|Author:||Eric Aling (19 jun 2000)|
Sometimes you have the need to see what is running on your machine. In the past I created a service and I had to detect if a user was logged on or not on the NT workstation the service was running on. The only way to detect this is to see if 'explorer.exe' was running. Therefore I had to create this processlist function. I hope you can use this for your own development.
From the Microsoft developers network:
This article illustrates how you can list the processes that are currently running on a computer. The approach is different for Windows 95/98 and Windows NT; this article illustrates both solutions. This situation requires that you first test to see which version of Windows is in use. Once that determination is made, the correct code can then be run to examine and list the current processes. On Windows NT, requests for information on some system processes may be denied for security or other related reasons. The approach taken in this article will ignore any process that cannot be accessed.
That's sounds ok but what does it mean. It means that you have to code different pieces depending on what OS you're running. On Win95 and 98, you can use three functions to get all the running processes:
CreateToolhelp32Snapshot - this function returns a snapshot of the system
Process32First - this function returns info of the first process of a given snapshot, including the exe name
Process32Next - the function returns info of the next processes of the same snapshot
Simple and easy to implement. But for NT it is a different story as you will see when you examine the code. First of all, you need an external DLL, PSAPI.DLL. This DLL contains several functions you need. Without this DLL, you cannot retrieve info about running processes.
These are the functions you need:
EnumProcesses - this function returns info about the number of process that are currently running, including ProcessId's
OpenProcess - with this function we can retrieve information of a given process
EnumProcessModules - with that info, we'll get the module belonging to the process
GetModuleBaseName - and finally, we get the exe name.
As you see, different approaches for different OS's. With the NT solution, some calls of the different functions may fail. This is in most cases due to security-reasons. Check out the code!