找回密码
 加入
搜索
查看: 8339|回复: 16

[系统综合] 怎样得到 一个进程的用户名 等相关信息

 火.. [复制链接]
发表于 2010-9-17 12:51:45 | 显示全部楼层 |阅读模式
本帖最后由 leon460 于 2011-10-18 09:57 编辑

在任务管理器中  怎样抓到 一个进程的用户名  ,我需要判断重复进程,删除当前用户环境下的进程,,, 另外,进程相关属性的函数资料在哪儿可以查阅????

谢谢各位的解答-------

以下为网上找到的资料,来源:http://netcome.iteye.com/blog/618234   作者:萝卜爱读书、
希望对大家有帮助
;===============================================================================
; Function Name:    _ProcessListProperties()
; Description:   Get various properties of a process, or all processes
; Call With:       _ProcessListProperties( [$Process [, $sComputer]] )
; Parameter(s):  (optional) $Process - PID or name of a process, default is "" (all)
;          (optional) $sComputer - remote computer to get list from, default is local
; Requirement(s):   AutoIt v3.2.4.9+
; Return Value(s):  On Success - Returns a 2D array of processes, as in ProcessList()
;            with additional columns added:
;            [0][0] - Number of processes listed (can be 0 if no matches found)
;            [1][0] - 1st process name
;            [1][1] - 1st process PID
;            [1][2] - 1st process Parent PID
;            [1][3] - 1st process owner
;            [1][4] - 1st process priority (0 = low, 31 = high)
;            [1][5] - 1st process executable path
;            [1][6] - 1st process CPU usage
;            [1][7] - 1st process memory usage
;            [1][8] - 1st process creation date/time = "MM/DD/YYY hh:mm:ss" (hh = 00 to 23)
;            [1][9] - 1st process command line string
;            ...
;            [n][0] thru [n][9] - last process properties
; On Failure:      Returns array with [0][0] = 0 and sets @Error to non-zero (see code below)
; Author(s):        PsaltyDS at http://www.autoitscript.com/forum
; Date/Version:   07/02/2008  --  v2.0.2
; Notes:            If an integer PID or string process name is provided and no match is found,
;            then [0][0] = 0 and @error = 0 (not treated as an error, same as ProcessList)
;          This function requires admin permissions to the target computer.
;          All properties come from the Win32_Process class in WMI.
;            To get time-base properties (CPU and Memory usage), a 100ms SWbemRefresher is used.
;===============================================================================
Func _ProcessListProperties($Process = "", $sComputer = ".")
    Local $sUserName, $sMsg, $sUserDomain, $avProcs, $dtmDate
    Local $avProcs[1][2] = [[0, ""]], $n = 1
    
; Convert PID if passed as string
    If StringIsInt($Process) Then $Process = Int($Process)
    
; Connect to WMI and get process objects
    $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\" & $sComputer & "\root\cimv2")
    If IsObj($oWMI) Then
; Get collection processes from Win32_Process
        If $Process = "" Then
; Get all
            $colProcs = $oWMI.ExecQuery("select * from win32_process")
        ElseIf IsInt($Process) Then
; Get by PID
            $colProcs = $oWMI.ExecQuery("select * from win32_process where ProcessId = " & $Process)
        Else
; Get by Name
            $colProcs = $oWMI.ExecQuery("select * from win32_process where Name = '" & $Process & "'")
        EndIf
        
        If IsObj($colProcs) Then
; Return for no matches
            If $colProcs.count = 0 Then Return $avProcs
; Size the array
            ReDim $avProcs[$colProcs.count + 1][10]
            $avProcs[0][0] = UBound($avProcs) - 1
; For each process...
            For $oProc In $colProcs
  ; [n][0] = Process name
                $avProcs[$n][0] = $oProc.name
  ; [n][1] = Process PID
                $avProcs[$n][1] = $oProc.ProcessId
  ; [n][2] = Parent PID
                $avProcs[$n][2] = $oProc.ParentProcessId
  ; [n][3] = Owner
                If $oProc.GetOwner($sUserName, $sUserDomain) = 0 Then $avProcs[$n][3] = $sUserDomain & "" & $sUserName
  ; [n][4] = Priority
                $avProcs[$n][4] = $oProc.Priority
  ; [n][5] = Executable path
                $avProcs[$n][5] = $oProc.ExecutablePath
  ; [n][8] = Creation date/time
                $dtmDate = $oProc.CreationDate
                If $dtmDate <> "" Then
      ; Back referencing RegExp pattern from weaponx
                    Local $sRegExpPatt = "\A(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(?:.*)"
                    $dtmDate = StringRegExpReplace($dtmDate, $sRegExpPatt, "$2/$3/$1 $4:$5:$6")
                EndIf
                $avProcs[$n][8] = $dtmDate
  ; [n][9] = Command line string
                $avProcs[$n][9] = $oProc.CommandLine
  ; increment index
                $n += 1
            Next
        Else
            SetError(2); Error getting process collection from WMI
        EndIf
; release the collection object
        $colProcs = 0
; Get collection of all processes from Win32_PerfFormattedData_PerfProc_Process
; Have to use an SWbemRefresher to pull the collection, or all Perf data will be zeros
        Local $oRefresher = ObjCreate("WbemScripting.SWbemRefresher")
        $colProcs = $oRefresher.AddEnum($oWMI, "Win32_PerfFormattedData_PerfProc_Process" ).objectSet
        $oRefresher.Refresh
; Time delay before calling refresher
        Local $iTime = TimerInit()
        Do
            Sleep(20)
        Until TimerDiff($iTime) >= 100
        $oRefresher.Refresh
; Get PerfProc data
        For $oProc In $colProcs
; Find it in the array
            For $n = 1 To $avProcs[0][0]
                If $avProcs[$n][1] = $oProc.IDProcess Then
      ; [n][6] = CPU usage
                    $avProcs[$n][6] = $oProc.PercentProcessorTime
      ; [n][7] = memory usage
                    $avProcs[$n][7] = $oProc.WorkingSet
                    ExitLoop
                EndIf
            Next
        Next
    Else
        SetError(1); Error connecting to WMI
    EndIf
    
; Return array
    Return $avProcs
EndFunc;==>_ProcessListProperties
$avRET = _ProcessListProperties("cmd.exe")
MsgBox(0,"Memory Usage",$avRET[1][5])

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?加入

×
发表于 2010-9-17 13:36:25 | 显示全部楼层
官网上面有
 楼主| 发表于 2010-9-17 19:34:17 | 显示全部楼层
哪个官方网站呀?指点下哦
发表于 2010-9-18 08:29:35 | 显示全部楼层
回复 3# leon460
本论坛上方的几个连接或首页下方的连接,总要自己找找吗?
 楼主| 发表于 2010-10-8 16:30:38 | 显示全部楼层
怎么还没有人说的?
发表于 2010-10-8 16:59:16 | 显示全部楼层
#include <LocalSecurityAuthority.au3>

$sProcess = "explorer.exe"
$iProcessId = ProcessExists($sProcess)
$hProcess = _OpenProcess($iProcessId, $READ_CONTROL)

$sUser = _QueryKernelObjectSecurityOwner($hProcess)
If ($sUser = "BUILTIN\Administrators") Then
        $sUser = "NT AUTHORITY\SYSTEM"
EndIf

_LsaCloseHandle($hProcess)
MsgBox(0, $sProcess, $sUser)
发表于 2010-10-8 20:43:44 | 显示全部楼层
收藏!!!...
发表于 2010-10-8 22:27:49 | 显示全部楼层
6楼正解!不错
发表于 2010-10-9 09:11:02 | 显示全部楼层
记得论坛里有.
发表于 2010-11-1 10:48:37 | 显示全部楼层
嘿嘿,做个标记!暂时用不上
发表于 2010-11-1 11:25:50 | 显示全部楼层
回复 6# pusofalse

请问P版大仙,是否可以得到某个进程文件所在的路径啊?
我想结束某个广告进程,并且删除广告文件。
发表于 2010-11-1 14:13:59 | 显示全部楼层
跟着学习,谢谢。
发表于 2010-11-1 14:49:34 | 显示全部楼层
回复 12# kood481748
#Include <Array.au3>
#Include <WinAPIEx.au3>

$list = ProcessList()
Redim $list[Ubound($list, 1)][3]
For $i = 1 To Ubound($list, 1) - 1
 $list[$i][2] = _WinAPI_GetCommandLineFromPID($list[$i][1])
Next
_ArrayDisplay($list)
发表于 2010-11-2 00:30:04 | 显示全部楼层
回复 14# 3mile

脚本没法运行,提示第7行代码有错误,你在发贴之前测试了没有?
发表于 2010-11-2 07:04:31 | 显示全部楼层
回复 6# pusofalse


    #include <LocalSecurityAuthority.au3>

没有文件!搜索没有
您需要登录后才可以回帖 登录 | 加入

本版积分规则

QQ|手机版|小黑屋|AUTOIT CN ( 鲁ICP备19019924号-1 )谷歌 百度

GMT+8, 2024-11-15 12:26 , Processed in 0.077937 second(s), 24 queries .

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表