Each application instance will generate a process under the current system after running, and most applications have a visual interface, and the user can close the program through the closing button on the title bar. However, there are many programs running in the background that there is no visible interface. For such application users, they can only call out the Ctrl Alt Del Hot button to display the current system process list, which can be End the specified task. Obviously, this feature is still very necessary in some system monitoring software, and its processing can be roughly divided into two steps: the enumeration of the current process is implemented by means of system snapshots and manages the process according to the enumeration result. The implementation of this process will be introduced below.
Current process enumeration
To enumerate all the enumerated processes of the current system, you must first get the current correlation status information that is loaded into the memory. Under the Windows operating system, the current status information of these processes cannot be obtained directly from the process itself. The system has created a read-only copy for all the current states of the process, threads, and modules, and modules, etc., and the system snapshot. The user can complete the detection of the current state of the process by access to the system snapshot. When implementation, the acquisition of the system snapshot handle is done by the Win32 API function CreateToolHelp32SnapShot (), but can not only get a snapshot, but also for the system snapshot of the heap, modules, and threads. This function prototype declaration is as follows:
Handle WinAPI CreateToolHelp32Snapshot (DWORD DWFLAGS, DWORD TH32PROCESSID);
Among them, the parameter dwflags: Specifies the snapshot handle to create which type of system information, only retrieve system process information in this program, so it can be set to TH32CS_SNAPPROCESS; the function second parameter TH32ProcessID` specifies the identification number of the process When set to 0, specify the current process. If the successful function returns a system snapshot handle containing process information. It can only be accessed in a read-only manner after getting a snapshot handle. As for the use of the usage of the system snapshot, there is nothing difference, and it needs to be destroyed through the closehandle () function after use. After getting the snapshot handle of the system, you can enumerate the identification number of the current process, and the process can be managed by these enumerated process identification numbers. The license number is obtained by function process32first () and process32next (), which can enumerate all the currently turned on the system and can get relevant process information. These two function prototypes are as follows:
Bool WinAPI Process32First (Handle Hsnapshot, LPPROCESSENTRY32 LPPE); Bool WinApi Process32Next (Handle Hsnapshot, LPPROCESSENTRY32 LPPE);
The above two functions are used to obtain information of the first and next process in the system snapshot, and save the acquired information in the Processentry32 structure pointed to by the pointer LPPE. The first parameter hsnapshot is the system snapshot handle that is returned by the CreateToolhelp32Snapshot () function; the second parameter LPPE is a pointer to the structure Processentry32, and the Processentry32 structure can make a more comprehensive description of the process, which is defined as follows:
typedef struct tagPROCESSENTRY32 {DWORD dwSize; // size of the structure; DWORD cntUsage; // this process reference count; DWORD th32ProcessID; // process ID; DWORD th32DefaultHeapID; // default heap process ID; DWORD th32ModuleID; // process module ID; DWORD CNTTHREADS; // This process is turned on; DWORD TH32PARETPROCESSID; // Parent Process ID; Long PcPriclassBase; // Thread Priority; DWORD DWFLAGS; // Reserved; CHAR SZEXEFILE [MAX_PATH]; // Full name;} Processentry32; The above three API functions are declared in the header file tlhelp32.h, and there is a support of the Kernel32.lib library when running. Through these three functions, you can enumerate all the processes that the current system is turned on and you can get the relevant information of the process, and give a simple application example below. In this example, all processes of the system will be enumerated, and obtain the identification number of each process and the absolute path of the corresponding program. The process identification number will be used in the next step of the process, and the program path is displayed directly through the list control. :
// Processentry32 Structure Object Processentry32 PE; // Create a snap Handle HSNAPSHOT = CREATETOOLHELP32SNAPSHOT (TH32CS_SNAPPROCESS, 0); // Search for the first process in the system Process32First (HSnapshot, & PE); // below the system All processes are enumerated, and the information DO {// will fill the file path name corresponding to the process in the list box int index = m_ctlwndlist.addstring (pe.szexefile); / / Set the DATA corresponding process of this item in the list box The ID number, which is good to terminate the process m_ctlwndlist.setitemdata (index, pe.th32processid);} while (process32next (hsnapshot, & pE)); // Close the snapshot Handle CloseHandle (HSnapshot);
Management of the process
After getting the identification number of each enumeration process, you can implement the process of the process. Since the administrative process is outside the current process, you must first get the handle of a process object that already exists through the openprocess () function. The specified process can be managed and controlled via this handle. When the OpenProcess () function is called, the process identification number is incorporated as a parameter, and the prototype declaration of the OpenProcess () function is as follows:
Handle OpenProcess (DWORD DWDESIREDACCESS, // Access flag BOOL BINHERITHERITHANDLE, / / Handling inherited flag DWPROCESSID // process identification number);
If the function performs successfully returns the process object handle specified by the license number. The following also gives a simple application example, in which the process object handle is terminated by the TerminateProcess () function in this example:
/ / Get the data of the selected item in the list box, that is, the ID value int index = m_ctlwndlist.getcurseel () corresponding to the corresponding process, the option in the list box, that is, the process of the corresponding process ID value dword data = m_ctlwndlist.getitemdata (index); // Using the ID value of the process, open the process, get the process handle Handle HProcess = OpenProcess (Process_Terminate, False, Data); // Detect the validity of the handle, if effective Termination of the process if (hprocess) TerminateProcess (HProcess, 0); Since the process handle is required to be used when calling the TerminateProcess () function, it is necessary to specify its access huge as Process_Terminate when the process handle can be used when calling the TerminateProcess () function termination.
summary
This paper mainly introduces the system snapshot and the implementation method of enumerating the system by means of a system snapshot. Only a system snapshot containing process information is discussed, and the readers of interest can be implemented using similar methods to system snapshots including thread, stack or touch blocks. The procedures described herein are compiled by Microsoft Visual C 6.0 under Windows 98.
