Thread: Check Running Process Dev-C++

Allright, in context of this theme, I need a code that will check if there are two or more running processes with the same name ( for example, notepad.exe ) ... If there are two processes with same name, return true, otherwise, return false. ( I specify the process name ) .
Thanks in advance.

Originally Posted by maxorator

Classification doesn't make it less editable through DKOM.

That is true. But for the OP's info, DKOM (Direct Kernel Object manipulation) is just a rootkit for hiding processes. DKOM can change the name by searching thru the EPROCESS block until it finds character array marker "SYSTEM". The process name is an offset in the EPROCESS block based on the location of this "SYSTEM" marker. The process name itself is a 16 byte character array.

So, essentially, DKOM changes the process name in memory.

Originally Posted by outlawbt

Allright, in context of this theme, I need a code that will check if there are two or more running processes with the same name ( for example, notepad.exe ) ... If there are two processes with same name, return true, otherwise, return false. ( I specify the process name ) .
Thanks in advance.

Code:

#pragma comment(lib, "advapi32.lib")
#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>

DWORD CountProcesses(CHAR *pProcessName) 
{
    DWORD dwCount = 0;
    HANDLE hSnap = NULL;
    PROCESSENTRY32 proc32;

    if((hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) == INVALID_HANDLE_VALUE)
        return -1;
    proc32.dwSize=sizeof(PROCESSENTRY32);
    while((Process32Next(hSnap, &proc32)) == TRUE)
        if(stricmp(proc32.szExeFile,pProcessName) == 0)
            ++dwCount;
    CloseHandle(hSnap); 
    return dwCount;
}

int main(int argc, char **argv)
{
    DWORD dwReturn;
    if(argc == 2)
    {
        dwReturn = CountProcesses(argv[1]);
        if(dwReturn != -1)
        printf("There are %d %s processes running\n",dwReturn, argv[1] );
        else
            printf("CreateToolhelp32Snapshot failed\n");
    }
    return 0;
}

Thanks for the code, it works perfectly fine, but... I don't want to specify the process's name as program's argument, I want to enter it as string, for example
string process;
cin >> process;
...
I'm new to C/C++ programming, so i had some problems making the code in that what i want it to be....

I'm new to C/C++ programming, so i had some problems making the code in that what i want it to be....

I would strongly suggest you concentrate on improving your basic C/C++ coding skills before attempting to embark on something more challenging such as system level programming. Otherwise, you'll always need someone else to write the more complex code for you.

Code:

// Compile cl.exe /EHsc /MT count.cpp
#pragma comment(lib, "advapi32.lib")
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>

using namespace std;

DWORD CountProcesses(CHAR *pProcessName) 
{
    DWORD dwCount = 0;
    HANDLE hSnap = NULL;
    PROCESSENTRY32 proc32;

    if((hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) == INVALID_HANDLE_VALUE)
        return -1;
    proc32.dwSize=sizeof(PROCESSENTRY32);
    while((Process32Next(hSnap, &proc32)) == TRUE)
        if(stricmp(proc32.szExeFile,pProcessName) == 0)
            ++dwCount;
    CloseHandle(hSnap); 
    return dwCount;
}

int main(void)
{
    DWORD dwReturn;
    char cAsk[] = "Enter process name: ";
    char cProcess[80] = {0};

    cout << cAsk;
    cin >> cProcess;
    dwReturn = CountProcesses(cProcess);
    if(dwReturn != -1)
        printf("There are %d %s processes running\n",dwReturn, cProcess);
    else
        printf("CreateToolhelp32Snapshot failed\n");

    return 0;
}

Thanks a lot

Implementing the isRunning code under WindowsXP (Compiled with MingW) seems to cause a segmentation fault pretty reliable for me across a number of systems.

I've tracked the SEGSIV down to OpenProcess - anytime I attempt to use this, as with examples or otherwise, I get a segfault.

I'm not knowledgeable enough to really determine why, especially since theres no useful information out of the debugger...So, in case anyone else is having the problem and just wishes to determine whether or not a process is running:

Code:

int isRunning(char *pProcessName)
{
    HANDLE hSnap = INVALID_HANDLE_VALUE;
    HANDLE hProcess = INVALID_HANDLE_VALUE;
    PROCESSENTRY32 ProcessStruct;
    ProcessStruct.dwSize = sizeof(PROCESSENTRY32);
    hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if(hSnap == INVALID_HANDLE_VALUE)
        return -1;
    if(Process32First(hSnap, &ProcessStruct) == FALSE)
        return -1;
    do
    {
        if(stricmp(strupr(ProcessStruct.szExeFile), pProcessName)==0)
        {
            CloseHandle( hSnap );
            return  ProcessStruct.th32ProcessID;
            break;
        }
    }
    while( Process32Next( hSnap, &ProcessStruct ) );
    CloseHandle( hSnap );
    return -1;
}

Taken from another block of code containing segfault issues; but this code works pretty reliable for me.

Returns -1 if no process found, or a PID.

Oh, and if anyone can figure out why the original isRunning might be segfaulting...I'd appreciate it =)