C++

Forum

 
problem with process enumeration

Charles Khunt (1)
I have this code here:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
#include "windows.h"
#include "Tlhelp32.h"
#include "shellapi.h"
#include <wchar.h>
#include <fstream>

bool enumProcesses();

int main()
{
	enumProcesses();
	ShellExecute( NULL, L"open", L"log.txt", NULL, NULL, SW_SHOW );
	return 0;
}

bool enumProcesses()
{
	std::wofstream log("log.txt");
	PROCESSENTRY32 lppe;
	MODULEENTRY32 lpme;
	HANDLE hSnapshot;
	HANDLE mSnapshot;

	lppe.dwSize = sizeof( PROCESSENTRY32 );
	lpme.dwSize = sizeof( MODULEENTRY32 );
	hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

	if( hSnapshot == INVALID_HANDLE_VALUE )
	{
		log << L"Error creating process snapshot.";
		return false;
	}

	if( !Process32First( hSnapshot, &lppe ) )
	{
		log << L"Error enumerating first process.";
		return false;
	}
	else 
	{
		mSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, lppe.th32ProcessID );

		if( mSnapshot != INVALID_HANDLE_VALUE )
		{
			Module32First( mSnapshot, &lpme );
		}

		if( wcscmp( lppe.szExeFile, L"[System Process]" ) != 0 )
		{
			log << lpme.szExePath << "\n";
		}		
	}

	while( Process32Next( hSnapshot, &lppe ) )
	{
		if( wcscmp( lppe.szExeFile, L"System" ) != 0 ) 
		{
			if( (mSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, lppe.th32ProcessID )) != INVALID_HANDLE_VALUE )
			{
				if( Module32First( mSnapshot, &lpme ) ) {
					log << lpme.szExePath << "\n";
				}

			}
		}
	}

	CloseHandle( hSnapshot );
	CloseHandle( mSnapshot );
	log.close();

	return true;
}


It's supposed to enumerate the paths of all processes running. My problem is that when I run it using debug in VC++, it gives me all the processes including smss.exe, csrss.exe, etc but when I run a released version of it, it doesn't give me those and I just found out that it'll only work normally if you right click the file and use runas as opposed to simply open..

Is there anything that I can do to make this thing work? Thanks!


Kiana (186)
First of all..
if( hSnapshot == INVALID_HANDLE_VALUE )
This is one of the most common mistakes people make, INVALID_HANDLE_VALUE is just -1, which is a handle to the current process. Check it against NULL instead.

Anyway, here's something coded by someone called Irwin that I found. Hope it helps you.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
#include <psapi.h> 
#define MAX_PROCESSES 1024 

DWORD FindProcess(__in_z LPCTSTR lpcszFileName) 
{ 
  LPDWORD lpdwProcessIds; 
  LPTSTR  lpszBaseName; 
  HANDLE  hProcess; 
  DWORD   i, cdwProcesses, dwProcessId = 0; 

  lpdwProcessIds = (LPDWORD)HeapAlloc(GetProcessHeap(), 0, MAX_PROCESSES*sizeof(DWORD)); 
  if (lpdwProcessIds != NULL) 
  { 
    if (EnumProcesses(lpdwProcessIds, MAX_PROCESSES*sizeof(DWORD), &cdwProcesses)) 
    { 
      lpszBaseName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, MAX_PATH*sizeof(TCHAR)); 
      if (lpszBaseName != NULL) 
      { 
        cdwProcesses /= sizeof(DWORD); 
        for (i = 0; i < cdwProcesses; i++) 
        { 
          hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, lpdwProcessIds[i]); 
          if (hProcess != NULL) 
          { 
            if (GetModuleBaseName(hProcess, NULL, lpszBaseName, MAX_PATH) > 0) 
            { 
              if (!lstrcmpi(lpszBaseName, lpcszFileName)) 
              { 
                dwProcessId = lpdwProcessIds[i]; 
                CloseHandle(hProcess); 
                break; 
              } 
            } 
            CloseHandle(hProcess); 
          } 
        } 
        HeapFree(GetProcessHeap(), 0, (LPVOID)lpszBaseName); 
      } 
    } 
    HeapFree(GetProcessHeap(), 0, (LPVOID)lpdwProcessIds); 
  } 
  return dwProcessId; 
}
Topic archived. No new replies allowed.