Windows Process Status Helpers API 3

 

 

 

 

 

Enumerating All Modules for a Process Program Example

 

To determine which processes have loaded a particular DLL, you must enumerate the modules for each process. The following sample code uses the EnumProcessModules() function to enumerate the modules of current processes in the system.

Create a new empty Win32 console application project. Give a suitable project name and change the project location if needed.

 

Enumerating All Modules for a Process Program Example: Creating new Win32 C++ console application project in Visual C++ .NET

 

Then, add the source file and give it a suitable name.

 

Enumerating All Modules for a Process Program Example: Adding new C++ source file for C++ source code to the existing C++ project

 

Next, add the following source code.

 

// Link to Psapi.lib

#include <windows.h>

#include <stdio.h>

#include <wchar.h>

#include <psapi.h>

 

void PrintModules(DWORD processID)

{

    HMODULE hMods[1024];

    HANDLE hProcess;

    DWORD cbNeeded;

    unsigned int i;

    WCHAR szModName[MAX_PATH];

 

    // Print the process identifier.

    wprintf(L"\nProcess ID: %u\n", processID);

 

    // Get a list of all the modules in this process.

    hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID );

    if (hProcess == NULL)

      {

        wprintf(L"OpenProcess() failed! Error %d\n", GetLastError());

        return;

      }

 

    if(EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))

    {

        for(i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)

        {

            // Get the full path to the module's file.

            if(GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(WCHAR)))

            {

                // Print the module name and handle value.

                wprintf(L"\t%s\t(0x%08X)\n", szModName, hMods[i]);

            }

        }

    }

    CloseHandle(hProcess);

    wprintf(L"Press any key for more...\n");

    _getwch();

}

 

int main(int argc, WCHAR **argv)

{

    // Get the list of process identifiers.

    DWORD aProcesses[1024], cbNeeded, cProcesses;

    unsigned int i;

 

    if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))

        return 1;

      else

            wprintf(L"EnumProcesses() is OK!\n");

 

    // Calculate how many process identifiers were returned.

    cProcesses = cbNeeded / sizeof(DWORD);

 

    // Print the name of the modules for each process.

    for (i = 0; i < cProcesses; i++)

        PrintModules(aProcesses[i]);

 

      return 0;

}

 

Add the Additional Dependencies.

 

Enumerating All Modules for a Process Program Example: Adding additional dependencies (lib) to the existing project

 

Build and run the project. The following screenshot is a sample output.

 

Enumerating All Modules for a Process Program Example: A sample console program output

 

The main function obtains a list of processes by using the EnumProcesses() function. For each process, the main function calls the PrintModules() function, passing it the process identifier. PrintModules() in turn calls the OpenProcess() function to obtain the process handle. If OpenProcess() fails, the output shows only the process identifier. For example, OpenProcess() fails for the Idle and CSRSS processes because their access restrictions prevent user-level code from opening them. Next, PrintModules() calls the EnumProcessModules() function to obtain the module handles function. Finally, PrintModules() calls the GetModuleFileNameEx() function, once for each module, to obtain the module names.

 

 

 

 

< Win32 Process Status Help APIs 2 | Process Status Help APIs Index | Win32 Programming | Win32 Process Status Help APIs 4 >