当前位置：文江博客话题详情

程序如何判断另一个进程是否正在作为服务运行？

发布于 2024-08-31 15:42:30 字数 249 浏览 5 评论 0原文

我有一个 Win32 程序，我可以直接监视另一个 Win32 进程。

我想找到一种方法让监控程序确定被监控的进程是否作为Win32服务运行。

并非所有服务都作为 SYSTEM 运行，也不是所有服务都将 services.exe 作为直接父级，因此我认为这些明显的技术不够强大。

需要明确的是，我正在寻找的是一种编写函数的方法：

bool isService(HANDLE aProcessHandle) { ... }

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

蓬勃野心 2024-09-07 15:42:30

您可以使用 WMI 轻松完成此操作。我意识到您没有指定 C#，但 WMI api 可以以非常相似的方式在所有平台上使用。

首先，我们需要一个形状像 Win32_Service 的对象

public class Win32_Service
{
    public Win32_Service(ManagementBaseObject obj)
    {

        AcceptPause = (bool)(obj["AcceptPause"] ?? false);
        AcceptStop = (bool)(obj["AcceptStop"] ?? false);
        Caption = (string)(obj["Caption"] ?? "");
        CheckPoint = (UInt32)(obj["CheckPoint"] ?? 0);
        CreationClassName = (string)(obj["CreationClassName"] ?? "");
        Description = (string)(obj["Description"] ?? "");
        DesktopInteract = (bool)(obj["DesktopInteract"] ?? false);
        DisplayName = (string)(obj["DisplayName"] ?? "");
        ErrorControl = (string)(obj["ErrorControl"] ?? "");
        ExitCode = (UInt32)(obj["ExitCode"] ?? 0);
        InstallDate = (DateTime)(obj["InstallDate"] ?? DateTime.MinValue);
        Name = (string)(obj["Name"] ?? "");
        PathName = (string)(obj["PathName"] ?? "");
        ProcessId = (UInt32)(obj["ProcessId"] ?? 0);
        ServiceSpecificExitCode = (UInt32)(obj["ServiceSpecificExitCode"] ?? 0);
        ServiceType = (string)(obj["ServiceType"] ?? "");
        Started = (bool)(obj["Started"] ?? false);
        StartMode = (string)(obj["StartMode"] ?? "");
        StartName = (string)(obj["StartName"] ?? "");
        State = (string)(obj["State"] ?? "");
        Status = (string)(obj["Status"] ?? "");
        SystemCreationClassName = (string)(obj["SystemCreationClassName"] ?? "");
        SystemName = (string)(obj["SystemName"] ?? "");
        TagId = (UInt32)(obj["TagId"] ?? 0);
        WaitHint = (UInt32)(obj["WaitHint"] ?? 0);
    }
    bool AcceptPause;
    bool AcceptStop;
    string Caption;
    UInt32 CheckPoint;
    string CreationClassName;
    string Description;
    bool DesktopInteract;
    string DisplayName;
    string ErrorControl;
    UInt32 ExitCode;
    DateTime InstallDate;
    string Name;
    string PathName;
    UInt32 ProcessId;
    UInt32 ServiceSpecificExitCode;
    string ServiceType;
    bool Started;
    string StartMode;
    string StartName;
    string State;
    string Status;
    string SystemCreationClassName;
    string SystemName;
    UInt32 TagId;
    UInt32 WaitHint;
};

现在我们查询 WMI 服务。这里我只是拉所有服务。如果您有更具体的条件，只需修改查询“Select * from Win32_Service”

var services = new System.Collections.Generic.List<Win32_Service>();
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher("Select * from Win32_Service"))
{
    using (ManagementObjectCollection results = searcher.Get())
    {
        foreach (ManagementObject obj in results)
        {
            services.Add(new Win32_Service(obj));
        }
    }
}

现在您可以使用Linq 来查询服务。

参考： http://msdn.microsoft.com/en-us/library/ ms974579.aspx

You can do this easily using WMI. I realize that you did not specify C#, but the WMI api is available on all platforms in quite similar fashion.

First we need an object shaped like a Win32_Service

public class Win32_Service
{
    public Win32_Service(ManagementBaseObject obj)
    {

        AcceptPause = (bool)(obj["AcceptPause"] ?? false);
        AcceptStop = (bool)(obj["AcceptStop"] ?? false);
        Caption = (string)(obj["Caption"] ?? "");
        CheckPoint = (UInt32)(obj["CheckPoint"] ?? 0);
        CreationClassName = (string)(obj["CreationClassName"] ?? "");
        Description = (string)(obj["Description"] ?? "");
        DesktopInteract = (bool)(obj["DesktopInteract"] ?? false);
        DisplayName = (string)(obj["DisplayName"] ?? "");
        ErrorControl = (string)(obj["ErrorControl"] ?? "");
        ExitCode = (UInt32)(obj["ExitCode"] ?? 0);
        InstallDate = (DateTime)(obj["InstallDate"] ?? DateTime.MinValue);
        Name = (string)(obj["Name"] ?? "");
        PathName = (string)(obj["PathName"] ?? "");
        ProcessId = (UInt32)(obj["ProcessId"] ?? 0);
        ServiceSpecificExitCode = (UInt32)(obj["ServiceSpecificExitCode"] ?? 0);
        ServiceType = (string)(obj["ServiceType"] ?? "");
        Started = (bool)(obj["Started"] ?? false);
        StartMode = (string)(obj["StartMode"] ?? "");
        StartName = (string)(obj["StartName"] ?? "");
        State = (string)(obj["State"] ?? "");
        Status = (string)(obj["Status"] ?? "");
        SystemCreationClassName = (string)(obj["SystemCreationClassName"] ?? "");
        SystemName = (string)(obj["SystemName"] ?? "");
        TagId = (UInt32)(obj["TagId"] ?? 0);
        WaitHint = (UInt32)(obj["WaitHint"] ?? 0);
    }
    bool AcceptPause;
    bool AcceptStop;
    string Caption;
    UInt32 CheckPoint;
    string CreationClassName;
    string Description;
    bool DesktopInteract;
    string DisplayName;
    string ErrorControl;
    UInt32 ExitCode;
    DateTime InstallDate;
    string Name;
    string PathName;
    UInt32 ProcessId;
    UInt32 ServiceSpecificExitCode;
    string ServiceType;
    bool Started;
    string StartMode;
    string StartName;
    string State;
    string Status;
    string SystemCreationClassName;
    string SystemName;
    UInt32 TagId;
    UInt32 WaitHint;
};

Now we query WMI for services. Here I just pull all services. If you have more specific criteria, simply modify the query "Select * from Win32_Service"

var services = new System.Collections.Generic.List<Win32_Service>();
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher("Select * from Win32_Service"))
{
    using (ManagementObjectCollection results = searcher.Get())
    {
        foreach (ManagementObject obj in results)
        {
            services.Add(new Win32_Service(obj));
        }
    }
}

Now you can use Linq to query services.

Reference: http://msdn.microsoft.com/en-us/library/ms974579.aspx

回复收藏 0 原文

~没有更多了~