java - Get running processes using JNA -
i trying obtain list of running processes on windows machine.
i trying winapi calls via jna enumprocesses -> openprocess -> getmodulebasenamew -> closehandle fails @ openprocess call. getlasterror returns 5 (error_access_denied).
this code:
public static final int process_query_information = 0x0400; public static final int process_vm_read = 0x0010; public static final int process_vm_write = 0x0020; public static final int process_vm_operation = 0x0008; public interface psapi extends stdcalllibrary { psapi instance = (psapi) native.loadlibrary("psapi", psapi.class); boolean enumprocesses(int[] processidsout, int size, int[] bytesreturned); dword getmodulebasenamew(pointer hprocess, pointer hmodule, byte[] lpbasename, int nsize); } public interface kernel32 extends stdcalllibrary { kernel32 instance = (kernel32) native.loadlibrary("kernel32", kernel32.class); pointer openprocess(int dwdesiredaccess, boolean binherithandle, int dwprocessid); boolean closehandle(pointer hobject); } public static void main(string[] args) { int[] processlist = new int[1024]; int[] dummylist = new int[1024]; psapi.instance.enumprocesses(processlist, 1024, dummylist); (int pid : processlist) { system.out.println(pid); pointer ph = kernel32.instance.openprocess(process_vm_read, false, pid); try { thread.sleep(1000); } catch (exception ignore) { } system.err.println(com.sun.jna.platform.win32.kernel32.instance.getlasterror()); // <- 5 system.err.println(ph); // <- null if (ph != null) { byte[] filename = new byte[512]; psapi.instance.getmodulebasenamew(ph, new pointer(0), filename, 512); try { thread.sleep(1000); } catch (exception ignore) { } system.err.println(native.tostring(filename)); kernel32.instance.closehandle(ph); } } }
calling openprocess process_vm_read means want read memory of process. this, need se_debug_privlege. application doesn't have privilege why getting access denied.
check msdn article readprocessmemory. there community content on how acquire privilege.
Comments
Post a Comment