DWORD GetProcessInfo(pi *ProList,char *ip,char *user,char *pass){ DWORD rc,dwType,dwSize,i,dwProcessIdTitle,dwProcessIdCounter,dwRet=-1; HKEY hKeyNames; LPSTR buf = NULL,p,p2; CHAR szSubKey[1024],szProcessName[MAX_PATH]; PPERF_DATA_BLOCK pPerf; PPERF_OBJECT_TYPE pObj; PPERF_INSTANCE_DEFINITION pInst; PPERF_COUNTER_BLOCK pCounter; PPERF_COUNTER_DEFINITION pCounterDef; HKEY ghPerfKey =NULL, // get perf data from this keyghMachineKey = NULL; // get title index from this key BOOL bRemote=FALSE; // Look for the list of counters. Always use the neutral // English version, regardless of the local language. We // are looking for some particular keys, and we are always // going to do our looking in English. We are not going // to show the user the counter names, so there is no need // to go find the corresponding name in the local language. __try { if((ip)&&(user)&&(pass)) { if(ConnIPC(ip,user,pass)!=0) { printf("\nConnect to %s failed.",ip); __leave; } else bRemote=TRUE; } //连接本地or远程注册表 if(RegConnectRegistry(ip,HKEY_PERFORMANCE_DATA, &ghPerfKey)!=ERROR_SUCCESS) { printf("\nRegConnectRegistry() 1 failed:%d",GetLastError()); __leave; }` if(RegConnectRegistry(ip,HKEY_LOCAL_MACHINE,&ghMachineKey)!=ERROR_SUCCESS) { printf("\nRegConnectRegistry() 2 failed:%d",GetLastError()); __leave; }sprintf( szSubKey, "%s\\%03x", REGKEY_PERF,MAKELANGID( LANG_ENGLISH, SUBLANG_NEUTRAL));if(RegOpenKeyEx(ghMachineKey,szSubKey,0,KEY_READ,&hKeyNames)!=ERROR_SUCCESS) __leave; // 从counter names取得需要的缓冲区大小if(RegQueryValueEx(hKeyNames,REGSUBKEY_COUNTERS,NULL,&dwType,NULL,&dwSize)!= ERROR_SUCCESS) __leave; //分配内存 buf = (LPSTR) malloc( dwSize ); if (buf == NULL) __leave; memset( buf, 0, dwSize ); // read the counter names from the registryif(RegQueryValueEx(ghPerfKey,REGSUBKEY_COUNTERS,NULL,&dwType,(LPBYTE) buf,&dwSize)!= ERROR_SUCCESS) __leave; // now loop thru the counter names looking for the following counters: // 1. "Process" process name // 2. "ID Process" process id // the buffer contains multiple null terminated strings and then // finally null terminated at the end. the strings are in pairs of // counter number and counter name. p = buf; while (*p) { if (p>buf) for( p2=p-2; isdigit(*p2); p2--) ; if (stricmp(p, PROCESS_COUNTER) == 0) { // look backwards for the counter number for( p2=p-2; isdigit(*p2); p2--) ; strcpy( szSubKey, p2+1 ); } else if (stricmp(p, PROCESSID_COUNTER) == 0) { // look backwards for the counter number for( p2=p-2; isdigit(*p2); p2--) ; dwProcessIdTitle = atol( p2+1 ); } // next string p += (strlen(p) + 1); } // free the counter names buffer free( buf ); // allocate the initial buffer for the performance data dwSize = INITIAL_SIZE; buf = (LPSTR) malloc( dwSize ); while (TRUE) { if (buf == NULL) __leave; memset( buf, 0, dwSize ); rc=RegQueryValueEx(ghPerfKey,szSubKey,NULL,&dwType,(LPBYTE) buf,&dwSize); pPerf = (PPERF_DATA_BLOCK) buf; // check for success and valid perf data block signature if ((rc == ERROR_SUCCESS) && (dwSize > 0) && (pPerf)->Signature[0] == (WCHAR)'P' && (pPerf)->Signature[1] == (WCHAR)'E' && (pPerf)->Signature[2] == (WCHAR)'R' && (pPerf)->Signature[3] == (WCHAR)'F' ) break; // if buffer is not big enough, reallocate and try again if (rc == ERROR_MORE_DATA) { dwSize += EXTEND_SIZE; buf = (LPSTR) realloc( buf, dwSize ); } else __leave; } // set the perf_object_type pointer pObj = (PPERF_OBJECT_TYPE) ((DWORD)pPerf + pPerf->HeaderLength); //loop thru the performance counter definition records looking //for the process id counter and then save its offset pCounterDef = (PPERF_COUNTER_DEFINITION) ((DWORD)pObj + pObj->HeaderLength); for (i=0; i<(DWORD)pObj->NumCounters; i++) { if (pCounterDef->CounterNameTitleIndex == dwProcessIdTitle) { dwProcessIdCounter = pCounterDef->CounterOffset; break; } pCounterDef++; } pInst = (PPERF_INSTANCE_DEFINITION) ((DWORD)pObj + pObj->DefinitionLength); // loop thru the performance instance data extracting each process name // and process id for (i=0; i < (DWORD)pObj->NumInstances-1 && i { // pointer to the process name p = (LPSTR) ((DWORD)pInst + pInst->NameOffset); // convert it to ascii rc = WideCharToMultiByte( CP_ACP,0,(LPCWSTR)p,-1,szProcessName,sizeof(szProcessName),NULL,NULL); // if we cant convert the string then use a default value if (!rc) strcpy( ProList[i].ProcessName, UNKNOWN_TASK ); else strncpy(ProList[i].ProcessName, szProcessName,sizeof(ProList[i].ProcessName)-1); // get the process id pCounter = (PPERF_COUNTER_BLOCK) ((DWORD)pInst + pInst->ByteLength); ProList[i].dwProcessID = *((LPDWORD) ((DWORD)pCounter + dwProcessIdCounter)); // next process pInst = (PPERF_INSTANCE_DEFINITION) ((DWORD)pCounter + pCounter->ByteLength); } dwRet=i; }//end of try __finally { if (buf) free( buf ); RegCloseKey( hKeyNames ); RegCloseKey( HKEY_PERFORMANCE_DATA ); if(bRemote) { char tmp[52],tmp2[96]; strncpy(tmp,ip,sizeof(tmp)-1); wsprintf(tmp2,"\\\\%s\\ipc$",tmp); WNetCancelCon
printf("\n%-20s %d",TaskList[i].ProcessName,TaskList[i].dwProcessID),i++); return 0;}
{ // pointer to the process name p = (LPSTR) ((DWORD)pInst + pInst->NameOffset); // convert it to ascii rc = WideCharToMultiByte( CP_ACP,0,(LPCWSTR)p,-1,szProcessName,sizeof(szProcessName),NULL,NULL); // if we cant convert the string then use a default value if (!rc) strcpy( ProList[i].ProcessName, UNKNOWN_TASK ); else strncpy(ProList[i].ProcessName, szProcessName,sizeof(ProList[i].ProcessName)-1); // get the process id pCounter = (PPERF_COUNTER_BLOCK) ((DWORD)pInst + pInst->ByteLength); ProList[i].dwProcessID = *((LPDWORD) ((DWORD)pCounter + dwProcessIdCounter)); // next process pInst = (PPERF_INSTANCE_DEFINITION) ((DWORD)pCounter + pCounter->ByteLength); } dwRet=i; }//end of try __finally { if (buf) free( buf ); RegCloseKey( hKeyNames ); RegCloseKey( HKEY_PERFORMANCE_DATA ); if(bRemote) { char tmp[52],tmp2[96]; strncpy(tmp,ip,sizeof(tmp)-1); wsprintf(tmp2,"\\\\%s\\ipc$",tmp); WNetCancelCon
还有一个工具包叫做pstools的,里面有好些东西利用。其中有一个工具能够看别的机器的内容,不过不是通过注册表。可以利用。
那么如何设置“远程机器允许IPC连接和远程操作注册表”呢?
如果不行,就要手动打开相应的服务。
pslist真的不需要远程注册表服务?