Announcement

Collapse
No announcement yet.

Processes Running

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cliff Nichols
    replied
    Thankfully not FULLY corrupted yet though cause SYSINTERNALS is tooo good not to pass up.

    More than once the tools have solved a wicked hawd problem for me.


    I hope it remains for a LOOOOOOOOOOOOOOOOONNNNNNNNNNNnnnnnnnnnnnnnnnnnnnnnnnnnnnng time to come

    Leave a comment:


  • Scott Turchin
    replied
    Just an FYI - Microsoft bought Systernals - they have an AWESOME process explorer, shows exe's shelled out from the parent etc.....

    THere may be source code out there for that still, although Microsoft has probably closed that since purchasing it.

    Download's on MS's site, look for "PRocess Explorer".

    Leave a comment:


  • Gösta H. Lovgren-2
    replied
    Updated code

    At the risk of repeating myself and unable to edit the posting above, I had occasion to revisit the code today and made the output file more organized:

    Originally posted by Gösta H. Lovgren-2 View Post
    ...
    What it does now is create a date and time file of services in a specific folder so if some aberrant behavior developes (virus? rogue? ...?), one can compare services running before (say at startup on a good day) with what's running currently.

    Now it's easy (for me) to clip out a service and Google it to see if it's necessary.
    '
    Code:
    'http://www.powerbasic.com/support/pbforums/showthread.php?t=14206&highlight=running+processes
    ' by Jim Seekamp                                             
    'modified for file by Swede
    
    #Compile Exe
    #Dim All 
    #Include "win32api.inc"
    $Foldr = "C:\Processes_Running\" '<-- Change to suit yourself
    Type processentry32
         dwSize As Dword
         cntUsage As Dword
         th32ProcessID As Dword
         th32DefaultHeapID As Long Ptr
         th32ModuleID As Dword
         cntThreads As Dword
         th32ParentProcessID As Dword
         pcPriClassBase As Long
         dwFlags As Dword
         szExeFile As Asciiz*%max_path
    End Type
    Type Process_Array
       Sort As String * %Max_path
       Nam As String * 100 'way big but who cares
       Folder As String * 250
       Extension As String * 10 'should be plenty
    End Type
    Declare Function enumprocesses(Dword,ByVal Dword,Dword) As Long
    Declare Function getmodulefilenameex(ByVal Dword,ByVal Dword,Asciiz,ByVal Dword) As Dword
    Declare Function enumprocessmodules(ByVal Dword,ByRef Dword,ByVal Dword,Dword) As Long
    Macro pf = Print #ff, 
    Macro Sort_By_Name
       For ctr = LBound(Loaded()) To UBound(Loaded())
           Loaded(ctr).Sort = UCase$(Loaded(ctr).Nam)
       Next ctr                              
       Array Sort Loaded()
    End Macro
    Macro Sort_By_Folder
       For ctr = LBound(Loaded()) To UBound(Loaded())
           Loaded(ctr).Sort = UCase$(Loaded(ctr).Folder)
       Next ctr                              
       Array Sort Loaded()
    End Macro
    Macro Sort_By_Extension
       For ctr = LBound(Loaded()) To UBound(Loaded())
           Loaded(ctr).Sort = UCase$(Loaded(ctr).Extension) & _
                              UCase$(Loaded(ctr).Nam)
       Next ctr                              
       Array Sort Loaded()
    End Macro
     
    Function PBMain() As Long
    
         Dim proc As processentry32
         Local b$, lResult&, _
               hpsapidll???, _
               henumprocesses???, _
               hgetmodulefilenameex???, _
               henumprocessmodules???, _
               cb???, _
               cbneeded???, _
               processids???()
         'Local Loaded()
         Dim Loaded(0)   As Process_Array      
         b$=""
         Do
           hpsapidll???=GetModuleHandle("psapi.dll")
           If hpsapidll???=0 Then hpsapidll???=LoadLibrary("psapi.dll")
           henumprocesses???=GetProcAddress(hpsapidll???,"EnumProcesses")
           hgetmodulefilenameex???=GetProcAddress(hpsapidll???,"GetModuleFileNameExA")
           henumprocessmodules???=GetProcAddress(hpsapidll???,"EnumProcessModules")
           cb???=100
           Do
             ReDim processids???(1 To (cb???/4))
             Call Dword henumprocesses??? Using enumprocesses(processids???(1),cb???,cbneeded???) To lresult&
             If cb???>cbneeded??? Then Exit Loop
             cb???=cb???*2
           Loop
           Local nprocesses&
           nprocesses&=cbneeded???/4
           Local i&
           For i&=1 To nprocesses&
             Local hprocess&
             hprocess&=OpenProcess(%PROCESS_QUERY_INFORMATION Or %PROCESS_VM_READ,%false,processids???(i&))
             If hprocess&<>0 Then
               cb???=100
               Do           
                 Local modules???()
                 ReDim modules???(1 To (cb???/4))
                 Call Dword henumprocessmodules??? Using enumprocessmodules(hprocess&,modules???(1),cb???,cbneeded???) To lresult&
                 If lresult&=0 Then
                   cbneeded???=0
                   Exit Loop
                 End If
                 If cb???>cbNeeded??? Then
                   Exit Loop
                 Else
                   cb???=cb???*2
                 End If
               Loop
               Local nmodules&
               nmodules&=cbneeded???/4
               Local j&
               For j&=1 To nmodules&
                 Call Dword hgetmodulefilenameex??? Using getmodulefilenameex _
                      (hprocess&,modules???(j&),proc.szexeFile,SizeOf(proc.szexefile)) To lresult&
                 If lresult& Then    
                   Local x$, i1&
                   x$ = UCase$(proc.szexefile)
                   b$=b$+proc.szexefile+Chr$(13,10)
                   
                   ReDim Preserve Loaded(UBound(Loaded())+ 1)
                   Loaded(UBound(Loaded())).Folder = proc.szexefile
                   
                   'get name stripped of folder
                   i1 = InStr(-1, x$, "\")      
                   If i1 Then
                      Loaded(UBound(Loaded())).Nam = Mid$(proc.szexefile, i1 + 1)
                     Else                            
                       Loaded(UBound(Loaded())).Nam = "No Name"
                   End If  
                   'get extension
                   i1 = InStr(-1, x$, ".")      
                   If i1 Then
                      Loaded(UBound(Loaded())).Extension = Mid$(proc.szexefile, i1 + 1)
                     Else                            
                       Loaded(UBound(Loaded())).Nam = "  "
                   End If  
                 End If
               Next j&
               CloseHandle hprocess&
             End If
           Next i&
           Exit Loop
         Loop                
        
         
         Local ff&, fil$, dr$, ctr&
         
         fil$ = $Foldr & _
                Date$ & "---" & Left$(Time$,2) & _
                ".txt"
         'Replace ":" With "-" In fil$ 'in time$ 'remmed out as 
         ff&=FreeFile
         Open fil$ For Output As #ff&
         Pf  ,Using$("#, Processes Loaded on ", UBound(Loaded())) & _
                    Date$ & " @ " & Time$  & $CrLf 
          Pf  ,"Processes that are not DLL's" & $CrLf 
        Sort_By_Name 
         b$ = ""                                          
         Local ctr2&, tmp$, Last_Tmp$, u1$ 
            
          'no DLL's                         
          ctr2 = 1
         For ctr = LBound(Loaded()) + 1 To UBound(Loaded())-1 '+1 as first is blank
            x$ = UCase$(Loaded(ctr).Nam)
            If InStr(x$, "DLL") = 0 Then
              If Loaded(ctr).Nam & Loaded(ctr).Folder = _
                 Loaded(ctr+1).Nam & Loaded(ctr+1).Folder Then
                 Incr ctr2
                Else
                 Pf  Using$("(#) ", ctr2) & Trim$(Loaded(ctr).Nam), Loaded(ctr).Folder 
                 ctr2 = 1
              End If   
            End If
         Next ctr
         Pf  Using$("(#) ", ctr2) & Trim$(Loaded(ctr).Nam), Loaded(ctr).Folder 
         Pf  $CrLf   
           
           
         Sort_By_Folder     
         Pf  ,"All Services Running"
         b$ = ""                  
         Local Proc_cnt&, ctr1&, Dll_cnt&
         Proc_Cnt = 1          
         ctr1 = 1
         For ctr = LBound(Loaded())+ 1 To UBound(Loaded()) - 1
              If Loaded(ctr).Folder = _
                 Loaded(ctr+1).Folder Then
                 Incr ctr2
                Else
                 Pf  Using$("(#) ", ctr2) & Loaded(ctr).Folder 
                 ctr2 = 1
              End If   
         Next ctr 
         Pf  Using$("(#) ", ctr2) & Loaded(ctr).Folder 
         Pf   $CrLf  & $CrLf 
         
         Sort_By_Extension
         pf, ,"Services Running in Extension order"
         ctr1 = 1
         For ctr = LBound(Loaded())+ 1 To UBound(Loaded()) - 1
              If UCase$(Loaded(ctr).Folder) = _
                 UCase$(Loaded(ctr+1).Folder) Then
                 Incr ctr2
                Else
                 Pf  Using$("(#) ", ctr2) & Loaded(ctr).Folder
                 ctr2 = 1
              End If   
         Next ctr   
         Pf  Using$("(#) ", ctr2) & Loaded(ctr).Folder
         pf,  $CrLf  & $CrLf 
         
         
         Close #ff&
         MsgBox   fil$ ,, "All Done!" & Using$(" #, Services in file located:", ctr - 1)  
    End Function
    '

    Leave a comment:


  • Alexander Holzer
    replied
    This is my "terminator"
    Code:
    FUNCTION KillProcess(sProcName AS STRING, _
                         BYVAL bProcToCarryOut AS BYTE) AS BYTE
    
    LOCAL szProcessTitle    AS ASCIIZ * 256
    LOCAL hProcessName      AS LONG
    LOCAL hProcess          AS LONG
    LOCAL hProcessID        AS LONG
    LOCAL hOpen             AS LONG
    LOCAL hKill             AS LONG
    LOCAL PROCESS_TERMINATE AS INTEGER
    LOCAL bTerminate        AS BYTE
    
    ' bProcToCarryOut:
    ' 1 - search and show process with exact name
    ' 2 - search and terminate process with exact name
    ' 11 - search and show process with part of name
    ' 12 - search and terminate first process with part of name
    '
    ' szProcName - allways receive process name
    
    FUNCTION = 0
    bTerminate     = 0
    szProcessTitle = ""
    PROCESS_TERMINATE = &H1
    hProcess = GetDesktopWindow
    hProcess = GetWindow(hProcess, %GW_CHILD)
    DO
        IF hProcess = 0 THEN EXIT DO
        hProcessName = GetWindowText(hProcess, szProcessTitle, 255)
    
        SELECT CASE bProcToCarryOut
            CASE 1
                IF sProcName = szProcessTitle THEN
                    FUNCTION = 1
                    EXIT FUNCTION
                END IF
            CASE 2
                IF sProcName = szProcessTitle THEN bTerminate = 1
            CASE 11
                IF TALLY(UCASE$(szProcessTitle),UCASE$(sProcName)) > 0 THEN
                    sProcName = szProcessTitle
                    FUNCTION = 11
                    EXIT FUNCTION
                END IF
            CASE 12
                IF TALLY(UCASE$(szProcessTitle),UCASE$(sProcName)) > 0 THEN
                    bTerminate = 1
                    sProcName = szProcessTitle
                END IF
        END SELECT
    
        IF bTerminate = 1 THEN
            hProcess = FindWindow("", BYCOPY szProcessTitle)
            GetWindowThreadProcessId hProcess, hProcessID
            hOpen = OpenProcess(PROCESS_TERMINATE, 1, hProcessID)
            hKill = TerminateProcess(hOpen, 0&)
            Closehandle hOpen
            SLEEP 250
            FUNCTION = 255
            EXIT DO
        END IF
    
        hProcess = GetWindow(hProcess, %GW_HWNDNEXT)
    LOOP
    
    END FUNCTION
    Last edited by Alexander Holzer; 11 Jul 2008, 07:19 AM.

    Leave a comment:


  • Wayne Diamond
    replied
    This method uses the Toolhelp32 library (tlhelp32.dll), and works on all Windows platforms from Win95 onwards ...
    Code:
    #COMPILE EXE
    #INCLUDE "win32api.inc"
    #INCLUDE "tlhelp32.inc"
     
    SUB ListProcesses
     LOCAL hSnap AS LONG, p AS LONG, Proc AS PROCESSENTRY32
     hSnap = CreateToolhelp32Snapshot (%TH32CS_SNAPPROCESS, 0&)
     IF hSnap = 0 THEN EXIT SUB
     Proc.dwSize = SIZEOF(Proc)
     p = Process32First (hSnap, Proc)
     WHILE p
         STDOUT STR$(Proc.th32ProcessID) & ": " & Proc.szExefile
         p = Process32Next (hSnap, Proc)
     WEND
     CloseHandle hSnap
    END SUB
     
    FUNCTION PBMAIN() AS LONG
     ListProcesses
     WAITKEY$
    END FUNCTION

    This is the more recommended method, but it doesn't work under Win9x ...
    Code:
    #COMPILE EXE
    #INCLUDE "win32api.inc"
    
    DECLARE FUNCTION EnumProcesses LIB "psapi.dll" ALIAS "EnumProcesses" (lpidProcess AS DWORD, BYVAL cb AS DWORD, cbNeeded AS DWORD) AS LONG
    DECLARE FUNCTION GetModuleFileNameEx LIB "psapi.dll" ALIAS "GetModuleFileNameExA" (BYVAL hProcess AS DWORD, BYVAL hModule AS DWORD, ModuleName AS ASCIIZ, BYVAL nSize AS DWORD) AS DWORD
    DECLARE FUNCTION EnumProcessModules LIB "psapi.dll" ALIAS "EnumProcessModules" (BYVAL hProcess AS DWORD, BYREF lphModule AS DWORD, BYVAL cb AS DWORD, cbNeeded AS DWORD) AS LONG
    
    FUNCTION PBMAIN() AS LONG
        DIM aProcesses(1024) AS DWORD
        LOCAL cbNeeded AS DWORD, cProcesses AS DWORD, i AS LONG, szFile AS ASCIIZ * 1024, hProcess AS LONG, cb AS LONG
        IF ISFALSE EnumProcesses(aProcesses(LBOUND(aProcesses)), (UBOUND(aProcesses) - LBOUND(aProcesses) + 1) * 4, cbNeeded) THEN EXIT FUNCTION
        cb = 100:  cProcesses = cbNeeded \ 4
        FOR i = 0 TO cProcesses - 1
            hProcess = OpenProcess(%PROCESS_QUERY_INFORMATION OR %PROCESS_VM_READ, %False, aProcesses(i))
            IF hProcess THEN
                REDIM Modules(1 TO cb / 4) AS DWORD
                IF EnumProcessModules (hProcess, Modules(1), cb, cbNeeded) THEN
                    GetModuleFileNameEx (hProcess, Modules(1), szFile, SIZEOF(szFile))
                    STDOUT STR$(aProcesses(i)) & ": " & TRIM$(szFile)
                END IF
                CloseHandle hProcess
            ELSE
                STDOUT STR$(aProcesses(i)) & ": <Unknown filename>"
            END IF
        NEXT
    WAITKEY$
    END FUNCTION

    Here is another method which calls NtQuerySystemInformation with the SystemHandleInformation flag to get a list of all handles. It then displays the processID of each handle (you can then expand on that with OpenProcess\GetModuleFileNameEx to get the module filenames etc) ...
    Code:
    #COMPILE EXE
    #INCLUDE "win32api.inc"
    
    DECLARE FUNCTION NtQuerySystemInformation LIB "ntdll.dll" ALIAS "NtQuerySystemInformation" (BYVAL unFlag1 AS DWORD, BYVAL lpvBuffer AS DWORD, BYVAL dwBufferSize AS DWORD, BYVAL unFlag2 AS DWORD) AS DWORD
    
    FUNCTION PBMAIN AS LONG
    ON ERROR RESUME NEXT
        #REGISTER NONE
        REGISTER m_numstructs AS DWORD
        LOCAL m_memptr        AS DWORD PTR
        LOCAL ret_len         AS DWORD
        LOCAL sStr            AS STRING
        LOCAL I               AS LONG
        REGISTER enumI        AS DWORD
        m_memptr = VirtualAlloc(BYVAL %NULL, 100, %MEM_COMMIT, %PAGE_READWRITE)
        IF (NtQuerySystemInformation(BYVAL 16, BYVAL m_memptr, 100, BYREF ret_len)) THEN
            VirtualFree BYVAL m_memptr, 0, %MEM_DECOMMIT
            m_memptr = VirtualAlloc(BYVAL %NULL, ret_len+256, %MEM_COMMIT, %PAGE_READWRITE)
            NtQuerySystemInformation BYVAL 16, BYVAL m_memptr, ret_len, BYREF ret_len       '// 16 = SystemHandleInformation
        END IF
        m_numstructs  = ret_len / 4
        FOR enumI = 1 TO m_numstructs STEP 4
            STDOUT "Handle from processID: " & STR$(@m_memptr[enumI])
        NEXT enumI
        VirtualFree BYVAL m_memptr, 0, %MEM_DECOMMIT
    WAITKEY$
    END FUNCTION

    Leave a comment:


  • Jim Seekamp
    replied
    Thanks Gosta,
    Very cool
    Jim

    Leave a comment:


  • Gösta H. Lovgren-2
    replied
    Added File creation to Running Processes

    Great code, Jim. I won't say I understabd it but is easily adaptable to suit my purposes.

    Wanting something to run down errant processes, or ones that get installed and not removed when no longer used, I looked around found Jim's code. What I did was add some sorts to the file.

    What it does now is create a date and time file of services in a specific folder so if some aberrant behavior developes (virus? rogue? ...?), one can compare services running before (say at startup on a good day) with what's running currently.

    Now it's easy (for me) to clip out a service and Google it to see if it's necessary.

    '
    Code:
    'http://www.powerbasic.com/support/pbforums/showthread.php?t=14206&highlight=running+processes
    ' by Jim Seekamp                                             
     
     
     
    #Compile Exe
    #Dim All 
    #Include "win32api.inc"
     
    $Foldr = "C:\Processes_Running\" '<-- Change to suit yourself
     
    Type processentry32
         dwSize As Dword
         cntUsage As Dword
         th32ProcessID As Dword
         th32DefaultHeapID As Long Ptr
         th32ModuleID As Dword
         cntThreads As Dword
         th32ParentProcessID As Dword
         pcPriClassBase As Long
         dwFlags As Dword
         szExeFile As Asciiz*%max_path
    End Type
     
    Type Process_Array
       Sort As String * %Max_path
       Nam As String * 100 'way big but who cares
       Folder As String * 250
       Extension As String * 10 'should be plenty
    End Type
     
    Declare Function enumprocesses(Dword,ByVal Dword,Dword) As Long
    Declare Function getmodulefilenameex(ByVal Dword,ByVal Dword,Asciiz,ByVal Dword) As Dword
    Declare Function enumprocessmodules(ByVal Dword,ByRef Dword,ByVal Dword,Dword) As Long
     
    Macro pf = Print #ff, 
     
    Macro Sort_By_Name
       For ctr = LBound(Loaded()) To UBound(Loaded())
           Loaded(ctr).Sort = UCase$(Loaded(ctr).Nam)
       Next ctr                              
       Array Sort Loaded()
    End Macro
     
    Macro Sort_By_Folder
       For ctr = LBound(Loaded()) To UBound(Loaded())
           Loaded(ctr).Sort = UCase$(Loaded(ctr).Folder)
       Next ctr                              
       Array Sort Loaded()
    End Macro
     
    Macro Sort_By_Extension
       For ctr = LBound(Loaded()) To UBound(Loaded())
           Loaded(ctr).Sort = UCase$(Loaded(ctr).Extension) & _
                              UCase$(Loaded(ctr).Nam)
       Next ctr                              
       Array Sort Loaded()
    End Macro
     
     
     
    Function PBMain() As Long
     
     
         Dim proc As processentry32
         Local b$, lResult&, _
               hpsapidll???, _
               henumprocesses???, _
               hgetmodulefilenameex???, _
               henumprocessmodules???, _
               cb???, _
               cbneeded???, _
               processids???()
         'Local Loaded()
         Dim Loaded(0)   As Process_Array      
         b$=""
     
         Do
           hpsapidll???=GetModuleHandle("psapi.dll")
           If hpsapidll???=0 Then hpsapidll???=LoadLibrary("psapi.dll")
     
           henumprocesses???=GetProcAddress(hpsapidll???,"EnumProcesses")
           hgetmodulefilenameex???=GetProcAddress(hpsapidll???,"GetModuleFileNameExA")
           henumprocessmodules???=GetProcAddress(hpsapidll???,"EnumProcessModules")
     
           cb???=100
     
           Do
             ReDim processids???(1 To (cb???/4))
             Call Dword henumprocesses??? Using enumprocesses(processids???(1),cb???,cbneeded???) To lresult&
             If cb???>cbneeded??? Then Exit Loop
             cb???=cb???*2
           Loop
           Local nprocesses&
           nprocesses&=cbneeded???/4
           Local i&
           For i&=1 To nprocesses&
             Local hprocess&
             hprocess&=OpenProcess(%PROCESS_QUERY_INFORMATION Or %PROCESS_VM_READ,%false,processids???(i&))
     
             If hprocess&<>0 Then
               cb???=100
     
               Do           
                 Local modules???()
                 ReDim modules???(1 To (cb???/4))
     
                 Call Dword henumprocessmodules??? Using enumprocessmodules(hprocess&,modules???(1),cb???,cbneeded???) To lresult&
     
                 If lresult&=0 Then
                   cbneeded???=0
                   Exit Loop
                 End If
     
                 If cb???>cbNeeded??? Then
                   Exit Loop
                 Else
                   cb???=cb???*2
                 End If
     
               Loop
               Local nmodules&
               nmodules&=cbneeded???/4
               Local j&
               For j&=1 To nmodules&
     
                 Call Dword hgetmodulefilenameex??? Using getmodulefilenameex _
                      (hprocess&,modules???(j&),proc.szexeFile,SizeOf(proc.szexefile)) To lresult&
     
                 If lresult& Then    
                   Local x$, i1&
                   x$ = UCase$(proc.szexefile)
                   b$=b$+proc.szexefile+Chr$(13,10)
                   
                   ReDim Preserve Loaded(UBound(Loaded())+ 1)
                   Loaded(UBound(Loaded())).Folder = proc.szexefile
                   
                   'get name stripped of folder
                   i1 = InStr(-1, x$, "\")      
                   If i1 Then
                      Loaded(UBound(Loaded())).Nam = Mid$(proc.szexefile, i1 + 1)
                     Else                            
                       Loaded(UBound(Loaded())).Nam = "No Name"
                   End If  
                   'get extension
                   i1 = InStr(-1, x$, ".")      
                   If i1 Then
                      Loaded(UBound(Loaded())).Extension = Mid$(proc.szexefile, i1 + 1)
                     Else                            
                       Loaded(UBound(Loaded())).Nam = "  "
                   End If  
     
                 End If
     
               Next j&
     
               CloseHandle hprocess&
             End If
     
           Next i&
     
           Exit Loop
         Loop                
     
        
         
         Local ff&, fil$, dr$, ctr&
         
         fil$ = $Foldr & _
                Date$ & "---" & Left$(Time$,2) & _
                ".txt"
         'Replace ":" With "-" In fil$ 'in time$ 'remmed out as 
         ff&=FreeFile
         Open fil$ For Output As #ff&
         Pf  ,Using$("#, Processes Loaded on ", UBound(Loaded())) & _
                    Date$ & " @ " & Time$  & $CrLf 
     
          Pf  ,"Processes that are not DLL's" & $CrLf 
     
        Sort_By_Name 
         b$ = ""
         For ctr = LBound(Loaded())+ 1 To UBound(Loaded())
            x$ = UCase$(Loaded(ctr).Nam)
            If InStr(x$, "DLL") = 0 Then
              Pf  Trim$(Loaded(ctr).Nam), Loaded(ctr).Folder 
            End If
         Next ctr
         Pf  $CrLf   
           
           
         Sort_By_Folder     
         Pf  ,"All Services Running"
         b$ = ""                  
         Local Proc_cnt&, Dll_cnt&
         Proc_Cnt = 1
         For ctr = LBound(Loaded())+ 1 To UBound(Loaded())
           Local idnt$, l$  'set indents for display
           idnt$ = ""    
           l$ = Loaded(ctr).Folder 'easier coding                  
           i = InStr(-1, l$, "\") 'find folder end
             If i And b$ > "" Then
               If Left$(l$, i) = Left$(b$, i) Then 'same folder
                  idnt$ = Space$(i) 
                  l$ = Mid$(l$, i + 1) 'process name only
                  Incr dll_cnt
                  Mid$(idnt$, i-6) = Using$("## ", dll_cnt)
                 Else 
                  Reset dll_cnt 
               End If
             End If
           b$ = Loaded(ctr).Folder 'for indent next check
           Pf  idnt$ & l$ 
         Next ctr 
         Pf   $CrLf  & $CrLf 
         
         Sort_By_Extension
         pf, ,"Services Running in Extension order"
         b$ = ""                  
         For ctr = LBound(Loaded())+ 1 To UBound(Loaded())
           If b$<>UCase$(Loaded(ctr).Extension) Then
              Pf  , Trim$(Loaded(ctr).Extension) & " 's"
           End If
           pf Trim$(loaded(ctr).Nam), Loaded(ctr).Folder
           b$ = UCase$(Loaded(ctr).Extension)
         Next ctr 
         pf,  $CrLf  & $CrLf 
         
         
         Close #ff&
     
         MsgBox "All Done!" & Str$(ctr) & $CrLf & fil$
     
    End Function
    '

    Leave a comment:


  • Jim Seekamp
    replied
    Thanks MCM

    For anyone interested, here is the test code I ended up with;
    works great:

    Code:
    #compile exe
    
    #include "\pbwin80\winapi\win32api.inc"
    
    type processentry32
         dwSize as dword
         cntUsage as dword
         th32ProcessID as dword
         th32DefaultHeapID as long ptr
         th32ModuleID as dword
         cntThreads as dword
         th32ParentProcessID as dword
         pcPriClassBase as long
         dwFlags as dword
         szExeFile as asciiz*%max_path
    end type
    
    declare function enumprocesses(dword,byval dword,dword) as long
    declare function getmodulefilenameex(byval dword,byval Dword,Asciiz,byval dword) as dword
    declare function enumprocessmodules(byval dword,byref Dword,byval dword,dword) as long
    
    function pbmain() as long
    
         dim proc as processentry32
    
         b$=""
    
         do
           hpsapidll???=getmodulehandle("psapi.dll")
           if hpsapidll???=0 then hpsapidll???=loadlibrary("psapi.dll")
    
           henumprocesses???=getprocaddress(hpsapidll???,"EnumProcesses")
           hgetmodulefilenameex???=getprocaddress(hpsapidll???,"GetModuleFileNameExA")
           henumprocessmodules???=getprocaddress(hpsapidll???,"EnumProcessModules")
    
           cb???=100
    
           do
             redim processids???(1 to (cb???/4))
             call dword henumprocesses??? using enumprocesses(processids???(1),cb???,cbneeded???) to lresult&
             if cb???>cbneeded??? then exit loop
             cb???=cb???*2
           loop
    
           nprocesses&=cbneeded???/4
    
           for i&=1 to nprocesses&
             hprocess&=openprocess(%PROCESS_QUERY_INFORMATION Or %PROCESS_VM_READ,%false,processids???(i&))
    
             if hprocess&<>0 then
               cb???=100
    
               do
                 redim modules???(1 to (cb???/4))
    
                 call dword henumprocessmodules??? using enumprocessmodules(hprocess&,modules???(1),cb???,cbneeded???) to lresult&
    
                 if lresult&=0 then
                   cbneeded???=0
                   exit loop
                 end if
    
                 if cb???>cbNeeded??? then
                   exit loop
                 else
                   cb???=cb???*2
                 end if
    
               loop
    
               nmodules&=cbneeded???/4
    
               for j&=1 to nmodules&
    
                 call dword hgetmodulefilenameex??? using getmodulefilenameex _
                      (hprocess&,modules???(j&),proc.szexeFile,sizeof(proc.szexefile)) to lresult&
    
                 if lresult& then
                   b$=b$+proc.szexefile+chr$(13,10)
                 end if
    
               next j&
    
               closehandle hprocess&
             end if
    
           next i&
    
           exit loop
         loop
    
         ff&=freefile
         open "output.txt" for binary as #ff& base=0
         seek #ff&,0
         put$ #ff&,b$
         seteof #ff&
         close #ff&
    
         msgbox "All Done!"
    
    end function

    ------------------
    Jim Seekamp

    [This message has been edited by Jim Seekamp (edited May 03, 2007).]

    Leave a comment:


  • Michael Mattias
    replied
    >How would you BETTER delete a duplicate process?

    Well, first I'd ask myself if instead of ending a duplicate I could prevent the second copy from starting in the first place. There is a lot of code here re how to use a mutex object to effect that, and it would be the cleanest solution.

    But if I had to allow for the possibility that my program had to be terminated gracefully from without by a cooperating application (i.e, another copy of the program)?

    First instinct is to set up the program to wait on a named event and exit gracefully when that event is signalled, but that could be tricky to code, especially if it's possible that more than one duplicate instance of the program existed.

    So I think I would go with creating a window in my program, having that window respond to some message, then enum windows of that class sending the 'magic' message to the program. (Window does not have to be visible to handle messages).

    MCM




    Leave a comment:


  • Jim Seekamp
    replied
    Well, just so you don't freak out, the terminateprocess is a NOTE
    after looking at the Win32api - I never even knew it existed
    until today. It's not a part of that sample test code...

    How would you BETTER delete a duplicate process?
    I can't use %wm_syscommand,%sc_close because there
    is no window open in the process I am deleting.
    For the same reason, I can't use destroywindow.


    ------------------
    Jim Seekamp

    Leave a comment:


  • Cliff Nichols
    replied
    oops we must have been posting at the same time.

    your second post expands a bit on what I was thinking
    (When you terminate...be dagnabit sure that it is your process and not
    an OS process) or all WTF may occur

    ------------------

    Leave a comment:


  • Cliff Nichols
    replied
    (Give a man a fish, he will eat today. Teach a man to fish, you will find him dead, swinging from a tree, held up only by the fishing line around his neck).
    Jezus Michael, talk about your truth in quotes, but jeez if the man was taught right then he would know enough to hide the body and eliminate the evidence *LOL*



    ------------------

    Leave a comment:


  • Michael Mattias
    replied
    Is there something wrong with using "terminateprocess" to stop a copy of the program that is already running??
    First of all, the code you posted is attempting to "terminate process" for [/b]all[/b] processes running on the system (although you likely do not have permissions required to do "all"). It is not attempting to terminate only another copy of the currently running program.

    Well, maybe not, because hProcess??? is never assigned a value in that function. But it looks like that is what is in your mind.

    Secondly, doth sayest Microsoft:
    Remarks
    The TerminateProcess function is used to unconditionally cause a process to exit. Use it only in extreme circumstances [italics mine MCM]
    You can get the complete list of undesirable things which happen when you use TerminateProcess in your favorite SDK reference.

    If you just want to "stop a copy of the program that is already running" (that is, another instance of your program), there are other ways.

    If you want to stop "Everything" there is no way to do that, at least not any way which will escape my lips.

    MCM

    Leave a comment:


  • José Roca
    replied
    You need to add the ALIAS clause to the declaration:
    Code:
    Declare Function EnumProcesses Lib "PSAPI.DLL" ALIAS "EnumProcesses" ( _
                     ByRef lpidProcess As Long, _
                     ByVal cb As Long, _
                     ByRef cbNeeded As Long _
                     ) As Long

    ------------------
    Website: http://com.it-berater.org
    SED Editor, TypeLib Browser, COM Wrappers.
    Forum: http://www.forum.it-berater.org

    Leave a comment:


  • Jim Seekamp
    replied
    Is there something wrong with using "terminateprocess" to
    stop a copy of the program that is already running??

    Throw me a bone here man!


    ------------------
    Jim Seekamp

    Leave a comment:


  • Michael Mattias
    replied
    > ''retval&=terminateprocess(hprocess???,uexitcode???)

    Oops, my bad.

    If you are going to uncomment this line: No, there is no code anywhere which can help you.

    (Give a man a fish, he will eat today. Teach a man to fish, you will find him dead, swinging from a tree, held up only by the fishing line around his neck).

    Leave a comment:


  • Michael Mattias
    replied
    >The code below gives me an error of "No Entry Point" into the psapi dll

    Then either it is DECLAREd wrong, the DLL is missing, or you are not running on a sufficiently recent version of windows. (i.e., NT+)

    But I think a search in source code forum will turn up the code you need, and that code will run on any version of Windows. I know this because I wrote one of the three or four different demos which do this.

    Leave a comment:


  • Jim Seekamp
    started a topic Processes Running

    Processes Running

    Is there a way to get the names of all exe files that are
    currently running in memory?

    I used enumwindows and it only shows the WINDOWS that are
    running - I want the actual processes that are running

    The code below gives me an error of "No Entry Point" into the
    psapi dll

    Jim

    Code:
    #compile exe
    
    ''#include "d:\pbwin80\winapi\win32api.inc"
    
    Declare Function EnumProcesses Lib "PSAPI.DLL" ( _
                     ByRef lpidProcess As Long, _
                     ByVal cb As Long, _
                     ByRef cbNeeded As Long _
                     ) As Long
    
    
    function pbmain() as long
    
         dim processes???(1024)
    
         b$=""
    
         if enumprocesses(processes???,sizeof(processes???),cbneeded&) then
    
           cprocesses&=cbneeded&/4
    
           for i&=1 to cprocesses&
             if processes???(i&)=0 then iterate for
             b$=b$+str$(processes???(i&))+chr$(13,10)
           next i&
    
         end if
    
         ''retval&=terminateprocess(hprocess???,uexitcode???)
    
    
         msgbox b$
    
    end function
    [This message has been edited by Jim Seekamp (edited May 02, 2007).]
Working...
X