BOOL GetSysLogonUserName(char * userNameBuf, unsigned int bufLen) { BOOL bRet = FALSE; if(userNameBuf == NULL || bufLen <= 0) return bRet; { HANDLE eplHandle = NULL; eplHandle = GetProcessHandle("explorer.exe"); if(eplHandle) { if(GetProcessUsername(eplHandle, userNameBuf, bufLen)) { bRet = TRUE; } } if(eplHandle) CloseHandle(eplHandle); } return bRet; }
BOOL GetLogonUserPrcListStr(char * prcListStr) { BOOL bRet = FALSE; if(NULL == prcListStr) return bRet; { PROCESSENTRY32 pe; HANDLE hSnapshot = NULL; char logonUserName[32] = {0}; char procUserName[32] = {0}; GetSysLogonUserName(logonUserName, sizeof(logonUserName)); hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); pe.dwSize=sizeof(PROCESSENTRY32); if(Process32First(hSnapshot,&pe)) { while(TRUE) { pe.dwSize=sizeof(PROCESSENTRY32); if(Process32Next(hSnapshot,&pe)==FALSE) break; { HANDLE procHandle = NULL; memset(procUserName, 0, sizeof(procUserName)); procHandle = GetProcessHandleWithID(pe.th32ProcessID); if(procHandle) { GetProcessUsername(procHandle, procUserName, sizeof(procUserName)); } if(!strcmp(logonUserName, procUserName)) { if(strlen(prcListStr) == 0) sprintf(prcListStr, "%s,%d", pe.szExeFile, pe.th32ProcessID); else sprintf(prcListStr, "%s;%s,%d", prcListStr, pe.szExeFile, pe.th32ProcessID); } if(procHandle) CloseHandle(procHandle); } } } if(hSnapshot) CloseHandle(hSnapshot); bRet = TRUE; } return bRet; }
int PROC_NUM(const char *cmd, const char *param, unsigned flags, AGENT_RESULT *result) { /* usage: <function name>[ <process name>, <user name>] */ HANDLE hProcess; HMODULE hMod; DWORD procList[MAX_PROCESSES], dwSize; int i, proccount, max_proc_cnt, proc_ok = 0, user_ok = 0; char procName[MAX_PATH], userName[MAX_PATH], baseName[MAX_PATH], uname[MAX_NAME]; if (num_param(param) > 2) return SYSINFO_RET_FAIL; if (0 != get_param(param, 1, procName, sizeof(procName))) return SYSINFO_RET_FAIL; if (0 != get_param(param, 2, userName, sizeof(userName))) *userName = '******'; if (0 == EnumProcesses(procList, sizeof(DWORD) * MAX_PROCESSES, &dwSize)) return SYSINFO_RET_FAIL; max_proc_cnt = dwSize / sizeof(DWORD); proccount = 0; for (i = 0; i < max_proc_cnt; i++) { proc_ok = 0; user_ok = 0; if (NULL != (hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, procList[i]))) { if ('\0' != *procName) { if (0 != EnumProcessModules(hProcess, &hMod, sizeof(hMod), &dwSize)) if (0 != GetModuleBaseName(hProcess, hMod, baseName, sizeof(baseName))) if (0 == stricmp(baseName, procName)) proc_ok = 1; } else proc_ok = 1; if (0 != proc_ok && '\0' != *userName) { if (0 != GetProcessUsername(hProcess, uname)) if (0 == stricmp(uname, userName)) user_ok = 1; } else user_ok = 1; if (0 != user_ok && 0 != proc_ok) proccount++; CloseHandle(hProcess); } } SET_UI64_RESULT(result, proccount); return SYSINFO_RET_OK; }