Getting the detail information of the Windows OS processes

Compiler: Visual C++ Express Edition 2005

Compiled on Platform: Windows Xp Pro SP2

Target platform: none, just for learning and fun

Header file: Standard and Windows

Additional library: Windows Platform SDK

Additional project setting: Set project to be compiled as C

Project -> your_project_name Properties -> Configuration Properties -> C/C++ -> Advanced -> Compiled As: Compiled as C Code (/TC)

Other info: non-CLR or unmanaged. Need to add psapi.lib (psapi.dll) to the project. Click the Project menu->Select the your_project_name Properties... sub menu->Expand the Configuration Properties folder on the left pane->Expand the Linker subfolder->Select the Input subfolder->Select the Additional Dependencies field on the right pane->Click the ... at the end of the field->Type in 'psapi.lib' in the empty pane->Click the OK button->Click the OK button second time to close the project Properties dialog.

To do: Getting the detail information of the Windows processes

To show: The various Windows CRT threads and processes functions

// For WinXp as a target, change accordingly...

#define _WIN32_WINNT 0x0501

#include <windows.h>

#include <stdio.h>

#include <psapi.h>

void PrintModules(DWORD processID)

{

HMODULE hMods[1024];

HANDLE hProcess;

DWORD cbNeeded;

unsigned int i;

// Print the process identifier.

printf("\nProcess ID: %u\n", processID);

// Get a list of all the modules in this process.

hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID);

if (hProcess == NULL)

return;

if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))

{

for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)

{

TCHAR szModPathName[MAX_PATH];

// Get the full path to the module's file.

if (GetModuleFileNameEx(hProcess, hMods[i], szModPathName, sizeof(szModPathName)))

{

// Print the module name and handle value. Use %ls or %S for unicode or wide character

printf("\t%S (0x%p)\n", szModPathName, hMods[i]);

}

else

printf("GetModuleFileNameEx() failed!.\n");

}

}

CloseHandle(hProcess);

}

int main(void)

{

// Get the list of process identifiers.

DWORD aProcesses[2048], cbNeeded, cProcesses;

unsigned int i;

printf("Listing all the process's module...\n");

// If fail...

if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))

printf("EnumProcesses() failed!.\n");

else

printf("EnumProcesses() is OK!.\n");

// Calculate how many process identifiers were returned.

cProcesses = cbNeeded / sizeof(DWORD);

// Print the name of the modules for each process.

for (i = 0; i < cProcesses; i++)

PrintModules(aProcesses[i]);

return 0;

}

Output example:

Process ID: 3568

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE (0x01000000)

C:\WINDOWS\system32\ntdll.dll (0x7C900000)

C:\WINDOWS\system32\kernel32.dll (0x7C800000)

C:\WINDOWS\system32\MFC42u.DLL (0x72830000)

C:\WINDOWS\system32\msvcrt.dll (0x77C10000)

C:\WINDOWS\system32\GDI32.dll (0x77F10000)

C:\WINDOWS\system32\USER32.dll (0x77D40000)

C:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000)

C:\WINDOWS\system32\RPCRT4.dll (0x77E70000)

C:\WINDOWS\system32\comdlg32.dll (0x763B0000)

C:\WINDOWS\system32\SHLWAPI.dll (0x77F60000)

...

[TRIMMED]

...

C:\WINDOWS\ime\sptip.dll (0x5C2C0000)

C:\WINDOWS\system32\OLEACC.dll (0x74C80000)

C:\WINDOWS\system32\MSVCP60.dll (0x76080000)

C:\WINDOWS\IME\SPGRMR.DLL (0x20000000)