WTSEnumerateProcesses 与 CreateToolhelp32Snapshot
我想枚举 32 或 64(本地)机器上所有正在运行的进程。我应该更好地使用什么:WTSEnumerateProcesses 还是 CreateToolhelp32Snapshot?
I want to enumerate all running processes on a 32 or 64 (local) machine. What should I better use: WTSEnumerateProcesses or CreateToolhelp32Snapshot?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我想说的是 CreateToolhelp32Snapshot,它适用于除 NT4 之外的任何 Windows 版本。在 WinXP 上,WTSEnumerateProcesses 仅在终端服务器服务运行时起作用(并且当它运行时,WTSEnumerateProcesses 将为您提供有关以非管理员身份运行时不应该拥有的进程的信息,此漏洞在 Vista 中已关闭)
但是这两个函数不会为您提供相同的信息,因此这取决于您的需求,在幕后它们都只是调用半文档 ZwQuerySystemInformation
获取进程的完整路径无论哪种方式都是有问题的(GetModuleFileNameEx 对于 WOW64 失败,GetProcessImageFileName 返回内核路径并存在重命名问题,并且 QueryFullProcessImageName 是Vista+ 据说路径问题中有空间)
I would say CreateToolhelp32Snapshot, it works on any windows version except NT4 out of the box. On WinXP, WTSEnumerateProcesses only works when the terminal server service is running (And when it is running, WTSEnumerateProcesses will give you information about processes you are not supposed to have when running as non-admin, this hole was closed in Vista)
But the two functions don't give you the same information so it depends on what you are after, under the hood they both just call the semi documented ZwQuerySystemInformation
Getting the full path of a proccess is problematic either way (GetModuleFileNameEx fails for WOW64, GetProcessImageFileName returns kernel path and has rename issues and QueryFullProcessImageName is Vista+ and has space in path issues supposedly)