Click here to Skip to main content
15,868,141 members
Articles / Desktop Programming / MFC
Article

System Scanner

Rate me:
Please Sign up or sign in to vote.
4.90/5 (26 votes)
2 Dec 20054 min read 117K   6.8K   74   37
This application allows you to get more information about the processes running in your system.

Image 1

Introduction

Task manager is quite invaluable when it comes to system programming. Rogue thread appeared here, and process ID needed there… All this and even more can be tracked using the task manager with ease. What the task manager severely lacked (in my opinion) was an ability to fetch more specific info about the processes like the IDs of all the threads, handles to DLLs, ability to suspend specific threads of a specific process and, finally, an ability to view the process’ virtual memory.

The project was originally started as part of my diploma work and, after receiving yay-we-lacked-that's from my teachers, I decided to share it with more people.

The program still lacks some planned features (like an ability to attach hooks to the processes), which I am planning to add in future.

Overview

When you start a program you are shown the main window which shows all the currently running processes in your system, the number of threads per process and the executable path. The status bar will show you the overall number of running processes. The list will be updated every 5 seconds (by default) but you can change that in the main menu. Pressing Enter will force the update of the list.

From the main menu you can force update the process list and enter Options where you can customize the refresh time, turn hot track on\off (on by default) and customize the colors of the memory regions in the virtual memory map (more on this later).

Right-clicking on any of these processes (except System Idle) will bring up the context menu which will uncover all the features of the program. Here you can get information about the process’ threads, DLLs, virtual memory, set process’ priority or kill it all together.

DLL info

Here you can either view the general information (path, handle, size, base address) or disassembly the information (Note: Requires DUMPBIN.EXE, LINK.EXE, MSDIS110.DLL, MSPDB60.DLL and mspdb71.dll to be in the program directory).

Thread info

This dialog will show you a list of thread IDs (primary thread is the top one) and will grant you the ability to terminate, suspend, resume or set thread priority. Also it will show you the ID of the owning process and suspend the count.

Set priority and terminate process

These work similar to the task manager ones. Note that messing with system processes can result in something nasty.

Virtual memory

This submenu reveals the core of the whole program. From here you can either dump virtual memory or draw a memory map.

Dumping virtual memory

Selecting this menu option will bring up another dialog, containing text information about all the memory regions. Pressing Enter will refresh the list, double-clicking will bring up the dialog showing the content of the specific memory region.

Drawing the map of virtual memory

This menu option will bring up the dialog with the map of the process’ virtual memory. While it is similar to the functionality of memory dumping it provides a more visual view on your (or not) virtual memory. From the menu you can either refresh the map or select two options of drawing the map, either by state (free, committed, reserved) or by type (image, private, mapped).

Every sector corresponds to one memory region. The color will vary depending on the state or type and can be changed in the main window menu.

Single clicking on the region will bring up the Tooltip providing the information that you’ve seen in the memory dump dialog. That information will also be copied to your clipboard. Clicking on the free area will bring up the Tooltip with the overall number of regions (info will also be copied to your clipboard). Double-clicking on the region will bring up the dialog showing its content just like with the memory dump dialog.

If the map won’t fit the screen – simply resize it. Automatic resizing and region scaling were not implemented due to some odd and crazy bugs I encountered.

This covers all the functions of the featured program. Note that administrative access is preferred because then you will get more control over the processes (obviously). The program was not tested on normal user accounts so I am not aware of any possible bugs when using it.

Other resources used

Additional notes

The project was developed using Visual Studio .NET 2003 and is not compatible with previous versions of VS (this doesn't apply to the overall program functionality, but to the ability to compile the code).

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Ukraine Ukraine
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
GeneralBuilding with VC++ 2010 Pin
Sfufa5-Apr-11 15:11
Sfufa5-Apr-11 15:11 
GeneralRe: Building with VC++ 2010 Pin
Global Grilling5-Dec-11 4:06
Global Grilling5-Dec-11 4:06 
GeneralWounderful !!!! Pin
dudhaniss23-Oct-07 23:29
dudhaniss23-Oct-07 23:29 
Generalvery Wounderful !!!! Pin
eleven101212-Oct-08 2:40
eleven101212-Oct-08 2:40 
QuestionHow can I delete a specfic dll? Pin
Mr.Ahn5-Jul-06 3:32
Mr.Ahn5-Jul-06 3:32 
Generalsuggestions Pin
Tsunamis29-Mar-06 22:36
Tsunamis29-Mar-06 22:36 
GeneralRe: suggestions Pin
Alex Orovetskiy29-Mar-06 22:44
Alex Orovetskiy29-Mar-06 22:44 
GeneralRe: suggestions Pin
Tsunamis29-Mar-06 23:54
Tsunamis29-Mar-06 23:54 
Questionkernel vs user virtual memory? Pin
Perry216-Mar-06 6:17
Perry216-Mar-06 6:17 
AnswerRe: kernel vs user virtual memory? Pin
Alex Orovetskiy16-Mar-06 7:19
Alex Orovetskiy16-Mar-06 7:19 
No idea but I'll look into it.

--------------------------------
Human stupidity is infinite.
GeneralAdded virtual memory columns Pin
Perry216-Mar-06 6:01
Perry216-Mar-06 6:01 
GeneralRe: Added virtual memory columns Pin
Alex Orovetskiy16-Mar-06 7:17
Alex Orovetskiy16-Mar-06 7:17 
GeneralRe: Added virtual memory columns Pin
Perry216-Mar-06 7:55
Perry216-Mar-06 7:55 
GeneralI hate to be the first one to mention this... Pin
The_Mega_ZZTer11-Dec-05 16:39
The_Mega_ZZTer11-Dec-05 16:39 
GeneralRe: I hate to be the first one to mention this... Pin
Alex Orovetskiy11-Dec-05 19:07
Alex Orovetskiy11-Dec-05 19:07 
GeneralRe: I hate to be the first one to mention this... Pin
Perry216-Mar-06 4:37
Perry216-Mar-06 4:37 
GeneralRe: I hate to be the first one to mention this... Pin
Alex Orovetskiy16-Mar-06 7:13
Alex Orovetskiy16-Mar-06 7:13 
Generalgood Pin
Alexander Arhipenko7-Dec-05 21:52
Alexander Arhipenko7-Dec-05 21:52 
GeneralRe: good Pin
Alex Orovetskiy8-Dec-05 3:01
Alex Orovetskiy8-Dec-05 3:01 
GeneralSysinternals ProcessExplorer Pin
owillebo4-Dec-05 22:18
owillebo4-Dec-05 22:18 
GeneralRe: Sysinternals ProcessExplorer Pin
Alex Orovetskiy5-Dec-05 4:43
Alex Orovetskiy5-Dec-05 4:43 
GeneralRe: Sysinternals ProcessExplorer Pin
Alex Orovetskiy5-Dec-05 7:39
Alex Orovetskiy5-Dec-05 7:39 
QuestionComments ? Suggestions ? Bug reports ? Pin
Alex Orovetskiy2-Dec-05 23:49
Alex Orovetskiy2-Dec-05 23:49 
AnswerRe: Comments ? Suggestions ? Bug reports ? Pin
Pepsibot28-Oct-07 18:06
Pepsibot28-Oct-07 18:06 
GeneralExcellent Tool Pin
DerMeister2-Dec-05 23:48
DerMeister2-Dec-05 23:48 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.