Tag Archives: Windows API

Listing Processes – Part 5: Using Windows Management Instrumentation (WMI)

Using Win32_Process WMI class

A previous article shows how to use Win32_PhysicalMedia WMI class to get physical drive info. We can write something similar for getting a list of running processes. All we have to do is to replace the WQL query and get specific properties for Win32_Process. However, to simplify the things, I wrote few C++ wrapper classes over the WMI stuff.
Here is a brief description for each one:

    • CWMIConnection – opens and keeps a connection to WMI namespace.
    • CWMIQuery – executes WQL (SQL for WMI) queries and navigates through results.
    • CWMIWin32_Process – is derived from CWMIQuery and is specialized for Win32_Process.
    • CWMIValue – a class that gets user readable strings from different CIM types.

The implementation details can be found in the attached demo project.
Let’s show now just a usage example, that fills a list-view control with info about running processes.

Demo project

The demo project is a simple MFC dialog-based application that uses WMI wrapper classes to list and get info about running processes.
Download: Listing_Processes__Using_WMI.zip (1193)

 

Using WMI - Demo Application

Using WMI – Demo Application

 

Resources

See also

Listing Processes – Part 4: Using Remote Desktop Services API

Using Remote Desktop Services API

We can call WTSEnumerateProcesses function to get information about the active processes on a specified Remote Desktop Session Host server. However, if pass WTS_CURRENT_SERVER_HANDLE in first argument (server handle), we can enumerate and get info about processes which are running on local machine.
The following example calls WTSEnumerateProcesses function, then fills an array of WTS_PROCESS_INFO structures.

If the target OS is Windows Vista or newer, we can alternatively use WTSEnumerateProcessesEx which can get additional info in WTS_PROCESS_INFO_EX structures.
Here is an example that enumerates processes, then fills an array of application-defined structures, (CProcessInfoEx) which contain the following info:

  • the process identifier;
  • the identifier of session associated with the process;
  • the name of the executable file associated with the process;
  • the user account name;
  • the user domain name;
  • the number of threads in the process;
  • the number of handles in the process;
  • the page file usage of the process, in bytes;
  • the peak page file usage of the process, in bytes;
  • the working set size of the process, in bytes;
  • the peak working set size of the process, in bytes;
  • the time, in milliseconds, the process has been running in user mode;
  • the time, in milliseconds, the process has been running in kernel mode.

Now, let’s fill a listview control with the processes info grabbed by RDSAPI_EnumProcessesEx.

More implementation details can be found in the attached demo project.

Notes

  • WTSEnumerateProcesses function requires at least Windows XP or Windows Server 2003;
  • WTSEnumerateProcessesEx function requires at least Windows 7 or Windows Server 2008 R2;
  • WTS prefix comes from Windows Terminal Services which is the former name of Remote Desktop Services.

Demo Project

The demo project is a simple MFC dialog-based application that uses the above functions.
Download: Listing_Processes_Using_RDS_API.zip (997)

Using Remote Desktop Services API - Demo Application

Using Remote Desktop Services API – Demo Application

References

See also

Listing Processes – Part 3: Using Tool Help Library

Tool Help Library makes it easy to enumerate and get info about processes, threads, modules, and heaps. Let’s use it to get a list of running processes.

Using Tool Help Library

First, take a snapshot by passing TH32CS_SNAPPROCESS flag to CreateToolhelp32Snapshot function. Next, pass the snapshot handle to Process32First, then to Process32Next to get running processes info in a list of PROCESSENTRY32 structures.

Next example fills a listview control with the following info of each process.

    • PID (process identifier);
    • process image name (the name of the executable file);
    • parent PID;
    • number of threads started by the process;
    • base priority of any threads created by this process.

Demo project

The demo project is a simple MFC dialog-based application that uses the above functions.
Download: Listing_Processes_Using_Tool_Help_Library.zip (622)

Using Tool Help Library - Demo Application

Using Tool Help Library – Demo Application

Resources

See also

Listing Processes – Part 2: Using PSAPI

A previous article shows how to list running processes from command line. Next, we’ll see how to get a list of processes in our own programs. Let’s start by using Process Status API (PSAPI).

Using PSAPI

Here is an example that calls EnumProcesses PSAPI function, then fills an array with the found process identifiers.

Once having the process identifiers, we can call OpenProcess to get process handles, then use the handles in other functions which get info about processes. Next example fills a listview control with process identifiers, names and image file paths.

Demo project

The demo project is a simple MFC dialog-based application that uses the above functions.
Download: Listing_Processes_Using_PSAPI.zip (870)

Using PSAPI - Demo Application

Using PSAPI – Demo Application

Resources

See also

Get Physical Drive Serial Number – Part 2

The previous article shows how to get manufacturer-provided serial number for a physical drive by calling DeviceIoControl function.
Now, let’s see how can it be made by using WMI (Windows Management Instrumentation).

Get serial number by using Win32_PhysicalMedia WMI class

To get the physical drive serial number by using Win32_PhysicalMedia class, follow these steps:

  1. Initialize COM.
  2. Set the default process security level.
  3. Create a connection to WMI namespace.
  4. Set the security levels on WMI connection.
  5. Execute a WQL (WMI Query Language) query to get a list of physical media. Each list element contains a tag as unique identifier (e.g. PHYSICALDRIVE0)  and the manufacturer-provided serial number.
  6. Get each enumerator element until find the desired physical drive. For detailed code, see the complete demo application, below.

Putting all together with some helpful ATL stuff, we can make now a simple console demo application.

See also

Resources

Later edit

We can simplify a little bit the above example by adding WHERE clause in the WQL query.

Get Physical Drive Serial Number – Part 1

One frequently asked question is “how to (programmatically) get the serial number of a physical drive?” or “how to find my hard disk serial number?“.
One first simple attempt may be to call GetVolumeInformation. However, this function retrieves a serial number which is assigned by the operating system to a volume when it is formatted. It’s not what we want.
To get the serial number assigned to the hard disk (or another type of physical drive) by the manufacturer, we have to find other ways, like for example calling DeviceIoControl function or using Win32_PhysicalMedia WMI class.
Let’s begin with the first one.

Get serial number by using DeviceIoControl

To get the serial number of a physical drive, we can call DeviceIoControl with IOCTL_STORAGE_QUERY_PROPERTY control code.
Just follow these steps:

  1. Call CreateFile function to get a handle to physical drive. First argument (lpFileName) may be \\.\PhysicalDrive0, \\.\PhysicalDrive1, \\.\PhysicalDrive2… for drive #0, #1, #2, and so on.
  2. Set the STORAGE_PROPERTY_QUERY input data structure.
  3. Call DeviceIoControl once for retrieving necessary size, then allocate the output buffer.
  4. Call DeviceIoControl twice to get the storage device descriptor. The output buffer points to a STORAGE_DEVICE_DESCRIPTOR structure, followed by additional info like vendor ID, product ID, serial number, and so on. The serial number is a null-terminated ASCII string located at SerialNumberOffset bytes counted form the beginning of the output buffer.

Now let’s put all together in an MFC sample application which gets then displays the serial number for physical drive #0.

Notes

  • The above example intentionally shows a “flat” global function, just for learning purpose. Of course, each one may improve it by using a more object-oriented approach.
  • May notice that STORAGE_DEVICE_DESCRIPTOR gets more info than serial number (device type, vendor ID, product ID, and so on). This is a subject of improving, as well.
  • Next article will describe how to get serial number using WMI (Windows Management Instrumentation).

See also

Resources

Listing Processes – Part 1: Introduction

Many users know about Task Manager that allows, between others, to quickly list the currently running processes and get info about each one. Some advanced users may also deal with Windows Resource Monitor, for real-time monitoring the running processes. Other ones may use command line tools lile Tasklist or Tlist as well as complex third-party applications, like Sysinternals Process Explorer and Process Monitor.

However, let’s say that we have to get a list of running processes and obtain additional info about them in our own application. This series of articles presents several methods for doing that in C/C++ programs, by using Windows API or other libraries. But first, let’s have a brief look at command-line tools.

Tasklist

Tasklist is a command-line utility tool, shipped with Windows XP (except home edition) and newer Windows versions. What you have to do is to open cmd console window and run tasklist.exe. Here are few examples:

  • Displays info about all processes in LIST format
  • Displays services running under svchost.exe
  • Displays the modules loaded in Internet Explorer
  • Displays tasklist help.

For a complete reference, see the link under Resources section.

Tlist

Tlist isn’t shipped with Windows operating system but is included in Debugging Tools for Windows suite that can be downloaded from Microsoft site.
Examples:

  • Displays the command line that started each process
  • Displays the services that run in each process

Also, for a complete reference see the link, below.

Can we use these tools in our own program?

The answer is yes. We can launch tasklist.exe or tlist.exe with CreateProcess, then use a pipe to catch the output, then… But that may be a real overkill, so let’s forget it!
Next articles will show how to directly use APIs to list processes.

Resources

See also