User Tools

Site Tools


Listing processes

by Michael Hicks, June 2007

The Microsoft Windows API call “CreateToolhelp32Snapshot” takes, as its name suggests, a “snapshot” of the processes (programs) running. Each process may spawn multiple “threads”. This code lists the running processes and provides various other details of the process such as the “process ID”, the number of threads and the other “modules” (dynamic link libraries) used by the process. To keep the code short, there is no error handling. For more details about “CreateToolhelp32Snapshot” see the MSDN documentation.

        _MAX_PATH = 512
        _MAX_MOD_NAME = 255
        DIM pe32{dwSize%, cntUsage%, th32ProcessID%, th32DefaultHeapID%, \
        \ th32ModuleID%, cntThreads%, th32ParentProcessID%, pcPriClassBase%, \
        \ dwFlags%, szExeFile&(_MAX_PATH) }
        DIM me32{dwSize%, th32ModuleID%, th32ProcessID%, GlblcntUsage%, \
        \ ProccntUsage%, modBaseAddr%, modBaseSize%, hModule%, \
        \ szModule&(_MAX_MOD_NAME), szExePath&(_MAX_PATH) }
        pe32.dwSize% = DIM(pe32{})
        SYS "CreateToolhelp32Snapshot", 2, 0 TO hProcessSnap%
        SYS "Process32First", hProcessSnap%, pe32{}
        file$ = @tmp$ + "output.txt" : REM create an output file in temp directory
        OSCLI "SPOOL """ + file$ + """"
          PRINT "======================================"
          PRINT "Process Name", pe32.szExeFile&()
          PRINT "======================================"
          SYS "OpenProcess", _PROCESS_ALL_ACCESS, pe32.th32ProcessID% TO hProcess%
          SYS "GetPriorityClass", hProcess% TO dwPriorityClass%
          SYS "CloseHandle", hProcess%
          PRINT "Process ID ", pe32.th32ProcessID%
          PRINT "Thread Count", pe32.cntThreads%
          PRINT "Parent Process ID", pe32.th32ParentProcessID%
          PRINT "Priority Base", pe32.pcPriClassBase%
          PRINT "Priority Class", dwPriorityClass%
          SYS "Process32Next", hProcessSnap%, pe32{} TO res%
          PRINT '
        UNTIL res% = 0
        SYS "CloseHandle", hProcessSnap%
        OSCLI "RUN Notepad.exe """ + file$ + """;"
        DEF PROCListProcessModules(pid%)
        LOCAL hModuleSnap%, n%, res%
        SYS "CreateToolhelp32Snapshot", 8, pid% TO hModuleSnap%
        IF hModuleSnap% = -1 ENDPROC
        me32.dwSize% = DIM(me32{})
        SYS "Module32First", hModuleSnap%, me32{}
        PRINT "----------------"
        PRINT "    Modules"
        PRINT "----------------"
        PRINT "Exe Path", me32.szExePath&()
        n% = 1
          PRINT STR$(n%), me32.szModule&()
          SYS "Module32Next", hModuleSnap%, me32{} TO res%
          n% += 1
        UNTIL res% = 0
        SYS "CloseHandle", hModuleSnap%
This website uses cookies for visitor traffic analysis. By using the website, you agree with storing the cookies on your computer.More information
listing_20processes.txt · Last modified: 2018/04/15 10:48 by richardrussell