Click here to Skip to main content
Click here to Skip to main content
Go to top

Process, Module and Thread enumeration classes

, 15 May 2002
Rate this:
Please Sign up or sign in to vote.
3 simple classes for easy retrival of running processes, modules and threads

Sample Image - w32process.jpg

Introduction

Did you ever wonder how the Windows Taskmanager was implemented? Well, here are 3 classes to start with. The classes implement the enumeration of all running processes, all loaded modules (executables and dynamically loaded libraries) and also all threads.

The classes are derived from the MFC class CArray or the STL template class stl::vector. The STL implementation does not need any MFC components but supports the most commonly used CArray functions (GetSize(), RemoveAll(), operator[], GetAt()), so it can be used wherever a CArray is used. You can enable the STL implementation by defining the symbol USE_STL in the preprocessor settings.

The header file will automatically instruct the linker to use the appropriate lib files. All classes make use of the Toolhelper Library and the Process Status Helper in psapi.lib. You can find the whole documentation on MSDN.

Please note: you must have the Platform SDK installed in order to use PSAPI. More information on using Toolhelp and PSAPI can be found here

The classes are far from being complete, there is lot of space for improvements. A commercial application would need to delve a bit deeper into the security related aspects of process handling but this is out of the scope of this article.

Enumerating Processes

With the CProcessList class you get the complete set of running processes. The class provides you with all necessary information on all processes.

// lets get a list of all processes
CProcessList pl;
for(int i = 0; i < pl.GetSize(); ++i)
    TRACE("Process %s has %i threads\n", pl[i].szModule, pl[i].pe32.cntThreads);

CProcessList derives from CArray<PROCESS_INFORMATION_EX, PROCESS_INFORMATION_EX> (or stl::vector<PROCESS_INFORMATION_EX>). PROCESS_INFORMATION_EX is roughly defined as

typedef struct _PROCESS_INFORMATION_EX
{
... some ctors...
    PROCESSENTRY32 pe32;                            // see tlhelp32.h
    PSID           pSid;                            // contains the owning user SID
    TCHAR          szModule[MAX_MODULE_NAME32 + 1]; // translated path+modulename
} PROCESS_INFORMATION_EX;

The biggest part of information comes from the PROCESSENTRY32 structure defined in tlhelp32.h. Also included are the SID of the user owning the process and the real name of the module which contains the code for this process.

The pSid member can easily be used to retrieve the full name and domain of the user:

SID_NAME_USE  use;
DWORD         dwName = 256;
DWORD         dwDomain = 256;
TCHAR         uname[256];
TCHAR         udomain[256];

if(LookupAccountSid(NULL, pl[i].pSid, &uname[0], &dwName, &udomain[0], &dwDomain, &use))
{
    TRACE("%s\\%s", &udomain[0], &uname[0]);
}

Note: For a commercial application you will need a bit more code, but for home use and demonstration this is sufficient.

The destructor of CProcessList takes care of correctly freeing all allocated memory. Just be aware that the SID cant be copied like a structure. See the w32process.h file for more information.

To exclude processes to which you don't have access because you don't have sufficient privileges (system processes) you can use the optional boolean parameter in the constructor of the class.

Enumerating Modules

Since most processes make use of many different modules there is also a class to enumerate these. CModuleList is also derived from one of the collection template classes CArray or vector containing the MODULEENTRY32 structure defined in tlhelp32.h. Its basically just a wrapper around the structure.

When you pass a process ID to the constructor it will enumerate all loaded(!) modules used by the given process. The default constructor enumerates the modules of the current process.

Please be aware that the module list may change during the lifetime of the process because the process may dynamically load and unload DLL's. If you want accurate results you must create a instance of CModuleList and immediately use it.

Enumerating Threads

The CThreadList class is the last of the classes in w32process.h and is, like the others, derived from the collection templates CArray or vector. It implements the THREAD_INFORMATION_EX structure which is defined as:

typedef struct _THREAD_INFORMATION_EX
{
... some ctors...
    THREADENTRY32 te32;   // see tlhelp32.h
    CONTEXT       ctx;    // see winnt.h
} THREAD_INFORMATION_EX;

The constructor takes 2 arguments: the process ID and a optional boolean. If the process ID is 0 it enumerates the threads of the current process. If the boolean parameter is true, the ctx member will be filled in with the threads context information. This is rather specific information so it is excluded by default.

Important to note is that if you need context information, the class must temporarily suspend each thread to obtain the context information.

Sample Application

The sample application represents a simple process list, showing basic process information. When you select a process, you can view the processes modules and threads.

Compatibility

All classes are fully MBCS/Unicode enabled and can be used either MFC CArray derived or STL vector derived. Written, compiled and tested under VC7 but should also compile with VC6 and below. The sample application comes with STL, MFC and UNICODE configurations.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)

Share

About the Author

No Biography provided

Comments and Discussions

 
GeneralRuntime error on VS2008 Pinmemberprogopis1-Oct-10 11:57 
QuestionProcess Handles PinmemberCaptain 247-Sep-09 23:53 
GeneralMemory Leak 28Byte... Pinsussscroll011-Jul-05 14:13 
GeneralMemory leak Pinmemberd.barile29-May-05 23:43 
GeneralNot work with Win98 PinsussAnonymous20-Jan-05 17:52 
GeneralWinMgr adaptations PinmemberMike Wild21-Oct-04 1:07 
Generalcan't include Psapi.h PinmemberRabiaRabia13-Jun-04 23:36 
GeneralRe: can't include Psapi.h Pinmembersokrat3s20-Jun-04 20:11 
GeneralRe: can't include Psapi.h PinmemberSharath Mandya20-Apr-05 1:44 
GeneralProcess, Module and Thread enumeration classes Pinmemberkurnaziso15-Jul-03 9:12 
GeneralRe: Process, Module and Thread enumeration classes Pinmembermak_hak22-Nov-03 14:32 
yeah...i have the same problem too....i have the SDK so i have no prob with psapi....
 
i have pretty much the same errors.....
 
and i cannot tell what is wrong....any help?
GeneralRe: Process, Module and Thread enumeration classes PinmemberSaurweinAndreas22-Nov-03 17:57 
QuestionI can't find the function &quot;GetProcessImageFileName&quot; in MSDN, where is it? Pinmemberxgs2-Jun-03 0:21 
GeneralRetrieving process version PinmemberBlack ghost2-Oct-02 21:35 
GeneralRe: Retrieving process version PinmemberAndreas Saurwein4-Oct-02 0:28 
Generalno toolhelp support under NT4 PinmemberAnonymous22-May-02 7:50 
GeneralRe: no toolhelp support under NT4 PinmemberAndreas Saurwein22-May-02 11:14 
GeneralUpdated sources PinmemberAndreas Saurwein15-May-02 22:27 
GeneralRe: Updated sources Pinmemberguru_upya9-Jan-03 8:45 
GeneralCD_clint.dll PinmemberAnonymous15-May-02 4:59 
GeneralRe: CD_clint.dll PinmemberAndreas Saurwein15-May-02 13:30 
QuestionWhy you can't to implement more flexible classes? PinmemberADK15-May-02 1:11 
AnswerRe: Why you can't to implement more flexible classes? PinmemberAndreas Saurwein15-May-02 2:40 
GeneralRe: Why you can't to implement more flexible classes? PinmemberFlying Spaghetti Monster13-Jul-10 16:46 
GeneralRe: Why you can't to implement more flexible classes? PinmemberAndreas Saurwein Franci Gonçalves14-Jul-10 2:46 
GeneralError:Cannot open include file: 'psapi.h': No such file or directory PinmemberAnonymous14-May-02 14:48 
GeneralRe: Error:Cannot open include file: 'psapi.h': No such file or directory PinmemberAndreas Saurwein14-May-02 21:10 
GeneralRe: Error:Cannot open include file: 'psapi.h': No such file or directory Pinmemberzl15-May-02 1:17 
GeneralRe: Error:Cannot open include file: 'psapi.h': No such file or directory PinmemberAndreas Saurwein15-May-02 2:44 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web02 | 2.8.140905.1 | Last Updated 16 May 2002
Article Copyright 2002 by Andreas S. Franci Gonçalves
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid