Tag Archives: Processes

Listing Processes – Part 5: Using Windows Management Instrumentation (WMI)

Using Win32_Process WMI class

A previous article shows how to use Win32_PhysicalMedia WMI class to get physical drive info. We can write something similar for getting a list of running processes. All we have to do is to replace the WQL query and get specific properties for Win32_Process. However, to simplify the things, I wrote few C++ wrapper classes over the WMI stuff.
Here is a brief description for each one:

CWMIConnection – opens and keeps a connection to WMI namespace.
CWMIQuery – executes WQL (SQL for WMI) queries and navigates through results.
CWMIWin32_Process – is derived from CWMIQuery and is specialized for Win32_Process.
CWMIValue – a class that gets user readable strings from different CIM types.

The implementation details can be found in the attached demo project.
Let’s show now just a usage example, that fills a list-view control with info about running processes.

void CDemoDlg::_FillProcessesList()
{
    // clear listview control
    m_listProcesses.DeleteAllItems();

    try
    {
        // Open WMI connection
        CWMIConnection wmiConnection;
        wmiConnection.Open(L"ROOT\\CIMV2");

        // Query Win32_Process
        CWMIWin32_Process wmiQuery(wmiConnection);
        wmiQuery.Open();

        // Fill the list
        int nItem = 0;
        while(wmiQuery.MoveNext())
        {
            m_listProcesses.InsertItem(nItem, NULL);

            m_listProcesses.SetItemText(nItem, ePID, WMI_GETPROPERTYSTR(wmiQuery, Handle));
            m_listProcesses.SetItemText(nItem, eSessionID, WMI_GETPROPERTYSTR(wmiQuery, SessionId));
            m_listProcesses.SetItemText(nItem, eImageName, WMI_GETPROPERTYSTR(wmiQuery, Caption));
            m_listProcesses.SetItemText(nItem, eCommandLine, WMI_GETPROPERTYSTR(wmiQuery, CommandLine));
            // ...

            // NOTE: This is just for demo purpose and can be completed. 
            // For a compelte list of Win32_Process properties, see MSDN documentation.
            // http://msdn.microsoft.com/en-us/library/aa394372%28v=vs.85%29.aspx
            nItem++;
        }
    }
    catch(COleException* e)
    {
        e->ReportError();
        e->Delete();
    }
}

void CDemoDlg::_FillProcessesList()

{

// clear listview control

m_listProcesses.DeleteAllItems();

try

{

// Open WMI connection

CWMIConnection wmiConnection;

wmiConnection.Open(L"ROOT\\CIMV2");

// Query Win32_Process

CWMIWin32_Process wmiQuery(wmiConnection);

wmiQuery.Open();

// Fill the list

int nItem = 0;

while(wmiQuery.MoveNext())

{

m_listProcesses.InsertItem(nItem, NULL);

m_listProcesses.SetItemText(nItem, ePID, WMI_GETPROPERTYSTR(wmiQuery, Handle));

m_listProcesses.SetItemText(nItem, eSessionID, WMI_GETPROPERTYSTR(wmiQuery, SessionId));

m_listProcesses.SetItemText(nItem, eImageName, WMI_GETPROPERTYSTR(wmiQuery, Caption));

m_listProcesses.SetItemText(nItem, eCommandLine, WMI_GETPROPERTYSTR(wmiQuery, CommandLine));

// ...

// NOTE: This is just for demo purpose and can be completed.

// For a compelte list of Win32_Process properties, see MSDN documentation.

// http://msdn.microsoft.com/en-us/library/aa394372%28v=vs.85%29.aspx

nItem++;

}

catch(COleException* e)

{

e->ReportError();

e->Delete();

}

Demo project

The demo project is a simple MFC dialog-based application that uses WMI wrapper classes to list and get info about running processes.
Download: Listing_Processes__Using_WMI.zip (857)

Using WMI – Demo Application

Resources

MSDN: Win32_Process class
MSDN: WQL (SQL for WMI)

Listing Processes – Part 4: Using Remote Desktop Services API

Leave a reply

Using Remote Desktop Services API

We can call WTSEnumerateProcesses function to get information about the active processes on a specified Remote Desktop Session Host server. However, if pass WTS_CURRENT_SERVER_HANDLE in first argument (server handle), we can enumerate and get info about processes which are running on local machine.
The following example calls WTSEnumerateProcesses function, then fills an array of WTS_PROCESS_INFO structures.

// Windows Terminal Server API header & lib 
#include <Wtsapi32.h>
#pragma comment(lib, "Wtsapi32.lib")

DWORD RDSAPI_EnumProcesses(CArray<WTS_PROCESS_INFO>& arrProcInfo)
{
    // clear output array
    arrProcInfo.RemoveAll();
    HANDLE hServer = WTS_CURRENT_SERVER_HANDLE; // local machine processes
    PWTS_PROCESS_INFO pProcessInfo = NULL;
    DWORD dwCount = 0;
    // enumerate processes
    if(!::WTSEnumerateProcesses(hServer, 0, 1, &pProcessInfo, &dwCount))
    {
        return ::GetLastError();
    }
    // fill output array
    arrProcInfo.SetSize(dwCount);
    for(DWORD dwIndex = 0; dwIndex < dwCount; dwIndex++)
    {
        arrProcInfo[dwIndex] = pProcessInfo[dwIndex];
    }
    // free the memory allocated in WTSEnumerateProcesses
    ::WTSFreeMemory(pProcessInfo);
    return NO_ERROR;
}

// Windows Terminal Server API header & lib

#include <Wtsapi32.h>

#pragma comment(lib, "Wtsapi32.lib")

DWORD RDSAPI_EnumProcesses(CArray<WTS_PROCESS_INFO>& arrProcInfo)

{

// clear output array

arrProcInfo.RemoveAll();

HANDLE hServer = WTS_CURRENT_SERVER_HANDLE; // local machine processes

PWTS_PROCESS_INFO pProcessInfo = NULL;

DWORD dwCount = 0;

// enumerate processes

if(!::WTSEnumerateProcesses(hServer, 0, 1, &pProcessInfo, &dwCount))

{

return ::GetLastError();

}

// fill output array

arrProcInfo.SetSize(dwCount);

for(DWORD dwIndex = 0; dwIndex < dwCount; dwIndex++)

{

arrProcInfo[dwIndex] = pProcessInfo[dwIndex];

}

// free the memory allocated in WTSEnumerateProcesses

::WTSFreeMemory(pProcessInfo);

return NO_ERROR;

}

If the target OS is Windows Vista or newer, we can alternatively use WTSEnumerateProcessesEx which can get additional info in WTS_PROCESS_INFO_EX structures.
Here is an example that enumerates processes, then fills an array of application-defined structures, (CProcessInfoEx) which contain the following info:

the process identifier;
the identifier of session associated with the process;
the name of the executable file associated with the process;
the user account name;
the user domain name;
the number of threads in the process;
the number of handles in the process;
the page file usage of the process, in bytes;
the peak page file usage of the process, in bytes;
the working set size of the process, in bytes;
the peak working set size of the process, in bytes;
the time, in milliseconds, the process has been running in user mode;
the time, in milliseconds, the process has been running in kernel mode.

DWORD RDSAPI_EnumProcessesEx(CArray<CProcessInfoEx>& arrProcInfo)
{
    // clear output array
    arrProcInfo.RemoveAll();
    // init WTSEnumerateProcessesEx parameters
    HANDLE hServer = WTS_CURRENT_SERVER_HANDLE; // get local machine processes
    DWORD dwLevel = 1;                          // get array of WTS_PROCESS_INFO_EX
    DWORD dwSessionID = WTS_ANY_SESSION;        // get processes in all sessions
    DWORD dwCount = 0;                          // returns the number of processes
    PWTS_PROCESS_INFO_EX  pProcessInfo = NULL;  // output data

    if(!::WTSEnumerateProcessesEx(hServer, &dwLevel, dwSessionID, (LPTSTR*)&pProcessInfo, &dwCount))
    {
        return ::GetLastError();
    }

    // fill output array
    arrProcInfo.SetSize(dwCount);
    for(DWORD dwIndex = 0; dwIndex < dwCount; dwIndex++)
    {
        CProcessInfoEx processInfoEx(pProcessInfo[dwIndex]); 
        arrProcInfo[dwIndex] = processInfoEx;
    }
    // free the memory allocated in WTSEnumerateProcessesEx
    if(!::WTSFreeMemoryEx(WTSTypeProcessInfoLevel1, pProcessInfo, dwCount))
    {
        return ::GetLastError();
    }
    return NO_ERROR;
}

DWORD RDSAPI_EnumProcessesEx(CArray<CProcessInfoEx>& arrProcInfo)

{

// clear output array

arrProcInfo.RemoveAll();

// init WTSEnumerateProcessesEx parameters

HANDLE hServer = WTS_CURRENT_SERVER_HANDLE; // get local machine processes

DWORD dwLevel = 1; // get array of WTS_PROCESS_INFO_EX

DWORD dwSessionID = WTS_ANY_SESSION; // get processes in all sessions

DWORD dwCount = 0; // returns the number of processes

PWTS_PROCESS_INFO_EX pProcessInfo = NULL; // output data

if(!::WTSEnumerateProcessesEx(hServer, &dwLevel, dwSessionID, (LPTSTR*)&pProcessInfo, &dwCount))

{

return ::GetLastError();

}

// fill output array

arrProcInfo.SetSize(dwCount);

for(DWORD dwIndex = 0; dwIndex < dwCount; dwIndex++)

{

CProcessInfoEx processInfoEx(pProcessInfo[dwIndex]);

arrProcInfo[dwIndex] = processInfoEx;

}

// free the memory allocated in WTSEnumerateProcessesEx

if(!::WTSFreeMemoryEx(WTSTypeProcessInfoLevel1, pProcessInfo, dwCount))

{

return ::GetLastError();

}

return NO_ERROR;

}

Now, let’s fill a listview control with the processes info grabbed by RDSAPI_EnumProcessesEx.

void CDemoDlg::_FillProcessesList()
{
    // clear listview control
    m_listProcesses.DeleteAllItems();

    // get an array of CProcessInfoEx
    CArray<CProcessInfoEx> arrProcInfo;
    VERIFY(NO_ERROR == RDSAPI_EnumProcessesEx(arrProcInfo));

    // fill the listview control
    const INT_PTR nSize = arrProcInfo.GetSize();
    for(INT_PTR nItem = 0; nItem < nSize; nItem++)
    {
        // add new item to listview control
        m_listProcesses.InsertItem(nItem, NULL);

        // set list imtem text
        const CProcessInfoEx& processInfoEx = arrProcInfo.ElementAt(nItem);
        m_listProcesses.SetItemText(nItem, ePID, processInfoEx.GetProcessIdStr());
        m_listProcesses.SetItemText(nItem, eSessionID, processInfoEx.GetSessionIdStr());
        m_listProcesses.SetItemText(nItem, eImageName, processInfoEx.GetProcessNameStr());
        m_listProcesses.SetItemText(nItem, eUserName, processInfoEx.GetUserNameStr());
        m_listProcesses.SetItemText(nItem, eDomain, processInfoEx.GetDomainNameStr());
        m_listProcesses.SetItemText(nItem, eThreads, processInfoEx.GetNumberOfThreadsStr());
        m_listProcesses.SetItemText(nItem, eHandles, processInfoEx.GetHandleCountStr());
        m_listProcesses.SetItemText(nItem, ePagefileUsage, processInfoEx.GetPagefileUsageStr());
        m_listProcesses.SetItemText(nItem, ePeakPagefileUsage, processInfoEx.GetPeakPagefileUsageStr());
        m_listProcesses.SetItemText(nItem, eWorkingSetSize, processInfoEx.GetWorkingSetSizeStr());
        m_listProcesses.SetItemText(nItem, ePeakWorkingSetSize, processInfoEx.GetPeakWorkingSetSizeStr());
        m_listProcesses.SetItemText(nItem, eUserTime, processInfoEx.GetUserTimeStr());
        m_listProcesses.SetItemText(nItem, eKernelTime, processInfoEx.GetKernelTimeStr());
    }
}

void CDemoDlg::_FillProcessesList()

{

// clear listview control

m_listProcesses.DeleteAllItems();

// get an array of CProcessInfoEx

CArray<CProcessInfoEx> arrProcInfo;

VERIFY(NO_ERROR == RDSAPI_EnumProcessesEx(arrProcInfo));

// fill the listview control

const INT_PTR nSize = arrProcInfo.GetSize();

for(INT_PTR nItem = 0; nItem < nSize; nItem++)

{

// add new item to listview control

m_listProcesses.InsertItem(nItem, NULL);

// set list imtem text

const CProcessInfoEx& processInfoEx = arrProcInfo.ElementAt(nItem);

m_listProcesses.SetItemText(nItem, ePID, processInfoEx.GetProcessIdStr());

m_listProcesses.SetItemText(nItem, eSessionID, processInfoEx.GetSessionIdStr());

m_listProcesses.SetItemText(nItem, eImageName, processInfoEx.GetProcessNameStr());

m_listProcesses.SetItemText(nItem, eUserName, processInfoEx.GetUserNameStr());

m_listProcesses.SetItemText(nItem, eDomain, processInfoEx.GetDomainNameStr());

m_listProcesses.SetItemText(nItem, eThreads, processInfoEx.GetNumberOfThreadsStr());

m_listProcesses.SetItemText(nItem, eHandles, processInfoEx.GetHandleCountStr());

m_listProcesses.SetItemText(nItem, ePagefileUsage, processInfoEx.GetPagefileUsageStr());

m_listProcesses.SetItemText(nItem, ePeakPagefileUsage, processInfoEx.GetPeakPagefileUsageStr());

m_listProcesses.SetItemText(nItem, eWorkingSetSize, processInfoEx.GetWorkingSetSizeStr());

m_listProcesses.SetItemText(nItem, ePeakWorkingSetSize, processInfoEx.GetPeakWorkingSetSizeStr());

m_listProcesses.SetItemText(nItem, eUserTime, processInfoEx.GetUserTimeStr());

m_listProcesses.SetItemText(nItem, eKernelTime, processInfoEx.GetKernelTimeStr());

}

More implementation details can be found in the attached demo project.

Notes

WTSEnumerateProcesses function requires at least Windows XP or Windows Server 2003;
WTSEnumerateProcessesEx function requires at least Windows 7 or Windows Server 2008 R2;
WTS prefix comes from Windows Terminal Services which is the former name of Remote Desktop Services.

Demo Project

The demo project is a simple MFC dialog-based application that uses the above functions.
Download: Listing_Processes_Using_RDS_API.zip (784)

Using Remote Desktop Services API – Demo Application

References

MSDN: Remote Desktop Services API reference

Listing Processes – Part 3: Using Tool Help Library

3 Replies

Tool Help Library makes it easy to enumerate and get info about processes, threads, modules, and heaps. Let’s use it to get a list of running processes.

Using Tool Help Library

First, take a snapshot by passing TH32CS_SNAPPROCESS flag to CreateToolhelp32Snapshot function. Next, pass the snapshot handle to Process32First, then to Process32Next to get running processes info in a list of PROCESSENTRY32 structures.

#include <Tlhelp32.h>

DWORD CDemoDlg::ToolHelp_EnumProcesses(CList<PROCESSENTRY32>& listProcInfo)
{
    DWORD dwRet = NO_ERROR;

    // take a snapshot of processes
    DWORD dwFlags = TH32CS_SNAPPROCESS;
    HANDLE hSnapshot = ::CreateToolhelp32Snapshot(dwFlags, 0);
    if(INVALID_HANDLE_VALUE == hSnapshot)
    {
        return ::GetLastError();
    }

    PROCESSENTRY32 processEntry = {0};
    processEntry.dwSize = sizeof(PROCESSENTRY32);
    // get info for each process in the snapshot
    if(::Process32First(hSnapshot, &processEntry))
    {
        do
        {   
            listProcInfo.AddTail(processEntry);
        }
        while(::Process32Next(hSnapshot, &processEntry));
    }
    else
    {
        dwRet = ::GetLastError();
    }
    ::CloseHandle(hSnapshot);
    return dwRet;
}

#include <Tlhelp32.h>

DWORD CDemoDlg::ToolHelp_EnumProcesses(CList<PROCESSENTRY32>& listProcInfo)

{

DWORD dwRet = NO_ERROR;

// take a snapshot of processes

DWORD dwFlags = TH32CS_SNAPPROCESS;

HANDLE hSnapshot = ::CreateToolhelp32Snapshot(dwFlags, 0);

if(INVALID_HANDLE_VALUE == hSnapshot)

{

return ::GetLastError();

}

PROCESSENTRY32 processEntry = {0};

processEntry.dwSize = sizeof(PROCESSENTRY32);

// get info for each process in the snapshot

if(::Process32First(hSnapshot, &processEntry))

{

listProcInfo.AddTail(processEntry);

}

while(::Process32Next(hSnapshot, &processEntry));

}

else

{

dwRet = ::GetLastError();

}

::CloseHandle(hSnapshot);

return dwRet;

}

Next example fills a listview control with the following info of each process.

PID (process identifier);
process image name (the name of the executable file);
parent PID;
number of threads started by the process;
base priority of any threads created by this process.

void CDemoDlg::_FillProcessesList()
{
    // clear listview control
    m_listProcesses.DeleteAllItems();

    // get a list of PROCESSENTRY32 structures
    CList<PROCESSENTRY32> listProcInfo;
    VERIFY(NO_ERROR == ToolHelp_EnumProcesses(listProcInfo));

    // fill the listview control
    POSITION pos = listProcInfo.GetHeadPosition();
    int nIndex = 0;
    while(NULL != pos)
    {
        // get next process from the list
        const PROCESSENTRY32& procInfo = listProcInfo.GetNext(pos);

        // format info strings
        CString strPID, strImageName, strParentPID, strThreads, strPriority;
        strPID.Format(_T("%u"), procInfo.th32ProcessID);
        strImageName = procInfo.szExeFile;
        strParentPID.Format(_T("%u"), procInfo.th32ParentProcessID);
        strThreads.Format(_T("%u"), procInfo.cntThreads);
        strPriority.Format(_T("%d"), procInfo.pcPriClassBase);

        // set listview item text
        m_listProcesses.InsertItem(nIndex, strPID);
        m_listProcesses.SetItemText(nIndex, 1, strImageName);
        m_listProcesses.SetItemText(nIndex, 2, strParentPID);
        m_listProcesses.SetItemText(nIndex, 3, strThreads);
        m_listProcesses.SetItemText(nIndex++, 4, strPriority);
    }
}

void CDemoDlg::_FillProcessesList()

{

// clear listview control

m_listProcesses.DeleteAllItems();

// get a list of PROCESSENTRY32 structures

CList<PROCESSENTRY32> listProcInfo;

VERIFY(NO_ERROR == ToolHelp_EnumProcesses(listProcInfo));

// fill the listview control

POSITION pos = listProcInfo.GetHeadPosition();

int nIndex = 0;

while(NULL != pos)

{

// get next process from the list

const PROCESSENTRY32& procInfo = listProcInfo.GetNext(pos);

// format info strings

CString strPID, strImageName, strParentPID, strThreads, strPriority;

strPID.Format(_T("%u"), procInfo.th32ProcessID);

strImageName = procInfo.szExeFile;

strParentPID.Format(_T("%u"), procInfo.th32ParentProcessID);

strThreads.Format(_T("%u"), procInfo.cntThreads);

strPriority.Format(_T("%d"), procInfo.pcPriClassBase);

// set listview item text

m_listProcesses.InsertItem(nIndex, strPID);

m_listProcesses.SetItemText(nIndex, 1, strImageName);

m_listProcesses.SetItemText(nIndex, 2, strParentPID);

m_listProcesses.SetItemText(nIndex, 3, strThreads);

m_listProcesses.SetItemText(nIndex++, 4, strPriority);

}

Demo project

The demo project is a simple MFC dialog-based application that uses the above functions.
Download: Listing_Processes_Using_Tool_Help_Library.zip (476)

Using Tool Help Library – Demo Application

Resources

MSDN: Tool Help Library

Listing Processes – Part 2: Using PSAPI

Leave a reply

A previous article shows how to list running processes from command line. Next, we’ll see how to get a list of processes in our own programs. Let’s start by using Process Status API (PSAPI).

Using PSAPI

Here is an example that calls EnumProcesses PSAPI function, then fills an array with the found process identifiers.

#include <Psapi.h>
#pragma comment(lib, "Psapi.lib")
// ...

DWORD CDemoDlg::PSAPI_EnumProcesses(CDWordArray& arrProcessIds, DWORD dwMaxProcessCount)
{
    DWORD dwRet = NO_ERROR;
    arrProcessIds.RemoveAll();

    DWORD *pProcessIds = new DWORD[dwMaxProcessCount];
    DWORD cb = dwMaxProcessCount * sizeof(DWORD);
    DWORD dwBytesReturned = 0;

    // call PSAPI EnumProcesses
    if(::EnumProcesses(pProcessIds, cb, &dwBytesReturned))
    {
        // fill the array with returned process IDs
        const int nSize = dwBytesReturned / sizeof(DWORD);
        arrProcessIds.SetSize(nSize);
        for(int nIndex = 0; nIndex < nSize; nIndex++)
        {
            arrProcessIds[nIndex] = pProcessIds[nIndex];
        }
    }
    else
    {
        dwRet = ::GetLastError();
    }
    delete []pProcessIds;
    return dwRet;
}

#include <Psapi.h>

#pragma comment(lib, "Psapi.lib")

// ...

DWORD CDemoDlg::PSAPI_EnumProcesses(CDWordArray& arrProcessIds, DWORD dwMaxProcessCount)

{

DWORD dwRet = NO_ERROR;

arrProcessIds.RemoveAll();

DWORD *pProcessIds = new DWORD[dwMaxProcessCount];

DWORD cb = dwMaxProcessCount * sizeof(DWORD);

DWORD dwBytesReturned = 0;

// call PSAPI EnumProcesses

if(::EnumProcesses(pProcessIds, cb, &dwBytesReturned))

{

// fill the array with returned process IDs

const int nSize = dwBytesReturned / sizeof(DWORD);

arrProcessIds.SetSize(nSize);

for(int nIndex = 0; nIndex < nSize; nIndex++)

{

arrProcessIds[nIndex] = pProcessIds[nIndex];

}

else

{

dwRet = ::GetLastError();

}

delete []pProcessIds;

return dwRet;

}

Once having the process identifiers, we can call OpenProcess to get process handles, then use the handles in other functions which get info about processes. Next example fills a listview control with process identifiers, names and image file paths.

void CDemoDlg::_FillProcessesList()
{
    // clear the listvie control
    m_listProcesses.DeleteAllItems();

    // get an array of process IDs
    CDWordArray arrProcessIds;
    VERIFY(NO_ERROR == PSAPI_EnumProcesses(arrProcessIds, 1024));
    const int nSize = arrProcessIds.GetSize();

    // fill the listview control
    for(int nIndex = 0; nIndex < nSize; nIndex++)
    {
        DWORD dwProcessId = arrProcessIds[nIndex];
        // get the process handle
        HANDLE hProcess = ::OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessId);
        if(NULL != hProcess)
        {
            // insert new item in the list
            const int nItemCount = m_listProcesses.GetItemCount();
            m_listProcesses.InsertItem(nItemCount, NULL);

            // format process ID
            CString strProcessID;
            strProcessID.Format(_T("%u"), dwProcessId);

            // get executable file path (in device form)
            CString strImageFileName;
            ::GetProcessImageFileName(hProcess, CStrBuf(strImageFileName, MAX_PATH), MAX_PATH);

            // get image name
            CString strImageName = ::PathFindFileName(strImageFileName);

            // set subitems text
            m_listProcesses.SetItemText(nItemCount, 0, strProcessID);
            m_listProcesses.SetItemText(nItemCount, 1, strImageName);
            m_listProcesses.SetItemText(nItemCount, 2, strImageFileName);

            // close the process handle
            ::CloseHandle(hProcess);
        }
    }
}

void CDemoDlg::_FillProcessesList()

{

// clear the listvie control

m_listProcesses.DeleteAllItems();

// get an array of process IDs

CDWordArray arrProcessIds;

VERIFY(NO_ERROR == PSAPI_EnumProcesses(arrProcessIds, 1024));

const int nSize = arrProcessIds.GetSize();

// fill the listview control

for(int nIndex = 0; nIndex < nSize; nIndex++)

{

DWORD dwProcessId = arrProcessIds[nIndex];

// get the process handle

HANDLE hProcess = ::OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessId);

if(NULL != hProcess)

{

// insert new item in the list

const int nItemCount = m_listProcesses.GetItemCount();

m_listProcesses.InsertItem(nItemCount, NULL);

// format process ID

CString strProcessID;

strProcessID.Format(_T("%u"), dwProcessId);

// get executable file path (in device form)

CString strImageFileName;

::GetProcessImageFileName(hProcess, CStrBuf(strImageFileName, MAX_PATH), MAX_PATH);

// get image name

CString strImageName = ::PathFindFileName(strImageFileName);

// set subitems text

m_listProcesses.SetItemText(nItemCount, 0, strProcessID);

m_listProcesses.SetItemText(nItemCount, 1, strImageName);

m_listProcesses.SetItemText(nItemCount, 2, strImageFileName);

// close the process handle

::CloseHandle(hProcess);

}

Demo project

The demo project is a simple MFC dialog-based application that uses the above functions.
Download: Listing_Processes_Using_PSAPI.zip (707)

Using PSAPI – Demo Application

Resources

MSDN: Process Status API
MSDN: EnumProcesses function

Listing Processes – Part 1: Introduction

Leave a reply

Many users know about Task Manager that allows, between others, to quickly list the currently running processes and get info about each one. Some advanced users may also deal with Windows Resource Monitor, for real-time monitoring the running processes. Other ones may use command line tools lile Tasklist or Tlist as well as complex third-party applications, like Sysinternals Process Explorer and Process Monitor.

However, let’s say that we have to get a list of running processes and obtain additional info about them in our own application. This series of articles presents several methods for doing that in C/C++ programs, by using Windows API or other libraries. But first, let’s have a brief look at command-line tools.

Tasklist

Tasklist is a command-line utility tool, shipped with Windows XP (except home edition) and newer Windows versions. What you have to do is to open cmd console window and run tasklist.exe. Here are few examples:

Displays info about all processes in LIST format

C++

tasklist /v /fo LIST

1

tasklist /v /fo LIST
Displays services running under svchost.exe

C++

tasklist /fi "Imagename eq svchost.exe" /svc

1

tasklist /fi "Imagename eq svchost.exe" /svc
Displays the modules loaded in Internet Explorer

C++

tasklist /m /fi "imagename eq iexplore.exe"

1

tasklist /m /fi "imagename eq iexplore.exe"
Displays tasklist help.

C++

tasklist /?

1

tasklist /?

For a complete reference, see the link under Resources section.

Tlist

Tlist isn’t shipped with Windows operating system but is included in Debugging Tools for Windows suite that can be downloaded from Microsoft site.
Examples:

Displays the command line that started each process

C++

C:\Program Files\Debugging Tools for Windows>tlist /c

1

C:\Program Files\Debugging Tools for Windows>tlist /c
Displays the services that run in each process

C++

C:\Program Files\Debugging Tools for Windows>tlist /s

1

C:\Program Files\Debugging Tools for Windows>tlist /s

Also, for a complete reference see the link, below.

Can we use these tools in our own program?

The answer is yes. We can launch tasklist.exe or tlist.exe with CreateProcess, then use a pipe to catch the output, then… But that may be a real overkill, so let’s forget it!
Next articles will show how to directly use APIs to list processes.

Resources

Technet: Tasklist
Windows DevCenter: Tlist

codexpert blog

I see native code

Tag Archives: Processes

Listing Processes – Part 5: Using Windows Management Instrumentation (WMI)

Using Win32_Process WMI class

Demo project

Resources

See also

Like this:

Listing Processes – Part 4: Using Remote Desktop Services API

Using Remote Desktop Services API

Notes

Demo Project

References

See also

Like this:

Listing Processes – Part 3: Using Tool Help Library

Using Tool Help Library

Demo project

Resources

See also

Like this:

Listing Processes – Part 2: Using PSAPI

Using PSAPI

Demo project

Resources

See also

Like this:

Listing Processes – Part 1: Introduction

Tasklist

Tlist

Can we use these tools in our own program?

Resources

See also

Like this:

Using Win32_Process WMI class

Demo project

Resources

See also

Share this:

Like this:

Using Remote Desktop Services API

Notes

Demo Project

References

See also

Share this:

Like this:

Using Tool Help Library

Demo project

Resources

See also

Share this:

Like this:

Using PSAPI

Demo project

Resources

See also

Share this:

Like this:

Tasklist

Tlist

Can we use these tools in our own program?

Resources

See also

Share this:

Like this: