ProSysLib: Dissecting the Process

Vitaly Tomilov

Rate me:

4.84/5 (69 votes)

22 Nov 2010CPOL12 min read

129K

2.6K

174

Access detailed information about the current process the easiest way.

processinfo_bin.zip
- Interop.ProSysLib.dll
- ProcessInfo.exe
- PSL32v0.9.dll
- PSL64v0.9.dll
prosyslib_v0.9.zip
- ProSysLib_v0.9
  - Bin
    - PSL32v0.9.dll
    - PSL64v0.9.dll
    - Register.bat
  - Help
    - ReadMe.txt
  - Samples
    - C#2008
      - ProcessInfo
        
        app.config
        
        MainForm.cs
        
        MainForm.Designer.cs
        
        MainForm.resx
        
        ProcessInfo.csproj
        
        ProcessInfo.sln
        
        Program.cs
        
        Properties
        
        AssemblyInfo.cs
        
        Resources.Designer.cs
        
        Resources.resx
        
        Settings.Designer.cs
        
        Settings.settings
      - ProcessViewer
        
        MainForm.cs
        
        MainForm.Designer.cs
        
        MainForm.resx
        
        ProcessViewer.csproj
        
        ProcessViewer.sln
        
        Program.cs
        
        Properties
        
        AssemblyInfo.cs
        
        Resources.Designer.cs
        
        Resources.resx
        
        Settings.Designer.cs
        
        Settings.settings
    - VB6
      - CPUInfo.exe
      - CPUInfo.frm
      - CPUInfo.frx
      - CPUInfo.vbp
      - CPUInfo.vbw
    - VC2008
      - Deployment
        
        Deployment.cpp
        
        Deployment.sln
        
        Deployment.vcproj
        
        stdafx.cpp
        
        stdafx.h
      - PSLDeploy.h
  - Src
    - AutoObject.h
    - CopyAdaptors.h
    - dlldatax.c
    - dlldatax.h
    - GUIDs.h
    - mssccprj.scc
    - ProcessorUsage.cpp
    - ProcessorUsage.h
    - ProSysLib.cpp
    - ProSysLib.def
    - ProSysLib.idl
    - ProSysLib.rc
    - ProSysLib.rgs
    - ProSysLib.sln
    - ProSysLib.vcproj
    - ProSysLib.vcproj.vspscc
    - ProSysLib.vssscc
    - ProSysModule.cpp
    - ProSysModule.h
    - PSLAccount.cpp
    - PSLAccount.h
    - PSLAccounts.cpp
    - PSLAccounts.h
    - PSLCmdParam.cpp
    - PSLCmdParam.h
    - PSLCmdParams.cpp
    - PSLCmdParams.h
    - PSLCore.cpp
    - PSLCore.h
    - PSLCores.cpp
    - PSLCores.h
    - PSLCurrentProcess.cpp
    - PSLCurrentProcess.h
    - PSLDriver.cpp
    - PSLDriver.h
    - PSLDrivers.cpp
    - PSLDrivers.h
    - PSLEnvironmentVar.cpp
    - PSLEnvironmentVar.h
    - PSLEnvironmentVars.cpp
    - PSLEnvironmentVars.h
    - PSLExceptions.cpp
    - PSLExceptions.h
    - PSLHardware.cpp
    - PSLHardware.h
    - PSLIPv4.cpp
    - PSLIPv4.h
    - PSLIPv6.cpp
    - PSLIPv6.h
    - PSLMemory.cpp
    - PSLMemory.h
    - PSLModule.cpp
    - PSLModule.h
    - PSLModules.cpp
    - PSLModules.h
    - PSLModuleVersion.cpp
    - PSLModuleVersion.h
    - PSLMonitor.cpp
    - PSLMonitor.h
    - PSLMonitors.cpp
    - PSLMonitors.h
    - PSLNetwork.cpp
    - PSLNetwork.h
    - PSLOS.cpp
    - PSLOS.h
    - PSLOSVersion.cpp
    - PSLOSVersion.h
    - PSLPrivilege.cpp
    - PSLPrivilege.h
    - PSLPrivileges.cpp
    - PSLPrivileges.h
    - PSLProcess.cpp
    - PSLProcess.h
    - PSLProcesses.cpp
    - PSLProcesses.h
    - PSLProcessIO.cpp
    - PSLProcessIO.h
    - PSLProcessMemory.cpp
    - PSLProcessMemory.h
    - PSLProcessor.cpp
    - PSLProcessor.h
    - PSLRect.cpp
    - PSLRect.h
    - PSLSecurity.cpp
    - PSLSecurity.h
    - PSLService.cpp
    - PSLService.h
    - PSLServices.cpp
    - PSLServices.h
    - PSLSize.cpp
    - PSLSize.h
    - PSLSoftware.cpp
    - PSLSoftware.h
    - PSLSystem.cpp
    - PSLSystem.h
    - PSLSystem.rgs
    - PSLTable.cpp
    - PSLTable.h
    - PSLThread.cpp
    - PSLThread.h
    - PSLThreads.cpp
    - PSLThreads.h
    - PSLTools.cpp
    - PSLTools.h
    - PSLUser.cpp
    - PSLUser.h
    - PSLUtilities.cpp
    - PSLUtilities.h
    - PSLVersionNumber.cpp
    - PSLVersionNumber.h
    - PSLWindow.cpp
    - PSLWindow.h
    - PSLWindows.cpp
    - PSLWindows.h
    - PSLWindowsFilter.cpp
    - PSLWindowsFilter.h
    - PSLWMI.cpp
    - PSLWMI.h
    - resource.h
    - ServiceInfo.cpp
    - ServiceInfo.h
    - stdafx.cpp
    - stdafx.h
    - SystemInfoAccessor.cpp
    - SystemInfoAccessor.h
    - SysUtil.cpp
    - targetver.h
    - tstring.cpp
    - tstring.h
processinfo32_bin.zip
- Interop.ProSysLib.dll
- ProcessInfo.exe
- ProSysLib.dll
processinfo64_bin.zip
- Interop.ProSysLib.dll
- ProcessInfo.exe
- ProSysLib.dll
pslv0.5setup.zip
- PSLv0.5Setup.exe
PSLv0.7Setup.zip
- PSLv0.7Setup.exe

// PSLProcesses.cpp : Implementation of CPSLProcesses

#include "stdafx.h"
#include "PSLProcess.h"
#include "PSLProcesses.h"

ULONG CPSLProcesses::m_BufferSize = 0x8000; // 32KB by default;

CPSLProcesses::IsWow64ProcessProc CPSLProcesses::m_IsWow64Process = NULL;
HMODULE CPSLProcesses::m_hKernelModule = NULL;

CPSLProcesses::CPSLProcesses()
{
	TCHAR buffer[UNLEN + 1];
	DWORD dwSize = UNLEN + 1;
	::GetUserName(buffer, &dwSize);
	m_sUserName = buffer;

	m_bDirty = true;
	m_EnumType = enumForCurrentUser;

	m_IsWow64Process = NULL;
	m_hKernelModule = ::LoadLibrary(_T("kernel32.dll"));
	if(m_hKernelModule)
		m_IsWow64Process = (IsWow64ProcessProc)::GetProcAddress(m_hKernelModule, "IsWow64Process");
}

CPSLProcesses::~CPSLProcesses()
{
	if(m_hKernelModule)
	{
		::FreeLibrary(m_hKernelModule);
		m_hKernelModule = NULL;
		m_IsWow64Process = NULL;
	}
}

bool CPSLProcesses::Is64BitProcess(HANDLE hProcess)
{
	if(m_IsWow64Process)
	{
		BOOL bIs64Bit = FALSE;
		if(m_IsWow64Process(hProcess, &bIs64Bit))
			return bIs64Bit?false:true;
	}
	return true;
}

HRESULT CPSLProcesses::OnIndexOutOfRange()
{
	return MakeException(exIndexOutOfRange);
}

HRESULT CPSLProcesses::OnInterfaceAccess()
{
	InternalUpdate(false);
	return GetExitCode();
}

HRESULT CPSLProcesses::FinalConstruct()
{
	return S_OK;
}

void CPSLProcesses::FinalRelease()
{
}

/*
Interesting: GetWindowModuleFileName
When/If implementing Windows property
for namespace Software, this could be an asset;
*/

void CPSLProcesses::InternalUpdate(bool bForceUpdate)
{
	CCritSecLock cs(m_csCollection);

	if(!bForceUpdate && !m_bDirty)
		return;

	m_bDirty = false;

	m_coll.clear(); // Releases interfaces and clears the collection;
					// NOTE: .NET clients catch up interfaces, so takes
					// about 30 seconds before they are garbaged by .NET;

	HANDLE hHeap = ::GetProcessHeap();
    NTSTATUS Status;
    PVOID pBuffer = NULL;

	LPCTSTR sUserName = NULL;
	if(m_EnumType == enumForCurrentUser)
		sUserName = m_sUserName;

    do
    {
		pBuffer = ::HeapAlloc(hHeap, 0, m_BufferSize);
		if(pBuffer == NULL)
		{
			SetException(exLowMemory);
			return; // Not enough memory;
		}

        Status = g_SIA.ZwQuerySystemInformation(SystemProcessesAndThreadsInformation, pBuffer, m_BufferSize);
        if(Status == STATUS_INFO_LENGTH_MISMATCH) // Not enough memory was allocated;
        {
			::HeapFree(hHeap, 0, pBuffer);
            m_BufferSize *= 2; // Let's try and increase it by 2;
        }
		else
			if(!NT_SUCCESS(Status)) // If still failed;
			{
				::HeapFree(hHeap, 0, pBuffer);
				SetException(exGeneric);
				return; // There was enough memory, but the call still failed with Status;
			}
    }
    while(Status == STATUS_INFO_LENGTH_MISMATCH);
    PSYSTEM_PROCESS_INFORMATION pProcesses = (PSYSTEM_PROCESS_INFORMATION)pBuffer;
	CComObject<CPSLProcess> * pProcess = NULL;
    do
    {
		if(!pProcess)
			CComObject<CPSLProcess>::CreateInstance(&pProcess);
		if(pProcess && pProcess->Initialize(pProcesses, sUserName))
		{
			m_coll.push_back(CComPtr<IPSLProcess>(pProcess));
			pProcess = NULL;
		}
		if(pProcesses->NextEntryDelta == 0) // If the last process;
			break;
        // find the address of the next process structure
        pProcesses = (PSYSTEM_PROCESS_INFORMATION)(((LPBYTE)pProcesses) + pProcesses->NextEntryDelta);
    }
	while(1);
	if(pProcess)
		pProcess->Release();
	::HeapFree(hHeap, 0, pBuffer);
}

////////////////////////////////////////////////////////////////////////
// Interface Implementation;
////////////////////////////////////////////////////////////////////////

STDMETHODIMP CPSLProcesses::Update()
{
	PSL_BEGIN

	InternalUpdate(true);

	PSL_END
}

STDMETHODIMP CPSLProcesses::Find(long ProcessID, IPSLProcess ** ppValue)
{
	PSL_BEGIN

	*ppValue = NULL;
	InternalUpdate(false);
	CCritSecLock cs(m_csCollection);
	for(ProcessesType::iterator i = m_coll.begin();i != m_coll.end();i ++)
	{
		long ID = 0;
		if(i->m_T->get_ProcessID(&ID) == S_OK && ID == ProcessID)
		{
			IPSLProcess * pProcess = i->m_T;
			pProcess->AddRef();
			*ppValue = pProcess;
			break;
		}	
	}

	PSL_END
}

STDMETHODIMP CPSLProcesses::get_EnumUserType(PSLEnumUserType * pValue)
{
	PSL_BEGIN

	CCritSecLock cs(m_csCollection);
	*pValue = m_EnumType;

	PSL_END
}

STDMETHODIMP CPSLProcesses::put_EnumUserType(PSLEnumUserType newValue)
{
	PSL_BEGIN

	CCritSecLock cs(m_csCollection);
	if(m_EnumType != newValue)
	{
		m_EnumType = newValue;
		m_bDirty = true; // Collection needs to be updated;
	}

	PSL_END
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

Vitaly Tomilov

Software Developer (Senior) Sibedge IT

Ireland

My online CV: cv.vitalytomilov.com

ProSysLib: Dissecting the Process

License

Comments and Discussions