更新时间:2023-01-27 20:13:04
如果您仍然需要它(在阅读注释之后),这是一段获取 conhost.exe 进程。请注意,我仅出于说明目的而编写它(以检查 [MSDN]:此情况下可以使用工具帮助功能),所以不要介意其结构或其他编码 NO-NO 。 p>
code.c :
#include< Windows.h>
#include< TlHelp32.h>
#include< stdio.h>
#include< conio.h>
#include< tchar.h>
int main(int argc,char ** argv){
DWORD pid = 0,i = 0,cPid = 0;
PROCESSENTRY32 pe32;
BOOL res = FALSE;
HANDLE snap = INVALID_HANDLE_VALUE,proc = INVALID_HANDLE_VALUE;
char c = 0;
if(argc> 1){
pid = atoi(argv [1]);
} else {
pid = GetCurrentProcessId();
}
printf( PID:%d\n,pid);
snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,pid);
if(snap == INVALID_HANDLE_VALUE){
printf( CreateToolhelp32Snapshot failed:%d\n,GetLastError());
返回-1;
}
pe32.dwSize = sizeof(PROCESSENTRY32);
res = Process32First(snap,& pe32);
if(res == FALSE){
printf( Process32First failed:%d\n,GetLastError());
CloseHandle(snap);
返回-2;
}
做{
if(_tcscmp(pe32.szExeFile,TEXT( conhost.exe))== 0){
_tprintf(TEXT( Idx:%02d PID:%5d PPID:%5d名称:%s\n),i ++,pe32.th32ProcessID,pe32.th32ParentProcessID,pe32.szExeFile);
if(pe32.th32ParentProcessID == pid){
cPid = pe32.th32ProcessID;
}
}
} while((res = Process32Next(snap,& pe32)));
CloseHandle(snap);
if((proc = OpenProcess(PROCESS_ALL_ACCESS,FALSE,cPid))== INVALID_HANDLE_VALUE){
printf( OpenProcess failed:%d\n,GetLastError());
返回-3;
}
printf(主机句柄:0x%08X\n,proc);
CloseHandle(proc);
printf(按一个键退出... \n);
c = getch();
返回0;
}
输出(作为 VStudio 2010 ,控制台应用程序( Win 10 上的 Debug-x86 )):
e:\Work\Dev\***\q035102238> ver
Microsoft Windows [版本10.0.17134.48 ]
e:\Work\Dev\***\q035102238> Debug\q035102238.exe
PID:22388
Idx:00 PID:19892 PPID: 20164名称:conhost.exe
Idx:01 PID:21128 PPID:21120名称:conhost.exe
Idx:02 PID:1144 PPID:20572名称:conhost.exe
Idx:03 PID :8184 PPID:19572名称:conhost.exe
Idx:04 PID:10976 PPID:20608名称:conhost.exe
Idx:05 PID:21284 PPID:8792名称:conhost.exe
Idx:06 PID:8172 PPID:20444名称:conhost.exe
Idx:07 PID:4396 PPID:19484名称:conhost.exe
Idx:08 PID:12484 PPID:2580名称:conhost.exe
Idx:09 PID:18636 PPID:11552名称:co nhost.exe
Idx:10 PID:21456 PPID:21016名称:conhost.exe
Idx:11 PID:960 PPID:3528名称:conhost.exe
Idx:12 PID:20616 PPID :18404名称:conhost.exe
Idx:13 PID:21548 PPID:21528名称:conhost.exe
Idx:14 PID:20192 PPID:8316名称:conhost.exe
Idx:15 PID:2496 PPID:9284名称:conhost.exe
Idx:16 PID:5820 PPID:23140名称:conhost.exe
Idx:17 PID:6032 PPID:26512名称:conhost.exe
Connhost句柄:0x00000000
按下键退出...
因此,可以枚举所有正在运行的 conhost.exe 进程,并将 PROCESS_ALL_ACCESS
与当前应用程序相关联(我不得不在这里提到我的 Win 用户具有完整的管理权限。)
@ EDIT0 :
输出:
c:\Work\Dev\***\q035102238> ver
Microsoft Windows [版本6.1.7601]
c :\Work\Dev\***\q035102238> q035102238.exe
PID:1548
Idx:00 PID:4960 PPID:3472名称:conhost.exe
Idx:01 PID :5024 PPID:3472名称:conhost.exe
Idx:02 PID:5076 PPID:3472名称:conhost.exe
Idx:03 PID:2676 PPID:3472名称:conhost.exe
Idx:04 PID:1888 PPID:3472名称:conhost.exe
Connhost句柄:0x00000000
按一个键退出...
i have searched on so many websites after "how i get the conhost process"
, and nothing is really what i'm looking for.
i have searched on.
superuser/***
when-is-conhost-exe-actually-necessary***
how-can-a-win32-process-get-the-pid-of-its-parent***
c-how-to-fetch-parent-process-id***
c-how-to-determine-if-a-windows-process-is-running***
get-full-running-process-list-visual-c***
ms-c-get-pid-of-current-process***
get-list-of-dlls-loaded-in-current-process-with-their-reference-countscodeproject
Get-Parent-Process-PIDcplusplus
Getting list of running processesmsdn.microsoft
GetModuleFileNameExmsdn.microsoft
GetModuleFileNamemsdn.microsoft
GetCurrentProcessIdmsdn.microsoft
GetProcessIdmsdn.microsoft
GetModuleHandlemsdn.microsoft
GetConsoleWindowmsdn.microsoft
Tool Helpmsdn.microsoft
CreateToolhelp32Snapshotmsdn.microsoft
NextModule32msdn.microsoft
DebugActiveProcessmsdn.microsoft
Enumerating All Modules For a Processand i can't find anything about "how to get the conhost process"
.
i have some code that works for the current "cmd.exe / program.exe"
and that gives me the "PID, NAME, PATH, READ/WRITE ADDRESS"
.
i can get the parent
process but that is not conhost.exe
.
code "need to link library 'psapi' first"
:
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <psapi.h>
#include <iostream>
#include <tlhelp32.h>
int PrintModules(DWORD processID) {
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
unsigned int i;
printf( "\nProcess ID: %u\n", processID);
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID);
if(NULL == hProcess) return 1;
if(EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) {
for(i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) {
TCHAR szModName[MAX_PATH];
if(GetModuleFileNameEx(hProcess, hMods[i], szModName,sizeof(szModName) / sizeof(TCHAR))) {
_tprintf( TEXT(" %s (0x%08X)\n"), szModName, hMods[i]);
}
}
}
CloseHandle(hProcess);
return 0;
}
int main(void) {
DWORD cpid = GetCurrentProcessId();
PrintModules(cpid);
int ppid = -1;
HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pe = { 0 };
pe.dwSize = sizeof(PROCESSENTRY32);
if(Process32First(h, &pe)) {
do {
if(pe.th32ProcessID == cpid) {
printf("PID: %i; PPID: %i\n", cpid, pe.th32ParentProcessID);
ppid = pe.th32ParentProcessID;
}
} while(Process32Next(h, &pe));
}
PrintModules(ppid);
CloseHandle(h);
std::cin.get();
return 0;
}
and i can't figure out a way to get the current conhost
process.
when you open a program
that uses the console, a conhost.exe
process is created.
and my question is how do i get that conhost.exe
process...
Thanks! :)
In case you still need it (after reading the comments), here's a piece of code that gets the conhost.exe processes. Please note that I only wrote it for demonstrative purposes (to check whether [MSDN]: Tool Help Functions can be used for this scenario), so don't mind its structure or other coding NO-NOs.
code.c:
#include <Windows.h>
#include <TlHelp32.h>
#include <stdio.h>
#include <conio.h>
#include <tchar.h>
int main(int argc, char **argv) {
DWORD pid = 0, i = 0, cPid = 0;
PROCESSENTRY32 pe32;
BOOL res = FALSE;
HANDLE snap = INVALID_HANDLE_VALUE, proc = INVALID_HANDLE_VALUE;
char c = 0;
if (argc > 1) {
pid = atoi(argv[1]);
} else {
pid = GetCurrentProcessId();
}
printf("PID: %d\n", pid);
snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, pid);
if (snap == INVALID_HANDLE_VALUE) {
printf("CreateToolhelp32Snapshot failed: %d\n", GetLastError());
return -1;
}
pe32.dwSize = sizeof(PROCESSENTRY32);
res = Process32First(snap, &pe32);
if (res == FALSE) {
printf("Process32First failed: %d\n", GetLastError());
CloseHandle(snap);
return -2;
}
do {
if (_tcscmp(pe32.szExeFile, TEXT("conhost.exe")) == 0) {
_tprintf(TEXT(" Idx: %02d PID: %5d PPID: %5d Name: %s\n"), i++, pe32.th32ProcessID, pe32.th32ParentProcessID, pe32.szExeFile);
if (pe32.th32ParentProcessID == pid) {
cPid = pe32.th32ProcessID;
}
}
} while ((res = Process32Next(snap, &pe32)));
CloseHandle(snap);
if ((proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, cPid)) == INVALID_HANDLE_VALUE) {
printf("OpenProcess failed: %d\n", GetLastError());
return -3;
}
printf("Conhost handle: 0x%08X\n", proc);
CloseHandle(proc);
printf("Press a key to exit...\n");
c = getch();
return 0;
}
Output (as a VStudio 2010, Console App (Debug - x86) on Win 10):
e:\Work\Dev\***\q035102238>ver Microsoft Windows [Version 10.0.17134.48] e:\Work\Dev\***\q035102238>"Debug\q035102238.exe" PID: 22388 Idx: 00 PID: 19892 PPID: 20164 Name: conhost.exe Idx: 01 PID: 21128 PPID: 21120 Name: conhost.exe Idx: 02 PID: 1144 PPID: 20572 Name: conhost.exe Idx: 03 PID: 8184 PPID: 19572 Name: conhost.exe Idx: 04 PID: 10976 PPID: 20608 Name: conhost.exe Idx: 05 PID: 21284 PPID: 8792 Name: conhost.exe Idx: 06 PID: 8172 PPID: 20444 Name: conhost.exe Idx: 07 PID: 4396 PPID: 19484 Name: conhost.exe Idx: 08 PID: 12484 PPID: 2580 Name: conhost.exe Idx: 09 PID: 18636 PPID: 11552 Name: conhost.exe Idx: 10 PID: 21456 PPID: 21016 Name: conhost.exe Idx: 11 PID: 960 PPID: 3528 Name: conhost.exe Idx: 12 PID: 20616 PPID: 18404 Name: conhost.exe Idx: 13 PID: 21548 PPID: 21528 Name: conhost.exe Idx: 14 PID: 20192 PPID: 8316 Name: conhost.exe Idx: 15 PID: 2496 PPID: 9284 Name: conhost.exe Idx: 16 PID: 5820 PPID: 23140 Name: conhost.exe Idx: 17 PID: 6032 PPID: 26512 Name: conhost.exe Connhost handle: 0x00000000 Press a key to exit...
So, it is possible to enumerate all running conhost.exe processes, and also get PROCESS_ALL_ACCESS
to the one associated with my current application (I have to mention here that my Win user has full administrative privileges).
@EDIT0:
Output:
c:\Work\Dev\***\q035102238>ver Microsoft Windows [Version 6.1.7601] c:\Work\Dev\***\q035102238>q035102238.exe PID: 1548 Idx: 00 PID: 4960 PPID: 3472 Name: conhost.exe Idx: 01 PID: 5024 PPID: 3472 Name: conhost.exe Idx: 02 PID: 5076 PPID: 3472 Name: conhost.exe Idx: 03 PID: 2676 PPID: 3472 Name: conhost.exe Idx: 04 PID: 1888 PPID: 3472 Name: conhost.exe Connhost handle: 0x00000000 Press a key to exit...