Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version

ProSysLib: Dissecting the Process

, 22 Nov 2010 CPOL
Access detailed information about the current process the easiest way.
ProcessInfo32_bin.zip
ProcessInfo.exe
ProSysLib.dll
Interop.ProSysLib.dll
ProcessInfo64_bin.zip
Interop.ProSysLib.dll
ProcessInfo.exe
ProSysLib.dll
ProcessInfo_bin.zip
PSL64v0.9.dll
Interop.ProSysLib.dll
ProcessInfo.exe
PSL32v0.9.dll
ProSysLib_v0.9.zip
ProSysLib_v0.9
Bin
PSL32v0.9.dll
PSL64v0.9.dll
Help
Samples
C#2008
ProcessInfo
Properties
Settings.settings
ProcessViewer
Properties
Settings.settings
VB6
CPUInfo.exe
CPUInfo.frm
CPUInfo.frx
CPUInfo.vbp
CPUInfo.vbw
VC2008
Deployment
Src
mssccprj.scc
ProSysLib.def
ProSysLib.rgs
ProSysLib.vcproj.vspscc
ProSysLib.vssscc
PSLSystem.rgs
PSLv0.5Setup.zip
PSLv0.5Setup.exe
PSLv0.7Setup.zip
PSLv0.7Setup.exe
// PSLProcess.cpp : Implementation of CPSLProcess

#include "stdafx.h"
#include "PSLProcess.h"
#include "PSLProcesses.h"
#include "Psapi.h"
#include <ATLComTime.h>

CPSLProcess::CPSLProcess()
{
	Reset();
}

void CPSLProcess::Reset()
{
	m_ProcessID = 0;
	m_ThreadCount = 0;
	m_HandleCount = 0;
	m_GDICount = 0;
	m_USERCount = 0;
	m_Priority = ppUnknown;
	m_AffinityMask = 0;
	m_bIs64Bit = false;
	m_Created = NULL;

	m_sFileName = _T("");
	m_sFilePath = _T("");
	m_sCommandLine = _T("");
	m_sUserName = _T("");
	m_sDomainName = _T("");
}

HRESULT CPSLProcess::FinalConstruct()
{
	return S_OK;
}

void CPSLProcess::FinalRelease()
{
}

_bstr_t CPSLProcess::FilePathFromProcessHandle(HANDLE hProcess)
{
	// Works on XP/Vista only, and retrieves logical path
	// instead of file path:
	//
	// tstring t;
	// t.resize(MAX_FILE_PATH);
	// GetProcessImageFileName(hProcess, (LPTSTR)t.c_str(), MAX_FILE_PATH);
	// return t.c_str();

	_bstr_t sResult(_T(""));
	tstring sPath;
	sPath.resize(MAX_FILE_PATH);
	if(::GetModuleFileNameEx(hProcess, NULL, (LPTSTR)sPath.c_str(), MAX_FILE_PATH))
	{
		CPSLUtilities::FixSysPath(sPath);
		sResult = sPath.c_str();
	}
	return sResult;
}

bool CPSLProcess::GetUserAndDomainFromSID(PSID pSid, tstring & sName, tstring & sDomain)
{
	DWORD dwNameLength = 0;
	DWORD dwDomainLength = 0;
	SID_NAME_USE NameUse;
	bool bSuccess = false;
	if(!::LookupAccountSid(NULL, pSid, NULL, &dwNameLength, NULL, &dwDomainLength, &NameUse) && ::GetLastError() == ERROR_INSUFFICIENT_BUFFER)
	{
		sName.resize(dwNameLength);
		sDomain.resize(dwDomainLength);
		bSuccess = ::LookupAccountSid(NULL, pSid, (LPTSTR)sName.c_str(), &dwNameLength, (LPTSTR)sDomain.c_str(), &dwDomainLength, &NameUse)?true:false;
		shrink(sName);
		shrink(sDomain);
	}
	return bSuccess;
}

bool CPSLProcess::Initialize(PSYSTEM_PROCESS_INFORMATION pProcess, LPCTSTR sUserName)
{
	Reset();

	m_ProcessID = (long)pProcess->ProcessId;
	m_ThreadCount = pProcess->ThreadCount;
	m_HandleCount = pProcess->HandleCount;

	if(pProcess->ProcessName.Buffer) // If not IDLE (System Idle Process) process;
		m_sFileName = pProcess->ProcessName.Buffer;

	HANDLE hProcess = ::OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE, m_ProcessID);
	if(!hProcess)
		hProcess = ::OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, m_ProcessID);

	if(hProcess)
	{
		FILETIME create, exit, kernel, user;
		if(::GetProcessTimes(hProcess, &create, &exit, &kernel, &user))
			m_Created = COleDateTime(create);

		m_bIs64Bit = CPSLProcesses::Is64BitProcess(hProcess);
		m_sFilePath = FilePathFromProcessHandle(hProcess);
		m_GDICount = ::GetGuiResources(hProcess, GR_GDIOBJECTS);
		m_USERCount = ::GetGuiResources(hProcess, GR_USEROBJECTS);
		m_Priority = (PSLProcessPriority)::GetPriorityClass(hProcess);

		DWORD_PTR dwProcessAffinityMask = 0;
		DWORD_PTR dwSystemAffinityMask = 0;
		if(::GetProcessAffinityMask(hProcess, &dwProcessAffinityMask, &dwSystemAffinityMask))
			m_AffinityMask = dwProcessAffinityMask;

		HANDLE hToken = NULL;
		if(::OpenProcessToken(hProcess, TOKEN_READ, &hToken))
		{
			DWORD dwLength = 64;
			LPBYTE Buffer[64];
			if(::GetTokenInformation(hToken, TokenUser, Buffer, dwLength, &dwLength))
			{
				TOKEN_USER * pUser = (TOKEN_USER*)(LPVOID)Buffer;
				tstring sName, sDomain;
				if(GetUserAndDomainFromSID(pUser->User.Sid, sName, sDomain))
				{
					m_sUserName = sName.c_str();
					m_sDomainName = sDomain.c_str();
				}
			}
			::CloseHandle(hToken);
		}

		PBI pbi;
		if(!CSystemInfoAccessor::NtQueryInformationProcess(hProcess, ProcessBasicInformation, &pbi, sizeof(pbi), NULL))
		{
			PEB peb;
			if(!CSystemInfoAccessor::ZwReadVirtualMemory(hProcess, pbi.PebBaseAddress, &peb, sizeof(peb), NULL))
			{
				RTL_USER_PROCESS_PARAMETERS procParams;
				if(!CSystemInfoAccessor::ZwReadVirtualMemory(hProcess, peb.ProcessParameters, &procParams, sizeof(procParams), NULL))
				{
					long nChars = procParams.CommandLine.Length / sizeof(TCHAR);
					tstring cmdLine;
					cmdLine.resize(nChars);
					if(!CSystemInfoAccessor::ZwReadVirtualMemory(hProcess, procParams.CommandLine.Buffer, (LPBYTE)cmdLine.c_str(), nChars * 2, NULL))
					{
						CPSLUtilities::FixSysPath(cmdLine);
						m_sCommandLine = cmdLine.c_str();
					}
				}
			}
		}

		::CloseHandle(hProcess);
	}

	if(sUserName && ::_tcsicmp(sUserName, m_sUserName))
		return false; // Didn't pass the user filter;

	return true;
}

////////////////////////////////////////////////////////////////////////
// Interface Implementation;
////////////////////////////////////////////////////////////////////////

STDMETHODIMP CPSLProcess::get_FileName(BSTR * pValue)
{
	PSL_BEGIN

	*pValue = m_sFileName.copy();
	
	PSL_END
}

STDMETHODIMP CPSLProcess::get_FilePath(BSTR * pValue)
{
	PSL_BEGIN

	*pValue = m_sFilePath.copy();
	
	PSL_END
}

STDMETHODIMP CPSLProcess::get_CommandLine(BSTR * pValue)
{
	PSL_BEGIN

	*pValue = m_sCommandLine.copy();
	
	PSL_END
}

STDMETHODIMP CPSLProcess::get_UserName(BSTR * pValue)
{
	PSL_BEGIN

	*pValue = m_sUserName.copy();
	
	PSL_END
}

STDMETHODIMP CPSLProcess::get_DomainName(BSTR * pValue)
{
	PSL_BEGIN

	*pValue = m_sDomainName.copy();
	
	PSL_END
}

STDMETHODIMP CPSLProcess::get_ProcessID(long * pValue)
{
	PSL_BEGIN

	*pValue = m_ProcessID;
	
	PSL_END
}

STDMETHODIMP CPSLProcess::get_Is64Bit(VARIANT_BOOL * pValue)
{
	PSL_BEGIN

	*pValue = m_bIs64Bit?VARIANT_TRUE:VARIANT_FALSE;

	PSL_END
}

STDMETHODIMP CPSLProcess::get_AffinityMask(VARIANT * pValue)
{
	PSL_BEGIN

	CPSLUtilities::SetVariantBig(pValue, 0);

	HANDLE hProcess = ::OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, m_ProcessID);
	if(hProcess)
	{
		DWORD_PTR ProcessAffinityMask = 0;
		DWORD_PTR SystemAffinityMask = 0;
		if(::GetProcessAffinityMask(hProcess, &ProcessAffinityMask, &SystemAffinityMask))
			m_AffinityMask = ProcessAffinityMask;
		CPSLUtilities::SetVariantBig(pValue, m_AffinityMask);
	}
	else
	{
		CPSLUtilities::SetVariantBig(pValue, m_AffinityMask);
		if(::GetLastError() == ERROR_ACCESS_DENIED)
			SetException(exAccessDenied);
	}

	PSL_END
}

STDMETHODIMP CPSLProcess::put_AffinityMask(VARIANT newValue)
{
	PSL_BEGIN

	_variant_t v = newValue;
	ABIG Mask = 0;

	try
	{
		Mask = v;
	}
	catch(...)
	{
	}
	if(Mask)
	{
		HANDLE hProcess = ::OpenProcess(PROCESS_SET_INFORMATION, FALSE, m_ProcessID);
		if(hProcess)
		{
			DWORD_PTR ProcessAffinityMask = Mask;
			::SetProcessAffinityMask(hProcess, ProcessAffinityMask);
			::CloseHandle(hProcess);
		}
		else
		{
			if(::GetLastError() == ERROR_ACCESS_DENIED)
				SetException(exAccessDenied);
		}
	}
	else
		SetException(exInvalidParameter);

	PSL_END
}

STDMETHODIMP CPSLProcess::get_ThreadCount(long * pValue)
{
	PSL_BEGIN

	*pValue = m_ThreadCount;

	PSL_END
}

STDMETHODIMP CPSLProcess::get_HandleCount(long * pValue)
{
	PSL_BEGIN

	*pValue = m_HandleCount;
	
	PSL_END
}

STDMETHODIMP CPSLProcess::get_GDICount(long * pValue)
{
	PSL_BEGIN

	*pValue = m_GDICount;
	
	PSL_END
}

STDMETHODIMP CPSLProcess::get_USERCount(long * pValue)
{
	PSL_BEGIN

	*pValue = m_USERCount;
	
	PSL_END
}

STDMETHODIMP CPSLProcess::get_Priority(PSLProcessPriority * pValue)
{
	PSL_BEGIN

	*pValue = m_Priority;
	
	PSL_END
}

STDMETHODIMP CPSLProcess::get_Created(DATE * pValue)
{
	PSL_BEGIN

	*pValue = m_Created;
	
	PSL_END
}

STDMETHODIMP CPSLProcess::Kill(VARIANT_BOOL * pValue)
{
	PSL_BEGIN

	*pValue = VARIANT_FALSE;
	HANDLE hProcess = ::OpenProcess(SYNCHRONIZE|PROCESS_TERMINATE, FALSE, m_ProcessID);
	if(hProcess)
	{
		if(::WaitForSingleObject(hProcess, 500) != WAIT_OBJECT_0)
		{
			*pValue = ::TerminateProcess(hProcess, 0)?VARIANT_TRUE:VARIANT_FALSE;
			if(!*pValue && ::GetLastError() == ERROR_ACCESS_DENIED)
				SetException(exAccessDenied);
		}
	}
	else
		if(::GetLastError() == ERROR_ACCESS_DENIED)
			SetException(exAccessDenied);

	PSL_END
}


By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Vitaly Tomilov
Software Developer (Senior) Sibedge IT
Ireland Ireland
My online CV: cv.vitalytomilov.com

| Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.141223.1 | Last Updated 22 Nov 2010
Article Copyright 2008 by Vitaly Tomilov
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid