当前位置: 文江博客话题详情

如何在C#中使用PSAPI获取进程列表?

发布于 2024-12-20 12:49:04 字数 10442 浏览 2 评论 0原文

我试图获取进程 ID 和文件名的列表,但是它给了我很多问题...

这是控制台输出:

success=True
bytesCopied=344
Name '<unknown>' PID '0'
Name '<unknown>' PID '4'
Name '<unknown>' PID '308'
Name '<unknown>' PID '440'
Name '<unknown>' PID '488'
Name '<unknown>' PID '512'
Name '<unknown>' PID '548'
Name '<unknown>' PID '572'
Name '<unknown>' PID '580'
Name '<unknown>' PID '644'
Name '<unknown>' PID '732'
Name '<unknown>' PID '792'
Name '<unknown>' PID '816'
Name '<unknown>' PID '860'
Name '<unknown>' PID '940'
Name '<unknown>' PID '992'
Name '<unknown>' PID '264'
Name '<unknown>' PID '1160'
Name '<unknown>' PID '1220'
Name '<unknown>' PID '1292'
Name '<unknown>' PID '1424'
Name '<unknown>' PID '1452'
Name '<unknown>' PID '1556'
Name '<unknown>' PID '1596'
Name '<unknown>' PID '2044'
Name '<unknown>' PID '1504'
Name '<unknown>' PID '1132'
Name '<unknown>' PID '1912'
Name '<unknown>' PID '1972'
Name '<unknown>' PID '2084'
Name '<unknown>' PID '2124'
Name '<unknown>' PID '2560'
Name '<unknown>' PID '2796'
Name '<unknown>' PID '2808'
Name '<unknown>' PID '3000'
Name '<unknown>' PID '2116'
Name 'DTAgent.exe' PID '2228'
Name 'ISUSPM.exe' PID '2644'
Name 'DTShellHlp.exe' PID '2652'
Name 'Dropbox.exe' PID '2664'
Name 'acrotray.exe' PID '3124'
Name 'RIMBBLaunchAgent.exe' PID '3180'
Name 'vmware-tray.exe' PID '3188'
Name '<unknown>' PID '3520'
Name '<unknown>' PID '3592'
Name '<unknown>' PID '3780'
Name '<unknown>' PID '3964'
Name 'TrueCrypt.exe' PID '3392'
Name '<unknown>' PID '3800'
Name '<unknown>' PID '4680'
Name '<unknown>' PID '680'
Name 'FileZilla server.exe' PID '2240'
Name 'mysqld.exe' PID '4160'
Name 'uTorrent.exe' PID '7796'
Name 'svchost.exe' PID '44412'
Name '<unknown>' PID '10624'
Name '<unknown>' PID '35644'
Name 'httpd.exe' PID '44260'
Name 'httpd.exe' PID '40556'
Name '<unknown>' PID '11488'
Name 'RIMDeviceManager.exe' PID '42832'
Name 'BbDevMgr.exe' PID '45108'
Name '<unknown>' PID '31208'
Name '<unknown>' PID '34812'
Name 'trillian.exe' PID '61420'
Name 'Microsoft Visual C++ 6.0.exe' PID '52212'
Name '<unknown>' PID '33752'
Name '<unknown>' PID '47564'
Name '<unknown>' PID '39952'
Name 'mysqld-opt.exe' PID '61884'
Name 'winamp.exe' PID '42008'
Name 'opera.exe' PID '4560'
Name 'PowerGREP.exe' PID '12860'
Name 'PowerGREP.exe' PID '13280'
Name 'GOLD Parser Builder.exe' PID '32368'
Name 'Server.exe' PID '16396'
Name '<unknown>' PID '50976'
Name 'xampp-control.exe' PID '56084'
Name 'notepad++.exe' PID '27932'
Name 'WinAMP2.exe' PID '23336'
Name '<unknown>' PID '8044'
Name 'devenv.exe' PID '61172'
Name '<unknown>' PID '14780'
Name '<unknown>' PID '52180'
Name 'Sputnik.vshost.exe' PID '3672'
Name '<unknown>' PID '39480'

这里是我想要的控制台输出...(这是使用我的 C++ 代码

Name '[System Process]' PID '0'
Name 'System' PID '4'
Name 'smss.exe' PID '308'
Name 'csrss.exe' PID '440'
Name 'wininit.exe' PID '488'
Name 'csrss.exe' PID '512'
Name 'services.exe' PID '548'
Name 'lsass.exe' PID '572'
Name 'lsm.exe' PID '580'
Name 'winlogon.exe' PID '644'
Name 'svchost.exe' PID '732'
Name 'nvvsvc.exe' PID '792'
Name 'nvSCPAPISvr.exe' PID '816'
Name 'svchost.exe' PID '860'
Name 'svchost.exe' PID '940'
Name 'svchost.exe' PID '992'
Name 'svchost.exe' PID '264'
Name 'svchost.exe' PID '1160'
Name 'qmserv.exe' PID '1220'
Name 'svchost.exe' PID '1292'
Name 'spoolsv.exe' PID '1424'
Name 'svchost.exe' PID '1452'
Name 'mDNSResponder.exe' PID '1556'
Name 'svchost.exe' PID '1596'
Name 'svchost.exe' PID '2044'
Name 'vmware-usbarbitrator64.exe' PID '1504'
Name 'vmnat.exe' PID '1132'
Name 'vmware-authd.exe' PID '1912'
Name 'vmnetdhcp.exe' PID '1972'
Name 'vmware-hostd.exe' PID '2084'
Name 'WmiPrvSE.exe' PID '2124'
Name 'svchost.exe' PID '2560'
Name 'nvxdsync.exe' PID '2796'
Name 'nvvsvc.exe' PID '2808'
Name 'taskhost.exe' PID '3000'
Name 'dwm.exe' PID '2116'
Name 'DTAgent.exe' PID '2228'
Name 'ISUSPM.exe' PID '2644'
Name 'DTShellHlp.exe' PID '2652'
Name 'Dropbox.exe' PID '2664'
Name 'acrotray.exe' PID '3124'
Name 'RIMBBLaunchAgent.exe' PID '3180'
Name 'vmware-tray.exe' PID '3188'
Name 'nvtray.exe' PID '3520'
Name 'SearchIndexer.exe' PID '3592'
Name 'FNPLicensingService.exe' PID '3780'
Name 'wmpnetwk.exe' PID '3964'
Name 'TrueCrypt.exe' PID '3392'
Name 'svchost.exe' PID '3800'
Name 'daemonu.exe' PID '4680'
Name 'svchost.exe' PID '680'
Name 'FileZilla Server.exe' PID '2240'
Name 'mysqld.exe' PID '4160'
Name 'uTorrent.exe' PID '7796'
Name 'svchost.exe' PID '44412'
Name 'iexplore.exe' PID '10624'
Name 'iexplore.exe' PID '35644'
Name 'httpd.exe' PID '44260'
Name 'httpd.exe' PID '40556'
Name 'svchost.exe' PID '11488'
Name 'RIMDeviceManager.exe' PID '42832'
Name 'BbDevMgr.exe' PID '45108'
Name 'TeamViewer_Service.exe' PID '31208'
Name 'taskhost.exe' PID '34812'
Name 'trillian.exe' PID '61420'
Name 'Microsoft Visual C++ 6.0.exe' PID '52212'
Name 'explorer.exe' PID '33752'
Name 'VisualSVNServer.exe' PID '47564'
Name 'VisualSVNServer.exe' PID '39952'
Name 'mysqld-opt.exe' PID '61884'
Name 'winamp.exe' PID '42008'
Name 'opera.exe' PID '4560'
Name 'PowerGREP.exe' PID '12860'
Name 'PowerGREP.exe' PID '13280'
Name 'GOLD Parser Builder.exe' PID '32368'
Name 'Server.exe' PID '16396'
Name 'conhost.exe' PID '50976'
Name 'xampp-control.exe' PID '56084'
Name 'notepad++.exe' PID '27932'
Name 'WinAMP2.exe' PID '23336'
Name 'CryptoObfuscator.exe' PID '8044'
Name 'devenv.exe' PID '61172'
Name 'hh.exe' PID '14780'
Name 'Sputnik.vshost.exe' PID '62828'
Name 'conhost.exe' PID '37164'

)你可以看到很多 PIDS 实际上缺少文件名,我不明白为什么在大多数情况下我还从 C++ 复制了工作代码,但这些代码不起作用,我也厌倦了 pinvoke 上的代码,但也不起作用。

这是 C# 代码

using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Runtime.InteropServices;
using System.Diagnostics;

namespace testie
{
    public class EnumerateProcesses
    {
        #region APIS
        [DllImport("psapi")]
        private static extern bool EnumProcesses([MarshalAs(UnmanagedType.LPArray, ArraySubType = UnmanagedType.U4)] [In][Out] IntPtr[] processIds,UInt32 arraySizeBytes,[MarshalAs(UnmanagedType.U4)] out UInt32 bytesCopied);

        [DllImport("kernel32.dll")]
        static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, IntPtr dwProcessId);

        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        static extern bool CloseHandle(IntPtr hObject);

        [DllImport("psapi.dll")]
        static extern uint GetModuleFileNameEx(IntPtr hProcess, IntPtr hModule, [Out] StringBuilder lpBaseName, [In] [MarshalAs(UnmanagedType.U4)] int nSize);

        [DllImport("psapi.dll", SetLastError = true)]
        public static extern bool EnumProcessModules(IntPtr hProcess,
        [Out] IntPtr lphModule,
        uint cb,
        [MarshalAs(UnmanagedType.U4)] out uint lpcbNeeded);

        [DllImport("psapi.dll")]
        static extern uint GetModuleBaseName(IntPtr hProcess, IntPtr hModule, [Out] StringBuilder lpBaseName, [In] [MarshalAs(UnmanagedType.U4)] int nSize);
        #endregion
        #region ENUMS

        [Flags]
        enum ProcessAccessFlags : uint
        {
            All = 0x001F0FFF,
            Terminate = 0x00000001,
            CreateThread = 0x00000002,
            VMOperation = 0x00000008,
            VMRead = 0x00000010,
            VMWrite = 0x00000020,
            DupHandle = 0x00000040,
            SetInformation = 0x00000200,
            QueryInformation = 0x00000400,
            Synchronize = 0x00100000
        }
        #endregion

        static string PrintProcessName(IntPtr processID)
        {
            string sName = "";
            bool bFound = false;
            IntPtr hProcess = OpenProcess(ProcessAccessFlags.QueryInformation | ProcessAccessFlags.VMRead, false, processID);
            if (hProcess != IntPtr.Zero)
            {
                StringBuilder szProcessName = new StringBuilder(260);
                IntPtr hMod = IntPtr.Zero;
                uint cbNeeded = 0;
                EnumProcessModules(hProcess, hMod, (uint)Marshal.SizeOf(typeof(IntPtr)), out cbNeeded);
                if (GetModuleBaseName(hProcess, hMod, szProcessName, szProcessName.Capacity) > 0)
                {
                    sName = szProcessName.ToString();
                    bFound = true;
                }

                // Close the process handle
                CloseHandle(hProcess);
            }
            if (!bFound)
            {
                sName = "<unknown>";
            }
            return sName;
        }
        public static void Testy()
        {
            UInt32 arraySize = 9000;
            UInt32 arrayBytesSize = arraySize * sizeof(UInt32);
            IntPtr[] processIds = new IntPtr[arraySize];
            UInt32 bytesCopied;

            bool success = EnumProcesses(processIds, arrayBytesSize, out bytesCopied);

            Console.WriteLine("success={0}", success);
            Console.WriteLine("bytesCopied={0}", bytesCopied);

            if (!success)
            {
                Console.WriteLine("Boo!");
                return;
            }
            if (0 == bytesCopied)
            {
                Console.WriteLine("Nobody home!");
                return;
            }

            UInt32 numIdsCopied = bytesCopied >> 2; ;

            if (0 != (bytesCopied & 3))
            {
                UInt32 partialDwordBytes = bytesCopied & 3;

                Console.WriteLine("EnumProcesses copied {0} and {1}/4th DWORDS...  Please ask it for the other {2}/4th DWORD",
                    numIdsCopied, partialDwordBytes, 4 - partialDwordBytes);
                return;
            }

            for (UInt32 index = 0; index < numIdsCopied; index++)
            {
                string sName = PrintProcessName(processIds[index]);
                IntPtr PID = processIds[index];
                Console.WriteLine("Name '" + sName + "' PID '" + PID + "'");
            }
        }
    }
}

正如您所见,通过调用 Testy 函数,它将列出系统上的所有进程,但无法获取所有进程的名称...有人有解决方案吗?谢谢:)

并且为了记录,我还尝试将模块作为数组获取,这也产生完全相同的结果。

原文

Im trying to get a list of process ID and File names however its giving me a lot of issues...

Heres the console output:

success=True
bytesCopied=344
Name '<unknown>' PID '0'
Name '<unknown>' PID '4'
Name '<unknown>' PID '308'
Name '<unknown>' PID '440'
Name '<unknown>' PID '488'
Name '<unknown>' PID '512'
Name '<unknown>' PID '548'
Name '<unknown>' PID '572'
Name '<unknown>' PID '580'
Name '<unknown>' PID '644'
Name '<unknown>' PID '732'
Name '<unknown>' PID '792'
Name '<unknown>' PID '816'
Name '<unknown>' PID '860'
Name '<unknown>' PID '940'
Name '<unknown>' PID '992'
Name '<unknown>' PID '264'
Name '<unknown>' PID '1160'
Name '<unknown>' PID '1220'
Name '<unknown>' PID '1292'
Name '<unknown>' PID '1424'
Name '<unknown>' PID '1452'
Name '<unknown>' PID '1556'
Name '<unknown>' PID '1596'
Name '<unknown>' PID '2044'
Name '<unknown>' PID '1504'
Name '<unknown>' PID '1132'
Name '<unknown>' PID '1912'
Name '<unknown>' PID '1972'
Name '<unknown>' PID '2084'
Name '<unknown>' PID '2124'
Name '<unknown>' PID '2560'
Name '<unknown>' PID '2796'
Name '<unknown>' PID '2808'
Name '<unknown>' PID '3000'
Name '<unknown>' PID '2116'
Name 'DTAgent.exe' PID '2228'
Name 'ISUSPM.exe' PID '2644'
Name 'DTShellHlp.exe' PID '2652'
Name 'Dropbox.exe' PID '2664'
Name 'acrotray.exe' PID '3124'
Name 'RIMBBLaunchAgent.exe' PID '3180'
Name 'vmware-tray.exe' PID '3188'
Name '<unknown>' PID '3520'
Name '<unknown>' PID '3592'
Name '<unknown>' PID '3780'
Name '<unknown>' PID '3964'
Name 'TrueCrypt.exe' PID '3392'
Name '<unknown>' PID '3800'
Name '<unknown>' PID '4680'
Name '<unknown>' PID '680'
Name 'FileZilla server.exe' PID '2240'
Name 'mysqld.exe' PID '4160'
Name 'uTorrent.exe' PID '7796'
Name 'svchost.exe' PID '44412'
Name '<unknown>' PID '10624'
Name '<unknown>' PID '35644'
Name 'httpd.exe' PID '44260'
Name 'httpd.exe' PID '40556'
Name '<unknown>' PID '11488'
Name 'RIMDeviceManager.exe' PID '42832'
Name 'BbDevMgr.exe' PID '45108'
Name '<unknown>' PID '31208'
Name '<unknown>' PID '34812'
Name 'trillian.exe' PID '61420'
Name 'Microsoft Visual C++ 6.0.exe' PID '52212'
Name '<unknown>' PID '33752'
Name '<unknown>' PID '47564'
Name '<unknown>' PID '39952'
Name 'mysqld-opt.exe' PID '61884'
Name 'winamp.exe' PID '42008'
Name 'opera.exe' PID '4560'
Name 'PowerGREP.exe' PID '12860'
Name 'PowerGREP.exe' PID '13280'
Name 'GOLD Parser Builder.exe' PID '32368'
Name 'Server.exe' PID '16396'
Name '<unknown>' PID '50976'
Name 'xampp-control.exe' PID '56084'
Name 'notepad++.exe' PID '27932'
Name 'WinAMP2.exe' PID '23336'
Name '<unknown>' PID '8044'
Name 'devenv.exe' PID '61172'
Name '<unknown>' PID '14780'
Name '<unknown>' PID '52180'
Name 'Sputnik.vshost.exe' PID '3672'
Name '<unknown>' PID '39480'

Here the console output i WANT it to make.... (This is using my C++ code)

Name '[System Process]' PID '0'
Name 'System' PID '4'
Name 'smss.exe' PID '308'
Name 'csrss.exe' PID '440'
Name 'wininit.exe' PID '488'
Name 'csrss.exe' PID '512'
Name 'services.exe' PID '548'
Name 'lsass.exe' PID '572'
Name 'lsm.exe' PID '580'
Name 'winlogon.exe' PID '644'
Name 'svchost.exe' PID '732'
Name 'nvvsvc.exe' PID '792'
Name 'nvSCPAPISvr.exe' PID '816'
Name 'svchost.exe' PID '860'
Name 'svchost.exe' PID '940'
Name 'svchost.exe' PID '992'
Name 'svchost.exe' PID '264'
Name 'svchost.exe' PID '1160'
Name 'qmserv.exe' PID '1220'
Name 'svchost.exe' PID '1292'
Name 'spoolsv.exe' PID '1424'
Name 'svchost.exe' PID '1452'
Name 'mDNSResponder.exe' PID '1556'
Name 'svchost.exe' PID '1596'
Name 'svchost.exe' PID '2044'
Name 'vmware-usbarbitrator64.exe' PID '1504'
Name 'vmnat.exe' PID '1132'
Name 'vmware-authd.exe' PID '1912'
Name 'vmnetdhcp.exe' PID '1972'
Name 'vmware-hostd.exe' PID '2084'
Name 'WmiPrvSE.exe' PID '2124'
Name 'svchost.exe' PID '2560'
Name 'nvxdsync.exe' PID '2796'
Name 'nvvsvc.exe' PID '2808'
Name 'taskhost.exe' PID '3000'
Name 'dwm.exe' PID '2116'
Name 'DTAgent.exe' PID '2228'
Name 'ISUSPM.exe' PID '2644'
Name 'DTShellHlp.exe' PID '2652'
Name 'Dropbox.exe' PID '2664'
Name 'acrotray.exe' PID '3124'
Name 'RIMBBLaunchAgent.exe' PID '3180'
Name 'vmware-tray.exe' PID '3188'
Name 'nvtray.exe' PID '3520'
Name 'SearchIndexer.exe' PID '3592'
Name 'FNPLicensingService.exe' PID '3780'
Name 'wmpnetwk.exe' PID '3964'
Name 'TrueCrypt.exe' PID '3392'
Name 'svchost.exe' PID '3800'
Name 'daemonu.exe' PID '4680'
Name 'svchost.exe' PID '680'
Name 'FileZilla Server.exe' PID '2240'
Name 'mysqld.exe' PID '4160'
Name 'uTorrent.exe' PID '7796'
Name 'svchost.exe' PID '44412'
Name 'iexplore.exe' PID '10624'
Name 'iexplore.exe' PID '35644'
Name 'httpd.exe' PID '44260'
Name 'httpd.exe' PID '40556'
Name 'svchost.exe' PID '11488'
Name 'RIMDeviceManager.exe' PID '42832'
Name 'BbDevMgr.exe' PID '45108'
Name 'TeamViewer_Service.exe' PID '31208'
Name 'taskhost.exe' PID '34812'
Name 'trillian.exe' PID '61420'
Name 'Microsoft Visual C++ 6.0.exe' PID '52212'
Name 'explorer.exe' PID '33752'
Name 'VisualSVNServer.exe' PID '47564'
Name 'VisualSVNServer.exe' PID '39952'
Name 'mysqld-opt.exe' PID '61884'
Name 'winamp.exe' PID '42008'
Name 'opera.exe' PID '4560'
Name 'PowerGREP.exe' PID '12860'
Name 'PowerGREP.exe' PID '13280'
Name 'GOLD Parser Builder.exe' PID '32368'
Name 'Server.exe' PID '16396'
Name 'conhost.exe' PID '50976'
Name 'xampp-control.exe' PID '56084'
Name 'notepad++.exe' PID '27932'
Name 'WinAMP2.exe' PID '23336'
Name 'CryptoObfuscator.exe' PID '8044'
Name 'devenv.exe' PID '61172'
Name 'hh.exe' PID '14780'
Name 'Sputnik.vshost.exe' PID '62828'
Name 'conhost.exe' PID '37164'

As you can see a lot of PIDS are actually missing the file name and i cant figure out why for the most part i also copied working code from C++ that didnt work either i also tired the code on pinvoke and that didnt do it either.

Heres the c# code

using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Runtime.InteropServices;
using System.Diagnostics;

namespace testie
{
    public class EnumerateProcesses
    {
        #region APIS
        [DllImport("psapi")]
        private static extern bool EnumProcesses([MarshalAs(UnmanagedType.LPArray, ArraySubType = UnmanagedType.U4)] [In][Out] IntPtr[] processIds,UInt32 arraySizeBytes,[MarshalAs(UnmanagedType.U4)] out UInt32 bytesCopied);

        [DllImport("kernel32.dll")]
        static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, IntPtr dwProcessId);

        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        static extern bool CloseHandle(IntPtr hObject);

        [DllImport("psapi.dll")]
        static extern uint GetModuleFileNameEx(IntPtr hProcess, IntPtr hModule, [Out] StringBuilder lpBaseName, [In] [MarshalAs(UnmanagedType.U4)] int nSize);

        [DllImport("psapi.dll", SetLastError = true)]
        public static extern bool EnumProcessModules(IntPtr hProcess,
        [Out] IntPtr lphModule,
        uint cb,
        [MarshalAs(UnmanagedType.U4)] out uint lpcbNeeded);

        [DllImport("psapi.dll")]
        static extern uint GetModuleBaseName(IntPtr hProcess, IntPtr hModule, [Out] StringBuilder lpBaseName, [In] [MarshalAs(UnmanagedType.U4)] int nSize);
        #endregion
        #region ENUMS

        [Flags]
        enum ProcessAccessFlags : uint
        {
            All = 0x001F0FFF,
            Terminate = 0x00000001,
            CreateThread = 0x00000002,
            VMOperation = 0x00000008,
            VMRead = 0x00000010,
            VMWrite = 0x00000020,
            DupHandle = 0x00000040,
            SetInformation = 0x00000200,
            QueryInformation = 0x00000400,
            Synchronize = 0x00100000
        }
        #endregion

        static string PrintProcessName(IntPtr processID)
        {
            string sName = "";
            bool bFound = false;
            IntPtr hProcess = OpenProcess(ProcessAccessFlags.QueryInformation | ProcessAccessFlags.VMRead, false, processID);
            if (hProcess != IntPtr.Zero)
            {
                StringBuilder szProcessName = new StringBuilder(260);
                IntPtr hMod = IntPtr.Zero;
                uint cbNeeded = 0;
                EnumProcessModules(hProcess, hMod, (uint)Marshal.SizeOf(typeof(IntPtr)), out cbNeeded);
                if (GetModuleBaseName(hProcess, hMod, szProcessName, szProcessName.Capacity) > 0)
                {
                    sName = szProcessName.ToString();
                    bFound = true;
                }

                // Close the process handle
                CloseHandle(hProcess);
            }
            if (!bFound)
            {
                sName = "<unknown>";
            }
            return sName;
        }
        public static void Testy()
        {
            UInt32 arraySize = 9000;
            UInt32 arrayBytesSize = arraySize * sizeof(UInt32);
            IntPtr[] processIds = new IntPtr[arraySize];
            UInt32 bytesCopied;

            bool success = EnumProcesses(processIds, arrayBytesSize, out bytesCopied);

            Console.WriteLine("success={0}", success);
            Console.WriteLine("bytesCopied={0}", bytesCopied);

            if (!success)
            {
                Console.WriteLine("Boo!");
                return;
            }
            if (0 == bytesCopied)
            {
                Console.WriteLine("Nobody home!");
                return;
            }

            UInt32 numIdsCopied = bytesCopied >> 2; ;

            if (0 != (bytesCopied & 3))
            {
                UInt32 partialDwordBytes = bytesCopied & 3;

                Console.WriteLine("EnumProcesses copied {0} and {1}/4th DWORDS...  Please ask it for the other {2}/4th DWORD",
                    numIdsCopied, partialDwordBytes, 4 - partialDwordBytes);
                return;
            }

            for (UInt32 index = 0; index < numIdsCopied; index++)
            {
                string sName = PrintProcessName(processIds[index]);
                IntPtr PID = processIds[index];
                Console.WriteLine("Name '" + sName + "' PID '" + PID + "'");
            }
        }
    }
}

As you can see by calling Testy function it will list all processes on system but it will fail to get all their names... Does anybody have a solution to this? Thanks :)

And for the record i did ALSO try getting the modules as an array that too produces the exact same result.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

-柠檬树下少年和吉他 2024-12-27 12:49:06

也可能......在玩具调用 EnumProcesses 并将您的列表构建到数组中之后,当您调用 PrintProcesses 时,机器上的真实(即原始)进程列表已更改,并且您的数组索引(变为什么)您认为仍然是“该”列表)已更改(基于您的数组索引)。量子力学浮现在脑海中——当你观察到它时,它已经发生了变化。只是一个想法——

It may also be ... that after toy have called EnumProcesses and built your list into an array, that by the time you call PrintProcesses the REAL (i.e. original) list of processes on the machine has changed and that your array index (into what you THINK is still 'the' list) has changed (based on your array index). Quantum mechanics springs to mind - by the time you've observed it, its changed. Just a thought -

回复 原文
百合的盛世恋 2024-12-27 12:49:05

  1. 如果您想要完整路径,您确实应该尝试使用 System.Diagnostics 命名空间进行此操作:

    process.MainModule.FileName

  2. 要使其在其他用户进程上工作,您需要是管理员(真正的管理员,因此要么没有 UAC,要么提升 UAC),因为您需要启用 SeDebugPrivilege 的权限。来自 C#:

    尝试{ Process.EnterDebugMode(); } catch(Win32Exception) { /* 不是管理员 */ }

    请参阅 MSDN 上的文档 。但似乎至少在 C#4.0 上,只要您有权执行此操作,它就会自动完成。

  3. EnumProcessModules 不会为您提供来自 32 位 1 的 64 位进程或来自 64 位进程的 32 位进程。为此,您需要通过 64 位进程调用 EnumProcessModulesEx。 (请参阅如何枚举模块在 SO 上的 32 位 WOW 进程中的 64 位进程中
    System.Diagnostics 已经为您做到了这
  4. 一点 GetModuleBaseName 不会为您提供程序的完整路径GetModuleFileName (挑剔)

还有另一种使用 QueryFullProcessImageName (自 Vista 起可用)无需 OpenProcess 权限即可运行,因此无需成为管理员。

  1. You should really try try this using the System.Diagnostics namespace if you want the full path it's possible :

    process.MainModule.FileName

  2. For it to work on other users processes you need to be Admin (A true admin so either no UAC or UAC elevated) as you will need the right to enable SeDebugPrivilege. From C# :

    try { Process.EnterDebugMode(); } catch(Win32Exception) { /* Not admin */ }

    See the documentation on MSDN. But it seem that at least on C#4.0 it's now done automatically as long as you have the right to do it.

  3. EnumProcessModules won't give you 64 bits process from a 32 bit one or 32-bit ones from a 64-bit process. For it you either need to create 2 processes one in each architecture on from a 64-bit process call EnumProcessModulesEx. (See How to enum modules in a 64bit process from a 32bit WOW process on SO)
    System.Diagnostics already does that for you
  4. Anyway GetModuleBaseName won't give you the full path of the program its GetModuleFileName (nitpicking)

There is another way using QueryFullProcessImageName (Available since Vista) that may work without the right to OpenProcess and so without being an administrator.

回复 原文
往日情怀 2024-12-27 12:49:05

使用 System.Diagnostics,我尝试了以下操作:

foreach(Process theprocess in Process.GetProcesses())
{
            Console.WriteLine("Process: {0} ID: {1}", theprocess.ProcessName, theprocess.Id);
}

并得到了此结果:

进程:AgentMon ID:2948
进程:OUTLOOK ID:3144
进程:ctfmon ID:3136
...

现在,我是 Win XP 计算机上的管理员... YMMV,可以说是。

我知道您曾说过要使用 PSAPI,但是是否有某种原因您必须使用它而不仅仅是常规托管 C#?

Using System.Diagnostics, I tried this:

foreach(Process theprocess in Process.GetProcesses())
{
            Console.WriteLine("Process: {0} ID: {1}", theprocess.ProcessName, theprocess.Id);
}

And got this result:

Process: AgentMon ID: 2948
Process: OUTLOOK ID: 3144
Process: ctfmon ID: 3136
...

Now, I am an admin on a Win XP machine... YMMV, as it were.

I know you had stated to use PSAPI, but is there some reason you have to use that and not just regular managed C#?

回复 原文
何以笙箫默 2024-12-27 12:49:05

您可以使用 System.Diagnostics 命名空间尝试此操作,

    foreach (Process theProcess in Process.GetProcesses())
    {
        StringBuilder sb = new StringBuilder();
        try
        {
            sb.AppendLine(theProcess.Modules[0].FileName);
        }
        catch { }
        Console.WriteLine("Process: {0}  ID:  {1}", sb, theProcess.Id);
    }

这不会显示系统或空闲进程可执行文件名称,因为它们不加载模块。

http://msdn.microsoft.com/en-us /library/system.diagnostics.process.modules.aspx

You could try this using the System.Diagnostics namespace

    foreach (Process theProcess in Process.GetProcesses())
    {
        StringBuilder sb = new StringBuilder();
        try
        {
            sb.AppendLine(theProcess.Modules[0].FileName);
        }
        catch { }
        Console.WriteLine("Process: {0}  ID:  {1}", sb, theProcess.Id);
    }

This will not show the System or Idle Process executable names as they do not load modules.

http://msdn.microsoft.com/en-us/library/system.diagnostics.process.modules.aspx

回复 原文
静若繁花 2024-12-27 12:49:04

好吧,感谢尝试的人,但是我决定使用“CreateToolhelp32Snapshot”,它似乎可以在 32 位和 64 位模式下与我的应用程序一起使用,并且在这两种模式下都很准确,不需要管理员权限即可使用,速度很快,并且提供文件名和 pid。

所以我想它会做的。

Well thanks for trying guys however i decided to go with "CreateToolhelp32Snapshot" it seems to work with my app in 32 and 64 bit mode and its accurate in both and doesnt require admin rights to use and its fast and it gives file name and pid.

So i guess it will do.

回复 原文
~没有更多了~

关于作者

微暖i

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

卷耳

文章 0 评论 0

佚名

文章 0 评论 0

℉服软

文章 0 评论 0

qq_2gSKZM

文章 0 评论 0

凉宸

文章 0 评论 0

gyhjy

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文