Windows Process Status Helpers API 6

 

 

 

Taking a Snapshot and Viewing Processes Program Example

 

The following simple console application obtains a list of running processes. First, the GetProcessList() function takes a snapshot of currently executing processes in the system using CreateToolhelp32Snapshot(), and then it walks through the list recorded in the snapshot using Process32First() and Process32Next(). For each process in turn, GetProcessList() calls the ListProcessModules() and the ListProcessThreads(). A simple error-reporting function, printError(), displays the reason for any failures, which usually result from security restrictions. For example, OpenProcess() fails for the Idle and CSRSS processes because their access restrictions prevent user-level code from opening them.

Create a new empty Win32 console application project. Give a suitable project name and change the project location if needed.

 

Taking a Snapshot and Viewing Processes Program Example: Creating new Win32 C++ console application project in Visual C++ .NET

 

 

Then, add the source file and give it a suitable name.

 

Taking a Snapshot and Viewing Processes Program Example: Adding new C++ source file for C++ source code to the existing C++ project

 

Next, add the following source code.

 

// Taking a Snapshot and Viewing Processes

#include <windows.h>

#include <tlhelp32.h>

#include <tchar.h>

#include <stdio.h>

 

//  Prototypes

BOOL GetProcessList();

BOOL ListProcessModules(DWORD dwPID);

BOOL ListProcessThreads(DWORD dwOwnerPID);

void printError(WCHAR* msg);

 

int wmain(int argc, WCHAR **argv)

{

  GetProcessList();

 

  return 0;

}

 

BOOL GetProcessList()

{

  HANDLE hProcessSnap;

  HANDLE hProcess;

  PROCESSENTRY32 pe32;

  DWORD dwPriorityClass;

 

  // Take a snapshot of all processes in the system.

  hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

  if(hProcessSnap == INVALID_HANDLE_VALUE)

  {

    printError(LCreateToolhelp32Snapshot() (of processes));

    return (FALSE);

  }

 

  // Set the size of the structure before using it.

  pe32.dwSize = sizeof(PROCESSENTRY32);

 

  // Retrieve information about the first process,

  // and exit if unsuccessful

  if(!Process32First(hProcessSnap, &pe32))

  {

    printError(LProcess32First()); // show cause of failure

    CloseHandle(hProcessSnap);     // clean the snapshot object

    return (FALSE);

  }

 

  // Now walk the snapshot of processes, and

  // display information about each process in turn

  do

  {

    wprintf(L\n\n===================================================== );

    wprintf(L\nPROCESS NAME:  %s, pe32.szExeFile );

    wprintf(L\n----------------------------------------------------- );

 

    // Retrieve the priority class.

    dwPriorityClass = 0;

    hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);

    if(hProcess == NULL)

      printError(LOpenProcess());

    else

    {

      dwPriorityClass = GetPriorityClass(hProcess);

      if(!dwPriorityClass)

        printError(LGetPriorityClass());

      CloseHandle(hProcess);

    }

 

    wprintf(L\n  Process ID        = 0x%08X, pe32.th32ProcessID);

    wprintf(L\n  Thread count      = %d,   pe32.cntThreads);

    wprintf(L\n  Parent process ID = 0x%08X, pe32.th32ParentProcessID);

    wprintf(L\n  Priority base     = %d, pe32.pcPriClassBase );

    if(dwPriorityClass)

      wprintf(L\n  Priority class    = %d, dwPriorityClass);

 

    // List the modules and threads associated with this process

    ListProcessModules(pe32.th32ProcessID);

    ListProcessThreads(pe32.th32ProcessID);

 

      // Press any key for more...

      _getwch();

 

  } while(Process32Next(hProcessSnap, &pe32));

 

  CloseHandle(hProcessSnap);

  return (TRUE);

}

 

BOOL ListProcessModules(DWORD dwPID)

{

  HANDLE hModuleSnap = INVALID_HANDLE_VALUE;

  MODULEENTRY32 me32;

 

  // Take a snapshot of all modules in the specified process.

  hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);

  if(hModuleSnap == INVALID_HANDLE_VALUE)

  {

    printError(LCreateToolhelp32Snapshot() (of modules));

    return (FALSE);

  }

 

  // Set the size of the structure before using it.

  me32.dwSize = sizeof(MODULEENTRY32);

 

  // Retrieve information about the first module, and exit if unsuccessful

  if(!Module32First(hModuleSnap, &me32))

  {

    printError(LModule32First());  // show cause of failure

    CloseHandle(hModuleSnap);    // clean the snapshot object

    return (FALSE);

  }

 

  // Now walk the module list of the process, and display information about each module

  do

  {

    wprintf(L\n\n     MODULE NAME:     %s,   me32.szModule);

    wprintf(L\n     Executable     = %s,     me32.szExePath);

    wprintf(L\n     Process ID     = 0x%08X,         me32.th32ProcessID);

    wprintf(L\n     Ref count (g)  = 0x%04X,     me32.GlblcntUsage);

    wprintf(L\n     Ref count (p)  = 0x%04X,     me32.ProccntUsage);

    wprintf(L\n     Base address   = 0x%08X, (DWORD) me32.modBaseAddr);

    wprintf(L\n     Base size      = %d,             me32.modBaseSize);

 

  } while(Module32Next(hModuleSnap, &me32));

 

  CloseHandle(hModuleSnap);

  return (TRUE);

}

 

BOOL ListProcessThreads(DWORD dwOwnerPID)

{

  HANDLE hThreadSnap = INVALID_HANDLE_VALUE;

  THREADENTRY32 te32;

 

  // Take a snapshot of all running threads 

  hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);

  if(hThreadSnap == INVALID_HANDLE_VALUE)

    return (FALSE);

 

  // Fill in the size of the structure before using it.

  te32.dwSize = sizeof(THREADENTRY32);

 

  // Retrieve information about the first thread,

  // and exit if unsuccessful

  if(!Thread32First(hThreadSnap, &te32))

  {

    printError(LThread32First()); // show cause of failure

    CloseHandle(hThreadSnap);     // clean the snapshot object

    return (FALSE);

  }

 

  // Now walk the thread list of the system,

  // and display information about each thread

  // associated with the specified process

  do

  {

    if(te32.th32OwnerProcessID == dwOwnerPID)

    {

      wprintf(L\n\n     THREAD ID      = 0x%08X, te32.th32ThreadID);

      wprintf(L\n     Base priority  = %d, te32.tpBasePri);

      wprintf(L\n     Delta priority = %d, te32.tpDeltaPri);

    }

  } while(Thread32Next(hThreadSnap, &te32));

 

  CloseHandle(hThreadSnap);

  return (TRUE);

}

 

void printError(WCHAR* msg)

{

  DWORD eNum;

  WCHAR sysMsg[256];

  WCHAR* p;

 

  eNum = GetLastError();

  FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,

         NULL, eNum,

         MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language

         sysMsg, 256, NULL );

 

  // Trim the end of the line and terminate it with a null

  p = sysMsg;

  while( ( *p > 31 ) || ( *p == 9 ) )

    ++p;

  do { *p-- = 0; }

while( ( p >= sysMsg ) && ( ( *p == '.' ) || ( *p < 33 ) ) );

 

  // Display the message

  wprintf(L\n  WARNING: %s failed with error %d (%s), msg, eNum, sysMsg );

}

 

Build and run the project. The following screenshot is a sample output. Press any key for more Module information.

 

Taking a Snapshot and Viewing Processes Program Example: A sample console program output in action

 

 

 

< Win32 Process Status Help APIs 5 | Process Status Help APIs Index | Win32 Programming | Win32 Process Status Help APIs 7 >