使用C 中的Win32_Process.getowner
Using Win32_Process.GetOwner in C++
我正在尝试使用WMI类win32_process获取运行过程列表以及每个过程所有者的用户。使用MSDN(MSDN)的枚举示例,使用win32_process在C 中使用WIN32_PROCESS进行枚举并不困难,并且简单地将Win32_OperatingSystem更改为win32_process。我发现,通过使用win32_process的getowner方法,我可以获取流程所有者的用户和域。在VB(MSDN)中,有一个很好的例子,该例子表明我可以使用枚举对象在枚举中的任何给定点调用getOnder的特定实例,以获取流程信息。
我试图使用代码示例(MSDN)进行"调用提供商方法"来弄清楚如何将方法调用到Gotowner,但我无法弄清楚如何使其正常工作。我正在不断撞到路障。通常,我得到无效的方法参数。进行以下代码块
BSTR MethodName = SysAllocString(L"GetOwner");
BSTR ClassName = SysAllocString(L"Win32_Process");
IWbemClassObject* pClass = NULL;
hres = pSvc->GetObject(ClassName, 0, NULL, &pClass, NULL);
printf("[1] hres = %08xn", hres);
IWbemClassObject* pInParamsDefinition = NULL;
IWbemClassObject* pOutParams = NULL;
hres = pClass->GetMethod(MethodName, 0, &pInParamsDefinition, &pOutParams);
printf("[2] hres = %08x (%08x, %08x)n", hres, pInParamsDefinition, pOutParams);
// Execute Method
hres = pSvc->ExecMethod(L"Win32_Process", MethodName, 0, NULL, NULL, &pOutParams, NULL);
VARIANT varReturnValue;
hres = pOutParams->Get(_bstr_t(L"ReturnValue"), 0,
&varReturnValue, NULL, 0);
wprintf(L"The command is: %sn", V_BSTR(&varReturnValue));
getowner没有输入参数,当我调用getMethod时,pinparamsdefinition始终返回null,而poutparams则返回ptr。由于没有指针返回PinParamsDefinition,因此我无法提供输入,因此我不知道如何解决无效的方法参数问题。显然,WMI编程不是我最强大的技能:)
我在这里缺少什么?
在一会儿杂乱无章的一段时间后,我终于找出了自己问题的答案。问题是您需要指定要执行该方法反对的对象。为此,您调用getObject(" __路径",...)获取通往当前枚举对象的路径,然后将getObject(a bstr)的结果传递给execmethod作为第一个参数。这说明了该方法,在我的情况下,您要执行的内容。这是我写的一个示例程序,该程序丢弃了当前的流程列表及其所有者。
#define _WIN32_DCOM
#include <iostream>
using namespace std;
#include <comdef.h>
#include <Wbemidl.h>
#pragma comment(lib, "wbemuuid.lib")
int main(int argc, char **argv)
{
HRESULT hres;
// Step 1: --------------------------------------------------
// Initialize COM. ------------------------------------------
hres = CoInitializeEx(0, COINIT_MULTITHREADED);
if (FAILED(hres))
{
cout << "Failed to initialize COM library. Error code = 0x"
<< hex << hres << endl;
return 1; // Program has failed.
}
// Step 2: --------------------------------------------------
// Set general COM security levels --------------------------
hres = CoInitializeSecurity(
NULL,
-1, // COM authentication
NULL, // Authentication services
NULL, // Reserved
RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication
RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation
NULL, // Authentication info
EOAC_NONE, // Additional capabilities
NULL // Reserved
);
if (FAILED(hres))
{
cout << "Failed to initialize security. Error code = 0x"
<< hex << hres << endl;
CoUninitialize();
return 1; // Program has failed.
}
// Step 3: ---------------------------------------------------
// Obtain the initial locator to WMI -------------------------
IWbemLocator *pLoc = NULL;
hres = CoCreateInstance(
CLSID_WbemLocator,
0,
CLSCTX_INPROC_SERVER,
IID_IWbemLocator, (LPVOID *)&pLoc);
if (FAILED(hres))
{
cout << "Failed to create IWbemLocator object."
<< " Err code = 0x"
<< hex << hres << endl;
CoUninitialize();
return 1; // Program has failed.
}
// Step 4: -----------------------------------------------------
// Connect to WMI through the IWbemLocator::ConnectServer method
IWbemServices *pSvc = NULL;
// Connect to the rootcimv2 namespace with
// the current user and obtain pointer pSvc
// to make IWbemServices calls.
hres = pLoc->ConnectServer(
_bstr_t(L"ROOT\CIMV2"), // Object path of WMI namespace
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (for example, Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
if (FAILED(hres))
{
cout << "Could not connect. Error code = 0x"
<< hex << hres << endl;
pLoc->Release();
CoUninitialize();
return 1; // Program has failed.
}
cout << "Connected to ROOT\CIMV2 WMI namespace" << endl;
// Step 5: --------------------------------------------------
// Set security levels on the proxy -------------------------
hres = CoSetProxyBlanket(
pSvc, // Indicates the proxy to set
RPC_C_AUTHN_WINNT, // RPC_C_AUTHN_xxx
RPC_C_AUTHZ_NONE, // RPC_C_AUTHZ_xxx
NULL, // Server principal name
RPC_C_AUTHN_LEVEL_CALL, // RPC_C_AUTHN_LEVEL_xxx
RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
NULL, // client identity
EOAC_NONE // proxy capabilities
);
if (FAILED(hres))
{
cout << "Could not set proxy blanket. Error code = 0x"
<< hex << hres << endl;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 1; // Program has failed.
}
BSTR MethodName = SysAllocString(L"GetOwner");
BSTR ClassName = SysAllocString(L"Win32_Process");
// get the object containing our desired method
IWbemClassObject* pClass = NULL;
hres = pSvc->GetObject(ClassName, 0, NULL, &pClass, NULL);
if (FAILED(hres))
{
printf("GetObject hres = %08xn", hres);
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 1;
}
// get the desired method
// in our case, we only need pmethodGetOwner since GetOwner really only has output
IWbemClassObject* pmethodGetOwner = NULL;
hres = pClass->GetMethod(MethodName, 0, NULL, &pmethodGetOwner);
if (FAILED(hres))
{
printf("GetMethod hres = %08xn", hres);
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 1;
}
// spawn the instance of the method
IWbemClassObject* pInInst = NULL;
hres = pmethodGetOwner->SpawnInstance(0, &pInInst);
if (FAILED(hres))
{
printf("SpawnInstance hres = %08xn", hres);
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 1;
}
// Step 6: --------------------------------------------------
// Use the IWbemServices pointer to make requests of WMI ----
// For example, get the name of the operating system
IEnumWbemClassObject* pEnumerator = NULL;
hres = pSvc->ExecQuery(
bstr_t("WQL"),
bstr_t("SELECT * FROM Win32_Process"),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
NULL,
&pEnumerator);
if (FAILED(hres))
{
cout << "Query for operating system name failed."
<< " Error code = 0x"
<< hex << hres << endl;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 1; // Program has failed.
}
// Step 7: -------------------------------------------------
// Get the data from the query in step 6 -------------------
IWbemClassObject *pclsObj = NULL;
ULONG uReturn = 0;
while (pEnumerator)
{
HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn);
if (0 == uReturn)
{
break;
}
VARIANT vtProp;
VARIANT vtProcName;
VARIANT vtDomain;
VARIANT vtUsername;
// Get the value of the Name property
hr = pclsObj->Get(L"Name", 0, &vtProcName, 0, 0);
if (FAILED(hres))
{
printf("Failed to get the process's namen");
pclsObj->Release();
continue;
}
// Get the PATH to the object in question
// the result in vtProp is similar to '\name_of_computerROOTCIMV2:Win32_Process.Handle="pid_of_process"'
hr = pclsObj->Get(L"__PATH", 0, &vtProp, 0, 0);
if (FAILED(hres))
{
printf("Failed to get the path to the objectn");
pclsObj->Release();
continue;
}
// Execute Method against the object defined by the __PATH variable
hres = pSvc->ExecMethod(vtProp.bstrVal, MethodName, 0, NULL, NULL, &pmethodGetOwner, NULL);
if (FAILED(hres))
{
wprintf(L"Failed to execute the method against %sn", vtProp.bstrVal);
pclsObj->Release();
continue;
}
// extract the results
hres = pmethodGetOwner->Get(L"User", 0, &vtUsername, NULL, 0);
if (FAILED(hres))
{
printf("Failed to get the owner's namen");
pclsObj->Release();
continue;
}
pmethodGetOwner->Get(L"Domain", 0, &vtDomain, NULL, 0);
if (FAILED(hres))
{
printf("Failed to get the owner's domainn");
pclsObj->Release();
continue;
}
// print the output to screen
wprintf(L"Process: %s. Domain\User: %s\%sn", V_BSTR(&vtProcName), V_BSTR(&vtDomain), V_BSTR(&vtUsername));
// release/cleanup resources we used this go around
VariantClear(&vtProcName);
VariantClear(&vtProp);
VariantClear(&vtDomain);
VariantClear(&vtUsername);
pclsObj->Release();
}
// Cleanup
// ========
pSvc->Release();
pLoc->Release();
pEnumerator->Release();
CoUninitialize();
return 0; // Program successfully completed.
}
我能够弄清楚所有这些,这要归功于2002年的Google组上的随机发布("这是WBEM WMI WMI C 示例")。
我希望将来对其他人有帮助。
- "Unable to start debugging. No process is associated with this object." - 在Visual Studio Code中使用GDB
- 以某种方式告诉编译器"Do not process line of code"
- 尝试通过Process Pipe发送/接收到python包装器,c ++代码
- Boost::process on Windows - with MinGW?
- 如何将IEnumerable与Process.Start的输出事件处理程序一起使用?
- 使用单独的参数调用"boost::process::system()"时,获取"execv
- Boost.Process - 从具有休眠循环的进程读取
- AWS Lambda C++ 开发工具包"Process exited before completing request"
- 保持 boost.process 在函数之外处于活动状态,该函数被调用
- AActor *UactorComponent::GetOwner const - 不允许指向不完整类类型的指针
- 使用boost.process同时读取和写入孩子的STDIO
- Android 从 Runtime.exec() 或 Java.Process() 执行本机库
- c++ get Process.GetCurrentProcess().SessionId
- BOOST PROCESS RUNTUN()和EXIT_CODE()线程安全
- 传递向量或论点以bubost :: process(boost :: fusion)
- 即使包含 process.h,_beginthreadex 和 _endthreadex 也是未定义的
- 我的程序在尝试将数据集追加到类对象时遇到"Process returned -1073741819 (0xC0000005)"
- 程序在使用异步的 Boost.Process 调用 std::future.get() 后挂起
- 如何在 boost.process 间共享内存中使用复杂结构"push_back"函数向量
- getowner()导致虚幻编辑器崩溃