用ShellExecuteExW API传SHELLEXECUTEINFOW结构体的值来启动应用程序GetProcessId(ShExecInfohProcess);
就能获取启动应用程序的PID了。
能。U盘引导需要修改grubcfg文件中的PID和VID,硬盘引导则不需要修改。群晖备份一体机集中备份服务器、虚拟机、电脑,无需额外费用安全、高效、易用是关键群晖文件服务器,即时共享,无惧病毒,支持远程办公。
// “获得Intel CPU ID”按钮消息处理函数
void CIntelCPUIDDlg::OnBtnCPUID()
{
unsigned long s1,s2;
unsigned char vendor_id[]="------------";//CPU提供商ID
CString str1,str2,str3;
// 以下为获得CPU ID的汇编语言指令
_asm // 得到CPU提供商信息
{
xor eax,eax // 将eax清0
cpuid // 获取CPUID的指令
mov dword ptr vendor_id,ebx
mov dword ptr vendor_id[+4],edx
mov dword ptr vendor_id[+8],ecx
}
str1Format("%s",vendor_id);
_asm // 得到CPU ID的高32位
{
mov eax,01h
xor edx,edx
cpuid
mov s2,eax
}
str2Format("%08X-",s2);
_asm // 得到CPU ID的低64位
{
mov eax,03h
xor ecx,ecx
xor edx,edx
cpuid
mov s1,edx
mov s2,ecx
}
str3Format("%08X-%08X\n",s1,s2);
str2=str2+str3;
m_editVendorSetWindowText(str1);
m_editCPUIDSetWindowText(str2);
}
// GetHDSerialcpp: implementation of the CGetHDSerial class
//
//////////////////////////////////////////////////////////////////////
#include "stdafxh"
#include "GetHDSerialh"
char m_buffer[256];
WORD m_serial[256];
DWORD m_OldInterruptAddress;
DWORDLONG m_IDTR;
// 等待硬盘空闲
static unsigned int WaitHardDiskIdle()
{
BYTE byTemp;
Waiting:
_asm
{
mov dx, 0x1f7
in al, dx
cmp al, 0x80
jb Endwaiting
jmp Waiting
}
Endwaiting:
_asm
{
mov byTemp, al
}
return byTemp;
}
//中断服务程序
void _declspec( naked )InterruptProcess(void)
{
int byTemp;
int i;
WORD temp;
//保存寄存器值
_asm
{
push eax
push ebx
push ecx
push edx
push esi
}
WaitHardDiskIdle();//等待硬盘空闲状态
_asm
{
mov dx, 0x1f6
mov al, 0xa0
out dx, al
}
byTemp = WaitHardDiskIdle(); //若直接在Ring3级执行等待命令,会进入死循环
if ((byTemp&0x50)!=0x50)
{
_asm // 恢复中断现场并退出中断服务程序
{
pop esi
pop edx
pop ecx
pop ebx
pop eax
iretd
}
}
_asm
{
mov dx, 0x1f6 //命令端口1f6,选择驱动器0
mov al, 0xa0
out dx, al
inc dx
mov al, 0xec
out dx, al //发送读驱动器参数命令
}
byTemp = WaitHardDiskIdle();
if ((byTemp&0x58)!=0x58)
{
_asm // 恢复中断现场并退出中断服务程序
{
pop esi
pop edx
pop ecx
pop ebx
pop eax
iretd
}
}
//读取硬盘控制器的全部信息
for (i=0;i<256;i++)
{
_asm
{
mov dx, 0x1f0
in ax, dx
mov temp, ax
}
m_serial[i] = temp;
}
_asm
{
pop esi
pop edx
pop ecx
pop ebx
pop eax
iretd
}
}
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CGetHDSerial::CGetHDSerial()
{
}
CGetHDSerial::~CGetHDSerial()
{
}
// 读取硬盘序列号函数
char CGetHDSerial::GetHDSerial()
{
m_buffer[0]='\n';
// 得到当前 *** 作系统版本
OSVERSIONINFO OSVersionInfo;
OSVersionInfodwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx( &OSVersionInfo);
if (OSVersionInfodwPlatformId != VER_PLATFORM_WIN32_NT)
{
// Windows 9x/ME下读取硬盘序列号
WORD m_wWin9xHDSerial[256];
Win9xReadHDSerial(m_wWin9xHDSerial);
strcpy (m_buffer, WORDToChar (m_wWin9xHDSerial, 10, 19));
}
else
{
// Windows NT/2000/XP下读取硬盘序列号
DWORD m_wWinNTHDSerial[256];
// 判断是否有SCSI硬盘
if ( ! WinNTReadIDEHDSerial(m_wWinNTHDSerial))
WinNTReadSCSIHDSerial(m_wWinNTHDSerial);
strcpy (m_buffer, DWORDToChar (m_wWinNTHDSerial, 10, 19));
}
return m_buffer;
}
// Windows9X/ME系统下读取硬盘序列号
void _stdcall CGetHDSerial::Win9xReadHDSerial(WORD buffer)
{
int i;
for(i=0;i<256;i++)
buffer[i]=0;
_asm
{
push eax
//获取修改的中断的中断描述符(中断门)地址
sidt m_IDTR
mov eax,dword ptr [m_IDTR+02h]
add eax,308h+04h
cli
//保存原先的中断入口地址
push ecx
mov ecx,dword ptr [eax]
mov cx,word ptr [eax-04h]
mov dword ptr m_OldInterruptAddress,ecx
pop ecx
//设置修改的中断入口地址为新的中断处理程序入口地址
push ebx
lea ebx,InterruptProcess
mov word ptr [eax-04h],bx
shr ebx,10h
mov word ptr [eax+02h],bx
pop ebx
//执行中断,转到Ring 0(类似CIH病毒原理)
int 3h
//恢复原先的中断入口地址
push ecx
mov ecx,dword ptr m_OldInterruptAddress
mov word ptr [eax-04h],cx
shr ecx,10h
mov word ptr [eax+02h],cx
pop ecx
sti
pop eax
}
for(i=0;i<256;i++)
buffer[i]=m_serial[i];
}
// Windows 9x/ME系统下,将字类型(WORD)的硬盘信息转换为字符类型(char)
char CGetHDSerial::WORDToChar (WORD diskdata [256], int firstIndex, int lastIndex)
{
static char string [1024];
int index = 0;
int position = 0;
// 按照高字节在前,低字节在后的顺序将字数组diskdata 中内容存入到字符串string中
for (index = firstIndex; index <= lastIndex; index++)
{
// 存入字中的高字节
string [position] = (char) (diskdata [index] / 256);
position++;
// 存入字中的低字节
string [position] = (char) (diskdata [index] % 256);
position++;
}
// 添加字符串结束标志
string [position] = '\0';
// 删除字符串中空格
for (index = position - 1; index > 0 && ' ' == string [index]; index--)
string [index] = '\0';
return string;
}
// Windows NT/2000/XP系统下,将双字类型(DWORD)的硬盘信息转换为字符类型(char)
char CGetHDSerial::DWORDToChar (DWORD diskdata [256], int firstIndex, int lastIndex)
{
static char string [1024];
int index = 0;
int position = 0;
// 按照高字节在前,低字节在后的顺序将双字中的低字存入到字符串string中
for (index = firstIndex; index <= lastIndex; index++)
{
// 存入低字中的高字节
string [position] = (char) (diskdata [index] / 256);
position++;
// 存入低字中的低字节
string [position] = (char) (diskdata [index] % 256);
position++;
}
// 添加字符串结束标志
string [position] = '\0';
// 删除字符串中空格
for (index = position - 1; index > 0 && ' ' == string [index]; index--)
string [index] = '\0';
return string;
}
// Windows NT/2000/XP下读取IDE硬盘序列号
BOOL CGetHDSerial::WinNTReadIDEHDSerial(DWORD buffer)
{
BYTE IdOutCmd [sizeof (SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1];
BOOL bFlag = FALSE;
int drive = 0;
char driveName [256];
HANDLE hPhysicalDriveIOCTL = 0;
sprintf (driveName, "\\\\\\PhysicalDrive%d", drive);
// Windows NT/2000/XP下创建文件需要管理员权限
hPhysicalDriveIOCTL = CreateFile (driveName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
if (hPhysicalDriveIOCTL != INVALID_HANDLE_VALUE)
{
GETVERSIONOUTPARAMS VersionParams;
DWORD cbBytesReturned = 0;
// 得到驱动器的IO控制器版本
memset ((void) &VersionParams, 0, sizeof(VersionParams));
if(DeviceIoControl (hPhysicalDriveIOCTL, IOCTL_GET_VERSION,
NULL, 0, &VersionParams,
sizeof(VersionParams),
&cbBytesReturned, NULL) )
{
if (VersionParamsbIDEDeviceMap > 0)
{
BYTE bIDCmd = 0; // IDE或者ATAPI识别命令
SENDCMDINPARAMS scip;
// 如果驱动器是光驱,采用命令IDE_ATAPI_IDENTIFY, command,
// 否则采用命令IDE_ATA_IDENTIFY读取驱动器信息
bIDCmd = (VersionParamsbIDEDeviceMap >> drive & 0x10)
IDE_ATAPI_IDENTIFY : IDE_ATA_IDENTIFY;
memset (&scip, 0, sizeof(scip));
memset (IdOutCmd, 0, sizeof(IdOutCmd));
// 获取驱动器信息
if (WinNTGetIDEHDInfo (hPhysicalDriveIOCTL,
&scip,
(PSENDCMDOUTPARAMS)&IdOutCmd,
(BYTE) bIDCmd,
(BYTE) drive,
&cbBytesReturned))
{
int m = 0;
USHORT pIdSector = (USHORT )
((PSENDCMDOUTPARAMS) IdOutCmd) -> bBuffer;
for (m = 0; m < 256; m++)
buffer[m] = pIdSector [m];
bFlag = TRUE; // 读取硬盘信息成功
}
}
}
CloseHandle (hPhysicalDriveIOCTL); // 关闭句柄
}
return bFlag;
}
// WindowsNT/2000/XP系统下读取SCSI硬盘序列号
BOOL CGetHDSerial::WinNTReadSCSIHDSerial (DWORD buffer)
{
buffer[0]='\n';
int controller = 0;
HANDLE hScsiDriveIOCTL = 0;
char driveName [256];
sprintf (driveName, "\\\\\\Scsi%d:", controller);
// Windows NT/2000/XP下任何权限都可以进行
hScsiDriveIOCTL = CreateFile (driveName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
if (hScsiDriveIOCTL != INVALID_HANDLE_VALUE)
{
int drive = 0;
DWORD dummy;
for (drive = 0; drive < 2; drive++)
{
char buffer [sizeof (SRB_IO_CONTROL) + SENDIDLENGTH];
SRB_IO_CONTROL p = (SRB_IO_CONTROL ) buffer;
SENDCMDINPARAMS pin =
(SENDCMDINPARAMS ) (buffer + sizeof (SRB_IO_CONTROL));
// 准备参数
memset (buffer, 0, sizeof (buffer));
p -> HeaderLength = sizeof (SRB_IO_CONTROL);
p -> Timeout = 10000;
p -> Length = SENDIDLENGTH;
p -> ControlCode = IOCTL_SCSI_MINIPORT_IDENTIFY;
strncpy ((char ) p -> Signature, "SCSIDISK", 8);
pin -> irDriveRegsbCommandReg = IDE_ATA_IDENTIFY;
pin -> bDriveNumber = drive;
// 得到SCSI硬盘信息
if (DeviceIoControl (hScsiDriveIOCTL, IOCTL_SCSI_MINIPORT,
buffer,
sizeof (SRB_IO_CONTROL) +
sizeof (SENDCMDINPARAMS) - 1,
buffer,
sizeof (SRB_IO_CONTROL) + SENDIDLENGTH,
&dummy, NULL))
{
SENDCMDOUTPARAMS pOut =
(SENDCMDOUTPARAMS ) (buffer + sizeof (SRB_IO_CONTROL));
IDSECTOR pId = (IDSECTOR ) (pOut -> bBuffer);
if (pId -> sModelNumber [0])
{
int n = 0;
USHORT pIdSector = (USHORT ) pId;
for (n = 0; n < 256; n++)
buffer[n] =pIdSector [n];
return TRUE; // 读取成功
}
}
}
CloseHandle (hScsiDriveIOCTL); // 关闭句柄
}
return FALSE; // 读取失败
}
// Windows NT/2000/XP下读取IDE设备信息
BOOL CGetHDSerial::WinNTGetIDEHDInfo (HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
PSENDCMDOUTPARAMS pSCOP, BYTE bIDCmd, BYTE bDriveNum,
PDWORD lpcbBytesReturned)
{
// 为读取设备信息准备参数
pSCIP -> cBufferSize = IDENTIFY_BUFFER_SIZE;
pSCIP -> irDriveRegsbFeaturesReg = 0;
pSCIP -> irDriveRegsbSectorCountReg = 1;
pSCIP -> irDriveRegsbSectorNumberReg = 1;
pSCIP -> irDriveRegsbCylLowReg = 0;
pSCIP -> irDriveRegsbCylHighReg = 0;
// 计算驱动器位置
pSCIP -> irDriveRegsbDriveHeadReg = 0xA0 | ((bDriveNum & 1) << 4);
// 设置读取命令
pSCIP -> irDriveRegsbCommandReg = bIDCmd;
pSCIP -> bDriveNumber = bDriveNum;
pSCIP -> cBufferSize = IDENTIFY_BUFFER_SIZE;
// 读取驱动器信息
return ( DeviceIoControl (hPhysicalDriveIOCTL, IOCTL_GET_DRIVE_INFO,
(LPVOID) pSCIP,
sizeof(SENDCMDINPARAMS) - 1,
(LPVOID) pSCOP,
sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1,
lpcbBytesReturned, NULL) );
}
如果我给NeMaC的参数不同,用上述指令会列出所有NeMaC命令执行的信息
但是我只想获取其中ture command为
还是得到了两个PID值,因为我同时使用了两个NeMaC命令(在不同命令窗口输入)
一条是NeMaC -c 30 -m 25000 -r rulessample 20210101 private rule1
一条是NeMaC -c 120 -m 25000 -r cs2rules 20210101 private rule2
谢谢,另外,NeMaC是NeTraMet这个分析流的工具的一个组件。学习中分成两个脚本执行请教中,如何用两脚本,要是对应NeMaC有N个进程呢?那又该如何是好换一个思路吧,我如何能得到一个进程的唯一子进程的pid?:用
ps -C NeMaC -f | grep rule1 | awk '{print $2}'
我已经能拿到想要kill的进程的pid了,其值例如为:12815
但是当我执行如下shell文件时确出错了
#!/bin/bash#PATH="$PATH":/home/gwei/myCode#myNeMaC=`ps -C NeMaC -f | grep myNeMaC1 | awk '{print $2}'`
kill -9 $myNeMaC它显示出来的错误信息是
: arguments must be process or job IDskill: 12815
kill -9 $myNeMaC
也可以杀掉进程,但是把上面这些写入一个sh文件再执行就出错了怎麼办呢?移植到RH9後提示的错误信息是:
[root@gxnunc0504 myCode]# /bin/bash /killNeMaC1sh
: no such pidsh: line 6: kill: 21820
kill -9 $myNeMaC
上面就是我杀掉进程的教本killNeMaC1,其中echo $myNeMaC确认只剩下一个PID了,可是为什麼到了kill -9 $myNeMaC就运行不下去了呢。相关 *** 作和结果如下:
以上就是关于如何获取打开文件的进程的pid全部的内容,包括:如何获取打开文件的进程的pid、群晖从硬盘上能提取引导文件吗、VC++ MFC如何获取CPU ID及硬盘的序列号等相关内容解答,如果想了解更多相关内容,可以关注我们,你们的支持是我们更新的动力!
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)