  2009-05-28
List process id from task manager
#include <windows.h> #include <stdio.h> #include <tlhelp32.h> #include <vdmdbg.h> typedef BOOL (CALLBACK *PROCENUMPROC)(DWORD, WORD, LPSTR, LPARAM); typedef struct { DWORD dwPID; PROCENUMPROC lpProc; DWORD lParam; BOOL bEnd; } EnumInfoStruct; BOOL WINAPI EnumProcs(PROCENUMPROC lpProc, LPARAM lParam); BOOL WINAPI Enum16(DWORD dwThreadId, WORD hMod16, WORD hTask16, PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined); BOOL WINAPI EnumProcs(PROCENUMPROC lpProc, LPARAM lParam) { OSVERSIONINFO osver; HINSTANCE hInstLib = NULL; HINSTANCE hInstLib2 = NULL; HANDLE hSnapShot = NULL; LPDWORD lpdwPIDs = NULL; PROCESSENTRY32 procentry; BOOL bFlag; DWORD dwSize; DWORD dwSize2; DWORD dwIndex; HMODULE hMod; HANDLE hProcess; char szFileName[MAX_PATH]; EnumInfoStruct sInfo; // ToolHelp Function Pointers. HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD, DWORD); BOOL (WINAPI *lpfProcess32First)(HANDLE, LPPROCESSENTRY32); BOOL (WINAPI *lpfProcess32Next)(HANDLE, LPPROCESSENTRY32); // PSAPI Function Pointers. BOOL (WINAPI *lpfEnumProcesses)(DWORD *, DWORD, DWORD *); BOOL (WINAPI *lpfEnumProcessModules)(HANDLE, HMODULE *, DWORD, LPDWORD); DWORD (WINAPI *lpfGetModuleBaseName)(HANDLE, HMODULE, LPTSTR, DWORD); // VDMDBG Function Pointers. INT (WINAPI *lpfVDMEnumTaskWOWEx)(DWORD, TASKENUMPROCEX, LPARAM); // Retrieve the OS version osver.dwOSVersionInfoSize = sizeof(osver); if (!GetVersionEx(&osver)) return FALSE; // If Windows NT 4.0 if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT && osver.dwMajorVersion == 4) { __try { // Get the procedure addresses explicitly. We do // this so we don't have to worry about modules // failing to load under OSes other than Windows NT 4.0 // because references to PSAPI.DLL can't be resolved. hInstLib = LoadLibraryA("PSAPI.DLL"); if (hInstLib == NULL) __leave; hInstLib2 = LoadLibraryA("VDMDBG.DLL"); if (hInstLib2 == NULL) __leave; // Get procedure addresses. lpfEnumProcesses = (BOOL (WINAPI *)(DWORD *, DWORD, DWORD*)) GetProcAddress(hInstLib, "EnumProcesses"); lpfEnumProcessModules = (BOOL (WINAPI *)(HANDLE, HMODULE *, DWORD, LPDWORD)) GetProcAddress(hInstLib, "EnumProcessModules"); lpfGetModuleBaseName = (DWORD (WINAPI *)(HANDLE, HMODULE, LPTSTR, DWORD)) GetProcAddress(hInstLib, "GetModuleBaseNameA"); lpfVDMEnumTaskWOWEx = (INT (WINAPI *)(DWORD, TASKENUMPROCEX, LPARAM)) GetProcAddress(hInstLib2, "VDMEnumTaskWOWEx"); if (lpfEnumProcesses == NULL || lpfEnumProcessModules == NULL || lpfGetModuleBaseName == NULL || lpfVDMEnumTaskWOWEx == NULL) __leave; // // Call the PSAPI function EnumProcesses to get all of the // ProcID's currently in the system. // // NOTE: In the documentation, the third parameter of // EnumProcesses is named cbNeeded, which implies that you // can call the function once to find out how much space to // allocate for a buffer and again to fill the buffer. // This is not the case. The cbNeeded parameter returns // the number of PIDs returned, so if your buffer size is // zero cbNeeded returns zero. // // NOTE: The "HeapAlloc" loop here ensures that we // actually allocate a buffer large enough for all the // PIDs in the system. // dwSize2 = 256 * sizeof(DWORD); do { if (lpdwPIDs) { HeapFree(GetProcessHeap(), 0, lpdwPIDs); dwSize2 *= 2; } lpdwPIDs = (LPDWORD) HeapAlloc(GetProcessHeap(), 0, dwSize2); if (lpdwPIDs == NULL) __leave; if (!lpfEnumProcesses(lpdwPIDs, dwSize2, &dwSize)) __leave; } while (dwSize == dwSize2); // How many ProcID's did we get? dwSize /= sizeof(DWORD); // Loop through each ProcID. for (dwIndex = 0; dwIndex < dwSize; dwIndex++) { szFileName[0] = 0; // Open the process (if we can... security does not // permit every process in the system to be opened). hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, lpdwPIDs[dwIndex]); if (hProcess != NULL) { // Here we call EnumProcessModules to get only the // first module in the process. This will be the // EXE module for which we will retrieve the name. if (lpfEnumProcessModules(hProcess, &hMod, sizeof(hMod), &dwSize2)) { // Get the module name if (!lpfGetModuleBaseName(hProcess, hMod, szFileName, sizeof(szFileName))) szFileName[0] = 0; } CloseHandle(hProcess); } // Regardless of OpenProcess success or failure, we // still call the enum func with the ProcID. if (!lpProc(lpdwPIDs[dwIndex], 0, szFileName, lParam)) break; // Did we just bump into an NTVDM? if (_stricmp(szFileName, "NTVDM.EXE") == 0) { // Fill in some info for the 16-bit enum proc. sInfo.dwPID = lpdwPIDs[dwIndex]; sInfo.lpProc = lpProc; sInfo.lParam = (DWORD) lParam; sInfo.bEnd = FALSE; // Enum the 16-bit stuff. lpfVDMEnumTaskWOWEx(lpdwPIDs[dwIndex], (TASKENUMPROCEX) Enum16, (LPARAM) &sInfo); // Did our main enum func say quit? if (sInfo.bEnd) break; } } } __finally { if (hInstLib) FreeLibrary(hInstLib); if (hInstLib2) FreeLibrary(hInstLib2); if (lpdwPIDs) HeapFree(GetProcessHeap(), 0, lpdwPIDs); } // If any OS other than Windows NT 4.0. } else if (osver.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS || (osver.dwPlatformId == VER_PLATFORM_WIN32_NT && osver.dwMajorVersion > 4)) { __try { hInstLib = LoadLibraryA("Kernel32.DLL"); if (hInstLib == NULL) __leave; // If NT-based OS, load VDMDBG.DLL. if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT) { hInstLib2 = LoadLibraryA("VDMDBG.DLL"); if (hInstLib2 == NULL) __leave; } // Get procedure addresses. We are linking to // these functions explicitly, because a module using // this code would fail to load under Windows NT, // which does not have the Toolhelp32 // functions in KERNEL32.DLL. lpfCreateToolhelp32Snapshot = (HANDLE (WINAPI *)(DWORD,DWORD)) GetProcAddress(hInstLib, "CreateToolhelp32Snapshot"); lpfProcess32First = (BOOL (WINAPI *)(HANDLE,LPPROCESSENTRY32)) GetProcAddress(hInstLib, "Process32First"); lpfProcess32Next = (BOOL (WINAPI *)(HANDLE,LPPROCESSENTRY32)) GetProcAddress(hInstLib, "Process32Next"); if (lpfProcess32Next == NULL || lpfProcess32First == NULL || lpfCreateToolhelp32Snapshot == NULL)
