StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow to use PSAPI to get process list in C#?
text
Body
copied!<p>Im trying to get a list of process ID and File names however its giving me a lot of issues...</p> <p>Heres the console output:</p> <pre><code>success=True bytesCopied=344 Name '<unknown>' PID '0' Name '<unknown>' PID '4' Name '<unknown>' PID '308' Name '<unknown>' PID '440' Name '<unknown>' PID '488' Name '<unknown>' PID '512' Name '<unknown>' PID '548' Name '<unknown>' PID '572' Name '<unknown>' PID '580' Name '<unknown>' PID '644' Name '<unknown>' PID '732' Name '<unknown>' PID '792' Name '<unknown>' PID '816' Name '<unknown>' PID '860' Name '<unknown>' PID '940' Name '<unknown>' PID '992' Name '<unknown>' PID '264' Name '<unknown>' PID '1160' Name '<unknown>' PID '1220' Name '<unknown>' PID '1292' Name '<unknown>' PID '1424' Name '<unknown>' PID '1452' Name '<unknown>' PID '1556' Name '<unknown>' PID '1596' Name '<unknown>' PID '2044' Name '<unknown>' PID '1504' Name '<unknown>' PID '1132' Name '<unknown>' PID '1912' Name '<unknown>' PID '1972' Name '<unknown>' PID '2084' Name '<unknown>' PID '2124' Name '<unknown>' PID '2560' Name '<unknown>' PID '2796' Name '<unknown>' PID '2808' Name '<unknown>' PID '3000' Name '<unknown>' PID '2116' Name 'DTAgent.exe' PID '2228' Name 'ISUSPM.exe' PID '2644' Name 'DTShellHlp.exe' PID '2652' Name 'Dropbox.exe' PID '2664' Name 'acrotray.exe' PID '3124' Name 'RIMBBLaunchAgent.exe' PID '3180' Name 'vmware-tray.exe' PID '3188' Name '<unknown>' PID '3520' Name '<unknown>' PID '3592' Name '<unknown>' PID '3780' Name '<unknown>' PID '3964' Name 'TrueCrypt.exe' PID '3392' Name '<unknown>' PID '3800' Name '<unknown>' PID '4680' Name '<unknown>' PID '680' Name 'FileZilla server.exe' PID '2240' Name 'mysqld.exe' PID '4160' Name 'uTorrent.exe' PID '7796' Name 'svchost.exe' PID '44412' Name '<unknown>' PID '10624' Name '<unknown>' PID '35644' Name 'httpd.exe' PID '44260' Name 'httpd.exe' PID '40556' Name '<unknown>' PID '11488' Name 'RIMDeviceManager.exe' PID '42832' Name 'BbDevMgr.exe' PID '45108' Name '<unknown>' PID '31208' Name '<unknown>' PID '34812' Name 'trillian.exe' PID '61420' Name 'Microsoft Visual C++ 6.0.exe' PID '52212' Name '<unknown>' PID '33752' Name '<unknown>' PID '47564' Name '<unknown>' PID '39952' Name 'mysqld-opt.exe' PID '61884' Name 'winamp.exe' PID '42008' Name 'opera.exe' PID '4560' Name 'PowerGREP.exe' PID '12860' Name 'PowerGREP.exe' PID '13280' Name 'GOLD Parser Builder.exe' PID '32368' Name 'Server.exe' PID '16396' Name '<unknown>' PID '50976' Name 'xampp-control.exe' PID '56084' Name 'notepad++.exe' PID '27932' Name 'WinAMP2.exe' PID '23336' Name '<unknown>' PID '8044' Name 'devenv.exe' PID '61172' Name '<unknown>' PID '14780' Name '<unknown>' PID '52180' Name 'Sputnik.vshost.exe' PID '3672' Name '<unknown>' PID '39480' </code></pre> <p>Here the console output i WANT it to make.... (This is using my C++ code)</p> <pre><code>Name '[System Process]' PID '0' Name 'System' PID '4' Name 'smss.exe' PID '308' Name 'csrss.exe' PID '440' Name 'wininit.exe' PID '488' Name 'csrss.exe' PID '512' Name 'services.exe' PID '548' Name 'lsass.exe' PID '572' Name 'lsm.exe' PID '580' Name 'winlogon.exe' PID '644' Name 'svchost.exe' PID '732' Name 'nvvsvc.exe' PID '792' Name 'nvSCPAPISvr.exe' PID '816' Name 'svchost.exe' PID '860' Name 'svchost.exe' PID '940' Name 'svchost.exe' PID '992' Name 'svchost.exe' PID '264' Name 'svchost.exe' PID '1160' Name 'qmserv.exe' PID '1220' Name 'svchost.exe' PID '1292' Name 'spoolsv.exe' PID '1424' Name 'svchost.exe' PID '1452' Name 'mDNSResponder.exe' PID '1556' Name 'svchost.exe' PID '1596' Name 'svchost.exe' PID '2044' Name 'vmware-usbarbitrator64.exe' PID '1504' Name 'vmnat.exe' PID '1132' Name 'vmware-authd.exe' PID '1912' Name 'vmnetdhcp.exe' PID '1972' Name 'vmware-hostd.exe' PID '2084' Name 'WmiPrvSE.exe' PID '2124' Name 'svchost.exe' PID '2560' Name 'nvxdsync.exe' PID '2796' Name 'nvvsvc.exe' PID '2808' Name 'taskhost.exe' PID '3000' Name 'dwm.exe' PID '2116' Name 'DTAgent.exe' PID '2228' Name 'ISUSPM.exe' PID '2644' Name 'DTShellHlp.exe' PID '2652' Name 'Dropbox.exe' PID '2664' Name 'acrotray.exe' PID '3124' Name 'RIMBBLaunchAgent.exe' PID '3180' Name 'vmware-tray.exe' PID '3188' Name 'nvtray.exe' PID '3520' Name 'SearchIndexer.exe' PID '3592' Name 'FNPLicensingService.exe' PID '3780' Name 'wmpnetwk.exe' PID '3964' Name 'TrueCrypt.exe' PID '3392' Name 'svchost.exe' PID '3800' Name 'daemonu.exe' PID '4680' Name 'svchost.exe' PID '680' Name 'FileZilla Server.exe' PID '2240' Name 'mysqld.exe' PID '4160' Name 'uTorrent.exe' PID '7796' Name 'svchost.exe' PID '44412' Name 'iexplore.exe' PID '10624' Name 'iexplore.exe' PID '35644' Name 'httpd.exe' PID '44260' Name 'httpd.exe' PID '40556' Name 'svchost.exe' PID '11488' Name 'RIMDeviceManager.exe' PID '42832' Name 'BbDevMgr.exe' PID '45108' Name 'TeamViewer_Service.exe' PID '31208' Name 'taskhost.exe' PID '34812' Name 'trillian.exe' PID '61420' Name 'Microsoft Visual C++ 6.0.exe' PID '52212' Name 'explorer.exe' PID '33752' Name 'VisualSVNServer.exe' PID '47564' Name 'VisualSVNServer.exe' PID '39952' Name 'mysqld-opt.exe' PID '61884' Name 'winamp.exe' PID '42008' Name 'opera.exe' PID '4560' Name 'PowerGREP.exe' PID '12860' Name 'PowerGREP.exe' PID '13280' Name 'GOLD Parser Builder.exe' PID '32368' Name 'Server.exe' PID '16396' Name 'conhost.exe' PID '50976' Name 'xampp-control.exe' PID '56084' Name 'notepad++.exe' PID '27932' Name 'WinAMP2.exe' PID '23336' Name 'CryptoObfuscator.exe' PID '8044' Name 'devenv.exe' PID '61172' Name 'hh.exe' PID '14780' Name 'Sputnik.vshost.exe' PID '62828' Name 'conhost.exe' PID '37164' </code></pre> <p>As you can see a lot of PIDS are actually missing the file name and i cant figure out why for the most part i also copied working code from C++ that didnt work either i also tired the code on pinvoke and that didnt do it either.</p> <p>Heres the c# code</p> <pre><code>using System; using System.Collections.Generic; using System.Text; using System.IO; using System.Runtime.InteropServices; using System.Diagnostics; namespace testie { public class EnumerateProcesses { #region APIS [DllImport("psapi")] private static extern bool EnumProcesses([MarshalAs(UnmanagedType.LPArray, ArraySubType = UnmanagedType.U4)] [In][Out] IntPtr[] processIds,UInt32 arraySizeBytes,[MarshalAs(UnmanagedType.U4)] out UInt32 bytesCopied); [DllImport("kernel32.dll")] static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, IntPtr dwProcessId); [DllImport("kernel32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] static extern bool CloseHandle(IntPtr hObject); [DllImport("psapi.dll")] static extern uint GetModuleFileNameEx(IntPtr hProcess, IntPtr hModule, [Out] StringBuilder lpBaseName, [In] [MarshalAs(UnmanagedType.U4)] int nSize); [DllImport("psapi.dll", SetLastError = true)] public static extern bool EnumProcessModules(IntPtr hProcess, [Out] IntPtr lphModule, uint cb, [MarshalAs(UnmanagedType.U4)] out uint lpcbNeeded); [DllImport("psapi.dll")] static extern uint GetModuleBaseName(IntPtr hProcess, IntPtr hModule, [Out] StringBuilder lpBaseName, [In] [MarshalAs(UnmanagedType.U4)] int nSize); #endregion #region ENUMS [Flags] enum ProcessAccessFlags : uint { All = 0x001F0FFF, Terminate = 0x00000001, CreateThread = 0x00000002, VMOperation = 0x00000008, VMRead = 0x00000010, VMWrite = 0x00000020, DupHandle = 0x00000040, SetInformation = 0x00000200, QueryInformation = 0x00000400, Synchronize = 0x00100000 } #endregion static string PrintProcessName(IntPtr processID) { string sName = ""; bool bFound = false; IntPtr hProcess = OpenProcess(ProcessAccessFlags.QueryInformation | ProcessAccessFlags.VMRead, false, processID); if (hProcess != IntPtr.Zero) { StringBuilder szProcessName = new StringBuilder(260); IntPtr hMod = IntPtr.Zero; uint cbNeeded = 0; EnumProcessModules(hProcess, hMod, (uint)Marshal.SizeOf(typeof(IntPtr)), out cbNeeded); if (GetModuleBaseName(hProcess, hMod, szProcessName, szProcessName.Capacity) > 0) { sName = szProcessName.ToString(); bFound = true; } // Close the process handle CloseHandle(hProcess); } if (!bFound) { sName = "<unknown>"; } return sName; } public static void Testy() { UInt32 arraySize = 9000; UInt32 arrayBytesSize = arraySize * sizeof(UInt32); IntPtr[] processIds = new IntPtr[arraySize]; UInt32 bytesCopied; bool success = EnumProcesses(processIds, arrayBytesSize, out bytesCopied); Console.WriteLine("success={0}", success); Console.WriteLine("bytesCopied={0}", bytesCopied); if (!success) { Console.WriteLine("Boo!"); return; } if (0 == bytesCopied) { Console.WriteLine("Nobody home!"); return; } UInt32 numIdsCopied = bytesCopied >> 2; ; if (0 != (bytesCopied & 3)) { UInt32 partialDwordBytes = bytesCopied & 3; Console.WriteLine("EnumProcesses copied {0} and {1}/4th DWORDS... Please ask it for the other {2}/4th DWORD", numIdsCopied, partialDwordBytes, 4 - partialDwordBytes); return; } for (UInt32 index = 0; index < numIdsCopied; index++) { string sName = PrintProcessName(processIds[index]); IntPtr PID = processIds[index]; Console.WriteLine("Name '" + sName + "' PID '" + PID + "'"); } } } } </code></pre> <p>As you can see by calling Testy function it will list all processes on system but it will fail to get all their names... Does anybody have a solution to this? Thanks :)</p> <p>And for the record i did ALSO try getting the modules as an array that too produces the exact same result.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload