listing_20processes

Listing processes

by Michael Hicks, June 2007

The Microsoft Windows API call “CreateToolhelp32Snapshot” takes, as its name suggests, a “snapshot” of the processes (programs) running. Each process may spawn multiple “threads”. This code lists the running processes and provides various other details of the process such as the “process ID”, the number of threads and the other “modules” (dynamic link libraries) used by the process. To keep the code short, there is no error handling. For more details about “CreateToolhelp32Snapshot” see the MSDN documentation.

        _PROCESS_ALL_ACCESS = &1F0FFF
        _MAX_PATH = 512
        _MAX_MOD_NAME = 255
 
        DIM pe32{dwSize%, cntUsage%, th32ProcessID%, th32DefaultHeapID%, \
        \ th32ModuleID%, cntThreads%, th32ParentProcessID%, pcPriClassBase%, \
        \ dwFlags%, szExeFile&(_MAX_PATH) }
 
        DIM me32{dwSize%, th32ModuleID%, th32ProcessID%, GlblcntUsage%, \
        \ ProccntUsage%, modBaseAddr%, modBaseSize%, hModule%, \
        \ szModule&(_MAX_MOD_NAME), szExePath&(_MAX_PATH) }
 
        pe32.dwSize% = DIM(pe32{})
 
        SYS "CreateToolhelp32Snapshot", 2, 0 TO hProcessSnap%
        SYS "Process32First", hProcessSnap%, pe32{}
 
        file$ = @tmp$ + "output.txt" : REM create an output file in temp directory
        OSCLI "SPOOL """ + file$ + """"
        REPEAT
          PRINT "======================================"
          PRINT "Process Name", pe32.szExeFile&()
          PRINT "======================================"
 
          SYS "OpenProcess", _PROCESS_ALL_ACCESS, pe32.th32ProcessID% TO hProcess%
          SYS "GetPriorityClass", hProcess% TO dwPriorityClass%
          SYS "CloseHandle", hProcess%
 
          PRINT "Process ID ", pe32.th32ProcessID%
          PRINT "Thread Count", pe32.cntThreads%
          PRINT "Parent Process ID", pe32.th32ParentProcessID%
          PRINT "Priority Base", pe32.pcPriClassBase%
          PRINT "Priority Class", dwPriorityClass%
 
          PROCListProcessModules(pe32.th32ProcessID%)
          SYS "Process32Next", hProcessSnap%, pe32{} TO res%
          PRINT '
        UNTIL res% = 0
 
        SYS "CloseHandle", hProcessSnap%
        *SPOOL
        OSCLI "RUN Notepad.exe """ + file$ + """;"
        END
 
        DEF PROCListProcessModules(pid%)
        LOCAL hModuleSnap%, n%, res%
        SYS "CreateToolhelp32Snapshot", 8, pid% TO hModuleSnap%
        IF hModuleSnap% = -1 ENDPROC
        me32.dwSize% = DIM(me32{})
        SYS "Module32First", hModuleSnap%, me32{}
        PRINT "----------------"
        PRINT "    Modules"
        PRINT "----------------"
        PRINT "Exe Path", me32.szExePath&()
 
        n% = 1
        REPEAT
          PRINT STR$(n%), me32.szModule&()
          SYS "Module32Next", hModuleSnap%, me32{} TO res%
          n% += 1
        UNTIL res% = 0
        SYS "CloseHandle", hModuleSnap%
        ENDPROC