainName,
&cchReferencedDomainName, //LPDWORD cchReferencedDomainName,
&eUse //PSID_NAME_USE peUse
))
{
printf("UserName is [%s]",lpName);
printf("UserDomain is [%s]",lpReferencedDomainName);
LocalFree(pSecurityDescriptor);
}
}
}
void printError( TCHAR* msg )
{
DWORD eNum;
TCHAR sysMsg[256];
TCHAR* p;
eNum = GetLastError( );
FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, eNum,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
sysMsg, 256, NULL );
// Trim the end of the line and terminate it with a null
p = sysMsg;
while( ( *p > 31 ) || ( *p == 9 ) )
++p;
do { *p-- = 0; } while( ( p >= sysMsg ) &&
( ( *p == '.' ) || ( *p < 33 ) ) );
// Display the message
_tprintf( TEXT("\n WARNING: %s failed with error %d (%s)"), msg, eNum, sysMsg );
}
and a sample output
-----------------------
Process ID = 1604
Thread count = 9
Parent process ID = 268
Priority base = 8
-----------ProcessName [UMCSTUB.EXE]
Process ID = 1632
Thread count = 5
Parent process ID = 268
Priority base = 8
-----------ProcessName [dfssvc.exe]
Process ID = 1760
Thread count = 3
Parent process ID = 268
Priority base = 8
-----------ProcessName [msdtc.exe]
Process ID = 1780
Thread count = 23
Parent process ID = 268
Priority base = 8
-----------ProcessName [rcHost.exe]
Process ID = 1844
Thread count = 9
Parent process ID = 268
Priority base = 10
-----------ProcessName [svchost.exe]
Process ID = 1812
Thread count = 10
Parent process ID = 268
Priority base = 8
-----------ProcessName [DLLHOST.EXE]
Process ID = 3056
Thread count = 8
Parent process ID = 500
Priority base = 8
-----------ProcessName [CAF.exe]
Process ID = 3052
Thread count = 33
Parent process ID = 268
Priority base = 8
-----------ProcessName [cfsmsmd.exe]
Process ID = 1708
Thread count = 15
Parent process ID = 3052
Priority base = 8
-----------ProcessName [ccnfAgent.exe]
Process ID = 3044
Thread count = 5
Parent process ID = 3052
Priority base = 8
-----------ProcessName [cfnotsrvd.exe]
Process ID = 2284
Thread count = 17
Parent process ID = 3052
Priority base = 8
-----------ProcessName [ccsmagtd.exe]
Process ID = 2952
Thread count = 7
Parent process ID = 3052
Priority base = 8
-----------ProcessName [rcHost.exe]
Process ID = 2376
Thread count = 8
Parent process ID = 3052
Priority base = 13
-----------ProcessName [amswmagt.exe]
Process ID = 2408
Thread count = 7
Parent process ID = 3052
Priority base = 8
-----------ProcessName [capmuamagt.exe]
Process ID = 2468
Thread count = 4
Parent process ID = 3052
Priority base = 8
-----------ProcessName [cfFTPlugin.exe]
Process ID = 1644
Thread count = 7
Parent process ID = 3052
Priority base = 8
-----------ProcessName [dm_primer.exe]
Process ID = 2720
Thread count = 4
Parent process ID = 780
Priority base = 8
-----------ProcessName [CMD.EXE]
Process ID = 0572
Thread count = 1
Parent process ID = 3308
Priority base = 8UserName is [vineesh.v]UserDomain is [POLARIS]
-----------ProcessName [nlnotes.exe]
Process ID = 3352
Thread count = 24
Parent process ID = 3672
Priority base = 8UserName is [vineesh.v]UserDomain is [POLARIS]
-----------ProcessName [ntaskldr.exe]
Process ID = 3724
Thread count = 8
Parent process ID = 3352
Priority base = 8UserName is [vineesh.v]UserDomain is [POLARIS]
-----------ProcessName [explorer.exe]
Process ID = 3376
Thread count = 14
Parent process ID = 212
Priority base = 8UserName is [vineesh.v]UserDomain is [POLARIS]
-----------ProcessName [MSDEV.EXE]
Process ID = 1700
Thread count = 10
Parent process ID = 3376
Priority base = 8UserName is [vineesh.v]UserDomain is [POLARIS]
-----------ProcessName [editplus.exe]
Process ID = 3176
Thread count = 4
Parent process ID = 3376
Priority base = 8UserName is [vineesh.v]UserDomain is [POLARIS]
-----------ProcessName [IEXPLORE.EXE]
Process ID = 3636
Thread count = 16
Parent process ID = 3376
Priority base = 8UserName is [vineesh.v]UserDomain is [POLARIS]
-----------ProcessName [abc.exe]
Process ID = 3480
Thread count = 4
Parent process ID = 3376
Priority base = 8UserName is [vineesh.v]UserDomain is [POLARIS]
-----------ProcessName [VCSPAWN.EXE]
Process ID = 3356
Thread count = 1
Parent process ID = 1700
Priority base = 8UserName is [vineesh.v]UserDomain is [POLARIS]
-----------ProcessName [filops.exe]
Process ID = 1088
Thread count = 1
Parent process ID = 3356
Priority base = 8UserName is [vineesh.v]UserDomain is [POLARIS]
---------------------------------------------------------------------
The process having user as system are failed ...
vineesh
|
|
|
|
|
Try the following which adjust the current process priviledge to get remote process info.
HANDLE hToken = NULL;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES,
&hToken))
{
if (SetPrivilege(hToken, SE_DEBUG_NAME, TRUE))
{
HANDLE hProcess = OpenProcess( READ_CONTROL | ACCESS_SYSTEM_SECURITY ,
TRUE, dwprocessID);
if (hProcess)
{
getuserProcess(hProcess);
CloseHandle(hProcess);
}
SetPrivilege(hToken, SE_DEBUG_NAME, FALSE);
}
CloseHandle(hToken);
}
SetPrivilege function is here[^]
|
|
|
|
|
|
Hi all
Could anyone please let me know whats the equivalent API for "cacls command" ?
(cacls is used to modify the user rights settings on a file)
As of now I use ShellExecute to run the batch file which contains this cmd . I would like to avoid using batch file .
Thanks in advance .
redindian
|
|
|
|
|
Haven't you searched msdn Access Control Lists[^]
dharani wrote: As of now I use ShellExecute to run the batch file which contains this cmd . I would like to avoid using batch file .
If so, why don't you execute the command directly using ShellExecute without a batch file.
|
|
|
|
|
|
Hi all,
Actually i am new to VC2005. My problem is whenever i am trying to add any function say OnCtlColor to my class a message is displayed that Add/remove operation is not possible because the code element is read-only.
I am not getting how to correct it...
Can anybody help me in correcting it...
Thanks in advance
|
|
|
|
|
the header and cpp file might me readonly. Remove the read only attribute of that files.
|
|
|
|
|
And sometimes it also happens when the .ncb file gets into crazy. Close the solution and re-open it should help.
Maxwell Chen
|
|
|
|
|
Steps:
1. Switch to [Class View] tab, and highlight the class name you are going to add OnCtlColor . (It must be a CWnd based class)
2. Right-click at that name, and choose [Peoperties].
3. You are lead to [Properties] tab. You will see an icon-only button which has the name [Messages]. Click that [Messages] button.
4. The view will list all the available messages including WM_CTLCOLOR.
Then you know what to do.
Maxwell Chen
|
|
|
|
|
I have experienced this bug in Visual Studio 2005 in several of my projects. Its very annoying and I hope it was fixed in 2008.
I found a strange way to fix the bug but it works almost everytime for me.
1.) Open the header file and copy the entire contents of the header into the corresponding CPP file at the very top.
2.) Close Visual Studio 2005.
3.) Delete the Intellisense database with the extension .NCB
4.) Re-open Visual Studio 2005 and wait a few seconds for the Intellisense database to rebuild.
5.) Try to add your OnCtlColor message handler again.
6.) Copy and paste your header contents back into the .H file.
Let me know if it works for you!
-Randor (David Delaune)
|
|
|
|
|
That sequence fixes so many bugs that they should have put a big button
on the UI that does the sequence automatically LOL
Cheers,
Mark
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
Randor wrote: I have experienced this bug in Visual Studio 2005 in several of my projects. Its very annoying and I hope it was fixed in 2008.
I fear not... just had a similar problem myself in VS 2008, and deleting the .ncb fixed the issue here too.
Cheers,
Billy.
MCPD Windows Developer
"Duct tape is like the force, it has a light side, a dark side and it holds the universe together!" - Anonymous
my holding page..more coming soon!
|
|
|
|
|
Wow, looks like I posted that back in March 2008. I am also using VS2008 now and it seems that it happens less often but the problem has not gone away. It seems that it mostly happens in my very large C++ projects. I guess we can only hope that VS2010 will have permanently squashed this little annoyance.
I am glad that the post helped you fix your issue.
Best Wishes,
-David Delaune
|
|
|
|
|
Hi all,
Can anybody please tell me why CWinApp class have only one object?
Thanks in advance
|
|
|
|
|
Because MFC was designed that way. The one object wraps all the app instance
info that Windows apps have only one of, like the HINSTANCE, and the commandline
params passed. It also holds any other application-wide stuff of which there can only be one.
That makes it a nice place to hide app-wide variables that in the old days would be global.
Plus it makes no sense to have more than one app object in a single app.
Mark
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
neha.agarwal27 wrote: Can anybody please tell me why CWinApp class have only one object?
because it the base class for the application class. It is needless to have more than one application class for one application. The implementation has dependency on the global object obtained from AfxGetApp(), which is used by the AfxWinMain from winMain. Then it is similar to ask why only one main function for an application.
"The main application class in MFC encapsulates the initialization, running, and termination of an application for the Windows operating system. An application built on the framework must have one and only one object of a class derived from CWinApp." from msdn.
|
|
|
|
|
neha.agarwal27 wrote: Can anybody please tell me why CWinApp class have only one object?
Adding to the above replies, think of it logically. You may have many dialogs, documents, menus, etc., But how many applications are you writing code for? 1? So, the one and only CWinApp derivative would represent your application and you have only one of it.
Nobody can give you wiser advice than yourself. - Cicero
.·´¯`·->Rajesh<-·´¯`·.
Codeproject.com: Visual C++ MVP
|
|
|
|
|
It's the unum et simplex rule.
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong.
-- Iain Clarke
|
|
|
|
|
|
Also note, C++ supports falling case (unlike C#), whereby if there is no break keyword, the next case is evaluated as well. This comes handy is some cases.
|
|
|
|
|
|
int me = 0;
switch(me)
{
case 0:
cout<<"I need a C++ book"<<endl;
break;
default:
cout<<"I still need a C++ book"<<endl;
break;
}
Nobody can give you wiser advice than yourself. - Cicero
.·´¯`·->Rajesh<-·´¯`·.
Codeproject.com: Visual C++ MVP
|
|
|
|
|
Rajesh R Subramanian wrote: int me = 0; switch(me) { case 0: cout<<"I will read a C++ book"<<endl; break; default: cout<<"I am badly in need of a C++ book"<<endl; break; }
he he he nice one1
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow Never mind - my own stupidity is the source of every "problem" - Mixture
cheers,
Alok Gupta
VC Forum Q&A :- I/ IV
Support CRY- Child Relief and You/codeProject$$>
|
|
|
|
|
|