Click here to Skip to main content
15,860,972 members
Articles / Desktop Programming / MFC
Article

Process, Module and Thread enumeration classes

Rate me:
Please Sign up or sign in to vote.
4.21/5 (9 votes)
15 May 2002Ms-PL3 min read 168.5K   5.4K   45   29
3 simple classes for easy retrival of running processes, modules and threads

Sample Image - w32process.jpg

Introduction

Did you ever wonder how the Windows Taskmanager was implemented? Well, here are 3 classes to start with. The classes implement the enumeration of all running processes, all loaded modules (executables and dynamically loaded libraries) and also all threads.

The classes are derived from the MFC class CArray or the STL template class stl::vector. The STL implementation does not need any MFC components but supports the most commonly used CArray functions (GetSize(), RemoveAll(), operator[], GetAt()), so it can be used wherever a CArray is used. You can enable the STL implementation by defining the symbol USE_STL in the preprocessor settings.

The header file will automatically instruct the linker to use the appropriate lib files. All classes make use of the Toolhelper Library and the Process Status Helper in psapi.lib. You can find the whole documentation on MSDN.

Please note: you must have the Platform SDK installed in order to use PSAPI. More information on using Toolhelp and PSAPI can be found here

The classes are far from being complete, there is lot of space for improvements. A commercial application would need to delve a bit deeper into the security related aspects of process handling but this is out of the scope of this article.

Enumerating Processes

With the CProcessList class you get the complete set of running processes. The class provides you with all necessary information on all processes.

// lets get a list of all processes
CProcessList pl;
for(int i = 0; i < pl.GetSize(); ++i)
    TRACE("Process %s has %i threads\n", pl[i].szModule, pl[i].pe32.cntThreads);

CProcessList derives from

CArray<PROCESS_INFORMATION_EX, PROCESS_INFORMATION_EX> 
 (
or stl::vector<PROCESS_INFORMATION_EX>). PROCESS_INFORMATION_EX is roughly defined as

typedef struct _PROCESS_INFORMATION_EX
{
... some ctors...
    PROCESSENTRY32 pe32;                            // see tlhelp32.h
    PSID           pSid;                            // contains the owning user SID
    TCHAR          szModule[MAX_MODULE_NAME32 + 1]; // translated path+modulename
} PROCESS_INFORMATION_EX;

The biggest part of information comes from the PROCESSENTRY32 structure defined in tlhelp32.h. Also included are the SID of the user owning the process and the real name of the module which contains the code for this process.

The pSid member can easily be used to retrieve the full name and domain of the user:

SID_NAME_USE  use;
DWORD         dwName = 256;
DWORD         dwDomain = 256;
TCHAR         uname[256];
TCHAR         udomain[256];

if(LookupAccountSid(NULL, pl[i].pSid, &uname[0], &dwName, &udomain[0], &dwDomain, &use))
{
    TRACE("%s\\%s", &udomain[0], &uname[0]);
}

Note: For a commercial application you will need a bit more code, but for home use and demonstration this is sufficient.

The destructor of CProcessList takes care of correctly freeing all allocated memory. Just be aware that the SID cant be copied like a structure. See the w32process.h file for more information.

To exclude processes to which you don't have access because you don't have sufficient privileges (system processes) you can use the optional boolean parameter in the constructor of the class.

Enumerating Modules

Since most processes make use of many different modules there is also a class to enumerate these. CModuleList is also derived from one of the collection template classes CArray or vector containing the MODULEENTRY32 structure defined in tlhelp32.h. Its basically just a wrapper around the structure.

When you pass a process ID to the constructor it will enumerate all loaded(!) modules used by the given process. The default constructor enumerates the modules of the current process.

Please be aware that the module list may change during the lifetime of the process because the process may dynamically load and unload DLL's. If you want accurate results you must create a instance of CModuleList and immediately use it.

Enumerating Threads

The CThreadList class is the last of the classes in w32process.h and is, like the others, derived from the collection templates CArray or vector. It implements the THREAD_INFORMATION_EX structure which is defined as:

typedef struct _THREAD_INFORMATION_EX
{
... some ctors...
    THREADENTRY32 te32;   // see tlhelp32.h
    CONTEXT       ctx;    // see winnt.h
} THREAD_INFORMATION_EX;

The constructor takes 2 arguments: the process ID and a optional boolean. If the process ID is 0 it enumerates the threads of the current process. If the boolean parameter is true, the ctx member will be filled in with the threads context information. This is rather specific information so it is excluded by default.

Important to note is that if you need context information, the class must temporarily suspend each thread to obtain the context information.

Sample Application

The sample application represents a simple process list, showing basic process information. When you select a process, you can view the processes modules and threads.

Compatibility

All classes are fully MBCS/Unicode enabled and can be used either MFC CArray derived or STL vector derived. Written, compiled and tested under VC7 but should also compile with VC6 and below. The sample application comes with STL, MFC and UNICODE configurations.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)


Written By
Software Developer (Senior)
Portugal Portugal
Software Smith, Blacksmith, Repeat Founder, Austrian, Asgardian.

Comments and Discussions

 
GeneralRuntime error on VS2008 Pin
progopis1-Oct-10 11:57
progopis1-Oct-10 11:57 
QuestionProcess Handles Pin
Captain 247-Sep-09 23:53
Captain 247-Sep-09 23:53 
GeneralMemory Leak 28Byte... Pin
scroll011-Jul-05 14:13
scroll011-Jul-05 14:13 
GeneralMemory leak Pin
d.barile29-May-05 23:43
professionald.barile29-May-05 23:43 
GeneralNot work with Win98 Pin
Anonymous20-Jan-05 17:52
Anonymous20-Jan-05 17:52 
GeneralWinMgr adaptations Pin
Mike Wild21-Oct-04 1:07
Mike Wild21-Oct-04 1:07 
Generalcan't include Psapi.h Pin
RabiaRabia13-Jun-04 23:36
RabiaRabia13-Jun-04 23:36 
GeneralRe: can't include Psapi.h Pin
sokrat3s20-Jun-04 20:11
sokrat3s20-Jun-04 20:11 
GeneralRe: can't include Psapi.h Pin
Sharath Mandya20-Apr-05 1:44
Sharath Mandya20-Apr-05 1:44 
GeneralProcess, Module and Thread enumeration classes Pin
kurnaziso15-Jul-03 9:12
kurnaziso15-Jul-03 9:12 
GeneralRe: Process, Module and Thread enumeration classes Pin
mak_hak22-Nov-03 14:32
mak_hak22-Nov-03 14:32 
GeneralRe: Process, Module and Thread enumeration classes Pin
Andreas Saurwein22-Nov-03 17:57
Andreas Saurwein22-Nov-03 17:57 
QuestionI can't find the function &quot;GetProcessImageFileName&quot; in MSDN, where is it? Pin
xgs2-Jun-03 0:21
xgs2-Jun-03 0:21 
GeneralRetrieving process version Pin
Black ghost2-Oct-02 21:35
Black ghost2-Oct-02 21:35 
GeneralRe: Retrieving process version Pin
Andreas Saurwein4-Oct-02 0:28
Andreas Saurwein4-Oct-02 0:28 
Generalno toolhelp support under NT4 Pin
22-May-02 7:50
suss22-May-02 7:50 
GeneralRe: no toolhelp support under NT4 Pin
Andreas Saurwein22-May-02 11:14
Andreas Saurwein22-May-02 11:14 
GeneralUpdated sources Pin
Andreas Saurwein15-May-02 22:27
Andreas Saurwein15-May-02 22:27 
GeneralRe: Updated sources Pin
guru_upya9-Jan-03 8:45
guru_upya9-Jan-03 8:45 
GeneralCD_clint.dll Pin
15-May-02 4:59
suss15-May-02 4:59 
GeneralRe: CD_clint.dll Pin
Andreas Saurwein15-May-02 13:30
Andreas Saurwein15-May-02 13:30 
QuestionWhy you can't to implement more flexible classes? Pin
Alex Cramer15-May-02 1:11
Alex Cramer15-May-02 1:11 
AnswerRe: Why you can't to implement more flexible classes? Pin
Andreas Saurwein15-May-02 2:40
Andreas Saurwein15-May-02 2:40 
GeneralRe: Why you can't to implement more flexible classes? Pin
Lekrot13-Jul-10 16:46
Lekrot13-Jul-10 16:46 
GeneralRe: Why you can't to implement more flexible classes? Pin
Andreas Saurwein14-Jul-10 2:46
Andreas Saurwein14-Jul-10 2:46 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.