Get running processes using JNA

问题

I am trying to obtain a list of all currently running processes on a windows machine.

I am trying it with winapi calls via JNA to EnumProcesses -> OpenProcess -> GetModuleBaseNameW -> CloseHandle It fails at the OpenProcess call. GetLastError returns 5 (ERROR_ACCESS_DENIED).

This is my code:

public static final int PROCESS_QUERY_INFORMATION = 0x0400;
public static final int PROCESS_VM_READ = 0x0010;
public static final int PROCESS_VM_WRITE = 0x0020;
public static final int PROCESS_VM_OPERATION = 0x0008;


public interface Psapi extends StdCallLibrary {
    Psapi INSTANCE = (Psapi) Native.loadLibrary("Psapi", Psapi.class);

    boolean EnumProcesses(int[] ProcessIDsOut, int size, int[] BytesReturned);

    DWORD GetModuleBaseNameW(Pointer hProcess, Pointer hModule, byte[] lpBaseName, int nSize);

}

public interface Kernel32 extends StdCallLibrary {
    Kernel32 INSTANCE = (Kernel32) Native.loadLibrary("Kernel32", Kernel32.class);

    Pointer OpenProcess(int dwDesiredAccess, boolean bInheritHandle, int dwProcessId);

    boolean CloseHandle(Pointer hObject);

}

public static void main(String[] args) {
    int[] processlist = new int[1024];
    int[] dummylist = new int[1024];
    Psapi.INSTANCE.EnumProcesses(processlist, 1024, dummylist);

    for (int pid : processlist) {
        System.out.println(pid);
        Pointer ph = Kernel32.INSTANCE.OpenProcess(PROCESS_VM_READ, false, pid);

        try {
            Thread.sleep(1000);
        } catch (Exception ignore) {
        }

        System.err.println(com.sun.jna.platform.win32.Kernel32.INSTANCE.GetLastError()); // <- 5
        System.err.println(ph); // <- null
        if (ph != null) {
            byte[] filename = new byte[512];
            Psapi.INSTANCE.GetModuleBaseNameW(ph, new Pointer(0), filename, 512);

            try {
                Thread.sleep(1000);
            } catch (Exception ignore) {
            }

            System.err.println(Native.toString(filename));
            Kernel32.INSTANCE.CloseHandle(ph);
        }

    }

}

回答1:

Calling OpenProcess with PROCESS_VM_READ means that you want to read the memory of that process. To do this, you need the SE_DEBUG_PRIVLEGE. Your application doesn't have that privilege which is why you are getting access denied.

Check the MSDN article for ReadProcessMemory. There is some community content on how to acquire that privilege.

来源：https://stackoverflow.com/questions/16667557/get-running-processes-using-jna