Click here to Skip to main content
Click here to Skip to main content

System Scanner

, 2 Dec 2005
Rate this:
Please Sign up or sign in to vote.
This application allows you to get more information about the processes running in your system.

Introduction

Task manager is quite invaluable when it comes to system programming. Rogue thread appeared here, and process ID needed there… All this and even more can be tracked using the task manager with ease. What the task manager severely lacked (in my opinion) was an ability to fetch more specific info about the processes like the IDs of all the threads, handles to DLLs, ability to suspend specific threads of a specific process and, finally, an ability to view the process’ virtual memory.

The project was originally started as part of my diploma work and, after receiving yay-we-lacked-that's from my teachers, I decided to share it with more people.

The program still lacks some planned features (like an ability to attach hooks to the processes), which I am planning to add in future.

Overview

When you start a program you are shown the main window which shows all the currently running processes in your system, the number of threads per process and the executable path. The status bar will show you the overall number of running processes. The list will be updated every 5 seconds (by default) but you can change that in the main menu. Pressing Enter will force the update of the list.

From the main menu you can force update the process list and enter Options where you can customize the refresh time, turn hot track on\off (on by default) and customize the colors of the memory regions in the virtual memory map (more on this later).

Right-clicking on any of these processes (except System Idle) will bring up the context menu which will uncover all the features of the program. Here you can get information about the process’ threads, DLLs, virtual memory, set process’ priority or kill it all together.

DLL info

Here you can either view the general information (path, handle, size, base address) or disassembly the information (Note: Requires DUMPBIN.EXE, LINK.EXE, MSDIS110.DLL, MSPDB60.DLL and mspdb71.dll to be in the program directory).

Thread info

This dialog will show you a list of thread IDs (primary thread is the top one) and will grant you the ability to terminate, suspend, resume or set thread priority. Also it will show you the ID of the owning process and suspend the count.

Set priority and terminate process

These work similar to the task manager ones. Note that messing with system processes can result in something nasty.

Virtual memory

This submenu reveals the core of the whole program. From here you can either dump virtual memory or draw a memory map.

Dumping virtual memory

Selecting this menu option will bring up another dialog, containing text information about all the memory regions. Pressing Enter will refresh the list, double-clicking will bring up the dialog showing the content of the specific memory region.

Drawing the map of virtual memory

This menu option will bring up the dialog with the map of the process’ virtual memory. While it is similar to the functionality of memory dumping it provides a more visual view on your (or not) virtual memory. From the menu you can either refresh the map or select two options of drawing the map, either by state (free, committed, reserved) or by type (image, private, mapped).

Every sector corresponds to one memory region. The color will vary depending on the state or type and can be changed in the main window menu.

Single clicking on the region will bring up the Tooltip providing the information that you’ve seen in the memory dump dialog. That information will also be copied to your clipboard. Clicking on the free area will bring up the Tooltip with the overall number of regions (info will also be copied to your clipboard). Double-clicking on the region will bring up the dialog showing its content just like with the memory dump dialog.

If the map won’t fit the screen – simply resize it. Automatic resizing and region scaling were not implemented due to some odd and crazy bugs I encountered.

This covers all the functions of the featured program. Note that administrative access is preferred because then you will get more control over the processes (obviously). The program was not tested on normal user accounts so I am not aware of any possible bugs when using it.

Other resources used

Additional notes

The project was developed using Visual Studio .NET 2003 and is not compatible with previous versions of VS (this doesn't apply to the overall program functionality, but to the ability to compile the code).

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Alex Orovetskiy

Ukraine Ukraine
No Biography provided

Comments and Discussions

 
GeneralBuilding with VC++ 2010 PinmemberSfufa5-Apr-11 15:11 
GeneralRe: Building with VC++ 2010 PinmemberDave Myers5-Dec-11 4:06 
GeneralWounderful !!!! Pinmemberdudhaniss23-Oct-07 23:29 
Generalvery Wounderful !!!! Pinmembereleven101212-Oct-08 2:40 
QuestionHow can I delete a specfic dll? PinmemberMr.Ahn5-Jul-06 3:32 
Generalsuggestions PinmemberTsunamis29-Mar-06 22:36 
GeneralRe: suggestions PinmemberAlex Orovetskiy29-Mar-06 22:44 
GeneralRe: suggestions PinmemberTsunamis29-Mar-06 23:54 
Questionkernel vs user virtual memory? PinmemberPerry216-Mar-06 6:17 
AnswerRe: kernel vs user virtual memory? PinmemberAlex Orovetskiy16-Mar-06 7:19 
GeneralAdded virtual memory columns PinmemberPerry216-Mar-06 6:01 
GeneralRe: Added virtual memory columns PinmemberAlex Orovetskiy16-Mar-06 7:17 
GeneralRe: Added virtual memory columns PinmemberPerry216-Mar-06 7:55 
GeneralI hate to be the first one to mention this... PinmemberThe_Mega_ZZTer11-Dec-05 16:39 
GeneralRe: I hate to be the first one to mention this... PinmemberAlex Orovetskiy11-Dec-05 19:07 
GeneralRe: I hate to be the first one to mention this... PinmemberPerry216-Mar-06 4:37 
GeneralRe: I hate to be the first one to mention this... PinmemberAlex Orovetskiy16-Mar-06 7:13 
Generalgood PinmemberAlexander Arhipenko7-Dec-05 21:52 
GeneralRe: good PinmemberAlex Orovetskiy8-Dec-05 3:01 
GeneralSysinternals ProcessExplorer Pinmemberowillebo4-Dec-05 22:18 
GeneralRe: Sysinternals ProcessExplorer PinmemberAlex Orovetskiy5-Dec-05 4:43 
GeneralRe: Sysinternals ProcessExplorer PinmemberAlex Orovetskiy5-Dec-05 7:39 
QuestionComments ? Suggestions ? Bug reports ? PinmemberAlex Orovetskiy2-Dec-05 23:49 
AnswerRe: Comments ? Suggestions ? Bug reports ? PinmemberPepsibot28-Oct-07 18:06 
GeneralExcellent Tool PinmemberDerMeister2-Dec-05 23:48 
GeneralRe: Excellent Tool PinmemberAlex Orovetskiy3-Dec-05 0:07 
GeneralFiles are up PinmemberAlex Orovetskiy2-Dec-05 8:35 
GeneralEnvironment Compatibility PinmemberBlake Miller2-Dec-05 6:10 
GeneralRe: Environment Compatibility PinmemberAlex Orovetskiy2-Dec-05 6:16 
Questionpicture not visible? PinmemberHarold Bamford2-Dec-05 5:49 
AnswerRe: picture not visible? PinmemberAlex Orovetskiy2-Dec-05 6:10 
GeneralRe: picture not visible? PinmemberHarold Bamford2-Dec-05 6:14 
GeneralRe: picture not visible? PinmemberAlex Orovetskiy2-Dec-05 6:19 
GeneralRe: picture not visible? PinmemberHarold Bamford2-Dec-05 6:53 
GeneralRe: picture not visible? PinmemberAlex Orovetskiy2-Dec-05 7:01 
GeneralRe: picture not visible? PinmemberAlex Orovetskiy2-Dec-05 7:30 
GeneralRe: picture not visible? PinmemberHarold Bamford6-Dec-05 7:08 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web01 | 2.8.140814.1 | Last Updated 2 Dec 2005
Article Copyright 2005 by Alex Orovetskiy
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid