EnumProcessModules for WinNT/2000/XP Module32First Module32Next ... ToolHelp functions for Win9X
Taking a Snapshot and Viewing ProcessesThe following example obtains a list of running processes. First, the GetProcessList function takes a snapshot of the currently executing processes in the system using the CreateToolhelp32Snapshot function, then it walks through the list recorded in the snapshot, using the Process32First and Process32Next functions. For each process, the function calls GetProcessModule, which is defined in Traversing the module list. #include <windows.h> #include <tlhelp32.h> #include <stdio.h>BOOL GetProcessList () { HANDLE hProcessSnap = NULL; BOOL bRet = FALSE; PROCESSENTRY32 pe32 = {0};
// Take a snapshot of all processes in the system. hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcessSnap == (HANDLE)-1) return (FALSE);
// Fill in the size of the structure before using it. pe32.dwSize = sizeof(PROCESSENTRY32);
// Walk the snapshot of the processes, and for each process, // display information. if (Process32First(hProcessSnap, &pe32)) { DWORD dwPriorityClass; BOOL bGotModule = FALSE; MODULEENTRY32 me32 = {0};
do { bGotModule = GetProcessModule(pe32.th32ProcessID, pe32.th32ModuleID, &me32, sizeof(MODULEENTRY32)); if (bGotModule) { HANDLE hProcess;
// Get the actual priority class. hProcess = OpenProcess (PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID); dwPriorityClass = GetPriorityClass (hProcess); CloseHandle (hProcess); // Print the process's information. printf( "\nPriority Class Base\t%d\n", pe32.pcPriClassBase); printf( "PID\t\t\t%d\n", pe32.th32ProcessID); printf( "Thread Count\t\t%d\n", pe32.cntThreads); printf( "Module Name\t\t%s\n", me32.szModule); printf( "Full Path\t\t%s\n\n", me32.szExePath); } } while (Process32Next(hProcessSnap, &pe32)); bRet = TRUE; } else bRet = FALSE; // could not walk the list of processes
// Do not forget to clean up the snapshot object. CloseHandle (hProcessSnap); return (bRet); }
Traversing the Thread ListThe following example obtains a list of running threads for the specified process. First, the RefreshThreadList function takes a snapshot of the currently executing threads in the system using the CreateToolhelp32Snapshot function, then it walks through the list recorded in the snapshot, using the Thread32First and Thread32Next functions. The parameter for RefreshThreadList is the identifier of the process whose threads will be listed. #include <windows.h> #include <tlhelp32.h> #include <stdio.h>BOOL RefreshThreadList (DWORD dwOwnerPID) { HANDLE hThreadSnap = NULL; BOOL bRet = FALSE; THREADENTRY32 te32 = {0};
// Take a snapshot of all threads currently in the system. hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); if (hThreadSnap == (HANDLE)-1) return (FALSE);
// Fill in the size of the structure before using it. te32.dwSize = sizeof(THREADENTRY32);
// Walk the thread snapshot to find all threads of the process. // If the thread belongs to the process, add its information // to the display list.
if (Thread32First(hThreadSnap, &te32)) { do { if (te32.th32OwnerProcessID == dwOwnerPID) { printf( "\nTID\t\t%d\n", te32.th32ThreadID); printf( "Owner PID\t%d\n", te32.th32OwnerProcessID); printf( "Delta Priority\t%d\n", te32.tpDeltaPri); printf( "Base Priority\t%d\n", te32.tpBasePri); } } while (Thread32Next(hThreadSnap, &te32)); bRet = TRUE; } else bRet = FALSE; // could not walk the list of threads
// Do not forget to clean up the snapshot object. CloseHandle (hThreadSnap);
return (bRet); }
Traversing the Module ListThe following example obtains a list of modules for the specified process. First, the GetProcessModule function takes a snapshot of the system using the CreateToolhelp32Snapshot function, then it walks through the list recorded in the snapshot, using the Module32First and Module32Next functions. The parameters for GetProcessModule are as follows: dwPID Identifier of the process that owns the module whose information will be retrieved. dwModuleID Tool help identifier of the process module. lpMe32 Structure that receives data about the module. cbMe32 Size of the buffer pointed to by the lpMe32 parameter. #include <windows.h> #include <tlhelp32.h>BOOL GetProcessModule (DWORD dwPID, DWORD dwModuleID, LPMODULEENTRY32 lpMe32, DWORD cbMe32) { BOOL bRet = FALSE; BOOL bFound = FALSE; HANDLE hModuleSnap = NULL; MODULEENTRY32 me32 = {0};
// Take a snapshot of all modules in the specified process. hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID); if (hModuleSnap == (HANDLE)-1) return (FALSE);
// Fill the size of the structure before using it. me32.dwSize = sizeof(MODULEENTRY32);
// Walk the module list of the process, and find the module of // interest. Then copy the information to the buffer pointed // to by lpMe32 so that it can be returned to the caller. if (Module32First(hModuleSnap, &me32)) { do { if (me32.th32ModuleID == dwModuleID) { CopyMemory (lpMe32, &me32, cbMe32); bFound = TRUE; } } while (!bFound && Module32Next(hModuleSnap, &me32));
bRet = bFound; // if this sets bRet to FALSE, dwModuleID // no longer exists in specified process } else bRet = FALSE; // could not walk module list
// Do not forget to clean up the snapshot object. CloseHandle (hModuleSnap);
Module32First Module32Next ... ToolHelp functions for Win9X
#include <tlhelp32.h>
#include <stdio.h>BOOL GetProcessList ()
{
HANDLE hProcessSnap = NULL;
BOOL bRet = FALSE;
PROCESSENTRY32 pe32 = {0};
// Take a snapshot of all processes in the system. hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcessSnap == (HANDLE)-1)
return (FALSE);
// Fill in the size of the structure before using it. pe32.dwSize = sizeof(PROCESSENTRY32);
// Walk the snapshot of the processes, and for each process,
// display information. if (Process32First(hProcessSnap, &pe32))
{
DWORD dwPriorityClass;
BOOL bGotModule = FALSE;
MODULEENTRY32 me32 = {0};
do
{
bGotModule = GetProcessModule(pe32.th32ProcessID,
pe32.th32ModuleID, &me32, sizeof(MODULEENTRY32)); if (bGotModule)
{
HANDLE hProcess;
// Get the actual priority class.
hProcess = OpenProcess (PROCESS_ALL_ACCESS,
FALSE, pe32.th32ProcessID);
dwPriorityClass = GetPriorityClass (hProcess);
CloseHandle (hProcess); // Print the process's information.
printf( "\nPriority Class Base\t%d\n",
pe32.pcPriClassBase);
printf( "PID\t\t\t%d\n", pe32.th32ProcessID);
printf( "Thread Count\t\t%d\n", pe32.cntThreads);
printf( "Module Name\t\t%s\n", me32.szModule);
printf( "Full Path\t\t%s\n\n", me32.szExePath);
}
}
while (Process32Next(hProcessSnap, &pe32));
bRet = TRUE;
}
else
bRet = FALSE; // could not walk the list of processes
// Do not forget to clean up the snapshot object. CloseHandle (hProcessSnap);
return (bRet);
}
#include <tlhelp32.h>
#include <stdio.h>BOOL RefreshThreadList (DWORD dwOwnerPID)
{
HANDLE hThreadSnap = NULL;
BOOL bRet = FALSE;
THREADENTRY32 te32 = {0};
// Take a snapshot of all threads currently in the system. hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == (HANDLE)-1)
return (FALSE);
// Fill in the size of the structure before using it. te32.dwSize = sizeof(THREADENTRY32);
// Walk the thread snapshot to find all threads of the process.
// If the thread belongs to the process, add its information
// to the display list.
if (Thread32First(hThreadSnap, &te32))
{
do
{
if (te32.th32OwnerProcessID == dwOwnerPID)
{
printf( "\nTID\t\t%d\n", te32.th32ThreadID);
printf( "Owner PID\t%d\n", te32.th32OwnerProcessID);
printf( "Delta Priority\t%d\n", te32.tpDeltaPri);
printf( "Base Priority\t%d\n", te32.tpBasePri);
}
}
while (Thread32Next(hThreadSnap, &te32));
bRet = TRUE;
}
else
bRet = FALSE; // could not walk the list of threads
// Do not forget to clean up the snapshot object. CloseHandle (hThreadSnap);
return (bRet);
}
Identifier of the process that owns the module whose information will be retrieved.
dwModuleID
Tool help identifier of the process module.
lpMe32
Structure that receives data about the module.
cbMe32
Size of the buffer pointed to by the lpMe32 parameter.
#include <windows.h>
#include <tlhelp32.h>BOOL GetProcessModule (DWORD dwPID, DWORD dwModuleID,
LPMODULEENTRY32 lpMe32, DWORD cbMe32)
{
BOOL bRet = FALSE;
BOOL bFound = FALSE;
HANDLE hModuleSnap = NULL;
MODULEENTRY32 me32 = {0};
// Take a snapshot of all modules in the specified process. hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if (hModuleSnap == (HANDLE)-1)
return (FALSE);
// Fill the size of the structure before using it. me32.dwSize = sizeof(MODULEENTRY32);
// Walk the module list of the process, and find the module of
// interest. Then copy the information to the buffer pointed
// to by lpMe32 so that it can be returned to the caller. if (Module32First(hModuleSnap, &me32))
{
do
{
if (me32.th32ModuleID == dwModuleID)
{
CopyMemory (lpMe32, &me32, cbMe32);
bFound = TRUE;
}
}
while (!bFound && Module32Next(hModuleSnap, &me32));
bRet = bFound; // if this sets bRet to FALSE, dwModuleID
// no longer exists in specified process
}
else
bRet = FALSE; // could not walk module list
// Do not forget to clean up the snapshot object. CloseHandle (hModuleSnap);
return (bRet);
}