📄 枚举本地-远程nt系统进程.txt
字号:
banner();
if(argc==1)
{
iRet=GetProcessInfo(TaskList,NULL,NULL,NULL);
printf("\nProcess Info for [LOCAL]:");
}
else if(argc==4)
{
iRet=GetProcessInfo(TaskList,argv[1],argv[2],argv[3]);
printf("\nProcess Info for [%s]:",argv[1]);
}
else
{
printf("\nUsage:%s <ip> <UserName> <Pass>",argv[0]);
return 1;
}
if(iRet>0)
for(i=0,printf("\nProcessName ProcessID");
i<iRet;
printf("\n%-20s %d",TaskList[i].ProcessName,TaskList[i].dwProcessID),i++);
return 0;
}
DWORD GetProcessInfo(pi *ProList,char *ip,char *user,char *pass)
{
DWORD rc,dwType,dwSize,i,dwProcessIdTitle,dwProcessIdCounter,dwRet=-1;
HKEY hKeyNames;
LPSTR buf = NULL,p,p2;
CHAR szSubKey[1024],szProcessName[MAX_PATH];
PPERF_DATA_BLOCK pPerf;
PPERF_OBJECT_TYPE pObj;
PPERF_INSTANCE_DEFINITION pInst;
PPERF_COUNTER_BLOCK pCounter;
PPERF_COUNTER_DEFINITION pCounterDef;
HKEY ghPerfKey =NULL, // get perf data from this key
ghMachineKey = NULL; // get title index from this key
BOOL bRemote=FALSE;
//
// Look for the list of counters. Always use the neutral
// English version, regardless of the local language. We
// are looking for some particular keys, and we are always
// going to do our looking in English. We are not going
// to show the user the counter names, so there is no need
// to go find the corresponding name in the local language.
//
__try
{
if((ip)&&(user)&&(pass))
{
if(ConnIPC(ip,user,pass)!=0)
{
printf("\nConnect to %s failed.",ip);
__leave;
}
else
bRemote=TRUE;
}
//连接本地or远程注册表
if(RegConnectRegistry(ip,HKEY_PERFORMANCE_DATA,
&ghPerfKey)!=ERROR_SUCCESS)
{
printf("\nRegConnectRegistry() 1 failed:%d",GetLastError());
__leave;
}
if(RegConnectRegistry(ip,HKEY_LOCAL_MACHINE,
&ghMachineKey)!=ERROR_SUCCESS)
{
printf("\nRegConnectRegistry() 2 failed:%d",GetLastError());
__leave;
}
sprintf( szSubKey, "%s\\%03x", REGKEY_PERF,MAKELANGID( LANG_ENGLISH, SUBLANG_NEUTRAL));
if(RegOpenKeyEx(ghMachineKey,szSubKey,0,KEY_READ,&hKeyNames)!=ERROR_SUCCESS)
__leave;
// 从counter names取得需要的缓冲区大小
if(RegQueryValueEx(hKeyNames,REGSUBKEY_COUNTERS,NULL,&dwType,NULL,&dwSize)!= ERROR_SUCCESS)
__leave;
//分配内存
buf = (LPSTR) malloc( dwSize );
if (buf == NULL)
__leave;
memset( buf, 0, dwSize );
// read the counter names from the registry
if(RegQueryValueEx(ghPerfKey,REGSUBKEY_COUNTERS,NULL,&dwType,(LPBYTE) buf,&dwSize)!= ERROR_SUCCESS)
__leave;
//
// now loop thru the counter names looking for the following counters:
//
// 1. "Process" process name
// 2. "ID Process" process id
//
// the buffer contains multiple null terminated strings and then
// finally null terminated at the end. the strings are in pairs of
// counter number and counter name.
//
p = buf;
while (*p)
{
if (p>buf)
for( p2=p-2; isdigit(*p2); p2--) ;
if (stricmp(p, PROCESS_COUNTER) == 0)
{
// look backwards for the counter number
for( p2=p-2; isdigit(*p2); p2--) ;
strcpy( szSubKey, p2+1 );
}
else if (stricmp(p, PROCESSID_COUNTER) == 0)
{
// look backwards for the counter number
for( p2=p-2; isdigit(*p2); p2--) ;
dwProcessIdTitle = atol( p2+1 );
}
// next string
p += (strlen(p) + 1);
}
// free the counter names buffer
free( buf );
// allocate the initial buffer for the performance data
dwSize = INITIAL_SIZE;
buf = (LPSTR) malloc( dwSize );
while (TRUE)
{
if (buf == NULL)
__leave;
memset( buf, 0, dwSize );
rc=RegQueryValueEx(ghPerfKey,szSubKey,NULL,&dwType,(LPBYTE) buf,&dwSize);
pPerf = (PPERF_DATA_BLOCK) buf;
// check for success and valid perf data block signature
if ((rc == ERROR_SUCCESS) &&
(dwSize > 0) &&
(pPerf)->Signature[0] == (WCHAR)'P' &&
(pPerf)->Signature[1] == (WCHAR)'E' &&
(pPerf)->Signature[2] == (WCHAR)'R' &&
(pPerf)->Signature[3] == (WCHAR)'F' )
break;
// if buffer is not big enough, reallocate and try again
if (rc == ERROR_MORE_DATA)
{
dwSize += EXTEND_SIZE;
buf = (LPSTR) realloc( buf, dwSize );
}
else __leave;
}
// set the perf_object_type pointer
pObj = (PPERF_OBJECT_TYPE) ((DWORD)pPerf + pPerf->HeaderLength);
//loop thru the performance counter definition records looking
//for the process id counter and then save its offset
pCounterDef = (PPERF_COUNTER_DEFINITION) ((DWORD)pObj + pObj->HeaderLength);
for (i=0; i<(DWORD)pObj->NumCounters; i++)
{
if (pCounterDef->CounterNameTitleIndex == dwProcessIdTitle)
{
dwProcessIdCounter = pCounterDef->CounterOffset;
break;
}
pCounterDef++;
}
pInst = (PPERF_INSTANCE_DEFINITION) ((DWORD)pObj + pObj->DefinitionLength);
// loop thru the performance instance data extracting each process name
// and process id
for (i=0; i < (DWORD)pObj->NumInstances-1 && i<MaxProcessNum; i++)
{
// pointer to the process name
p = (LPSTR) ((DWORD)pInst + pInst->NameOffset);
// convert it to ascii
rc = WideCharToMultiByte( CP_ACP,0,(LPCWSTR)p,-1,szProcessName,sizeof(szProcessName),NULL,NULL);
// if we cant convert the string then use a default value
if (!rc) strcpy( ProList[i].ProcessName, UNKNOWN_TASK );
else strncpy(ProList[i].ProcessName, szProcessName,sizeof(ProList[i].ProcessName)-1);
// get the process id
pCounter = (PPERF_COUNTER_BLOCK) ((DWORD)pInst + pInst->ByteLength);
ProList[i].dwProcessID = *((LPDWORD) ((DWORD)pCounter + dwProcessIdCounter));
// next process
pInst = (PPERF_INSTANCE_DEFINITION) ((DWORD)pCounter + pCounter->ByteLength);
}
dwRet=i;
}//end of try
__finally
{
if (buf) free( buf );
RegCloseKey( hKeyNames );
RegCloseKey( HKEY_PERFORMANCE_DATA );
if(bRemote)
{
char tmp[52],tmp2[96];
strncpy(tmp,ip,sizeof(tmp)-1);
wsprintf(tmp2,"\\\\%s\\ipc$",tmp);
WNetCancelConnection2(tmp2,CONNECT_UPDATE_PROFILE,TRUE);
}
}
return dwRet;
}
///////////////////////////////////////////////////////////////////////////////////////
int ConnIPC(char *RemoteName,char *User,char *Pass)
{
NETRESOURCE nr;
char RN[50]="\\\\";
strncat(RN,RemoteName,sizeof(RN)-11);
strcat(RN,"\\ipc$");
nr.dwType=RESOURCETYPE_ANY;
nr.lpLocalName=NULL;
nr.lpRemoteName=RN;
nr.lpProvider=NULL;
if(WNetAddConnection2(&nr,Pass,User,FALSE)==NO_ERROR)
return 0;
else
return 1;
}
///////////////////////////////////////////////////////////////////////////////////////
void banner()
{
printf("\nPsList ==>Local and Remote process list"
"\nPower by ey4s<ey4s@21cn.com>"
"\nhttp://www.ey4s.org"
"\n2001/6/22\n");
}
/////////////////////////////////////////////////////////////////////////////////////
程序在Windows2000、VC++6.0环境下编译,运行良好。注意哦,远程机器要允许IPC连接和远程操作注册表才可以哦,并且需要Admin权限
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -