Process viewer

Download ProcViewer.zip - 195.9 KB
Download Exe ProcessViewer.zip - 118.1 KB

Options Dialog

Privilege Manager Dialog

Introduction

A utility application that lists out all the processes that are running in a system along with dll's loaded by them and also displays path of dll's loaded, their load addresses, dll base, image size and per process information.

Features of this tool

1. Display's all loaded dll's of a process
   • Symbols in each dll, you click on any of them
     • Index
     • Name
     • Address
     • Size
   • Version of each dll
   • Description of dll
   • Company name
   • View each dll with dependency walker if dependency viewing is enabled
   • Full module path, i.e. from where is it loaded?
   • Load address
   • Entry point
   • Image size
   • Load order
2. Display's all drivers loaded in the system if you click on main kernel process
3. Process id's
4. Process owner
5. Process command line
6. Process auto startup information
7. Type of application, i.e. whether application is a console, windows or ms-dos app.
8. Process priority
9. GUI resource usage statistics ( Will be expanded in future version )
10. Size of each process
11. Symbols in each process
12. Window details if any
    • Displays windows in it's proper hierarchy i.e. all child windows of a parent window come under it's node.
    • Text or caption
    • HWND
    • Window proc
    • Icon if any
    • Cursor
    • Class of window, i.e Toolbarwindow32 for a toolbar.
    • Thread that owns the window
    • State of window, i.e Maximized, minimized, restored, or invisible
    • Bounds of window
    • ID of window
    • Parent window HWND
    • Class style of window
    • Window styles
    • All child windows for a window displayed hierarchically
13. Process times
    • Creation time
    • Exit time, i.e. kill a process and then you this time get's updated
    • Kernel mode time, how much of kernel time is used
    • User mode time
14. File times
    • Creation time
    • Last accessed on
    • Last written on
15. IO Counters
    • Input and output counter values
16. Memory details, page fault count etc
17. Version of process, you get some information also as a tooltip
18. Privileges of a process along with a privilege manager
19. Sorting of view
20. Switching of layout
21. Kill a process and kill all instances of a process
22. Search for a process or for a dll/driver loaded
23. Options dialog for switching off unwanted details
24. You have an about box. ;)
25. And an exit button too. ;))

Using the code

I used PSAPI functions provided by microsoft to enumerate the modules loaded by a process.

The API's used are

1. EnumProcesses -- To get all processes running in the system
2. EnumProcessModules -- To get all modules/dlls loaded by a process
3. GetModuleBaseName -- To get the base name of module... for eg: mydll.dll instead of C:\AnyLongPath\mydll.dll.
4. GetModuleFileNameEx -- To get the long path of a module
5. GetModuleInformation -- Retrieves information pertaining to a module
6. GetProcessMemoryInfo -- To get memory details of a process.
7. EnumDeviceDrivers -- Process with id 4(System) is the process which loads up the drivers, so we use this function to enumerate through these device drivers
8. GetDeviceDriverBaseName -- To get base name of a device driver
9. GetDeviceDriverFileName -- To get full path of a device driver
10. GetProcessTimes -- To get the amount of time each process has taken, when did it start, how much kernel mode, and user mode time has it taken.
11. SearchPath -- Searches PATH environment variable. Docs give a detailed description of the searching process that takes place.
12. GetFileVersionInfo -- For extracting version.
13. GetFileVersionInfoSize -- Size of version
14. VerQueryValue -- Query for version components. There is a class called FileVersionInfo written for this purpose. Lookup that class for more information on these version functions and how to use them.

This is the main function...

void GetProcessDetails()
{
   // Clear previous associated item data if any 


   ClearItemData();
   // Clear tree view 


   m_ctvProcess.DeleteAllItems(); 
   // Clear list view 


   m_clvProcessDetails.DeleteAllItems(); 
 
   #define MAX 10000
   DWORD dwSize = 0;
   DWORD dwProcIdentifiers[MAX] = { 0 };
   EnumProcesses( dwProcIdentifiers, sizeof( dwProcIdentifiers ), &dwSize );
  
   if( !dwSize )
   {
       return;
   }
 
   // Process count 


   dwSize /= sizeof( DWORD ); 
   HTREEITEM hItemRoot = m_ctvProcess.InsertItem( _T( "Process list" ), 60, 60 );
   TCHAR szName[MAX_PATH] = { 0 };
  
   for( DWORD dwIndex = 0; dwIndex < dwSize; ++ dwIndex )
   {
       HANDLE hProcModule = 
            OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 
                        FALSE, 
                        dwProcIdentifiers[dwIndex] );
       if( !hProcModule )
       {
           continue;
       }

       DWORD dwModuleSize = 0;
       HMODULE hModules[MAX] = { 0 };

       // Get all modules for a process 


       EnumProcessModules( hProcModule, 
                           hModules, 
                           sizeof( hModules ), 
                           &dwModuleSize );
       dwModuleSize /= sizeof( HMODULE );
       if( !dwModuleSize )
       {
          continue;
       }

       // Structure for storing process information 


       PPROC_INFO_t pstProcInfo = new PROC_INFO_t;
       if( !pstProcInfo )
       {
           return;
       }
 
       // Fill out process information 


       pstProcInfo->dwProcId = dwProcIdentifiers[dwIndex];
       GetModuleFileNameEx( hProcModule, hModules[0], szName, MAX_PATH ); 
       pstProcInfo->csFullPath = szName;
       GetModuleBaseName( hProcModule, hModules[0], szName, MAX_PATH );
       pstProcInfo->csBaseName = szName;

       // Get full path display status, if checked then we will display full path 


       const BOOL bFullPathChecked = 
       m_ToolBar.GetToolBarCtrl().IsButtonChecked( ID_OPTIONS_SHOWPATH ); 

       CString csProc;
       csProc.Format( _T( "%s, PID: %lu" ), 
              SCAST( LPCTSTR , 
               ( bFullPathChecked ? 
                 pstProcInfo->csFullPath : pstProcInfo->csBaseName )), 
              dwProcIdentifiers[dwIndex] );

       HTREEITEM hItem = m_ctvProcess.InsertItem( csProc, 20, 20, hItemRoot );
       m_ctvProcess.SetItemData( hItem, RCAST( DWORD, pstProcInfo ));

       // Process details 


       PROCESS_MEMORY_COUNTERS& pmcProcMemCounter = pstProcInfo->stpmcMemCounters;
       GetProcessMemoryInfo( hProcModule, 
                 &pmcProcMemCounter, 
                 sizeof( pmcProcMemCounter ));

       // Insert process memory related values 


       HTREEITEM hPInfoItem = m_ctvProcess.InsertItem( _T( "Details" ), 
                               7, 7, hItem );
       CString csTempStr;
       const int nIconIndex = 63;

       // Page fault count 


       csTempStr.Format( _T( "Page fault count: %lu" ), 
             pmcProcMemCounter.PageFaultCount );
       m_ctvProcess.InsertItem( csTempStr, nIconIndex, nIconIndex, hPInfoItem );

       // Page file usage 


       csTempStr.Format( _T( "Page file usage: %.02lf KB" ), 
             pmcProcMemCounter.PagefileUsage/1024.0f );
       m_ctvProcess.InsertItem( csTempStr, nIconIndex, nIconIndex, hPInfoItem );
       
       // Peak page file usage 


       csTempStr.Format( _T( "Peak page file usage: %.02lf KB" ), 
             pmcProcMemCounter.PeakPagefileUsage/1024.0f );
       m_ctvProcess.InsertItem( csTempStr, nIconIndex, nIconIndex, hPInfoItem );

       // Peak working set size 


       csTempStr.Format( _T( "Peak working set size: %.02lf KB" ), 
             pmcProcMemCounter.PeakWorkingSetSize/1024.0f );
       m_ctvProcess.InsertItem( csTempStr, nIconIndex, nIconIndex, hPInfoItem );

       // Quota non pages pool usage 


       csTempStr.Format( _T( "Quota non paged pool size: %.02lf KB" ), 
             pmcProcMemCounter.QuotaNonPagedPoolUsage/1024.0f );
       m_ctvProcess.InsertItem( csTempStr, nIconIndex, nIconIndex, hPInfoItem );

       // Quota pages pool usage 


       csTempStr.Format( _T( "Quota paged pool size: %.02lf KB" ), 
             pmcProcMemCounter.QuotaPagedPoolUsage/1024.0f );
       m_ctvProcess.InsertItem( csTempStr, nIconIndex, nIconIndex, hPInfoItem );
 
       // Quota peak non pages pool usage 


       csTempStr.Format( _T( "Quota peak non paged pool size: %.02lf KB" ), 
             pmcProcMemCounter.QuotaPeakNonPagedPoolUsage/1024.0f );
       m_ctvProcess.InsertItem( csTempStr, nIconIndex, nIconIndex, hPInfoItem );
 
       // Quota peak pages pool usage 


       csTempStr.Format( _T( "Quota peak paged pool size: %.02lf KB" ), 
             pmcProcMemCounter.QuotaPeakPagedPoolUsage/1024.0f );
       m_ctvProcess.InsertItem( csTempStr, nIconIndex, nIconIndex, hPInfoItem );
 
       // Working set size 


       csTempStr.Format( _T( "Working set size: %.02lf KB" ), 
             pmcProcMemCounter.WorkingSetSize/1024.0f );
       m_ctvProcess.InsertItem( csTempStr, nIconIndex, nIconIndex, hPInfoItem );
 
       // Prepare module list 


       PMODULEINFO_LIST_t* ppModuleInfo = &pstProcInfo->pstModuleInfoList;
       for( DWORD dwModIndex = 1; dwModIndex < dwModuleSize; ++ dwModIndex )
       {
            // Allocate new module 


            *ppModuleInfo = new MODULEINFO_LIST_t;;
            if( !*ppModuleInfo )
            {
                continue;
            }

            // Get module related information 


            GetModuleInformation( hProcModule, 
                  hModules[dwModIndex], 
                  &( *ppModuleInfo )->stmiModInfo, 
                  sizeof( MODULEINFO ));
 
            // Get full path of module 


            GetModuleFileNameEx( hProcModule, 
                 hModules[dwModIndex], 
                 szName, 
                 MAX_PATH );

            ( *ppModuleInfo )->csModuleFullPath = szName;

            // Get base name of module 


            GetModuleBaseName( hProcModule, 
                   hModules[dwModIndex], 
                               szName, 
                               MAX_PATH );
        ( *ppModuleInfo )->csModuleBaseName = szName;
 
            // Move forward 


            ppModuleInfo = &( *ppModuleInfo )->pstNextModuleInfo;

       }// End for 



       // Close process handle 


       CloseHandle( hProcModule );
    }// End for 



    // Expand root node


    m_ctvProcess.Expand( hItemRoot, TVE_EXPAND );
}

PSAPI Function usage

EnumProcesses:

// A large array of DWORDs for storing process ids of processes


DWORD dwProcIds[2048];
DWORD dwProcRunning = 0;
 
// Get all running processes


EnumProcesses( dwProcIds, sizeof( dwProcIds ) /sizeof( dwProcIds[0] ), 
               &dwNeeded );

// To get the count of processes running use


dwProcRunning /= sizeof( DWORD );

EnumProcessModules:

// Pass in a large array of modules just to be safe


HMODULE hModuleArray[2048];
DWORD dwModuleCount = 0;
 
// Open process to get it's handle, for some processes 


// we may be denied access.


HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 
                               FALSE, 
                               dwAnyProcessId );
 
// Get processes 


EnumProcessModules( hProcess, hModuleArray, 
                    sizeof( hModuleArray )/ sizeof( hModuleArray[0] ), 
                    &dwModuleCount );
 
// Now get actual count of modules loaded


dwModuleCount /= sizeof( HMODULE );

On return the first module in the array is the executable of the process. Rest of the modules will be actual modules loaded.

GetModuleBaseName:

Returns the base name of a module for eg: if module path is C:\MyPath\Averylongpath\Basename.dll, then this API will return Basename.dll

TCHAR szName[MAX_PATH] = { 0 }
GetModuleBaseName( hProcess, hModule, szName, MAX_PATH )

GetModuleFileNameEx:

Very similar to the above function except that it returns full path of the requested module.

GetModuleInformation and GetProcessMemoryInfo:

These two API's are simple to use. Just takes a structure and returns information in them.

// Get module related information


MODULEINFO miModInfo = { 0 };
GetModuleInformation( hProcModule, hModule, &miModInfo, sizeof( MODULEINFO ));

// Get process related information


PROCESS_MEMORY_COUNTERS pmcProcMemCounter = { 0 };
GetProcessMemoryInfo( hProcModule, 
                      &pmcProcMemCounter, 
                      sizeof( pmcProcMemCounter ));

These are the API's that I have used. Main code can be found in ProcessViewerDlg.cpp and ProcessViewerDlg.h

EnumDeviceDrivers

Enumerates device drivers loaded by System process. Even though name of the process is shown as System, it's real name is %systemroot%\System32\ntoskrnl.exe.

const int nSize = 2048;
DWORD dwCount = 0;
LPVOID lpvImageBases[nSize] = { 0 };
 
// Get drivers


EnumDeviceDrivers( lpvImageBases, nSize, &dwCount );
 

// Get count of drivers loaded


dwCount /= sizeof( LPVOID );

Note that first item in the array is name of the process, rest will be drivers.

GetDeviceDriverBaseName

Extracts base name of a device driver.

TCHAR szName[MAX_PATH] = { 0 };
 
// Returns main process name, since we are accessing the first element of the 


// array


GetDeviceDriverBaseName( lpvImageBases[0], szName, MAX_PATH );

GetDeviceDriverFileName

Extracts full path of device driver. This didn't work well for me though. Most of the path returned was of the form \Windows\System32\Some.sys etc or \??\C:\..\Some.sys. So I had to use SearchPath API for finding out where exactly these device drivers are located, of course I modified the PATH variable to force this API to look into Drivers folder too.

TCHAR szName[MAX_PATH] = { 0 };
 
// Returns full path of device driver loader process, since we are accessing 


// first element of the array.


GetDeviceDriverFileName( lpvImageBases[0], szName, MAX_PATH );

GetProcessTimes

Returns timing information for a specified process.

HANDLE hProcess; // Handle returned by OpenProcess


 
// Prepare filetime structures



FILETIME ftStartTime = { 0 }, 
         ftExitTime = { 0 }, 
         ftKernelTime = { 0 }, 
         ftUserTime = { 0 }
 
// Get time


GetProcessTimes( hProcess, 
                 &ftStartTime, 
                 &ftExitTime, 
                 &ftKernelTime, 
                 &ftUserTime );

You can directly use FILETIME, but should be careful, except for start time and exit time, others won't work as expected (read the docs). You need to do some addtional work on Kernel time and user time.

Best way is to either call FileTimeToSystemTime or put it into a COleDateTime. DavidCrow has written a nice article on this topic. I recommend you read it.

SearchPath

Read the docs carefully for this function. It's a waste of time to describe the working of this API here, since it's well documented.

const int nAllocLength = MAX_PATH * 2;
TCHAR szPathBuffer[ nAllocLength ];
 

// Search for file 


if( SearchPath( 0, _T( "Anyfile.anytype" ), 0<;/span>, nAllocLength, szPathBuffer, 0 ))
{
     csFilePath_o = szPathBuffer;
     return true;
}// End if

ProcessPriority

To change priority of a process call SetPriorityClass, to retrieve priority of a process call GetPriorityClass.

The six classes of priority are as follows...

1. IDLE_PRIORITY_CLASS
2. BELOW_NORMAL_PRIORITY_CLASS
3. NORMAL_PRIORITY_CLASS
4. ABOVE_NORMAL_PRIORITY_CLASS
5. HIGH_PRIORITY_CLASS
6. REALTIME_PRIORITY_CLASS

Usage:

// For setting priority use


VERIFY( SetPriorityClass( hProcess, ABOVE_NORMAL_PRIORITY_CLASS ));

// For retrieving priority use


VERIFY( GetPriorityClass( hProcess ) != 0 );

Search

Process viewer supports searching of loaded modules. You can search for a particular process or a dll. Search does not support wildcard searching, just does an "StrStrI" search. So if you search for "shell", hits will be "shell32.dll" "someshell.dll" "myShelldll.dll etc.

Press Ctrl + F to search.

Dependency viewing

Double click on any module or process to view it's dependency. You should have dependency walker installed on your system. This will happen only if dependency viewing is enabled. One of the toolbar buttons(fourth one) is for this purpose.

You can download dependency walker from here.

Full path

To view full path of a loaded process just enable full path by clicking on green tick button(third one) on toolbar.

Refresh

To refresh either click first button on toolbar or press F5.

Swap view

To switch from vertical view to horizontal view or vice versa press F6 or second button on toolbar.

Kill Process

Select a particular process to kill. Press F8 or click on the kill button. When a process is killed it's not removed from the process listing instead the process name is set to bold. Press F5/Refresh for removing killed process from tree. Mainly done for retaining snapshot for that process. Helps if there is some trojan running and you want to see a detailed information for that trojan without having the trojan running.

NOTE: Do not kill the kernel process, I tried and the whole system came down. :)

Options

Press F7 for displaying options dialog. You can set various options for process viewing. Options will include much more.

CSV Module listing and symbol listing

To save list of modules for a process press Ctrl + A to select all modules and then Ctrl + C. Things to remember...

1. If cursor is on an item then that subitem(s) will be copied to clipboard. So to copy more than one sub item, first select required sub items then put your cursor on that sub item column to copy to clipboard.
2. To copy entire contents take cursor out of list view.
3. Open notepad and paste.
4. Save as anyfilename.csv.
5. Open with a CSV viewer like Excel.

The same applies to symbol listing.

View aspect saving

Saves your settings to an ini file. For eg: column order, divider pane size, main window size. This enables you to change order of list view to your liking. Even sizes of columns are saved.

Utils

There is a FileVersionInfo class and DividerWnd class which can reused. A WindowCollection class for enumerating all open windows.

FileVersionInfo extracts version information from a module. DividerWnd is a simple lightweight splitter.

Acknowledgements

1. The bitmap that you see in this application's treeview and listview, has been taken from Dominik's Keepass app.
2. Hey Ralph thanks for those comments. I have implemented most of them, but a rewrite is pending (Reusability). Thanks once again.
3. Thanks to DavidCrow for his article on Process times.
4. Thanks to Todd C Wilson for his article on Aggressive optimizations and I am using his header file(I've commented out linker commands that merge sections).
5. Thanks to CodeProject. Thanks to all those developers who helped me by posting those wonderful articles. If it was not for them then this wouldn't have happened. :)

History

1. Created on 05/08/2007.
2. Added "Search" on 05/14/2007.
3. Added description of application on 05/16/2007.
4. Updated application to show loaded device drivers, version information, size, GUI change.
5. Added progress bar, display of icons related to a process, type of process(Console, Windows, MS-DOS) on 05/28/07.
6. Added support for sorting, column re-ordering and saving this order on 05/31/2007.
7. Added extraction of HWND's from running processes. Changed toolbar format. On 06/02/2007.
8. Added HWND style listing, parent listing. On 06/05/2007.
9. Made toolbar transparent, enabled window style, id viewing. On 06/07/2007.
10. Disabled window style viewing due to some issues, fixing going on. On 06/08/2007.
11. Added options dialog and various different tweaks. On 06/09/2007.
12. Added kill process option, fixed some issues for saving settings. On 06/10/2007.
13. Added process priority, and IO counters. On 06/13/2007.
14. Now correctly displays kids of windows. On 06/18/2007.
15. Added symbol listing for each loaded module of a process. On 06/25/2007.
16. Added process privilege display. On 06/26/2007.
17. Added process owner, process command line, and total window count display. On 10/14/2007.
18. Added dynamic process priority updation support. On 10/24/07
19. Added window icon, charset, enabled/disabled status to window details and added support for process priority boost. On 10/26/07
20. Changed root node text to machine name and user name ;). On 11/2/2007
21. Finds out whether a process is registered for auto startup. On 11/12/2007
22. Re-Enabled window style viewing after some bug fixes. On 11/27/2007
23. Fixed compilation errors in VS2005 (Note: You will get a manifest error in VS2005, so as a fix delete the manifest resource in the resource editor).
24. Kill all instances of an application support added. Also added "Open parent folder", "Properties" support for processes.
25. Added privilege manager which helps in dynamically enabling/disabling/removing privileges(Fine tuning needed though). On 1/Jan/2008(Happy new year!)
26. Optimized a bit for speed!

You must Sign In to use this message board.

FAQ    Noise Tolerance Very HighHighMediumLowVery Low   Layout Expand Posts & RepliesThread ViewNo JavascriptNo JS + Preview   Per page 102550

Msgs 1 to 25 of 110 (Total in Forum: 110) (Refresh) FirstPrevNext

Can this project type be made MultiByte instead of Unicode? Anil K P 2:36 25 Jun '09   Hey Nibu, Thank you for a good article . I read and found it quiet interesting. Well, I downloaded the code, cleaned the solution and build it with Visual Studio 2005 VC++. When built it gave an error as 'Error 1 error C2664: 'SymInitializeW' : cannot convert parameter 2 from 'LPSTR' to 'PCWSTR' . Then I changed the project type from Unicode to MultiByte. Again I rebuilt. This time it gave an error 'Error 1 error C2664: 'SymInitializeW' : cannot convert parameter 2 from 'LPSTR' to 'PCWSTR' . So I changed the code segment in file ProcessSymbolCollection.cpp from USES_CONVERSION; if( !SymInitialize( m_hProcess, T2A( GetSymbolPath() ), TRUE )) { return false; } to if( !SymInitialize( m_hProcess, GetSymbolPath(), TRUE )) { return false; } and rebuilt. This time, the rebuilt was successful. The executable is a Release build. After this, I tried to run the exe. Then it gave an error The procedure entry point SymEnumSymbolsW could not be located in the dynamic link library dbghelp.dll. I searched in the project for SymEnumSymbols function and found it in the file ProcessSymbolCollection.cpp. When I right clicked it and then selected Go To Declaration dbghelp.h file opened up in which SymEnumSymbols is #defined as SymEnumSymbolsW . So I am now stuck with similar problems . Could you please help me to rectify such problems? My coding environement is P4 with Windows XP SP2 OS ~ 1GB RAM. Thank you Anil Sign In·View Thread·PermaLink Re: Can this project type be made MultiByte instead of Unicode? Nibu babu thomas 2:41 25 Jun '09   You are linking to wrong dbghlp.dll, get latest from internet and put in the processviewer.exe folder. Nibu babu thomas Microsoft MVP for VC++ Code must be written to be read, not by the compiler, but by another human being. Programming Blog: http://nibuthomas.wordpress.com Sign In·View Thread·PermaLink Re: Can this project type be made MultiByte instead of Unicode? [modified] Anil K P 21:30 28 Jun '09   Hey Nibu, Thanks for the reply. Well, in the machine I've installed 'D:\Debugging Tools for Windows' with dbghelp.dll version 6.9.3.113. Isn't this the latest? Also, you mentioned 'You are linking to wrong dbghlp.dll, get latest from internet and put in the processviewer.exe folder'. I set all lib, inc files in the project (Tools->Options->Projects and Solutions->VC++Directories...use VS 2005). Isn't this a correct method? Regards Anil modified on Monday, June 29, 2009 2:43 AM Sign In·View Thread·PermaLink Re: Can this project type be made MultiByte instead of Unicode? Nibu babu thomas 21:49 28 Jun '09   Can you check to which dll does process viewer link to during runtime. Check Visual Studio Output window. Nibu babu thomas Microsoft MVP for VC++ Code must be written to be read, not by the compiler, but by another human being. Programming Blog: http://nibuthomas.wordpress.com Sign In·View Thread·PermaLink Re: Can this project type be made MultiByte instead of Unicode? Anil K P 21:51 28 Jun '09   Hey Nibu, I did as you'd told and this time it got invoked . But... theres a big 'but' ... when the enumeration got started, the exe crashed and assertion error message got displayed . I've Norton Internet Security(AV and such) installed in the machine. Will that cause any conflicts? Anil Sign In·View Thread·PermaLink Re: Can this project type be made MultiByte instead of Unicode? Nibu babu thomas 21:53 28 Jun '09   Where does it ASSERT? Nibu babu thomas Microsoft MVP for VC++ Code must be written to be read, not by the compiler, but by another human being. Programming Blog: http://nibuthomas.wordpress.com Sign In·View Thread·PermaLink Re: Can this project type be made MultiByte instead of Unicode? Anil K P 22:10 28 Jun '09   Hey Nibu, It say 'Debug Assertion Failed' . Well, I think the reason it crashed is because I used a debug build. When I run a release build exe, it didn't crash. Seems it is working . Good news Well, can we get any notification from the OS when a process start, become idle, or stop? Also, can we get text, lets say URL typed into the address bar using methods in this program Anil Sign In·View Thread·PermaLink 64 Bit Operating System Yeorwned 11:09 7 May '09   Just wanted to note that if you get excited and compile this as a 64 bit application, you will not be able to pull the information for a 32 bit application. You can use EnumProcessModulesEx as a fix but it only works on Windows Vista+ and Server 2008+. Sign In·View Thread·PermaLink Missing mui files gulshersinghbal 10:08 13 Apr '09   This app is an awesome, but this does not list the MUI (language specific) files loaded by a process, where as Process Explorer does. Does anyone know how to list all the loaded modules including the .mui files? Sign In·View Thread·PermaLink Help on Compile error: VS2008 [modified] dptsay 4:43 1 Mar '09   I am attempting to compile your source using Visual Studio 2008 and get the following error: Error 1 error C2664: 'SymInitializeW' : cannot convert parameter 2 from 'LPSTR' to 'PCWSTR' c:\+++temp+++\new folder\processsymbolcollection.cpp 134 I tried this on both Vista Ultimate x64 and XP x86 and the results are the same. Please comment. modified on Sunday, March 1, 2009 5:54 PM Sign In·View Thread·PermaLink Re: Help on Compile error: VS2008 Andrey Del Pozo 12:10 19 Apr '09   comment #if defined _UNICODE || defined UNICODE #define DBGHELP_TRANSLATE_TCHAR #endif in StdAfx.h Best Andrey +++++++ Sign In·View Thread·PermaLink [Message Removed] Katekortez 10:13 25 Oct '08   Spam message removed Sign In·View Thread·PermaLink compile problem---help me! [modified] y_12345678_9 22:50 5 Sep '08   Hi Nibu, When I compile this project using VC6.0, there has many issues prompt: processviewer\utils.h(507) : error C2065: '_vsntprintf_s' : undeclared identifier processviewer\utils.h(825) : error C2065: 'SLR_NOSEARCH' : undeclared identifier processviewer\utils.h(825) : warning C4244: 'initializing' : conversion from 'int' to 'const unsigned short', possible loss of data Error executing cl.exe. Where did you defined them(_vsntprintf_s and SLR_NOSEARCH)? I can't find. Thanks! modified on Saturday, September 6, 2008 3:58 AM Sign In·View Thread·PermaLink 1.50/5 (2 votes) Re: compile problem---help me! Member 3496331 17:33 9 Sep '08   me too. Nibu help? Sign In·View Thread·PermaLink Re: compile problem---help me! Nibu babu thomas 19:13 9 Sep '08   This project will compile fine if you have latest platform sdk installed. By the way I've used VC8 for compilation. See top right of article header >> C++ (VC8.0, C++), C, Windows (Windows, NT4, Win2K, WinXP, Win2003, Vista), MFC, STL, GDI, Dev Nibu babu thomas Microsoft MVP for VC++ Code must be written to be read, not by the compiler, but by another human being. Programming Blog: http://nibuthomas.wordpress.com Sign In·View Thread·PermaLink Re: compile problem---help me! Member 3496331 15:11 11 Sep '08   I did not find in blog detail sitelink please? Sign In·View Thread·PermaLink 2.00/5 (1 vote) Missing Stuff VitalyTomilov 2:48 17 Jul '08   I'm trying to implement something similar, and this is what i'm missing, also in your code: 1. Listing all processesin the system, not only the ones for the current user 2. Getting Command Line for each process Any idea on these? I'm especially interested in item 2, as i was able to implement item 1 myself. Professional System Library on www.prosyslib.com, simplifying life for software developers. Sign In·View Thread·PermaLink Re: Missing Stuff Nibu babu thomas 19:18 29 Jul '08   VitalyTomilov wrote: 2. Getting Command Line for each process Any idea on these? I'm especially interested in item 2, as i was able to implement item 1 myself. I've done this in process viewer maybe you can have a look for hints, sorry for replying late to your query. Nibu babu thomas Microsoft MVP for VC++ Code must be written to be read, not by the compiler, but by another human being. Programming Blog: http://nibuthomas.wordpress.com Sign In·View Thread·PermaLink 2.00/5 (1 vote) registry keys mohcin 11:41 26 Mar '08   Hi, can i determine which process is opening /or creating a registry key ? Sign In·View Thread·PermaLink Re: registry keys Nibu babu thomas 19:55 28 Apr '08   mohcin wrote: Hi, can i determine which process is opening /or creating a registry key ? It can be done, but I don't have a code piece with me which does this, will get back to you when I get this done! Nibu thomas Microsoft MVP for VC++ Code must be written to be read, not by the compiler, but by another human being. Programming Blog: http://nibuthomas.wordpress.com Sign In·View Thread·PermaLink Re: registry keys mohcin 12:08 5 May '08   thx a lot i'll wait for. Sign In·View Thread·PermaLink New dependencies jos-man 7:47 7 Jan '08   For the record: the version dated Jan 1, 2008 has additional dependencies on: dbghelp.dll (needs to be at least 5.1) mfc80u.dll msvcp80.dll msvcr80.dll Sign In·View Thread·PermaLink How is this different from Process Explorer from http://www.sysinternals.com ? Bud Pass 14:27 1 Jan '08   It appears the same process attributes were already available from Process Explorer. Bud Pass Sign In·View Thread·PermaLink 1.58/5 (6 votes) Re: How is this different from Process Explorer from http://www.sysinternals.com ? [modified] Nibu babu thomas 17:17 1 Jan '08   Bud Pass wrote: It appears the same process attributes were already available from Process Explorer. Almost all the features in this application are already there in process explorer. Can't say if window details are shown process explorer. I am planning to add on some more features like Listing files opened by a process GDI resource usage for a process I've added this to code project because just in case someone needs a reference to how things are being done. I am sure that there is plenty to learn from as I learned while coding for this application. Also to just keep me busy by doing something useful. Nibu thomas Microsoft MVP for VC++ Code must be written to be read, not by the compiler, but by another human being. Programming Blog: http:\\nibuthomas.wordpress.com modified on Tuesday, January 01, 2008 10:43:51 PM Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: How is this different from Process Explorer from http://www.sysinternals.com ? Mike Diack 0:55 2 Jan '08   Surely the main difference is not substantially a functional one, but the fact that the tool is published here and thus has source code available - unlike Process Explorer. This in itself makes it very useful! Mike Sign In·View Thread·PermaLink 4.79/5 (5 votes)

Last Visit: 11:25 9 Feb '10     Last Update: 11:25 9 Feb '10 12345 Next »