Listing the Windows OS process's module information
Compiler: Visual C++ Express Edition 2005
Compiled on Platform: Windows Xp Pro SP2
Target platform: none, just for learning and fun
Header file: Standard and Windows
Additional library: Windows Platform SDK
Additional project setting: Set project to be compiled as C
Project -> your_project_name Properties -> Configuration Properties -> C/C++ -> Advanced -> Compiled As: Compiled as C Code (/TC)
Other info: non-CLR or unmanaged.
To do: Listing the Windows process's module information
To show: The usage of various Windows threads and processes Win32 C functions
// For WinXp as a target
#define _WIN32_WINNT 0x0501
#include <windows.h>
// For Process32Next()
#include <tlhelp32.h>
#include <stdio.h>
// Function prototypes...
BOOL GetProcessList();
BOOL ListProcessModules(DWORD dwPID);
BOOL ListProcessThreads(DWORD dwOwnerPID);
void printError(TCHAR* msg);
int main(int argc, char argv[])
{
GetProcessList();
return 0;
}
// =================Get the processes=====================
BOOL GetProcessList()
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
printError(L"CreateToolhelp32Snapshot (of processes)");
return(FALSE);
}
// Set the size of the structure before using it.
pe32.dwSize = sizeof(PROCESSENTRY32);
// Retrieve information about the first process, and exit if unsuccessful
printf("\n\n*********************************");
printf("\nList of process & their info...\n");
printf("*********************************");
if (!Process32First(hProcessSnap, &pe32))
{
printError(L"Process32First()"); // Show cause of failure
CloseHandle(hProcessSnap); // Must clean up the snapshot object
return (FALSE);
}
// Now walk the snapshot of processes, and display information about each process in turn
do
{
printf("\n\n===========================================================");
printf("\nPROCESS NAME: %S", pe32.szExeFile);
printf("\n-----------------------------------------------------------");
// Retrieve the priority class.
dwPriorityClass = 0;
// OpenProcess() with all possible access rights for a process object,
// handle cannot be inherited and Identifier of the process to open...
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
if (hProcess == NULL)
printError(L"OpenProcess()");
else
{
dwPriorityClass = GetPriorityClass(hProcess);
if (!dwPriorityClass)
printError(L"GetPriorityClass()");
CloseHandle(hProcess);
}
printf("\n Name of the exe = %S", pe32.szExeFile);
printf("\n Parent process ID = %u", pe32.th32ParentProcessID);
printf("\n Process ID = %u", pe32.th32ProcessID);
printf("\n Thread count = %u", pe32.cntThreads);
printf("\n Priority Base = %u", pe32.pcPriClassBase);
if(dwPriorityClass)
printf("\n Priority Class = %u", dwPriorityClass);
// List the modules and threads associated with this process
ListProcessModules(pe32.th32ProcessID);
ListProcessThreads(pe32.th32ProcessID);
} while (Process32Next(hProcessSnap, &pe32));
// Don't forget to clean up the snapshot object!
CloseHandle(hProcessSnap);
return (TRUE);
}
// =================List the process modules=====================
BOOL ListProcessModules(DWORD dwPID)
{
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
// Take a snapshot of all modules in the specified process.
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if(hModuleSnap == INVALID_HANDLE_VALUE)
{
printError(L"CreateToolhelp32Snapshot(of modules)");
return (FALSE);
}
// Set the size of the structure before using it...
me32.dwSize = sizeof(MODULEENTRY32);
// Retrieve information about the first module, and exit if unsuccessful
printf("\n\n*****************************************");
printf("\nList of process module & their info...\n");
printf("*****************************************");
if (!Module32First(hModuleSnap, &me32))
{
printError(L"Module32First()"); // Show cause of failure
CloseHandle(hModuleSnap); // Must clean up the snapshot object
return (FALSE);
}
// Now walk the module list of the process, and display information about each module...
do
{
printf("\n\n MODULE NAME: %S", me32.szModule);
printf("\n executable = %S", me32.szExePath);
printf("\n process ID = %u", me32.th32ProcessID);
printf("\n ref count (g) = %u", me32.GlblcntUsage);
printf("\n ref count (p) = %u", me32.ProccntUsage);
printf("\n base address = %p", me32.modBaseAddr);
printf("\n base size = %d", me32.modBaseSize);
} while(Module32Next(hModuleSnap, &me32));
// Don't forget to clean up the snapshot object.
CloseHandle(hModuleSnap);
return (TRUE);
}
// =================List the process threads=====================
BOOL ListProcessThreads(DWORD dwOwnerPID)
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == INVALID_HANDLE_VALUE)
return (FALSE);
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32);
// Retrieve information about the first thread, and exit if unsuccessful
printf("\n\n*****************************************");
printf("\nList of process thread & their info...\n");
printf("*****************************************");
if(!Thread32First(hThreadSnap, &te32))
{
printError(L"Thread32First()"); // Show cause of failure
CloseHandle(hThreadSnap); // Must clean up the snapshot object
return (FALSE);
}
// Now walk the thread list of the system, and display information about each thread associated with the specified process
do
{
if (te32.th32OwnerProcessID == dwOwnerPID)
{
printf("\n\n THREAD ID = %u", te32.th32ThreadID);
printf("\n base priority = %d", te32.tpBasePri);
printf("\n delta priority = %d", te32.tpDeltaPri);
}
} while (Thread32Next(hThreadSnap, &te32));
// Don't forget to clean up the snapshot object.
CloseHandle(hThreadSnap);
return (TRUE);
}
void printError(TCHAR* msg)
{
DWORD eNum;
TCHAR sysMsg[256];
TCHAR* p;
eNum = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, eNum, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
sysMsg, 256, NULL);
// Trim the end of the line and terminate it with a null
p = sysMsg;
while ((*p > 31) || (*p == 9))
++p;
do { *p-- = 0; }
while ((p >= sysMsg) && ((*p == '.') || (*p < 33)));
// Display the message
printf("\n WARNING: %S failed with error %u (%S)\n", msg, eNum, sysMsg);
}
Output example:
*********************************
List of process & their info...
*********************************
===========================================================
PROCESS NAME: [System Process]
-----------------------------------------------------------
WARNING: OpenProcess() failed with error 87 (The parameter is incorrect)
Name of the exe = [System Process]
Parent process ID = 0
Process ID = 0
Thread count = 2
Priority Base = 0
*****************************************
List of process module & their info...
*****************************************
MODULE NAME: cplus.exe
executable = F:\vc2005project\cplus\debug\cplus.exe
process ID = 2260
ref count (g) = 65535
ref count (p) = 65535
base address = 00400000
base size = 110592
MODULE NAME: ntdll.dll
executable = C:\WINDOWS\system32\ntdll.dll
process ID = 2260
ref count (g) = 65535
ref count (p) = 65535
base address = 7C900000
base size = 720896
[TRIMMED]
MODULE NAME: msvcrt.dll
executable = C:\WINDOWS\system32\msvcrt.dll
process ID = 2260
ref count (g) = 65535
ref count (p) = 65535
base address = 77C10000
base size = 360448
*****************************************
List of process thread & their info...
*****************************************