Sop*_*a S 5 c# windows wcf winapi namedpipeserverstream
我正在处理作为Windows服务托管的WCF服务,该服务使用命名管道 - NamedPipeServerStream(用户权限)在服务器和客户端进程之间建立安全连接.要检查客户端进程的真实性,我需要验证客户端进程可执行文件的数字签名,因此我试图通过使用其进程ID来获取客户端的可执行路径.
我使用Windows 7 Professional SP1(64位)操作系统和Visual Studio 2015 Community Edition进行开发.服务器(Windows服务)和客户端进程(其他exe)都只在Release x64模式下构建.
当一些客户端进程连接到服务器时,我试图获取客户端进程exe路径,但它在以下代码行中抛出"拒绝访问"错误:
return Process.GetProcessById(processId).MainModule.FileName;
因此,为了解决这个问题,我搜索了一下,并尝试了一些其他实验性试验,如下所述,似乎也没有成功.
实验试验
OpenProcess(ProcessAccessFlags.PROCESS_QUERY_INFORMATION, false, processId);
OpenProcess(ProcessAccessFlags.PROCESS_QUERY_LIMITED_INFORMATION, false, processId);
但是,我在一个示例Windows控制台应用程序中尝试了所有上述方法,该应用程序工作正常,没有任何错误,并且在Windows服务中也不起作用.此外,我尝试将控制台应用程序转换为dll并在服务器中引用它以获取客户端进程信息但失败 - >再次访问被拒绝
我完全不知道发生了什么以及如何解决它.你的建议真的很有帮助.
编辑:请找到OpenProcess和ProcessAccessFlags的代码片段,如下所示:
public static string GetProcessExecutablePath(int processId)
{
try
{
string exePath = string.Empty;
//If running on Vista or later use the new function
if (Environment.OSVersion.Version.Major >= 6)
{
return GetProcessExecutablePathAboveVista(processId);
}
return Process.GetProcessById(processId).MainModule.FileName;
}
catch (Exception ex)
{
return "Exception in GetProcessExecutablePath(): " + ex.Message + ": " + ex.InnerException;
}
}
private static string GetProcessExecutablePathAboveVista(int processId)
{
var buffer = new StringBuilder(1024);
IntPtr hprocess = NativeMethods.OpenProcess(NativeMethods.ProcessAccessFlags.PROCESS_QUERY_LIMITED_INFORMATION,
false, processId);
if (hprocess != IntPtr.Zero)
{
try
{
int size = buffer.Capacity;
if (NativeMethods.QueryFullProcessImageName(hprocess, 0, buffer, out size))
{
return buffer.ToString();
}
else
{
return "Failed in QueryFullProcessImageName(): " + Marshal.GetLastWin32Error();;
}
}
catch (Exception ex)
{
return "Exception in: " + ex.Message;
}
finally
{
NativeMethods.CloseHandle(hprocess);
}
}
else
{
return "Handle is Zero: " + Marshal.GetLastWin32Error();
}
}
NativeMethods.cs
[Flags]
public enum ProcessAccessFlags
{
PROCESS_TERMINATE = 0x0001,
PROCESS_CREATE_THREAD = 0x0002,
PROCESS_VM_OPERATION = 0x0008,
PROCESS_VM_READ = 0x0010,
PROCESS_VM_WRITE = 0x0020,
PROCESS_DUP_HANDLE = 0x0040,
PROCESS_CREATE_PROCESS = 0x0080,
PROCESS_SET_QUOTA = 0x0100,
PROCESS_SET_INFORMATION = 0x0200,
PROCESS_QUERY_INFORMATION = 0x0400,
PROCESS_SUSPEND_RESUME = 0x0800,
PROCESS_QUERY_LIMITED_INFORMATION = 0x1000,
SYNCHRONIZE = 0x100000,
DELETE = 0x00010000,
READ_CONTROL = 0x00020000,
WRITE_DAC = 0x00040000,
WRITE_OWNER = 0x00080000,
STANDARD_RIGHTS_REQUIRED = 0x000F0000,
PROCESS_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFFF
}
[DllImport("Kernel32.dll", EntryPoint = "OpenProcess", SetLastError = true)]
public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("Kernel32.dll", EntryPoint = "QueryFullProcessImageName", SetLastError = true)]
public static extern bool QueryFullProcessImageName(IntPtr hprocess, int dwFlags, StringBuilder lpExeName, out int size);
[DllImport("Kernel32.dll", EntryPoint = "CloseHandle", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CloseHandle(IntPtr hHandle);
对于从 Vista 开始的 Windows,通过 pid 获取进程映像文件名,您可以使用它NtQuerySystemInformation(SystemProcessInformation, ...)来获取SYSTEM_PROCESS_INFORMATION每个进程的结构数组。此结构必须PVOID UniqueProcessId找到您要查找的 pid 并UNICODE_STRING ImageName获取图像文件名,请参阅
https://msdn.microsoft.com/ru-ru/library/windows/desktop/ms724509(v=vs.85).aspx
https ://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/process.htm
| 归档时间: |
|
| 查看次数: |
653 次 |
| 最近记录: |