Taking a Snapshot and Viewing Processes Program Example
The following simple console application obtains a list of running processes. First, the GetProcessList() function takes a snapshot of currently executing processes in the system using CreateToolhelp32Snapshot(), and then it walks through the list recorded in the snapshot using Process32First() and Process32Next(). For each process in turn, GetProcessList() calls the ListProcessModules() and the ListProcessThreads(). A simple error-reporting function, printError(), displays the reason for any failures, which usually result from security restrictions. For example, OpenProcess() fails for the Idle and CSRSS processes because their access restrictions prevent user-level code from opening them.
Create a new empty Win32 console application project. Give a suitable project name and change the project location if needed.
Then, add the source file and give it a suitable name.
Next, add the following source code.
// Taking a Snapshot and Viewing Processes
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <stdio.h>
// Prototypes
BOOL GetProcessList();
BOOL ListProcessModules(DWORD dwPID);
BOOL ListProcessThreads(DWORD dwOwnerPID);
void printError(WCHAR* msg);
int wmain(int argc, WCHAR **argv)
{
GetProcessList();
return 0;
}
BOOL GetProcessList()
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
printError(LCreateToolhelp32Snapshot() (of processes));
return (FALSE);
}
// Set the size of the structure before using it.
pe32.dwSize = sizeof(PROCESSENTRY32);
// Retrieve information about the first process,
// and exit if unsuccessful
if(!Process32First(hProcessSnap, &pe32))
{
printError(LProcess32First()); // show cause of failure
CloseHandle(hProcessSnap); // clean the snapshot object
return (FALSE);
}
// Now walk the snapshot of processes, and
// display information about each process in turn
do
{
wprintf(L\n\n===================================================== );
wprintf(L\nPROCESS NAME: %s, pe32.szExeFile );
wprintf(L\n----------------------------------------------------- );
// Retrieve the priority class.
dwPriorityClass = 0;
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
if(hProcess == NULL)
printError(LOpenProcess());
else
{
dwPriorityClass = GetPriorityClass(hProcess);
if(!dwPriorityClass)
printError(LGetPriorityClass());
CloseHandle(hProcess);
}
wprintf(L\n Process ID = 0x%08X, pe32.th32ProcessID);
wprintf(L\n Thread count = %d, pe32.cntThreads);
wprintf(L\n Parent process ID = 0x%08X, pe32.th32ParentProcessID);
wprintf(L\n Priority base = %d, pe32.pcPriClassBase );
if(dwPriorityClass)
wprintf(L\n Priority class = %d, dwPriorityClass);
// List the modules and threads associated with this process
ListProcessModules(pe32.th32ProcessID);
ListProcessThreads(pe32.th32ProcessID);
// Press any key for more...
_getwch();
} while(Process32Next(hProcessSnap, &pe32));
CloseHandle(hProcessSnap);
return (TRUE);
}
BOOL ListProcessModules(DWORD dwPID)
{
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
// Take a snapshot of all modules in the specified process.
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if(hModuleSnap == INVALID_HANDLE_VALUE)
{
printError(LCreateToolhelp32Snapshot() (of modules));
return (FALSE);
}
// Set the size of the structure before using it.
me32.dwSize = sizeof(MODULEENTRY32);
// Retrieve information about the first module, and exit if unsuccessful
if(!Module32First(hModuleSnap, &me32))
{
printError(LModule32First()); // show cause of failure
CloseHandle(hModuleSnap); // clean the snapshot object
return (FALSE);
}
// Now walk the module list of the process, and display information about each module
do
{
wprintf(L\n\n MODULE NAME: %s, me32.szModule);
wprintf(L\n Executable = %s, me32.szExePath);
wprintf(L\n Process ID = 0x%08X, me32.th32ProcessID);
wprintf(L\n Ref count (g) = 0x%04X, me32.GlblcntUsage);
wprintf(L\n Ref count (p) = 0x%04X, me32.ProccntUsage);
wprintf(L\n Base address = 0x%08X, (DWORD) me32.modBaseAddr);
wprintf(L\n Base size = %d, me32.modBaseSize);
} while(Module32Next(hModuleSnap, &me32));
CloseHandle(hModuleSnap);
return (TRUE);
}
BOOL ListProcessThreads(DWORD dwOwnerPID)
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if(hThreadSnap == INVALID_HANDLE_VALUE)
return (FALSE);
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32);
// Retrieve information about the first thread,
// and exit if unsuccessful
if(!Thread32First(hThreadSnap, &te32))
{
printError(LThread32First()); // show cause of failure
CloseHandle(hThreadSnap); // clean the snapshot object
return (FALSE);
}
// Now walk the thread list of the system,
// and display information about each thread
// associated with the specified process
do
{
if(te32.th32OwnerProcessID == dwOwnerPID)
{
wprintf(L\n\n THREAD ID = 0x%08X, te32.th32ThreadID);
wprintf(L\n Base priority = %d, te32.tpBasePri);
wprintf(L\n Delta priority = %d, te32.tpDeltaPri);
}
} while(Thread32Next(hThreadSnap, &te32));
CloseHandle(hThreadSnap);
return (TRUE);
}
void printError(WCHAR* msg)
{
DWORD eNum;
WCHAR sysMsg[256];
WCHAR* p;
eNum = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, eNum,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
sysMsg, 256, NULL );
// Trim the end of the line and terminate it with a null
p = sysMsg;
while( ( *p > 31 ) || ( *p == 9 ) )
++p;
do { *p-- = 0; }
while( ( p >= sysMsg ) && ( ( *p == '.' ) || ( *p < 33 ) ) );
// Display the message
wprintf(L\n WARNING: %s failed with error %d (%s), msg, eNum, sysMsg );
}
Build and run the project. The following screenshot is a sample output. Press any key for more Module information.