开发者社区> 问答> 正文

VC++进程管理,新进程启动时获取名字

我是个刚学完Android,老板要把一个C#项目转成java的新人,有些操作不能用java完成,目前正在编写C++代码,遇到一个问题,需要做一个钩子,当有新进程启动时候我需要获取到这个进程的名字做一些操作,现有C#代码如下:

public class GlobalHook
{
//ManagementEventWatcher watch_del = null;
//[DllImport("user32.dll")]
//private static extern bool
//SetForegroundWindow(IntPtr hWnd);
//[DllImport("user32.dll")]
//private static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);
//[DllImport("user32.dll")]
//private static extern bool IsIconic(IntPtr hWnd);
//// 消息函数
//[DllImport("user32.dll", EntryPoint = "PostMessageA")]
//public static extern bool PostMessage(IntPtr hWnd, int Msg, int wParam, int lParam);
    //[DllImport("user32.dll")]
    //public static extern IntPtr FindWindow(string strclassName, string strWindowName);
    //[DllImportAttribute("user32.dll")]
    //public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, int lParam);

    //public const int WM_SYSCOMMAND = 0x0112;
    //public const int SC_MAXIMIZE = 0xF030;
    public static ManagementEventWatcher watch_crt = null;

    protected tray m_tray;

    public GlobalHook(tray mm_tray)
    {
        this.m_tray = mm_tray;
        StartWatchCreateProcess();

    }
    ~GlobalHook()
    {
        if (watch_crt != null)
            watch_crt.Stop();
    }
    protected void StartWatchCreateProcess()
    {
        WqlEventQuery query = new WqlEventQuery("__InstanceCreationEvent",
                     new TimeSpan(0, 0, 1),
                     "TargetInstance isa \"Win32_Process\"");
        watch_crt = new ManagementEventWatcher(query);
        watch_crt.EventArrived += new EventArrivedEventHandler(HandleProcessCreateEvent);
        watch_crt.Start();
    }

    //监视进程启动
    protected void HandleProcessCreateEvent(object sender, EventArrivedEventArgs e)
    {

        ManagementBaseObject MBO = (ManagementBaseObject)e.NewEvent["TargetInstance"];
        string temp = MBO["Name"].ToString();
        if (temp != "")
        {
            string name = temp;
            if (name.Contains("."))
                name = temp.Substring(0, temp.IndexOf("."));

            this.m_tray.CheckSingleProcessItemHook(name);
        }

    }

}

C++该怎样写?

展开
收起
a123456678 2016-03-06 11:25:31 2670 0
1 条回答
写回答
取消 提交回答
  • #define _WIN32_DCOM
    #include <iostream>
    using namespace std;
    #include <comdef.h>
    #include <Wbemidl.h>
    #include <atlcomcli.h>
    
    #pragma comment(lib, "wbemuuid.lib")
    
    #include "ProcessTerminationNotification.h"
    
    class EventSink : public IWbemObjectSink
    {
        friend void ProcessTerminationNotification::registerTerminationCallback(TNotificationFunction callback, unsigned processId);
    
        CComPtr<IWbemServices> pSvc;
        CComPtr<IWbemObjectSink> pStubSink;
    
        LONG m_lRef;
        ProcessTerminationNotification::TNotificationFunction m_callback;
    
    public:
        EventSink(ProcessTerminationNotification::TNotificationFunction callback)
            : m_lRef(0) 
            , m_callback(callback)
        {}
        ~EventSink()
        {}
    
        virtual ULONG STDMETHODCALLTYPE AddRef()
        {
            return InterlockedIncrement(&m_lRef);
        }
        virtual ULONG STDMETHODCALLTYPE Release()
        {
            LONG lRef = InterlockedDecrement(&m_lRef);
            if (lRef == 0)
                delete this;
            return lRef;
        }
        virtual HRESULT STDMETHODCALLTYPE QueryInterface(REFIID riid, void** ppv)
        {
            if (riid == IID_IUnknown || riid == IID_IWbemObjectSink)
            {
                *ppv = (IWbemObjectSink *) this;
                AddRef();
                return WBEM_S_NO_ERROR;
            }
            else return E_NOINTERFACE;
        }
    
        virtual HRESULT STDMETHODCALLTYPE Indicate( 
            LONG lObjectCount,
            IWbemClassObject __RPC_FAR *__RPC_FAR *apObjArray
            )
        {
            m_callback();
            /* Unregister event sink since process is terminated */
            pSvc->CancelAsyncCall(pStubSink);
            return WBEM_S_NO_ERROR;
        }
    
        virtual HRESULT STDMETHODCALLTYPE SetStatus( 
            /* [in] */ LONG lFlags,
            /* [in] */ HRESULT hResult,
            /* [in] */ BSTR strParam,
            /* [in] */ IWbemClassObject __RPC_FAR *pObjParam
            )
        {
            return WBEM_S_NO_ERROR;
        } 
    
    };
    
    
    void ProcessTerminationNotification::registerTerminationCallback( TNotificationFunction callback, unsigned processId )
    {
        CComPtr<IWbemLocator> pLoc;
    
        HRESULT hres = CoCreateInstance(
            CLSID_WbemLocator,             
            0, 
            CLSCTX_INPROC_SERVER, 
            IID_IWbemLocator,
            (LPVOID*)&pLoc);
    
        if (FAILED(hres))
        {
            cout << "Failed to create IWbemLocator object. "
                << "Err code = 0x"
                << hex << hres << endl;
            throw std::exception("ProcessTerminationNotificaiton initialization failed");
        }
    
        // Step 4: ---------------------------------------------------
        // Connect to WMI through the IWbemLocator::ConnectServer method
    
        CComPtr<EventSink> pSink(new EventSink(callback));
    
        // Connect to the local root\cimv2 namespace
        // and obtain pointer pSvc to make IWbemServices calls.
        hres = pLoc->ConnectServer(
            _bstr_t(L"ROOT\\CIMV2"), 
            NULL,
            NULL, 
            0, 
            NULL, 
            0, 
            0, 
            &pSink->pSvc
            );
    
        if (FAILED(hres))
        {
            cout << "Could not connect. Error code = 0x" 
                << hex << hres << endl;
            throw std::exception("ProcessTerminationNotificaiton initialization failed");
        }
    
        // Step 5: --------------------------------------------------
        // Set security levels on the proxy -------------------------
    
        hres = CoSetProxyBlanket(
            pSink->pSvc,                        // Indicates the proxy to set
            RPC_C_AUTHN_WINNT,           // RPC_C_AUTHN_xxx 
            RPC_C_AUTHZ_NONE,            // RPC_C_AUTHZ_xxx 
            NULL,                        // Server principal name 
            RPC_C_AUTHN_LEVEL_CALL,      // RPC_C_AUTHN_LEVEL_xxx 
            RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
            NULL,                        // client identity
            EOAC_NONE                    // proxy capabilities 
            );
    
        if (FAILED(hres))
        {
            cout << "Could not set proxy blanket. Error code = 0x" 
                << hex << hres << endl;
            throw std::exception("ProcessTerminationNotificaiton initialization failed");
        }
    
        // Step 6: -------------------------------------------------
        // Receive event notifications -----------------------------
    
        // Use an unsecured apartment for security
        CComPtr<IUnsecuredApartment> pUnsecApp;
    
        hres = CoCreateInstance(CLSID_UnsecuredApartment, NULL, 
            CLSCTX_LOCAL_SERVER, IID_IUnsecuredApartment, 
            (void**)&pUnsecApp);
    
        CComPtr<IUnknown> pStubUnk; 
        pUnsecApp->CreateObjectStub(pSink, &pStubUnk);
    
        pStubUnk->QueryInterface(IID_IWbemObjectSink,
            (void **) &pSink->pStubSink);
    
        // The ExecNotificationQueryAsync method will call
        // The EventQuery::Indicate method when an event occurs
        char buffer[512];
        sprintf_s(buffer, "SELECT * " 
            "FROM __InstanceDeletionEvent WITHIN 1 "
            "WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.ProcessId=%u", processId);
    
        hres = pSink->pSvc->ExecNotificationQueryAsync(
            _bstr_t("WQL"), 
            _bstr_t(buffer), 
            WBEM_FLAG_SEND_STATUS, 
            NULL, 
            pSink->pStubSink);
    
        // Check for errors.
        if (FAILED(hres))
        {
            cout << "ExecNotificationQueryAsync failed "
                "with = 0x" << hex << hres << endl;
            throw std::exception("ProcessTerminationNotificaiton initialization failed");
        }
    }
    2019-07-17 18:54:20
    赞同 展开评论 打赏
问答分类:
问答标签:
问答地址:
问答排行榜
最热
最新

相关电子书

更多
使用C++11开发PHP7扩展 立即下载
GPON Class C++ SFP O;T Transce 立即下载
GPON Class C++ SFP OLT Transce 立即下载

相关实验场景

更多