如何获得给定进程的窗口站? [英] How to get window station for a given process?

问题描述

比如说，如果我有进程 ID 或其句柄，我可以获取 window station 进程在那个下运行?

Say, if I have a process ID or its handle, can I get the window station that the process runs under?

推荐答案

不是直截了当，但试试这个:

Not straight forward, but try this:

1. 调用 EnumWindowStations()枚举与调用进程相同的会话中的可用窗口站(如果您需要查询另一个会话中的进程，则这将不起作用).

1. Call EnumWindowStations() to enumerate available window stations in the same Session as the calling process (if you need to query a process in another Session then this will not work).

对于每个窗口站，调用EnumDesktops() 枚举其桌面.

For each window station, call EnumDesktops() to enumerate its desktops.

对于每个桌面，调用 EnumDesktopWindows() 枚举其顶级窗口.

For each desktop, call EnumDesktopWindows() to enumerate its top-level windows.

对于每个窗口，调用 GetWindowThreadProcessId() 获取其进程 ID 并将其与您要查找的 ID 进行比较.

For each window, call GetWindowThreadProcessId() to get its process ID and compare it to the ID you are looking for.

另一种选择可能是执行以下操作:

Another option might be to do the following:

1. 调用 OpenProcess() 从目标进程 ID 获取 HANDLE.

调用 NtQueryInformationProcess() 以检索进程的PEB 结构.

Call NtQueryInformationProcess() to retrieve the address of the process's PEB structure.

调用 ReadProcessMemory() 读取PEB.ProcessParams.DesktopName 字段包含当前与进程关联的工作站/桌面的名称(PEB.ProcessParams 然后是 MSDN 显示的内容.

Call ReadProcessMemory() to read the PEB. It's ProcessParams.DesktopName field contains the name of the workstation/desktop currently associated with the process (there are many more fields available in the PEB.ProcessParams then what MSDN shows).

解析 DesktopName 以提取窗口站和桌面名称.

Parse the DesktopName to extract the window station and desktop names.

根据需要枚举工作站，从 GetUserObjectInformation().

Enumerate workstations as needed, looking for a matching name from GetUserObjectInformation().

这篇关于如何获得给定进程的窗口站?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！