Reading Command Line Arguments of Another Process (Win32 C code) – Stack Overflow
http://stackoverflow.com/questions/440932/reading-command-line-arguments-of-another-process-win32-c-code
List all processes and their Command-line parameters
http://windowsxp.mvps.org/listproc.htm
HOWTO: Get the command line of a process « wblog3
http://74.125.153.132/search?q=cache:4FbCj-JKwbEJ:wj32.wordpress.com/2009/01/24/howto-get-the-command-line-of-processes/+howto-get-the-command-line-of-processes/&cd=1&hl=en&ct=clnk&ie=UTF-8&client=firefox
The Old New Thing : How do I get the command line of another process?
http://blogs.msdn.com/oldnewthing/archive/2009/11/25/9928372.aspx
Microsoft – Using the Windows Management Instrumentation Command-line (WMIC) tool
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/wmic.mspx?mfr=true
How to: Get the Command Line Arguments of running Processes
http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/669eeaeb-e6fa-403b-86fd-302b24c569fb/
ManagementClass mngmtClass = new ManagementClass(“Win32_Process”);
foreach (ManagementObject o in mngmtClass.GetInstances())
{
if (o["Name"].Equals(“javaw.exe”))
{
String commandLine = (String) o["CommandLine"];
Regex envRE = new Regex(“-environment ([^ ]+) “);
Match m = envRE.Match(commandLine);
if (m.Success) {
Console.WriteLine(o["Name"] + ” [" + m.Groups[1] + “]”);
}
}
}
}
How to get the command line argument of the other processes in VB using Win32 API? – Visual Basic Discussion Boards – CodeProject
http://www.codeproject.com/Messages/1070663/How-to-get-the-command-line-argument-of-the-other-.aspx
NtQueryInformationProcess Function (Windows)
http://msdn.microsoft.com/en-us/library/ms684280(VS.85).aspx
Processing Global Mouse and Keyboard Hooks in C# – CodeProject
http://69.10.233.10/KB/cs/globalhook.aspx
I/O Ports Uncensored – 1 – Controlling LEDs (Light Emiting Diodes) with Parallel Port – CodeProject
http://69.10.233.10/KB/cs/csppleds.aspx
IconLib – Icons Unfolded (MultiIcon and Windows Vista supported) – CodeProject
http://69.10.233.10/KB/cs/IconLib.aspx
Finding and Listing Processes in C#
http://www.c-sharpcorner.com/UploadFile/scottlysle/FindListProcessesCS09102007024714AM/FindListProcessesCS.aspx
StringBuilder sb = new StringBuilder();
How To Get Process Owner ID and Current User SID – CodeProject
http://69.10.233.10/KB/cs/processownersid.aspx
How to get process information : C# VS 2005, process, information
http://www.experts-exchange.com/Programming/Languages/C_Sharp/Q_23509154.html
c#编写病毒专杀工具(一)_飞扬跋扈,平步青云!_百度空间
http://hi.baidu.com/feiyangqingyun/blog/item/f1d65cec9127143727979126.html
DataGridView的两个事件SelectionChanged和Click有何不同 – 博问 – 博客园社区
http://wz.cnblogs.com/question/7602/
dataGridView.SelectionChanged事件为什么,每次刷新datagridview就会触发?我只想点每行数据的时候触发,有没有办法解决?
http://topic.csdn.net/u/20080925/21/2f12dec6-cbf9-43d2-8eea-dc440083211d.html
FullRowSelect
Datagridview SelectionChanged_融雪无香_百度空间
http://hi.baidu.com/brianxj/blog/item/59e65bb58747accb37d3caf4.html
DataGridView在与DataTable_﹎繌儍ヤ諾言_百度空间
http://hi.baidu.com/oathevil/blog/item/f39c2ac5b2332bc238db4983.html
DataRowView drv = dataGridView.SelectedRows[0].DataBoundItem as DataRowView;
标签:process
[Flags]
public enum ThreadAccess : int
{
TERMINATE = (0×0001),
SUSPEND_RESUME = (0×0002),
GET_CONTEXT = (0×0008),
SET_CONTEXT = (0×0010),
SET_INFORMATION = (0×0020),
QUERY_INFORMATION = (0×0040),
SET_THREAD_TOKEN = (0×0080),
IMPERSONATE = (0×0100),
DIRECT_IMPERSONATION = (0×0200)
}
[DllImport("kernel32.dll")]
static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
[DllImport("kernel32.dll")]
static extern uint SuspendThread(IntPtr hThread);
[DllImport("kernel32.dll")]
static extern int ResumeThread(IntPtr hThread);
private void SuspendProcess(int PID)
{
Process proc = Process.GetProcessById(PID);
if (proc.ProcessName == string.Empty)
return;
foreach (ProcessThread pT in proc.Threads)
{
IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
if (pOpenThread == IntPtr.Zero)
{
break;
}
SuspendThread(pOpenThread);
}
}
public void ResumeProcess(int PID)
{
Process proc = Process.GetProcessById(PID);
if (proc.ProcessName == string.Empty)
return;
foreach (ProcessThread pT in proc.Threads)
{
IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
if (pOpenThread == IntPtr.Zero)
{
break;
}
ResumeThread(pOpenThread);
}
}
Dock(Bound) a Process to any Control
Dock(Bound) any Process to any Control e.g TabPage, PictureBox, Panel, GroupBox, etc. using the Win32 API
Submitted By: gbertoli3
Actions:
Rating:
Views: 139
Language: C#
Last Modified: September 22, 2009
Instructions: Add a reference to: System.Runtime.InteropServices
Use:
//Get a list of all the processes
System.Diagnostics.Process[] processes = System.Diagnostics.Process.GetProcesses();
//Loop through all of the processes
foreach (System.Diagnostics.Process process in processes)
{
//If we have the Calculator process open
if (process.MainWindowTitle == “Calculator”)
//Dock the process inside of tabPage1
DockProcess(process, tabPage1);
}
Snippet
1.
#region User32 Import Methods
2.
[DllImport("user32.dll", EntryPoint = "SetParent")]
3.
public static extern IntPtr SetParent(IntPtr hWndChild, IntPtr hWndNewParent);
4.
5.
[DllImport("user32.dll", EntryPoint = "GetParent")]
6.
public static extern IntPtr GetParent(IntPtr hWnd);
7.
8.
[DllImport("user32.dll", EntryPoint = "SetWindowPos")]
9.
public static extern IntPtr SetWindowPos(IntPtr hWnd, int hWndInsertAfter, int x, int Y, int cx, int cy, int wFlags);
10.
#endregion
11.
12.
13.
/// <summary>
14.
/// Dock(Bound) a process inside of any control.
15.
/// </summary>
16.
/// <param name=”process”>The process to dock.</param>
17.
/// <param name=”control”>The control to hold the process.</param>
18.
/// <remarks>THE PROCESS MUST BE RUNNING!!!</remarks>
19.
public void DockProcess(System.Diagnostics.Process process, Control control)
20.
{
21.
//The process’s parent
22.
System.IntPtr parent;
23.
//The new parent / position for the process
24.
System.IntPtr x;
25.
//The handle of the process
26.
System.IntPtr handle = process.MainWindowHandle;
27.
//If the handle is not equal to 0[zero]
28.
if (handle != System.IntPtr.Zero)
29.
{
30.
//Get the current parent of the process
31.
parent = GetParent(handle);
32.
//Set the new parent of the process to the control we specified
33.
x = SetParent(handle, control.Handle);
34.
//Set the new position of the process
35.
x = SetWindowPos(handle, 1, 10, 10, 500, 300, 0);
36.
}
37.
}
Introduction
This app shows how to send and receive messages between two apps using WM_COPYDATA.
There are two samples. One is testmessage app and one is testMessage2 app. The testmessage will check and open app 2 if it is not running and if so, will start another instance with a different window header.
* The ‘Send’ button will send the text from the textbox to the testMessage2 app.
* The received data will show up in the textbox.
Using the Code
The exchange of data is performed by finding the other application (using FindWindow) and sending a WM_COPYDATA message to that window:
Collapse
public static bool SendArgs(IntPtr targetHWnd, string args)
{
Win32.CopyDataStruct cds = new Win32.CopyDataStruct();
try
{
cds.cbData = (args.Length + 1) * 2;
cds.lpData = Win32.LocalAlloc(0×40, cds.cbData);
Marshal.Copy(args.ToCharArray(), 0, cds.lpData, args.Length);
cds.dwData = (IntPtr)1;
Win32.SendMessage(targetHWnd, Win32.WM_COPYDATA, IntPtr.Zero, ref cds);
}
finally
{
cds.Dispose();
}
return true;
}
protected override void WndProc(ref Message m){
switch(m.Msg){
case Win32.WM_COPYDATA:
Win32.CopyDataStruct st =
(Win32.CopyDataStruct)Marshal.PtrToStructure(m.LParam,
typeof(Win32.CopyDataStruct));
string strData = Marshal.PtrToStringUni(st.lpData);
txtmessagereceive.Text = strData;
break;
default:
// let the base class deal with it
base.WndProc(ref m);
break;
}
}
History
* 12th July, 2007: Initial post
License
This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)
标签:process/*
hookzwcreateprocess.C
Author: <X-STAR/heartdbg>
Last Updated: 2007-11-17
This framework is generated by EasySYS 0.3.0
This template file is copying from QuickSYS 0.3.0 written by Chunhua Liu
*/
// ***************************************************************
// hookzwcreateprocess version: 1.0 ? date: 11/17/2007
// ————————————————————-
// Author:X-STAR/heartdbg
// E-MAIL:qqshow@live.com
// BLOG :http://hi.baidu.com/heartdbg
// ————————————————————-
// Copyright (C) 2007 – All Rights Reserved
// ***************************************************************
//
// ***************************************************************
#include “dbghelp.h”
#include “hookzwcreateprocess.h”
#include <stdio.h>
#include <stdarg.h>
#include <ntimage.h>
#include <ntiologc.h>
//
// A structure representing the instance information associated with
// a particular device
//
#define DWORD unsigned long
#define WORD unsigned short
#define BOOL unsigned long
#define BYTE unsigned char
#define MAXPATHLEN 256
#define SEC_IMAGE 0×01000000
int position;
int pos;
int po;
KEVENT event ;
char *output;
extern NTSTATUS
ZwCreateSection(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN PLARGE_INTEGER MaximumSize OPTIONAL,
IN ULONG SectionPageProtection,
IN ULONG AllocationAttributes,
IN HANDLE FileHandle OPTIONAL
);
NTSTATUS
ObQueryNameString(
IN PVOID Object,
OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
IN ULONG Length,
OUT PULONG ReturnLength
);
NTSTATUS
DevCreateClose(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
DevDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
VOID RegMoniterOn();
VOID RegMoniterOff();
VOID ProcMoniterOn();
VOID ProcMoniterOff();
VOID ModMonitorOn();
VOID ModMonitorOff();
BOOLEAN bRegMon = FALSE;
BOOLEAN bProcMon= FALSE;
BOOLEAN bModMon = FALSE;
typedef struct ServiceDescriptorEntry {
unsigned int *ServiceTableBase;
unsigned int *ServiceCounterTableBase; //Used only in checked build
unsigned int NumberOfServices;
unsigned char *ParamTableBase;
} ServiceDescriptorTableEntry, *PServiceDescriptorTableEntry;
extern PServiceDescriptorTableEntry KeServiceDescriptorTable;
/*
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE InheritFromProcessHandle,
IN BOOLEAN InheritHandles,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL,
IN HANDLE Unknown
);*/
/*
NTSTATUS
ZwLoadDriver(
IN PUNICODE_STRING DriverServiceName
);*/
typedef NTSTATUS (*ZWCREATEPROCESS)(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE InheritFromProcessHandle,
IN BOOLEAN InheritHandles,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL,
IN HANDLE Unknown
);
NTSTATUS FakedZwCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE InheritFromProcessHandle,
IN BOOLEAN InheritHandles,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL,
IN HANDLE Unknown
);
typedef NTSTATUS (*ZWSETVALUEKEY)
(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN ULONG TitleIndex OPTIONAL,
IN ULONG Type,
IN PVOID Data,
IN ULONG DataSize
);
NTSTATUS FakedZwSetValueKey
(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN ULONG TitleIndex OPTIONAL,
IN ULONG Type,
IN PVOID Data,
IN ULONG DataSize
);
typedef NTSTATUS (*ZWLOADDRIVER)
(
IN PUNICODE_STRING DriverServiceName
);
NTSTATUS FakedZwLoadDriver
(
IN PUNICODE_STRING DriverServiceName
);
ZWSETVALUEKEY RealZwSetValueKey;
ZWCREATEPROCESS RealZwCreateProcess;
ZWLOADDRIVER RealZwLoadDriver;
typedef struct _SECTION_IMAGE_INFORMATION {
PVOID EntryPoint;
ULONG StackZeroBits;
ULONG StackReserved;
ULONG StackCommit;
ULONG ImageSubsystem;
WORD SubsystemVersionLow;
WORD SubsystemVersionHigh;
ULONG Unknown1;
ULONG ImageCharacteristics;
ULONG ImageMachineType;
ULONG Unknown2[3];
} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
// Length of process name (rounded up to next DWORD)
#define PROCNAMELEN 20
// Maximum length of NT process name
#define NT_PROCNAMELEN 16
ULONG gProcessNameOffset;
void GetProcessNameOffset()
{
PEPROCESS curproc;
int i;
curproc = PsGetCurrentProcess();
for( i = 0; i < 3*PAGE_SIZE; i++ )
{
if( !strncmp( “System”, (PCHAR) curproc + i, strlen(“System”) ))
{
gProcessNameOffset = i;
}
}
}
BOOLEAN GetFullName2(HANDLE handle,char * pch)
{
ULONG uactLength;
POBJECT_NAME_INFORMATION pustr;
ANSI_STRING astr;
PVOID pObj;
NTSTATUS ns;
ns = ObReferenceObjectByHandle( handle, 0, NULL, KernelMode, &pObj, NULL );
if (!NT_SUCCESS(ns))
{
return FALSE;
}
pustr = ExAllocatePool(NonPagedPool,1024+4);
if (pObj==NULL||pch==NULL)
return FALSE;
ns = ObQueryNameString(pObj,pustr,512,&uactLength);
if (NT_SUCCESS(ns))
{
RtlUnicodeStringToAnsiString(&astr,(PUNICODE_STRING)pustr,TRUE);
strcpy(pch,astr.Buffer);
}
ExFreePool(pustr);
RtlFreeAnsiString( &astr );
if (pObj)
{
ObDereferenceObject(pObj);
}
return TRUE;
}
/*
KeyHandle:hSection
*/
NTSTATUS GetFullName(HANDLE KeyHandle,char *fullname)
{
NTSTATUS ns;
PVOID pKey=NULL,pFile=NULL;
UNICODE_STRING fullUniName;
ANSI_STRING akeyname;
ULONG actualLen;
UNICODE_STRING dosName;
fullUniName.Buffer=NULL;
fullUniName.Length=0;
fullname[0]=0×00;
ns= ObReferenceObjectByHandle( KeyHandle, 0, NULL, KernelMode, &pKey, NULL ) ;
if( !NT_SUCCESS(ns)) return ns;
fullUniName.Buffer = ExAllocatePool( PagedPool, MAXPATHLEN*2);//1024*2
fullUniName.MaximumLength = MAXPATHLEN*2;
__try
{
pFile=(PVOID)*(ULONG *)((char *)pKey+20);
pFile=(PVOID)*(ULONG *)((char *)pFile);
pFile=(PVOID)*(ULONG *)((char *)pFile+36);
ObReferenceObjectByPointer(pFile, 0, NULL, KernelMode);
RtlVolumeDeviceToDosName(((PFILE_OBJECT)pFile)->DeviceObject,&dosName);
//ns=ObQueryNameString( pFile, fullUniName, MAXPATHLEN, &actualLen );
RtlCopyUnicodeString(&fullUniName, &dosName);
RtlAppendUnicodeStringToString(&fullUniName,&((PFILE_OBJECT)pFile)->FileName);
ObDereferenceObject(pFile);
ObDereferenceObject(pKey );
RtlUnicodeStringToAnsiString( &akeyname, &fullUniName, TRUE );
if(akeyname.Length<MAXPATHLEN)
{
memcpy(fullname,akeyname.Buffer,akeyname.Length);
fullname[akeyname.Length]=0×00;
}
else
{
memcpy(fullname,akeyname.Buffer,MAXPATHLEN);
fullname[MAXPATHLEN-1]=0×00;
}
RtlFreeAnsiString( &akeyname );
ExFreePool(dosName.Buffer);
ExFreePool( fullUniName.Buffer );
return STATUS_SUCCESS;
}
__except(1)
{
if(fullUniName.Buffer) ExFreePool( fullUniName.Buffer );
if(pKey) ObDereferenceObject(pKey );
return STATUS_SUCCESS;
}
}
BOOL GoOrNot(char *fathername,char *procname)
{
char buff[256] = {0};
ULONG a;
LARGE_INTEGER li;li.QuadPart=-10000;
KeWaitForSingleObject(&event,Executive,KernelMode,0,0);
strcpy(buff,fathername);
strcat(buff,procname);
strncpy(&output[8],buff,sizeof(buff));
a = 1;
memmove(&output[0],&a,4);
while (1)
{
KeDelayExecutionThread(KernelMode,0,&li);
memmove(&a,&output[0],4);
if (!a)
{
break;
}
}
memmove(&a,&output[4],4);
KeSetEvent(&event,0,0);
return a;
}
BOOL GetProcessName( PCHAR theName )
{
PEPROCESS curproc;
char *nameptr;
ULONG i;
KIRQL oldirql;
if( gProcessNameOffset )
{
curproc = PsGetCurrentProcess();
nameptr = (PCHAR) curproc + gProcessNameOffset;
strncpy( theName, nameptr, NT_PROCNAMELEN );
theName[NT_PROCNAMELEN] = 0; /* NULL at end */
return TRUE;
}
return FALSE;
}
DWORD GetDllFunctionAddress(char* lpFunctionName, PUNICODE_STRING pDllName)
{
HANDLE hThread, hSection, hFile, hMod;
SECTION_IMAGE_INFORMATION sii;
IMAGE_DOS_HEADER* dosheader;
IMAGE_OPTIONAL_HEADER* opthdr;
IMAGE_EXPORT_DIRECTORY* pExportTable;
DWORD* arrayOfFunctionAddresses;
DWORD* arrayOfFunctionNames;
WORD* arrayOfFunctionOrdinals;
DWORD functionOrdinal;
DWORD Base, x, functionAddress;
char* functionName;
STRING ntFunctionName, ntFunctionNameSearch;
PVOID BaseAddress = NULL;
SIZE_T size=0;
OBJECT_ATTRIBUTES oa = {sizeof oa, 0, pDllName, OBJ_CASE_INSENSITIVE};
IO_STATUS_BLOCK iosb;
//_asm int 3;
ZwOpenFile(&hFile, FILE_EXECUTE | SYNCHRONIZE, &oa, &iosb, FILE_SHARE_READ, FILE_SYNCHRONOUS_IO_NONALERT);
oa.ObjectName = 0;
ZwCreateSection(&hSection, SECTION_ALL_ACCESS, &oa, 0,PAGE_EXECUTE, SEC_IMAGE, hFile);
ZwMapViewOfSection(hSection, NtCurrentProcess(), &BaseAddress, 0, 1000, 0, &size, (SECTION_INHERIT)1, MEM_TOP_DOWN, PAGE_READWRITE);
ZwClose(hFile);
hMod = BaseAddress;
dosheader = (IMAGE_DOS_HEADER *)hMod;
opthdr =(IMAGE_OPTIONAL_HEADER *) ((BYTE*)hMod+dosheader->e_lfanew+24);
pExportTable =(IMAGE_EXPORT_DIRECTORY*)((BYTE*) hMod + opthdr->DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT]. VirtualAddress);
// now we can get the exported functions, but note we convert from RVA to address
arrayOfFunctionAddresses = (DWORD*)( (BYTE*)hMod + pExportTable->AddressOfFunctions);
arrayOfFunctionNames = (DWORD*)( (BYTE*)hMod + pExportTable->AddressOfNames);
arrayOfFunctionOrdinals = (WORD*)( (BYTE*)hMod + pExportTable->AddressOfNameOrdinals);
Base = pExportTable->Base;
RtlInitString(&ntFunctionNameSearch, lpFunctionName);
for(x = 0; x < pExportTable->NumberOfFunctions; x++)
{
functionName = (char*)( (BYTE*)hMod + arrayOfFunctionNames[x]);
RtlInitString(&ntFunctionName, functionName);
functionOrdinal = arrayOfFunctionOrdinals[x] + Base – 1; // always need to add base, -1 as array counts from 0
// this is the funny bit. you would expect the function pointer to simply be arrayOfFunctionAddresses[x]…
// oh no… thats too simple. it is actually arrayOfFunctionAddresses[functionOrdinal]!!
functionAddress = (DWORD)( (BYTE*)hMod + arrayOfFunctionAddresses[functionOrdinal]);
if (RtlCompareString(&ntFunctionName, &ntFunctionNameSearch, TRUE) == 0)
{
ZwClose(hSection);
return functionAddress;
}
}
ZwClose(hSection);
return 0;
}
VOID OnUnload( IN PDRIVER_OBJECT DriverObject )
{
UNICODE_STRING devlink;
DbgPrint(“PRMonitor: OnUnload called\n”);
if (bRegMon)
{
RegMoniterOff();
}
if(bProcMon)
{
ProcMoniterOff();
}
if (bModMon)
{
ModMonitorOff();
}
RtlInitUnicodeString(&devlink,HOOKZWCREATEPROCESS_DOS_DEVICE_NAME_W);
IoDeleteSymbolicLink(&devlink);
if (DriverObject->DeviceObject)
{
IoDeleteDevice(DriverObject->DeviceObject);
}
}
NTSTATUS DriverEntry( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath )
{
int i;
UNICODE_STRING dllName;
DWORD functionAddress;
UNICODE_STRING devname;
UNICODE_STRING devlink;
PDEVICE_OBJECT devob ;
NTSTATUS status ;
//_asm int 3;
DbgPrint(“My Driver Loaded!”);
RtlInitUnicodeString(&devname,HOOKZWCREATEPROCESS_DEVICE_NAME_W);
RtlInitUnicodeString(&devlink,HOOKZWCREATEPROCESS_DOS_DEVICE_NAME_W);
status = IoCreateDevice(theDriverObject,
256,
&devname,
FILE_DEVICE_HOOKZWCREATEPROCESS,
0,
TRUE,
&devob);
if (!NT_SUCCESS(status))
{
KdPrint((“Failed to create device …..”));
return status ;
}
status = IoCreateSymbolicLink(&devlink,&devname);
if (!NT_SUCCESS(status))
{
KdPrint((“Failed to create symboliclink …….”));
IoDeleteDevice(devob);
return status;
}
theDriverObject->MajorFunction[IRP_MJ_CREATE] =
theDriverObject->MajorFunction[IRP_MJ_CLOSE] = DevCreateClose;
theDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DevDispatch ;
theDriverObject->DriverUnload = OnUnload;
KeInitializeEvent(&event,SynchronizationEvent,1);
GetProcessNameOffset();
RtlInitUnicodeString(&dllName, L”\\Device\\HarddiskVolume1\\Windows\\System32\\ntdll.dll”);
functionAddress = GetDllFunctionAddress(“ZwCreateProcessEx”, &dllName);
position = *((WORD*)(functionAddress+1));
DbgPrint(“ZwCreateProcessEx’s Id:%d\n”, position);
RealZwCreateProcess = (ZWCREATEPROCESS)(*(((PServiceDescriptorTableEntry)KeServiceDescriptorTable)->ServiceTableBase + position));
functionAddress = GetDllFunctionAddress(“ZwLoadDriver”,&dllName);
pos = *((WORD*)((DWORD)ZwSetValueKey+1));
po = *((WORD *)(functionAddress+1));
DbgPrint(“ZwSetValueKey’s Id:%d\n”, pos);
DbgPrint(“ZwLoadDriver’s Id:%d\n”,po);
//DbgPrint(“ZwLoadDriver’s address is %d\n”,ZwLoadDriver);
RealZwSetValueKey = (ZWSETVALUEKEY)(*(((PServiceDescriptorTableEntry)KeServiceDescriptorTable)->ServiceTableBase + pos));
RealZwLoadDriver = (ZWLOADDRIVER)(*(((PServiceDescriptorTableEntry)KeServiceDescriptorTable)->ServiceTableBase + po));
return STATUS_SUCCESS;
}
NTSTATUS FakedZwCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE InheritFromProcessHandle,
IN BOOLEAN InheritHandles,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL,
IN HANDLE Unknown
)
{
char aProcessName[PROCNAMELEN];
char aPathName[MAXPATHLEN];
GetFullName(SectionHandle,aPathName);
GetProcessName(aProcessName);
DbgPrint(“ZwCreateProcess is called by %s\n”,aProcessName);
DbgPrint(“The name is %s\n”,aPathName);
strcat(aProcessName,”##”);
if (GoOrNot(aProcessName,aPathName))
{
return RealZwCreateProcess(
ProcessHandle,
DesiredAccess,
ObjectAttributes,
InheritFromProcessHandle,
InheritHandles,
SectionHandle,
DebugPort,
ExceptionPort,
Unknown
);
}
else
{
ProcessHandle = NULL;
return STATUS_SUCCESS;
}
}
NTSTATUS FakedZwSetValueKey
(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN ULONG TitleIndex OPTIONAL,
IN ULONG Type,
IN PVOID Data,
IN ULONG DataSize
)
{
char pch[MAXPATHLEN];
char regValue[MAXPATHLEN];
ANSI_STRING ansi;
char aProcessName[PROCNAMELEN];
GetFullName2(KeyHandle,pch);
GetProcessName(aProcessName);
DbgPrint(“ZwSetValueKey is called by %s\n”,aProcessName);
RtlUnicodeStringToAnsiString(&ansi,ValueName,TRUE);
if(ansi.Length<MAXPATHLEN)
{
memcpy(regValue,ansi.Buffer,ansi.Length);
regValue[ansi.Length]=0×00;
}
else
{
memcpy(regValue,ansi.Buffer,MAXPATHLEN);
regValue[MAXPATHLEN-1]=0×00;
}
RtlFreeAnsiString( &ansi );
strcat(aProcessName,”$$”);
strcat(pch,regValue);
if (GoOrNot(aProcessName,pch))
{
return RealZwSetValueKey(
KeyHandle,
ValueName,
TitleIndex,
Type,
Data,
DataSize);
}
else
{
return STATUS_ACCESS_DENIED;
}
}
NTSTATUS FakedZwLoadDriver(IN PUNICODE_STRING DriverServiceName )
{
char aProcessName[PROCNAMELEN];
char aDrvname[MAXPATHLEN];
ANSI_STRING ansi ;
GetProcessName(aProcessName);
RtlUnicodeStringToAnsiString(&ansi,DriverServiceName,TRUE);
if(ansi.Length<MAXPATHLEN)
{
memcpy(aDrvname,ansi.Buffer,ansi.Length);
aDrvname[ansi.Length]=0×00;
}
else
{
memcpy(aDrvname,ansi.Buffer,MAXPATHLEN);
aDrvname[MAXPATHLEN-1]=0×00;
}
RtlFreeAnsiString( &ansi );
DbgPrint(“ZwLoadDriver is called by %s\n”,aProcessName);
DbgPrint(“Driver name is %s\n”,aDrvname);
strcat(aProcessName,”&&”);
if (GoOrNot(aProcessName,aDrvname))
{
return RealZwLoadDriver(
DriverServiceName
);
}
else
{
return STATUS_ACCESS_DENIED;
}
}
NTSTATUS
DevCreateClose(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
Irp->IoStatus.Status = 0;
Irp->IoStatus.Information = 0 ;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return STATUS_SUCCESS ;
}
NTSTATUS
DevDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
UCHAR *buff =0;
ULONG a;
PIO_STACK_LOCATION psloc= IoGetCurrentIrpStackLocation(Irp);
switch(psloc->Parameters.DeviceIoControl.IoControlCode)
{
case 1000:
DbgPrint(“IoControlCode 1000\n”);
if(!bProcMon)
{
buff = (UCHAR *)Irp->AssociatedIrp.SystemBuffer ;
ProcMoniterOn();
memmove(&a,&buff[4],4);
output=(char*)MmMapIoSpace(MmGetPhysicalAddress((void*)a),256,0);
}
break;
case 1001:
DbgPrint(“IoControlCode 1001\n”);
if (bProcMon)
{
ProcMoniterOff();
}
break;
case 1002:
DbgPrint(“IoControlCode 1002\n”);
if (!bRegMon)
{
buff = (UCHAR *)Irp->AssociatedIrp.SystemBuffer ;
RegMoniterOn();
memmove(&a,&buff[4],4);
output=(char*)MmMapIoSpace(MmGetPhysicalAddress((void*)a),256,0);
}
break;
case 1003:
DbgPrint(“IoControlCode 1003\n”);
if (bRegMon)
{
RegMoniterOff();
}
break;
case 1004:
DbgPrint(“IoControlCode 1004\n”);
if (!bModMon)
{
buff = (UCHAR *)Irp->AssociatedIrp.SystemBuffer ;
ModMonitorOn();
memmove(&a,&buff[4],4);
output=(char*)MmMapIoSpace(MmGetPhysicalAddress((void*)a),256,0);
}
break;
case 1005:
DbgPrint(“IoControlCode 1005\n”);
if (bModMon)
{
ModMonitorOff();
}
break;
}
Irp->IoStatus.Status = 0;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return STATUS_SUCCESS ;
}
VOID ModMonitorOn()
{
DbgPrint(“ModMonitorOn\n”);
_asm
{
CLI //disable interrupt
MOV EAX, CR0 //move CR0 register into EAX
AND EAX, NOT 10000H //disable WP bit
MOV CR0, EAX
}
(ZWLOADDRIVER)(*(((PServiceDescriptorTableEntry)KeServiceDescriptorTable)->ServiceTableBase + po)) = FakedZwLoadDriver ;
_asm
{
MOV EAX, CR0 //move CR0 register into EAX
OR EAX, 10000H //enable WP bit
MOV CR0, EAX //write register back
STI //enable interrupt
}
bModMon =1 ;
}
VOID ModMonitorOff()
{
DbgPrint(“ModMonitorOff\n”);
_asm
{
CLI //disable interrupt
MOV EAX, CR0 //move CR0 register into EAX
AND EAX, NOT 10000H //disable WP bit
MOV CR0, EAX
}
(ZWLOADDRIVER)(*(((PServiceDescriptorTableEntry)KeServiceDescriptorTable)->ServiceTableBase + po)) = RealZwLoadDriver ;
_asm
{
MOV EAX, CR0 //move CR0 register into EAX
OR EAX, 10000H //enable WP bit
MOV CR0, EAX //write register back
STI //enable interrupt
}
bModMon =0 ;
}
VOID RegMoniterOn()
{
DbgPrint(“RegMonitorON\n”);
_asm
{
CLI //disable interrupt
MOV EAX, CR0 //move CR0 register into EAX
AND EAX, NOT 10000H //disable WP bit
MOV CR0, EAX //write register back
}
(ZWSETVALUEKEY)(*(((PServiceDescriptorTableEntry)KeServiceDescriptorTable)->ServiceTableBase + pos)) = FakedZwSetValueKey ;
_asm
{
MOV EAX, CR0 //move CR0 register into EAX
OR EAX, 10000H //enable WP bit
MOV CR0, EAX //write register back
STI //enable interrupt
}
bRegMon = 1 ;
}
VOID RegMoniterOff()
{
DbgPrint(“RegMonitorOff\n”);
_asm
{
CLI //disable interrupt
MOV EAX, CR0 //move CR0 register into EAX
AND EAX, NOT 10000H //disable WP bit
MOV CR0, EAX //write register back
}
(ZWSETVALUEKEY)(*(((PServiceDescriptorTableEntry)KeServiceDescriptorTable)->ServiceTableBase + pos)) = RealZwSetValueKey ;
_asm
{
MOV EAX, CR0 //move CR0 register into EAX
OR EAX, 10000H //enable WP bit
MOV CR0, EAX //write register back
STI //enable interrupt
}
bRegMon = 0;
}
VOID ProcMoniterOn()
{
DbgPrint(“ProcMonitorOn\n”);
_asm
{
CLI //disable interrupt
MOV EAX, CR0 //move CR0 register into EAX
AND EAX, NOT 10000H //disable WP bit
MOV CR0, EAX //write register back
}
(ZWCREATEPROCESS)(*(((PServiceDescriptorTableEntry)KeServiceDescriptorTable)->ServiceTableBase + position)) = FakedZwCreateProcess ;
_asm
{
MOV EAX, CR0 //move CR0 register into EAX
OR EAX, 10000H //enable WP bit
MOV CR0, EAX //write register back
STI //enable interrupt
}
bProcMon = 1;
}
VOID ProcMoniterOff()
{
DbgPrint(“ProcMonitorOff\n”);
_asm
{
CLI //disable interrupt
MOV EAX, CR0 //move CR0 register into EAX
AND EAX, NOT 10000H //disable WP bit
MOV CR0, EAX //write register back
}
(ZWCREATEPROCESS)(*(((PServiceDescriptorTableEntry)KeServiceDescriptorTable)->ServiceTableBase + position)) = RealZwCreateProcess ;
_asm
{
MOV EAX, CR0 //move CR0 register into EAX
OR EAX, 10000H //enable WP bit
MOV CR0, EAX //write register back
STI //enable interrupt
}
bProcMon = 0;
}
20090807 c# Parent Process
嵌套WEBBROWSER随便写了个程序,可是新窗口总是弹出IE。
程序退出后这些IE窗口就是个麻烦,不能同时退出。
想根据父进程来杀之
<code>
class Program
{
static void Main(string[] args)
{
Console.WriteLine(GetParentProcess().ProcessName);
Console.Read();
}
private static Process GetParentProcess()
{
int iParentPid = 0;
int iCurrentPid = 3836;// Process.GetCurrentProcess().Id;
IntPtr oHnd = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (oHnd == IntPtr.Zero)
return null;
PROCESSENTRY32 oProcInfo = new PROCESSENTRY32();
oProcInfo.dwSize =
(uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(PROCESSENTRY32));
if (Process32First(oHnd, ref oProcInfo) == false)
return null;
do
{
if (iCurrentPid == oProcInfo.th32ProcessID)
iParentPid = (int)oProcInfo.th32ParentProcessID;
}
while (iParentPid == 0 && Process32Next(oHnd, ref oProcInfo));
if (iParentPid > 0)
return Process.GetProcessById(iParentPid);
else
return null;
}
static uint TH32CS_SNAPPROCESS = 2;
[StructLayout(LayoutKind.Sequential)]
public struct PROCESSENTRY32
{
public uint dwSize;
public uint cntUsage;
public uint th32ProcessID;
public IntPtr th32DefaultHeapID;
public uint th32ModuleID;
public uint cntThreads;
public uint th32ParentProcessID;
public int pcPriClassBase;
public uint dwFlags;
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)]
public string szExeFile;
};
[DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr CreateToolhelp32Snapshot(uint dwFlags, uint th32ProcessID);
[DllImport("kernel32.dll")]
static extern bool Process32First(IntPtr hSnapshot, ref PROCESSENTRY32 lppe);
[DllImport("kernel32.dll")]
static extern bool Process32Next(IntPtr hSnapshot, ref PROCESSENTRY32 lppe);
}
</code>
可是获得的的SVHOST·· 晕·
还有一个方法时通过WMI获得··
<code>
public static void Main() {
Process p = Process.GetCurrentProcess();
int parentPid = GetParentProcess(p.Id);
Console.WriteLine(parentPid);
}
static int GetParentProcess(int Id)
{
int parentPid=0;
using(ManagementObject mo = new ManagementObject(“win32_process.handle=’”
+ Id.ToString() + “‘”))
{
mo.Get();
parentPid = Convert.ToInt32(mo["ParentProcessId"]);
DumpProcessProperties(parentPid);
}
return parentPid;
}
// dump proces properties to the console
static void DumpProcessProperties(int Id)
{
using(ManagementObject mo = new ManagementObject(“win32_process.handle=’”
+ Id.ToString() + “‘”))
{
mo.Get();
foreach(PropertyData pd in mo.Properties)
{
Console.WriteLine(“Property: {0}, Value: [{1}]“,pd.Name, pd.Value);
}
}
}
</code>
标签:c++, Parent, processC#FORM只允许启动一个进程_书到用时方恨少
http://hi.baidu.com/jwei0793/blog/item/c08ee30aab674938b1351db2.html
保证应用程序只有一个实例在运行
http://www.chinaitpower.com/A/2002-03-07/15968.html
用C#给程序加启动画面并只允许一个应用程序实例运行 – .NET专区 – 新云网络
http://www.newasp.net/tech/net/13651.html
用C# 实现截图功能(3)(类似QQ截图)(6) – 技术应用 – 豆豆网
http://tech.ddvip.com/2008-10/122480888981875_6.html
如何让应用程序只有一个实例在运行?_LINQ &line; ASP.NET 3.5 &line; SilverLight2 &line; MVC &line; 【孟宪会之精彩世界】
http://dotnet.aspx.cc/article/e2a17727-765f-4346-8446-5d130622cb54/read.aspx
C# 启动外部程序的几种方法 @阿良.NET
http://www.chenjiliang.com/Article/View.aspx?ArticleID=2590&TypeID=84
HOW TO:使用 C# 等待外壳应用程序完成
http://support.microsoft.com/kb/305369/zh-cn
//Set a time-out value. int timeOut=5000; //Get path to system folder. string sysFolder= Environment.GetFolderPath(Environment.SpecialFolder.System); //Create a new process info structure. ProcessStartInfo pInfo = new ProcessStartInfo(); //Set file name to open. pInfo.FileName = sysFolder + @"\\eula.txt"; //Start the process. Process p = Process.Start(pInfo); //Wait for window to finish loading. p.WaitForInputIdle(); //Wait for the process to exit or time out. p.WaitForExit(timeOut); //Check to see if the process is still running. if (p.HasExited == false) //Process is still running. //Test to see if the process is hung up. if (p.Responding) //Process was responding; close the main window. p.CloseMainWindow(); else //Process was not responding; force the process to close. p.Kill(); MessageBox.Show("Code continuing…");
MPX220的MODEM驱动程序_手机玩家俱乐部_捉鱼
http://club.joyes.com/announce/Announce.aspx?ID=15979784&BoardID=5036
关于MPX220 MODEM驱动的问题, – Windows Mobile系统(MPX200/MPX220) – 摩托罗拉手机论坛 MOTO – Powered by Discuz!
http://www.motobbs.com/viewthread.php?tid=238732
初试MPx220“将手机作为调制解调器使用”功能 – 摩托罗拉MPx220玩家宝典 – 友人网
http://bible.younet.com/files/2005/03/05/264500.shtml
private void KillProcess(string processName)
&leftsign;
string processN = string.Empty;
foreach (System.Diagnostics.Process thisproc in System.Diagnostics.Process.GetProcesses())
&leftsign;
if (thisproc.ProcessName.ToString() == processName)
&leftsign;
processN = processName;
try
&leftsign;
thisproc.Kill();
&rightsign;
catch (Exception)
&leftsign;
MessageBox.Show("访问拒绝");
return;
&rightsign;
MessageBox.Show("进程" processName "已经 成功结 束");
&rightsign;
&rightsign;
if (string.IsNullOrEmpty(processN))
&leftsign;
MessageBox.Show("不存在此进 程");
return;
&rightsign;
&rightsign;
using System;
using System.Management;
namespace PK
&leftsign;
public class pk
&leftsign;
public static void Main(string[] args)
&leftsign;
if(args.Length != 1)
&leftsign;
List();
Help();
return;
&rightsign;
else
&leftsign;
Term(args[0]);
return;
&rightsign;
&rightsign;
private static void List()
&leftsign;
ManagementObjectSearcher searcher;
ManagementObjectCollection collection;
searcher = new ManagementObjectSearcher("SELECT * FROM Win32_Process");
collection = searcher.Get();
foreach (ManagementObject service in collection)
&leftsign;
Console.WriteLine(service["Name"] + "\\t\\t" + service["ExecutablePath"]);
&rightsign;
&rightsign;
private static void Help()
&leftsign;
Console.WriteLine("\\n===========================================================");
Console.WriteLine("This Program Used To Terminate A Process Which You Chosed");
Console.WriteLine("Usage:pk.exe ProcessName ph4nt0m.net");
Console.WriteLine("===========================================================");
&rightsign;
private static void Term(string name)
&leftsign;
ManagementObjectSearcher searcher;
ManagementObjectCollection collection;
searcher = new ManagementObjectSearcher("SELECT * FROM Win32_Process");
collection = searcher.Get();
foreach (ManagementObject service in collection)
&leftsign;
if (service["Name"].ToString() == name)
&leftsign;
string[] Tparas = &leftsign;"0"&rightsign;;
service.InvokeMethod("Terminate", Tparas);
Console.WriteLine("Terminate "+name+" ok");
&rightsign;
&rightsign;
&rightsign;
&rightsign;
&rightsign;
<Storyboard
Storyboard.TargetName="e1"
Storyboard.TargetProperty="(Canvas.Left)">
<DoubleAnimation BeginTime="0" Duration="0:0:2" To="250" />
<DoubleAnimation BeginTime="0:0:2" Duration="0:0:2" To="20" />
</Storyboard>
保证应用程序只有一个实例在运行-站长中国-中国站长门户 从这里开始全面了解中国站长
http://www.zzchn.com/edu/20070914/38449.shtml
如何让应用程序只有一个实例在运行?[风云在线,风云源码,风云软件,asp源码,壁纸,图片,desktop,wallpaper-www.fyasp.com]
http://www.fyasp.com/Html/Article/asp/netpra/18262.html
C#技巧:网页表单自动填写技术(gmail为例)_一叶知春
http://hi.baidu.com/wangxuhuihntc/blog/item/a008e53311ea2c45ac4b5f52.html
http://www.mvps.org/scripting/dotnet/index.htm
Real’s Howto WSH VBScript » Programming Tutorial Learning
http://www.programminglearn.com/288/reals-howto-wsh-vbscript
c# 枚举系统用户 – 微软中文技术论坛(MSDN and TechNet)
http://forums.microsoft.com/china/ShowPost.aspx?PostID=3912690&SiteID=15
WScript and VBScript – .NET C#
http://bytes.com/forum/thread261141.html
Call VBScript from C# – .NET C#
http://bytes.com/forum/thread237617.html
c#中怎么创建Wscript.Shell对象? .NET技术 / ASP.NET – CSDN社区 community.csdn.net
http://topic.csdn.net/t/20050111/09/3715244.html
C#技巧:网页表单自动填写技术(gmail为例)_一叶知春
http://hi.baidu.com/wangxuhuihntc/blog/item/a008e53311ea2c45ac4b5f52.html
程序已打开,并且在托盘中,重新点击程序时,不用重新运行,仅最大化托盘中的程序!就象金山词霸一样!
http://topic.csdn.net/u/20081102/11/fbda50fa-5624-471e-8569-561bfa818856.html?1669784930
http://dotnet.aspx.cc/article/e2a17727-765f-4346-8446-5d130622cb54/read.aspx
用C# 实现截图功能(3)(类似QQ截图)(6) – 技术应用 – 豆豆网
http://tech.ddvip.com/2008-10/122480888981875_6.html
用C#给程序加启动画面并只允许一个应用程序实例运行 – .NET专区 – 新云网络
http://www.newasp.net/tech/net/13651.html
保证应用程序只有一个实例在运行
http://www.chinaitpower.com/A/2002-03-07/15968.html
C#FORM只允许启动一个进程_书到用时方恨少
http://hi.baidu.com/jwei0793/blog/item/c08ee30aab674938b1351db2.html
C# 限制软件单进程运行_.Net技术文章_Asp.net_网站开发
http://www.diybl.com/course/4_webprogram/asp.net/netjs/2008923/144742.html
如何实现单进程? .NET技术 / C# – CSDN社区 community.csdn.net
http://topic.csdn.net/t/20060321/11/4628569.html
WPF XAML Samples
http://wpf-samples.blogspot.com/
How to use Style.TargetType at Runtime : Windows Presentation Foundation (WPF) : .NET Development : MSDN Forums
http://social.msdn.microsoft.com/Forums/en-US/wpf/thread/c2113001-018a-4aa9-bef8-aa95ea7dbe96/
DoubleAnimation Class (System.Windows.Media.Animation)
http://msdn.microsoft.com/en-us/library/system.windows.media.animation.doubleanimation.aspx
Style applied programatically : Windows Presentation Foundation (WPF) : .NET Development : MSDN Forums
http://social.msdn.microsoft.com/Forums/en-US/wpf/thread/cfb88ad5-f23a-4cc7-93d4-871ba448bca7/
WPF tutorial 3D-Animations and Textures
http://www.codegod.de/WebAppCodeGod/wpf-3d-animations-and-textures-AID439.aspx
DoubleAnimation Class (System.Windows.Media.Animation)
http://msdn.microsoft.com/en-us/library/system.windows.media.animation.doubleanimation.aspx
DoubleAnimation.To Property (System.Windows.Media.Animation)
http://msdn.microsoft.com/en-us/library/system.windows.media.animation.doubleanimation.to.aspx
RoutedEvent Problems – Vista Forums
http://www.vistax64.com/avalon/41923-routedevent-problems.html
a lottery program for annual festival – Release: AnnualFestivalLottery Release
http://code.msdn.microsoft.com/annualfestivallotter/Release/ProjectReleases.aspx?ReleaseId=675
WPF/E CTP Quick Start – 第九部分:动画(翻译) – 老赵点滴 – 博客园
http://www.cnblogs.com/JeffreyZhao/archive/2006/12/14/WPFE_CTP_Quick_Start_Part_9.html#multipleanimations
非常酷的WPF的抽奖程序 – 何辉 – CSDNBlog
http://blog.csdn.net/chestnuts/archive/2008/07/07/2622458.aspx
怎样在C#中启动外部进程并获得该进程的占用内存及运行时间? – 从0开始 – 博客园
http://www.cnblogs.com/baobaoyu124/articles/569439.html
一个C#写的调用外部进程类(1) – 技术应用 – 豆豆网
http://tech.ddvip.com/2008-10/122474329481429.html
C# 启动外部程序的几种方法 CSharp 德仔工作室 脚踏实地 用心努力
http://www.dezai.cn/article_show.asp?ArticleID=17411
Process proc = Process.Start(appName);
if (proc != null)
&leftsign;
proc.WaitForExit();
MessageBox.Show(String.Format("外部程序 &leftsign;0&rightsign; 已经退出!", this.appName), this.Text,
MessageBoxButtons.OK, MessageBoxIcon.Information);
&rightsign;
C# 启动外部程序的几种方法 @阿良.NET
http://www.chenjiliang.com/Article/View.aspx?ArticleID=2590&TypeID=84
Process proc = Process.Start(appName); if (proc != null) &leftsign; proc.WaitForExit(); MessageBox.Show(String.Format("外部程序 &leftsign;0&rightsign; 已经退出!", this.appName), this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information); &rightsign;
C# 启动外部程序的几种方法 @阿良.NET
http://www.chenjiliang.com/Article/View.aspx?ArticleID=2590&TypeID=84
用C#写经典小工具-雨人电脑网络
http://www.2008red.com/member_pic_318/files/willsonzhang/html/article_47_1.shtml
C#查杀进程代码_键盘上的钢琴师-东方不败3
http://hi.baidu.com/cuiyangyang/blog/item/000689d3be9cf235970a16f9.html
VC编程技巧:求助:下面这段程序变为 C++ 地,要怎么写?谢谢2![库库中文网]-系统编程教程 QQGB.com
http://www.qqgb.com/program/vc/vcjq/program_216443.html
提取并移植XPE 2007的EWF系统保护功能 – 豆子蓝蓝 – 网易博客
http://ehugo.blog.163.com/blog/static/1052911200801412710879/
工控机环境下嵌入式XP剪裁制作 – jinzhw的专栏 – CSDNBlog
http://blog.csdn.net/jinzhw/archive/2008/05/29/2493275.aspx
XPE剪裁上手指南 转_零点笔记
http://hi.baidu.com/zzu1/blog/item/a903ebc443c5baaf8226acc6.html
I\’m Having Video Resolution Problems with my Runtime
http://msdn.microsoft.com/en-us/embedded/aa731224.aspx
Running Target Analyzer
http://msdn.microsoft.com/en-us/library/aa460355.aspx
工控自动化技术文摘:XPE的EWF使用简介
http://www.gkong.com/learn/learn_detail.asp?learn_id=2454
zengyanbing2\’s 在线记事本 1tie.cn[易贴]
http://1tie.cn/zengyanbing2/33465/
动态修改log4net组件的日志文件名 – 玻璃*杯 – 博客园
http://www.cnblogs.com/haptear/archive/2008/09/20/431351.html
提取并移植XPE 2007的EWF系统保护功能 – 豆子蓝蓝 – 网易博客
http://ehugo.blog.163.com/blog/static/1052911200801412710879/
XP EMBEDDED如何实现硬关机保护?关机时,数据没有保存没关系,只要不破坏操作系统.
http://topic.csdn.net/u/20080612/11/ed1881ce-c02c-4c68-8699-0ce8a9f44b25.html
若xpe在写保护(fbwfmgr/ewfgmr)状态为enable,则系统无论在断电或重启/关机后,都不会丢失数据的,但不包括当前在RAM的数据;
XP EMBEDDED如何实现硬关机保护?关机时,数据没有保存没关系,只要不破坏操作系统.
http://topic.csdn.net/u/20080612/11/ed1881ce-c02c-4c68-8699-0ce8a9f44b25.html
XPE剪裁上手指南 – jinzhw的专栏 – CSDNBlog
http://blog.csdn.net/jinzhw/archive/2008/05/29/2493291.aspx
[重大更新]成功提取并移植XPE 2007的EWF系统保护功能,有兴趣的过来看看! – 综合讨论区 – SYSOFT时空论坛 车载电脑,瘦客户机,GRUB4DOS,WINPE,嵌入式系统! – Powered by Discuz!
http://bbs.znpc.net/viewthread.php?tid=1440&extra=&page=1
Setting screen resolution using the "Default Monitor" component in Windows XP Embedded
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windowsxp.embedded&tid=0c3cdf94-1fdd-49e7-a983-f12bacb2e12c
Log4Net使用指南(2)_一天天快乐
http://hi.baidu.com/rocy520/blog/item/0866db1f0f713d08304e1599.html
[C#]mouse_event模拟点击时坐标参数无效?! – 游民家园 – 博客园
http://www.cnblogs.com/leafyoung/articles/799837.html
SetCursorPos(10, 10);
mouse_event((int)(MouseEventFlags.LeftDown &line; MouseEventFlags.Absolute), 0, 0, 0, IntPtr.Zero);
mouse_event((int)(MouseEventFlags.LeftUp &line; MouseEventFlags.Absolute), 0, 0, 0, IntPtr.Zero);
API:用Mouse_event和Keybd_event来控制鼠标和键盘_IT人的BLOG_新浪博客
http://blog.sina.com.cn/s/blog_4668898b0100aaqw.html
pinvoke.net: mouse_event (user32)
http://www.pinvoke.net/default.aspx/user32/mouse_event.html?diff=y
C#列出进程,杀进程 <P.S.T>_Keep Moving…_新浪博客
http://blog.sina.com.cn/s/blog_46d98bae010007p9.html
C#杀掉进程.docx 默认栏目 默认栏目 xiaoliepower.bokee.com
http://xiaoliepower.bokee.com/viewdiary.188212224.html
关于VB杀进程的问题 — 编程爱好者论坛http://bbs.pfan.cn
http://bbs.pfan.cn/post-157451.html
[推荐]VB一句代码杀进程 技术交流 帖子浏览 技术论坛 黑客防线↑在攻与防的对立统一中寻求突破!2001年创刊的黑客技术专业刊物!
http://www.hacker.com.cn/forum/view_121990.html
Shell "ntsd -c q -pn 123.exe cmd.exe", vbHide
VB中Sleep声明的位置_百度知道
http://zhidao.baidu.com/question/61940387.html
VB中延时功能与Sleep函数_私人
http://hi.baidu.com/you2008yang/blog/item/3519a6df6b9e021649540383.html
Private Declare Sub Sleep Lib Kernel32 (ByVal dwMilliseconds As Long) \’—–Sleep函数
20070529 .NET 程序 内存 占用 SetProcessWorkingSetSize
http://www.yippeesoft.com
SaferRun大概内存14M。虚拟内存同样14
减少.Net程序的内存空间占用的方法
MSDN 对该函数的表述(翻译):使用这个函数来设置应用程序最小和最大的运行空间,只会保留需要的内存。当应用程序被闲置或系统内存太低时,操作系统会自动调用这个机制来设置应用程序的内存。应用程序也可以使用 VirtualLock 来锁住一定范围的内存不被系统释放;当你加大运行空间给应用程序,你能够得到的物理内存取决于系统,这会造成其他应用程序降低性能或系统总体降低性能,这也可能导致请求物理内存的操作失败,例如:建立 进程,线程,内核池,就必须小心的使用该函数。
也就是说,该函数不是节省内存,而是强制把进程的物理内存搬到虚拟内存中。
另外有一些资料上说,该函数“将有可能导致缺页中断,严重影响性能”。
Windows编程里有个方法叫做SetProcessWorkingSetSize,对编程有所了解的可以搜索一下。这个方法能够设定程序所占用的内存数(当然有一个最小值)。
比如你打开一个程序,把它最小化,再看任务管理器,里面占用的内存数就是它所使用的最小值,其他暂时用不到的代码就被放到了虚拟内存里。但是,这样做,是影响性能Windows把最多的内存分配给了前台正在运行的程序。
而天气秀等软件所号称的内存压缩技术,就是调用这个SetProcessWorkingSetSize,把内存中的程序代码放到虚拟内存里,调用一次还不够,因为程序运行内存占用不停变化。所以要设定一个Timer(计时器),每隔一段时间就调用一次(通常是几毫秒)。
虚拟内存是指硬盘上的一部分空间。也就是说,当这些软件运行时,每隔几毫秒,你的电脑CPU就要强制把内存中的代码放到硬盘上--往硬盘不停地写。
说实话,这种方式来实现内存占用少(实际上并没有少)很BT。
.NET 的内存管理机制中有一点,如果物理内存较大的话,GC 回收的比较懒,相反就比较勤。
如果你想要使用内存的指标好看一些,适时调用一下 GC.Collect(2),这会让运行的程序的内存使用量看起来会少很多。
另外,打开了窗口,你马上最小化一次看看,内存量是不是马上降下来了?即使再还原了窗口,内存也不是很多。但随着执行的继续,可能内存量又会上来,再最小化一次,又降下去了。运行过程如果涉及了大量的运算后,建议使用一下 GC.Collect 方法,这仅是为了好看一些。其实没这个必要的。
.NET 中,内存用量可能是要相对多一点,但这不是什么缺点。.NET 的内存管理机制是优秀的、卓越的。
C# WinForm内存占用问题讨论
分类:ASP.net & C#时间:2007-2-9 11:09:17作者:Carrod
自开始学C#以来发现WinForm启动后占用内存较大,小小100KB的程序就用了15MB左右,这是为什么?可能以下几个原因:
1、首先,C#的运行环境.Net Framework要调到内存中去。
2、JIT程序通常需要一个相对比较大的启动工作集(但是当程序稳定以后,需要的内存并不多)。
3、IDE中运行该WinForm。
解决方法在《.NET Framework自动内存管理机制深入剖析(C#分析篇)》一文中提到过,但.net的垃圾回收机制似乎有点懒,如果运行环境的内存充足再回收工作不够勤;相反内存较紧、容易达到峰值则会较快地去回收。可以试试下面的解决方案:
1、Debug/Release,尝试使用Release Build。
2、不要在IDE中运行。
3、必须的资源要及时dispose。
4、调用System.GC.Collect() 强制回收。
5、若可以,将对象赋值为null。
参考:
int[] obj = new int[10000];
….
obj = null;
System.GC.Collect();
补充一点:进程管理器里面看到的内存状况并不能反映你的程序实际使用的内存,因为进程管理器不能理解.net程序的GC机制。正确的方法是使用Performance Monitor监视.NET程序的内存状况。
忘记说一点了,把运行的程序(原本占20MB内存)最小化到任务栏(此时内存占用将有可能降至1MB甚至更低,当然,似乎是内存管理将该程序占用的内存暂时转移到其他运行中的程序去了。还有种说法是保留在虚拟内存)再还原,占用内存量大大降低了,大概在6MB左右。
我做的.net程序,一般只有几个控件,结果启动时就占用内存20M左右(任务管理器中查看),我知道这个数据不准确。但是别的语言写的比如delphi启动后显示就只有几M。
而且我发现.net程序启动很慢,有人说是因为.net 程序启动时要加载整个平台,不知道这种说法对不?
要加载CLR,还有那些用到了的dll(不是所有dll),已经就很大了
内存占用的问题是没有办法的
Java程序也一样(Eclipse IDE的内存占用动不动就上百兆)
利用下面的方式控制内存大小(这是C#,请自行翻译成vb.net语言,我是转载的,不过的确好用):
.net中内存占用的问题
今天开始解决系统占用内存过大的问题。
在去年做系统的时候,就发现系统占用内存大,到今年6月,系统启动后占用内存达到60M,运行一段时间后达到100M左右(任务管理器监视的结果),到时想各种办法都没有解决(包括GC.Collect、析构函数等),后来和灵感之源在MSN上讨论了一下,他认为可能是系统中使用MagicLibrary 的问题,因此也就搁置下来。
刚才在网上查到博客堂上也有人进行过讨论,知秋一叶作了精彩的解释,看了之后有茅塞顿开之感。在系统中使用 SetProcessWorkingSetSize方法做了一个测试,调用该方法后,占用内存从80M降到2M.(TaskManager观察的结果)按照知秋一叶的说法,这样调整WorkingSet,将有可能导致缺页中断,严重影响性能。 但是从使用的情况来看,没有发现这样的现象,这可能是我使用这个方法的原因:
public static int MinOf(uint pID)
&leftsign;
IntPtr hd = OpenProcess((uint)PROCESS_ACCESS_RIGHTS.PROCESS_SET_QUOTA, false, pID);
try
&leftsign;
if (hd != IntPtr.Zero && System.Environment.OSVersion.Platform == System.PlatformID.Win32NT)
&leftsign;
return SetProcessWorkingSetSize(hd, -1, -1);
&rightsign;
else
&leftsign;
return -1;
&rightsign;
&rightsign;
finally
&leftsign;
CloseHandle(hd);
&rightsign;
&rightsign;
以上代码来自 http://www.zpcity.com/ArLi//commonprj/cls_MinWorkSize.cs
依照知秋一叶的观点,系统采用这种方式来调整WorkingSet没有多大意义,但是看着taskmanager中的数字,确实不是很爽.
作者:fuyun 日期:2006-11-22
字体大小: 小 中 大
系统为了加快程序的运行速度,给程序调用的资源做了缓存处理,以便下次再次使用同样的资源时提高响应速度。但是后台程序在启动以后并不需要立刻使用,为这些程序分配的缓存就没有必要。我们可以通过以下方法减少软件占用的内存。
经过实际测试一个简单的程序,在Release方式编译后,启动占用8M左右的内存,而通过以下方法回收内存以后仅占用3M。很明显对于使用频率不高的程序该方法可以显著减少内存占用。
public sealed class Program
&leftsign;
[STAThread]
static void Main()
&leftsign;
FlushMemory();
Application.Run( );
&rightsign;
[DllImport("kernel32.dll")]
private static extern bool SetProcessWorkingSetSize(
IntPtr process,
int minSize,
int maxSize);
private static void FlushMemory()
&leftsign;
GC.Collect();
GC.WaitForPendingFinalizers();
if(Environment.OSVersion.Platform == PlatformID.Win32NT)
SetProcessWorkingSetSize( Process.GetCurrentProcess().Handle , -1, -1);
&rightsign;
&rightsign;
标签:.net, process, 内存, 程序0109 smartphone 驻留 内存 Process
Resco taskmag啦!也就是任务管理器!使用这个软件你可以看到在你的smartphone的内存中驻留的程序,也就是说很多网友反映的怎么手机越用越慢呢?总是打开一些MP3文件或者AVI文件想爽一把的时候就提示内存不足呢?!原来是这样的,在smartphone中只要你运行过的程序就会驻留在内存中,它们并不会主动的退出,继续汗吧。。。。。。。这能叫智能手机嘛!简直就是弱智手机!
OK!不要怕!现在我们有了Resco 任务管理器,我们可以自己主动把那些程序的进程关闭,从而释放出更多的内存空间,保证手机的运行速度。
我也很奇怪,为什么不直接退出,还驻留在里面?
随便试验了一下,SMARTPHONE的
private void menuItem1_Click(object sender, EventArgs e)
&leftsign;
this.Close();
&rightsign;
可以退出~~~~~~~~~~
private System.Diagnostics.Process processOnComputer;
private void button1_Click(object sender, EventArgs e)
&leftsign;
processOnComputer.Kill();
processOnComputer.WaitForExit();
processOnComputer.Close();
&rightsign;
private void Form1_Load(object sender, EventArgs e)
&leftsign;
processOnComputer = System.Diagnostics.Process.GetCurrentProcess();
&rightsign;
private void Form1_Closed(object sender, EventArgs e)
&leftsign;
&rightsign;
private void button2_Click(object sender, EventArgs e)
&leftsign;
this.Close();
&rightsign;
也可以退出,奇怪~~~~~~~~
获取新的 Process 组件并将其与当前活动的进程关联。
命名空间:System.Diagnostics
程序集:System(在 system.dll 中)
// Get the current process.
Process currentProcess = Process.GetCurrentProcess();
// Get all instances of Notepad running on the local
// computer.
Process [] localByName = Process.GetProcessesByName("notepad");
// Get all instances of Notepad running on the specifiec
// computer.
// 1. Using the computer alias (do not precede with "\\\\").
Process [] remoteByName = Process.GetProcessesByName("notepad", "myComputer");
// 2. Using an IP address to specify the machineName parameter.
Process [] ipByName = Process.GetProcessesByName("notepad", "169.0.0.0");
// Get all processes running on the local computer.
Process [] localAll = Process.GetProcesses();
// Get all processes running on the remote computer.
Process [] remoteAll = Process.GetProcesses("myComputer");
// Get a process on the local computer, using the process id.
Process localById = Process.GetProcessById(1234);
// Get a process on a remote computer, using the process id.
Process remoteById = Process.GetProcessById(2345, "myComputer");
1101 VS.NET PROCESS 输入 输出 模拟 CMD 很久以前的老文章
vs.net c# 一个调用外部程序的例子 http://www.yippeesoft.com/blog/p/vsnetStartInfoProcess.php Process.StandardOutput 属性 http://www.yippeesoft.com/blog/p/ProcessStandardOutput.php
今天看到有人回复 www.yippeesoft.com 有关程序中调用执行控制台应用程序并交互疑问!和楼主的文章最后一个问题相似。输入一个命令,获得输出,判断该输出内容并输入相应命令,再获得输出值…重复以上动作。 www.yippeesoft.com
试验了一下 要使用 StandardInput,必须已为 StartInfo 属性的 RedirectStandardInput 属性指定了 true。否则,读取 StandardInput 属性将引发异常。
注意 如果要将 StandardInput 设置为 true,则 StartInfo 属性上的 UseShellExecute 必须为 false。
www.yippeesoft.com
ProcessStartInfo.RedirectStandardInput 属性请参见
获取或设置一个值,该值指示是否从 Process 实例的 StandardInput 成员读取进程命令输入,从而使您能够从标准输入流(通常为键盘)之外的源进行读取。例如,用于从文件读取数据。
private void DisplayOutput() www.yippeesoft.com
&leftsign;
while ( proc != null && !proc.HasExited )
&leftsign;
string strLine = null;
while ( ( strLine = proc.StandardOutput.ReadLine() ) != null)
&leftsign;
Trace.WriteLine(strLine);
m_txtOutput.AppendText( strLine + "\\r\\n" );
&rightsign; www.yippeesoft.com
&rightsign;
&rightsign; www.yippeesoft.com
Thread m_threadOutput; www.yippeesoft.com
Process proc; www.yippeesoft.com
private void menuItem1_Click(object sender, System.EventArgs e)
&leftsign;
proc = new Process(); www.yippeesoft.com
proc .StartInfo.FileName = "cmd";
proc .StartInfo.WorkingDirectory = "c:\\\\";
proc .StartInfo.CreateNoWindow = true;
proc .StartInfo.UseShellExecute = false;
proc .StartInfo.RedirectStandardOutput = true;
proc .StartInfo.RedirectStandardInput = true;
proc .Start(); www.yippeesoft.com
[hide]m_threadOutput = new Thread( new ThreadStart( DisplayOutput ) );
m_threadOutput.Start(); [/hide]
&rightsign; www.yippeesoft.com
private void menuItem3_Click(object sender, System.EventArgs e)
&leftsign; www.yippeesoft.com
proc.StandardInput.WriteLine("dir");
&rightsign;
如何在图形界面中实时捕获控制台程序的标准输出
http://www.contextfree.net/wangyg/b/tech/myide.html
和
ShellControl – A console emulation control
http://www.codeproject.com/cs/miscctrl/shellcontrol.asp
1.判断命令是否执行结束并获得这个命令执行后返回的结果?(连续执行多个命令)
DOTNET程序获得输出不全.
当直接执行控制台程序,在控制台中输入命令,执行完成后为出现 "XXX>"提示符等待继续输入.
由于程序采用多线程执行,本想用 "XXX>"提示符号, 来判断命令是否执行结束.
如果程序执行后,获得该命令执行得到的返内容,在执行下一命令…
但DOTNET程序却无法获得这一符号.而java写的程序却都能得到.
Process.StandardOutput 属性
获取一个流,用以读取应用程序输出。
要使用 StandardOutput,必须已为 StartInfo 属性的 RedirectStandardOutput 属性指定了 true。否则,读取 StandardOutput 属性将引发异常。
注意 如果要将 StandardOutput 设置为 true,则 StartInfo 属性上的 UseShellExecute 必须为 false。
Process 组件通过管道与子进程通信。如果子进程写入管道的数据多得足以填满缓冲区,则子进程将一直会阻塞到父进程从管道读取数据时为止。如果应用程序将所有输出都读入标准错误和标准输出,这就会导致死锁。例如,下面这段 C# 代码可能有问题。
Process p = new Process();
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.FileName = "test.exe";
p.Start();
p.WaitForExit();
string output = p.StandardOutput.ReadToEnd();
在这种情况下,父进程和子进程都会阻塞,原因是已填满的管道阻止子进程完成,而父进程则在无限期地等待子进程退出。
通过将 ReadToEnd() 移到 WaitForExit() 的前面(如下所示),可以解决此问题。
Process p = new Process();
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.FileName = "test.exe";
p.Start();
string output = p.StandardOutput.ReadToEnd();
p.WaitForExit();
如果同时重定向标准输出和标准错误,然后试图读取它们(例如使用下面的 C# 代码),则会出现类似的问题。
string output = p.StandardOutput.ReadToEnd();
string error = p.StandardError.ReadToEnd();
p.WaitForExit();
在这种情况下,如果子进程向标准错误写入任何文本,它就会阻塞该进程,这是因为父进程直到从标准输出读取完后才能从标准错误读取。但是,父进程直到该进程结束后才会从标准输出读取。对于这种情况,建议这样解决:创建两个线程,以便应用程序可以在单独的线程上读取每个流的输出。
[C#]
Process myProcess = new Process();
ProcessStartInfo myProcessStartInfo = new ProcessStartInfo("Process_StandardOutput_Sample.exe" );
myProcessStartInfo.UseShellExecute = false;
myProcessStartInfo.RedirectStandardOutput = true;
myProcess.StartInfo = myProcessStartInfo;
myProcess.Start();
StreamReader myStreamReader = myProcess.StandardOutput;
// Read the standard output of the spawned process.
string myString = myStreamReader.ReadLine();
Console.WriteLine(myString);
myProcess.Close();
我的思路是,先开始一个CMD,然后EXEC函数每次往里面
lock(this)
&leftsign;
p.StandardInput.WriteLine(cmd);
return p.StandardOutput.ReadToEnd();
&rightsign;
发送一个命令,读取一个回应,结果每次都是到p.StandardOutput.ReadToEnd();死在那里,也不报告错误。
父进程直到该进程结束后才会从标准输出读取。对于这种情况,建议这样解决:创建两个线程,以便应用程序可以在单独的线程上读取每个流的输出。晕倒?!
标签:and, process, 属性