More on Processes (getProcesses)

This is a discussion on More on Processes (getProcesses) within the Windows Programming forums, part of the Platform Specific Boards category; I have the following function to get a list of all runing processes and other info, as posted in two ...

  1. #1
    HelpingYouHelpUsHelpUsAll
    Join Date
    Dec 2007
    Location
    In your nightmares
    Posts
    223

    More on Processes (getProcesses)

    I have the following function to get a list of all runing processes and other info, as posted in two other places in the section, one of the most irritating things about it is that GetModuleBaseName does not get the correct name for all the processes, e.g. ALG.exe and CSRSS.exe, two common windows processes aren't in the list where they are in taskmanager.

    Code:
    int getProcesses() {
    
    	HMODULE hModule;
    	char szProcessName[MAX_PATH] = {0};
    	DWORD dwProcesses[1024], cbNeeded, cProcesses;
    	unsigned int i;
    	char PIDbuf[10];
    	char buf[50];
    
    	if (!EnumProcesses(dwProcesses, sizeof(dwProcesses), &cbNeeded))
    		return -1;
    	cProcesses = cbNeeded / sizeof(DWORD);
    	for (i = 0; i < cProcesses; i++)
    		if(dwProcesses[i] != 0)
    		{
    			HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
    				PROCESS_VM_READ, FALSE, dwProcesses[i]);
    			if (NULL != hProcess)
    			{
    				strcpy(szProcessName, "System");
    				if (EnumProcessModules(hProcess, &hModule, sizeof(hModule),
    					&cbNeeded))
    				{
    					GetModuleBaseName(hProcess, hModule, szProcessName,
    						sizeof(szProcessName)/sizeof(CHAR));
    				}
    			}
    			sprintf(PIDbuf, "%d", dwProcesses[i]);
    			InsertRow(GetDlgItem(hwndMain, ID_LISTVIEW), szProcessName,PIDbuf,
    			GetProcessMemoryWSS(hProcess, buf), GetProcessMemoryPWSS(hProcess, buf),
    		    GetProcessPriority(hProcess),
    			    GetUserInfo(dwProcesses[i], hProcess));
    			CloseHandle(hProcess);
    		}
    	return cProcesses;
    }
    As you can see in the attachment the process with a PID of 3600 is ment to be ALG.exe not nmsrvc.exe. Also where this happens the memory usage and briotity class are blank. I was thinking of checking whether GetProcessMemoryWSS fails (returns "") if it has, get PID -> open handle -> get name and replace it with szProcessName. However I don't know of any functions to do this. I don't want to use PdhEnumObjectItems as that caches and I don't fancy using Snapshots either. Is there any way this can be acheived?
    Last edited by P4R4N01D; 06-06-2008 at 10:46 PM.
    long time no C; //seige
    You miss 100% of the people you don't C;
    Code:
    if (language != LANG_C && language != LANG_CPP)
        drown(language);

  2. #2
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,246
    Try using NtQueryInformationProcess() to get the process name (it will be returned in the ProcessInformation structure) and see if that gives something different.

  3. #3
    CSharpener vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,484
    You should check GetModuleBaseName return value - probably it failed and you just printed what was left in the buffer after the previous call
    The first 90% of a project takes 90% of the time,
    the last 10% takes the other 90% of the time.

  4. #4
    train spotter
    Join Date
    Aug 2001
    Location
    near a computer
    Posts
    3,859
    As I tried to point out in your previous thread....

    If OpenProcess() returns a NULL, you still insert a row and use a NULL handle in the calls to get other info.
    "Man alone suffers so excruciatingly in the world that he was compelled to invent laughter."
    Friedrich Nietzsche

    "I spent a lot of my money on booze, birds and fast cars......the rest I squandered."
    George Best

    "If you are going through hell....keep going."
    Winston Churchill

  5. #5
    HelpingYouHelpUsHelpUsAll
    Join Date
    Dec 2007
    Location
    In your nightmares
    Posts
    223
    I have fixed up the check: if (NULL != hProcess), as if hProcess is NULL, I need to Close the handle and move on to the next process. The problem now is that GetModuleBaseName doesn't return 0, it might be that EnumProcessModules fails so GetModuleBaseName never returns 0. Note I haven't tryed implementing NtQueryInformationProcess yet. Here is what I currently have (I have removed the top as it is the same as before:
    Code:
    for (i = 0; i < cProcesses; i++)
    		if(dwProcesses[i] != 0)
    		{
    			HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
    				PROCESS_VM_READ, FALSE, dwProcesses[i]);
    			if (NULL != hProcess)
    			{
    				strcpy(szProcessName, "System");
    				if (EnumProcessModules(hProcess, &hModule, sizeof(hModule),
    					&cbNeeded))
    				{
    					GetModuleBaseName(hProcess, hModule, szProcessName,
    						sizeof(szProcessName)/sizeof(CHAR));
    				}
    			sprintf(PIDbuf, "%d", dwProcesses[i]);
    			InsertRow(GetDlgItem(hwndMain, ID_LISTVIEW), szProcessName,PIDbuf,
    			GetProcessMemoryWSS(hProcess, buf), GetProcessMemoryPWSS(hProcess, buf),
    		    GetProcessPriority(hProcess),
    			    GetUserInfo(dwProcesses[i], hProcess));
    			}
    			CloseHandle(hProcess);
    		}
    	return cProcesses;
    }
    long time no C; //seige
    You miss 100% of the people you don't C;
    Code:
    if (language != LANG_C && language != LANG_CPP)
        drown(language);

  6. #6
    sgh
    sgh is offline
    Registered User
    Join Date
    Apr 2008
    Posts
    58
    what is api function to close current selecting process?

  7. #7
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Posts
    22,901
    You mean close down a process (close notepad for example) or close the handle to a function you opened?
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  8. #8
    'Allo, 'Allo, Allo
    Join Date
    Apr 2008
    Posts
    612
    Quote Originally Posted by P4R4N01D View Post
    e.g. ALG.exe and CSRSS.exe, two common windows processes aren't in the list where they are in taskmanager.
    That's because when you try and open the handles, OpenProcess is failing, and if you GetLastError(), it'll probably be 5 which is Access Denied. Why? Well those two process don't have the default service DACL, specifically for those two processes Administrator accounts have no permissions at all.

    If you want to check for yourself, download my QueryDACL tool, then get the PID of either of those processes and run:
    qd kernel process <pid you just found>
    that'll output all the permissions available for each account that has an entry in the DACL. Builtin\Administrators will be strangely absent.

    To get round it, you need to enable the SE_DEBUG_NAME privilege for your process (see AdjustTokenPrivileges and friends, see the linked example at the bottom for how to do it) do the querying, and disable it when you don't need it any more.

  9. #9
    sgh
    sgh is offline
    Registered User
    Join Date
    Apr 2008
    Posts
    58
    yes elysia
    if you know api function, please write it to me

  10. #10
    HelpingYouHelpUsHelpUsAll
    Join Date
    Dec 2007
    Location
    In your nightmares
    Posts
    223
    Simple, use CreateProcess to Create a Process and use TerminateProcess to close one. Terminate Process requires the handle to the Process that is to be closed and all these functions are declared in Kernel32.lib e.g.
    Code:
    TerminateProcess(OpenProcess(PROCESS_TERMINATE,FALSE,PID),0) //Where PID is a int (or UNIT)
    Also as you know a process that is forced to end task will not be able to ignore the request, so it might be a good idea to think about asking the user for confirmation (Esp. if they are about to close a system process), don't want the user having to go through a reboot just because they "accidentally" closed csrss.exe.

    Also thanks adeyblue, I knew that OpenProcess was failing, but didn't know why. Now I know I will look into it and probably post a function that gets a handle to those processes.
    long time no C; //seige
    You miss 100% of the people you don't C;
    Code:
    if (language != LANG_C && language != LANG_CPP)
        drown(language);

  11. #11
    sgh
    sgh is offline
    Registered User
    Join Date
    Apr 2008
    Posts
    58
    Good!!!
    i solved old my problem for your help.
    thanks again.

  12. #12
    sgh
    sgh is offline
    Registered User
    Join Date
    Apr 2008
    Posts
    58
    Hi, P4R4N01D
    i have some issue while using my app.
    it is my app is forced to end process to open as you say.
    i'd like to get a message for process when ending process.
    can you tell me another api function for it or other ways?
    regards

  13. #13
    HelpingYouHelpUsHelpUsAll
    Join Date
    Dec 2007
    Location
    In your nightmares
    Posts
    223
    Do you mean to ask the user for confirmation to end the process or give them some output when the close a system process? If it is for confirmation then just use a messageBox, I like to give the user an option to toggle this on/off via a menu, set a flag and test it when the user tries to end the process.
    If you want to give specific output on if the user tries to exit a SYSTEM process, then the only way I would recommend is to use multiple if statements to test for common processes: "Idle", "csrss", etc, do some research if necessary. I don't recommend getting the user name of the process to see if it was run by the OS (See the user name column in task manager) or not as this is surprisingly lengthy and complex. If you must know it is in one of the threads I started, about process user names.
    long time no C; //seige
    You miss 100% of the people you don't C;
    Code:
    if (language != LANG_C && language != LANG_CPP)
        drown(language);

  14. #14
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Posts
    22,901
    Code:
    TerminateProcess(OpenProcess(PROCESS_TERMINATE,FALSE,PID),0) //Where PID is a int (or UNIT)
    This type of copy is not really recommended.
    OpenProcess returns a handle which you must close.
    And I don't see the purpose of terminating a process you just open? Or it was it just an example?

    Another (better) way to close a process is to close its main window or send close to all of its windows. That way it will exit the way it should. I don't remember exactly how to to enumerate windows for a given process/thread.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  15. #15
    sgh
    sgh is offline
    Registered User
    Join Date
    Apr 2008
    Posts
    58
    i mean when open some process(e.g. notepad.exe), edit letters and close process(notepad), i need to show messagebox for saving my data.
    then if use TerminateProcess api, i cant get this messagebox.
    so i'm looking for another api function to closing process.
    i think get mainhandle of window(notepad window) and close process for using it's handle.
    is it possible this way?
    if possible, please help me in advance or post api function.
    thanks.

Page 1 of 2 12 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 34
    Last Post: 05-27-2009, 01:26 PM
  2. Processes not dying
    By Elkvis in forum Linux Programming
    Replies: 12
    Last Post: 04-23-2008, 09:59 AM
  3. binary tree of processes
    By gregulator in forum C Programming
    Replies: 1
    Last Post: 02-28-2005, 12:59 AM
  4. Computer Processes.... Which can be stopped?
    By Sevrin in forum Tech Board
    Replies: 3
    Last Post: 06-08-2003, 09:13 PM
  5. Unix processes
    By J-Dogg in forum Linux Programming
    Replies: 1
    Last Post: 03-24-2003, 05:42 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21