Archived

This topic is now archived and is closed to further replies.

Sander

getting windows processes path and information

Recommended Posts

I am trying to create a simple windows app that lists all the running processes and gives some information about it. I have got the basics covered but now I want to retreive some extra information. Unfortunately, I don''t know how. I am using the ToolHelper32 API to retreive the process information. When I get the process'' name under Win95 or Win98, it gives me the full path to the process'' executable. Under Win2K and WinXP, it only gives the executable name, not the full path. Is there any way I can get the full path under 2K or XP without using the PSAPI (I don''t have it. I''m writing it on Win98)? Also, is there anyway to get all the good information about a running process, such as AdAware shows you for each process (full name, version number, manufacturer, last update, creation date, etcetera, etcetera). Thanks a bunch!
Lone Wolves Game Development Sander Maréchal [Lone Wolves][Game Developers Emporium][E-mail] [Hosting $7,95/mo][Forum FAQ][Google]

Share this post


Link to post
Share on other sites
You have to dig into the Native API to retrieve this information, which means it''s a different process for 9x from NT/2k/XP. I think they may have added an API to do this, but it''s either XP (or maybe 2k3 Server, or Longhorn) or later.


//NT Native API Calls

#pragma once

namespace MKH
{
namespace NativeNT
{
BOOL EnumProcessHandles(HANDLE* handleAr, DWORD* pdwBytes);

/*
typedef struct _CLIENT_ID
{
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID,PCLIENT_ID;

struct SystemThreadInfo
{
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
LONG Priority;
LONG BasePriority;
ULONG ContextSwitches;
ULONG ThreadState;
ULONG WaitReason;
};


typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;

struct SystemProcessInfo
{
ULONG NextEntryOffset;
ULONG NumberOfThreads;
LARGE_INTEGER SpareLi1;
LARGE_INTEGER SpareLi2;
LARGE_INTEGER SpareLi3;
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ImageName;
LONG BasePriority;
HANDLE UniqueProcessId;
HANDLE InheritedFromUniqueProcessId;
ULONG HandleCount;
ULONG SpareUl2;
ULONG SpareUl3;
ULONG PeakVirtualSize;
ULONG VirtualSize;
ULONG PageFaultCount;
ULONG PeakWorkingSetSize;
ULONG WorkingSetSize;
ULONG QuotaPeakPagedPoolUsage;
ULONG QuotaPagedPoolUsage;
ULONG QuotaPeakNonPagedPoolUsage;
ULONG QuotaNonPagedPoolUsage;
ULONG PagefileUsage;
ULONG PeakPagefileUsage;
ULONG PrivatePageCount;
SystemThreadInfo TH[1];
};
//*/


}//ns NativeNT

}//ns MKH




#include "stdafx.h"
#include "Native API.h"

namespace MKH
{
namespace NativeNT
{
enum SYSTEM_INFORMATION_CLASS
{
SystemBasicInformation,
SystemProcessorInformation, // obsolete...delete

SystemPerformanceInformation,
SystemTimeOfDayInformation,
SystemPathInformation,
SystemProcessInformation,
SystemCallCountInformation,
SystemDeviceInformation,
SystemProcessorPerformanceInformation,
SystemFlagsInformation,
SystemCallTimeInformation,
SystemModuleInformation,
SystemLocksInformation,
SystemStackTraceInformation,
SystemPagedPoolInformation,
SystemNonPagedPoolInformation,
SystemHandleInformation,
SystemObjectInformation,
SystemPageFileInformation,
SystemVdmInstemulInformation,
SystemVdmBopInformation,
SystemFileCacheInformation,
SystemPoolTagInformation,
SystemInterruptInformation,
SystemDpcBehaviorInformation,
SystemFullMemoryInformation,
SystemLoadGdiDriverInformation,
SystemUnloadGdiDriverInformation,
SystemTimeAdjustmentInformation,
SystemSummaryMemoryInformation,
SystemNextEventIdInformation,
SystemEventIdsInformation,
SystemCrashDumpInformation,
SystemExceptionInformation,
SystemCrashDumpStateInformation,
SystemKernelDebuggerInformation,
SystemContextSwitchInformation,
SystemRegistryQuotaInformation,
SystemExtendServiceTableInformation,
SystemPrioritySeperation,
SystemPlugPlayBusInformation,
SystemDockInformation,
SystemPowerInformation,
SystemProcessorSpeedInformation,
SystemCurrentTimeZoneInformation,
SystemLookasideInformation
};

//__declspec(dllimport)

typedef UINT (__stdcall* pNtQuerySystemInformation)(SYSTEM_INFORMATION_CLASS, void* pSystemInformation, DWORD SystemInformationLength, DWORD* pReturnLength);
pNtQuerySystemInformation NtQuerySystemInformation;

struct HandleInfo
{
USHORT dwPid;
USHORT CreatorBackTraceIndex;
BYTE ObjType;
BYTE HandleAttributes;
USHORT HndlOffset;
DWORD dwKeObject;
ULONG GrantedAccess;
};

HMODULE g_hNTDll(0);

struct CInit
{
CInit()
{
g_hNTDll = LoadLibrary(_T("NTDll.dll"));
if(g_hNTDll)
{
NtQuerySystemInformation = (pNtQuerySystemInformation)GetProcAddress(g_hNTDll, "NtQuerySystemInformation");
}
}
~CInit()
{
if(g_hNTDll)
{
FreeLibrary(g_hNTDll);
g_hNTDll=0;
}
}
} _Init;

BOOL EnumProcessHandles(HANDLE* handleAr, DWORD* pdwBytes)
{
__int8* buffer=0;
DWORD cBytes = -1;
DWORD dwError = GetLastError();
char szTemp[128];
NtQuerySystemInformation(SystemHandleInformation, szTemp, 128, &cBytes);
buffer = new __int8[cBytes+1024];
__try
{
if(!NtQuerySystemInformation(SystemHandleInformation, buffer, cBytes+1024, &cBytes))
{
dwError = GetLastError();
DWORD dwPID = GetCurrentProcessId();
DWORD dwHandles = *(DWORD*)buffer;
HandleInfo* Handle = (HandleInfo*)(buffer+4);

DWORD idx,i;
DWORD n(0);
for(i=0; i<dwHandles; i++)
if(dwPID==Handle[i].dwPid)
++n;

DWORD cBytes = sizeof(HANDLE)*n;
if(*pdwBytes>=cBytes)
{//Enough room

for(idx=0, i=0; idx<n; i++)
{
if(dwPID==Handle[i].dwPid)
{
handleAr[idx] = (HANDLE)Handle[i].HndlOffset;
++idx;
}
}
*pdwBytes=cBytes;
return -1;
}
else
{//Need more room

*pdwBytes=cBytes;
return 0;
}
}
else
return 0;
}
__finally
{
delete[] buffer;
}

_asm{int 3}
return(0);//never hit, here to make compiler shutup

}

}//ns NativeNT

}//ns MKH

Share this post


Link to post
Share on other sites