Login | Register

Process '& Module Enumeration Class

Posted by JaeKi Lee on February 9th, 2000

This article presents a class (CPSAPI) which can be used to enumerate all of the processes, modules and even device drivers currently executing on either a Windows 9x or Windows NT machine.

As you can see in the provided demo application, this class is extremely easy to use. All you need to is the following:

  • Derive a class from the CPSAPI base class
  • Implement the derived class' OnXXX method that correlates to the desired function:
    • virtual BOOL OnDeviceDriver(LPVOID lpImageBase);
    • virtual BOOL OnProcess(LPCTSTR lpszFileName, DWORD ProcessID);
    • virtual BOOL OnModule(HMODULE hModule, LPCTSTR lpszModuleName, LPCTSTR lpszPathName);
  • Instantiate your object
  • Call the object's Initialize method
  • Call the desired enumeration function:
    • BOOL EnumDeviceDrivers(void);
    • BOOL EnumProcesses(void);
    • BOOL EnumProcessModules(DWORD dwProcessId);

If this sounds a bit difficult, not to worry. A demo application I included with this article illustrates how to do all this.

Downloads

Download demo project - 19 Kb

IT Offers

Comments

  • Process ID & ATTRIBUTES ???

    Posted by Legacy on 12/23/2003 12:00am

    Originally posted by: Dino

    Hello im an IT student & currently following OS as a subject... I would like to know how to get da Process ID & process attributes of a running process. Is thereAny methods to be used ?? in windows 2000 ofcourse Thankx in advance !!

    Reply

  • how to get parent process ID on Winnt 4.0

    Posted by Legacy on 07/15/2003 12:00am

    Originally posted by: Joseph

    how to get parent process ID on Winnt 4.0
    welcome provide a solution...... wait for Hi cracke

    Reply

  • Minor bug in 'EnumProcessModules()'

    Posted by Legacy on 06/09/2003 12:00am

    Originally posted by: Robert 

    The following code:


    pModule32First(snapshot, &module);

    if ( OnModule(module.hModule, module.szExePath, module.szModule) == FALSE )

    {

    	CloseHandle(snapshot);

    	return TRUE;

    }


    The returnvalue from Module32First is ignored, and if the process has no modules (yes this is possible) 

    we get old or invalid module info sent to OnModule.


    Cheers.

    /Robert

    Reply

  • how can I know a port is opened by which process ?

    Posted by Legacy on 05/24/2003 12:00am

    Originally posted by: woo

    There is a lot's of applitcation started when my OS boot. Some of these app open a TCP port on my computer, I wish somebody tell me how can I know a port is opened by which process ?

    I wish I Know any answer for this question,too.

    Reply

  • How to enumerate the currently opened windows?

    Posted by Legacy on 02/25/2003 12:00am

    Originally posted by: John Lu

    I have a exe file, and I want to know whether it is running, if it is running, I also want to get it's hwnd. How to do it?

    Reply

  • How to find the status of an Application/Process

    Posted by Legacy on 10/04/2001 12:00am

    Originally posted by: Ovais 

    Your article and code was very helpful. Can I somehow find the status of an application, whether it is running or hanged (Not Responding) as reported by Task Manager in Windows NT.


    Thanks in advance.

    Reply

  • About process and it's open port...

    Posted by Legacy on 08/20/2001 12:00am

    Originally posted by: Billy

    Hi all

    There is a lot's of applitcation started when my OS boot. Some of these app open a TCP port on my computer, I wish somebody tell me how can I know a port is opened by which process ?

    Reply

  • How can I end tasks?

    Posted by Legacy on 12/15/2000 12:00am

    Originally posted by: ThoWa

    I'm looking for a solution to end a task under WinNT4.0 like it is possible with the task manager.

    Reply

  • Slight modification needed for Windows 2000

    Posted by Legacy on 11/24/2000 12:00am

    Originally posted by: Sarbendu Paul 

    In a Windows 2000 machine, the the name of the process found may not contain the total path of the process.The process name found may also not have all letters in caps.


    

    For eg.,

      What may appear as "C:\WINDOWS\SYSTEM\BEAUTY.EXE" in other OS, in Win 2000 it may appear as only "beauty.exe".


    So, if your objective is to know whether a particular process is running, you can do 2 things :


      1.When searching for the process "beauty.exe",

     search for all combinations like "BEAUTY.EXE","Beauty.exe","beauty.exe"  in the name of the process.


      2.An alternative way is to use the MakeUpper or MakeLower function of CString class and then search for the process name.

    Reply

  • WMI and processes

    Posted by Legacy on 05/25/2000 12:00am

    Originally posted by: tig 

    Now one can enumerate processes on Win9x, WinNT or Win2000 machines using new Microsoft technology WMI.

    It's a set of COM interfaces that are very easy to use and give full information about working processes on local or remote computer.

    With minor chages you can easely get information on anything on computer (threads, hard disks, heat pipe cooling devices... etc.).


    Here's a small sample, showing how to enumerate processes on local computer :


    /*********************************************/

    //CApssEnum definition

    /*********************************************/

    class CAppsEnum  

    {

    public:

    	CAppsEnum();

    	virtual ~CAppsEnum();


    public:

      bool Enum();

      bool Next();

      bool GetProperty(IN OLECHAR*, OUT VARIANT*);


    protected:

    	bool Connect();

      void Free_IEnum();


    protected:

      IWbemServices *m_pIWbemServices;

      IEnumWbemClassObject *m_pEnumStorageProcesses;

      IWbemClassObject* m_pStorageProc;

      CString m_namespace;

    };


    /*********************************************/

    //CApssEnum implementation

    /*********************************************/

    CAppsEnum::CAppsEnum()

    {

      m_pStorageProc = NULL;

      m_pIWbemServices = NULL;

      m_pEnumStorageProcesses = NULL;

      m_namespace = _T("\\\\.\\root\\cimv2");

      Connect();

    }


    CAppsEnum::~CAppsEnum()

    {

      Free_IEnum();

      if(m_pIWbemServices)

        m_pIWbemServices -> Release();

    }


    bool CAppsEnum::Connect()

    {

      bool bRet = true;

      IWbemLocator *pIWbemLocator = NULL;

      if(CoCreateInstance(CLSID_WbemLocator,

            NULL,

            CLSCTX_INPROC_SERVER,

            IID_IWbemLocator,

            (LPVOID*)&pIWbemLocator) == S_OK)

      {

        if(m_pIWbemServices)

          m_pIWbemServices -> Release();


        BSTR pNamespace = m_namespace.AllocSysString();


        if(pIWbemLocator -> ConnectServer(pNamespace, NULL,

          NULL, 0L, 0L, NULL, NULL, &m_pIWbemServices) != S_OK)

        {

          bRet = false;

          AfxMessageBox(_T("Bad namespace"));

        }


        SysFreeString(pNamespace);

        pIWbemLocator -> Release(); 


        CoSetProxyBlanket(m_pIWbemServices,

          RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, NULL,

          RPC_C_AUTHN_LEVEL_CALL,

          RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE);

      }

      else

      {

        bRet = false;

        AfxMessageBox(_T("Failed to create IWbemLocator

          object"));

      }

      return bRet;

    }


    bool CAppsEnum::Enum()

    {

      Free_IEnum();

      BSTR className = SysAllocString(L"Win32_Process");


      HRESULT hRes = m_pIWbemServices -> CreateInstanceEnum(

        className, 0, NULL, &m_pEnumStorageProcesses);


      return SUCCEEDED(hRes);

    }


    bool CAppsEnum::Next()

    {

      ULONG uReturned = 1;


      if(m_pStorageProc)

      {

        m_pStorageProc -> Release();

        m_pStorageProc = NULL;

      }


      HRESULT hRes = m_pEnumStorageProcesses -> Next(

        2000,  1,  &m_pStorageProc,  &uReturned);


      return SUCCEEDED(hRes) && uReturned;

    }


    void CAppsEnum::Free_IEnum()

    {

      if(m_pStorageProc)

      {

        m_pStorageProc -> Release();

        m_pStorageProc = NULL;

      }


      if(m_pEnumStorageProcesses)

      {

        m_pEnumStorageProcesses -> Release();

        m_pEnumStorageProcesses = NULL;

      }

    }


    bool CAppsEnum::GetProperty(OLECHAR* popertyname, VARIANT *pVal)

    {

      VariantClear(pVal);

      BSTR propName = SysAllocString(popertyname);


      HRESULT hRes = m_pStorageProc -> Get(

        propName, 0L, pVal, NULL, NULL);


      return SUCCEEDED(hRes);

    }

    Reply

  • Loading, Please Wait ...

Leave a Comment
  • Your email address will not be published. All fields are required.

Go Deeper

  • Security for a Faster World
    Enterprise security threats are growing in complexity and scope, and the culprits are constantly evolving. It is no longer sufficient to …
  • Advanced CRM: Answering Unique Business Needs
    Off the rack CRM doesn't fit every business. Are you better off with a customized solution that addresses your unique business challenges? …
  • Coping in the Chaos?
    The number, complexity, and diversity of cyber threats are soaring. Businesses are increasingly concerned about the risks they face and 91% …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds