The method of realizing process management through system snapshot under VC _c language

This article describes the VC through the system snapshot to achieve process management methods, share for everyone to reference. The implementation methods are as follows:

First, the introduction

Each application instance will produce a process under the current system after running, and most applications will have a visual interface, and the user can close the program with the Close button on the title bar. But there are a number of programs running in the background do not have a visual interface, for such applications users can only through the Ctrl+alt+del hotkey out of the "Close Program" dialog box shows the current list of system processes, from which you can end the specified task. Obviously, this feature is very necessary in some system monitoring class software, and its processing can be divided into two steps: using system snapshots to implement the enumeration of the current process of the system and managing the process according to the enumeration results. The implementation of this process will be introduced below.

Ii. enumeration of the current process

To enumerate all open processes on the current system, you must first obtain the current related state information for the processes that are loaded into memory. Under the Windows operating system, the current state information for these processes cannot be obtained directly from the process itself, and the system has produced a read-only copy of the current state of the processes, threads, and modules that are stored in the system's memory-system snapshots, Users can complete the detection of the current state of the process through access to the system snapshots. In concrete implementations, the capture of the system snapshot handle is accomplished through the Win32 API function CreateToolhelp32Snapshot (), which not only obtains process snapshots, but also can be obtained for system snapshots of heaps, modules, and threads. The function prototype is declared as follows:

Copy Code code as follows:

HANDLE WINAPI CreateToolhelp32Snapshot (DWORD dwflags,dword th32processid);

Where parameter dwflags: Specifies that the snapshot handle that contains the type of system information is to be created, only the system process information needs to be retrieved in this program, so it can be set to th32cs_snapprocess; the second argument th32processid ' specifies the identification number of the process. Specifies the current process when set to 0 o'clock. If the success function returns a system snapshot handle that contains process information. It can only be accessed as read-only after the snapshot handle is obtained. The use of the system snapshot handle is not much different from the use of the normal object handle, and it needs to be destroyed by the CloseHandle () function after use.
After you have the snapshot handle of the system, you can enumerate the identification numbers of the current process, which can be easily managed by the process identification numbers that are enumerated. The process identification number is obtained by Function Process32First () and Process32Next (), which can enumerate all the currently open processes of the system and can obtain relevant process information. The two function prototypes are declared as follows:

Copy Code code as follows:

BOOL WINAPI Process32First (HANDLE hsnapshot, LPPROCESSENTRY32 Lppe);
BOOL WINAPI Process32Next (HANDLE hsnapshot,lpprocessentry32 Lppe);

The above two functions are used respectively to obtain information about the first and next processes in the system snapshot and to save the obtained information in the PROCESSENTRY32 structure pointed to by the pointer Lppe. The first parameter of the function hSnapShot to the system snapshot handle returned by the CreateToolhelp32Snapshot () function, and the second argument Lppe to a pointer to the structure PROCESSENTRY32. The PROCESSENTRY32 structure can be a more comprehensive description of the process, defined as follows:

Copy Code code as follows:

typedef struct TAGPROCESSENTRY32 {
DWORD dwsize; Structure size;
DWORD Cntusage; The reference count for this process;
DWORD Th32processid; Process ID;
DWORD Th32defaultheapid; Process default heap ID;
DWORD Th32moduleid; Process module ID;
DWORD cntthreads; The thread count that this process opens;
DWORD Th32parentprocessid; Parent process ID;
LONG pcpriclassbase; Thread priority;
DWORD dwflags; Reservations
Char Szexefile[max_path]; The full name of the process;
} PROCESSENTRY32;

All three API functions are declared in the header file Tlhelp32.h, and the runtime needs to have Kernel32.lib library support. By using these three functions to enumerate all the processes that are currently open and to obtain information about the process, a simple application example is given below. In this example, all the processes of the system are given, and the identification number of each process is obtained and the absolute path of the corresponding program, the process identification number is used in the next step in the management of the process, and the program path is displayed directly through the list control:

Copy Code code as follows:

PROCESSENTRY32 Structure Objects
PROCESSENTRY32 PE;
To create a snapshot handle
HANDLE hsnapshot = createtoolhelp32snapshot (th32cs_snapprocess, 0);
Search for information on the first process in the system first
Process32First (hSnapShot, &PE);
The following enumerates all the processes in the system and saves their information
do{
Fill in the list box with the file path name of the process
int index = m_ctlwndlist.addstring (pe.szexefile);
Sets the ID number of the corresponding process for the item's data in the list box, which is beneficial to terminating the process later
M_ctlwndlist.setitemdata (index, PE.TH32PROCESSID);
while (Process32Next (hSnapShot, &pe));
Close the snapshot handle
CloseHandle (hSnapShot);

III. management of the process

Management of the process can be achieved after the identification number of each enumeration process is obtained. Because the managed process is outside the current process, you must first obtain a handle to a process object that already exists by using the OpenProcess () function, before you can manage and control the specified process through that handle. The process identification number is passed as a parameter when the call to the OpenProcess () function is invoked, and the prototype of the OpenProcess () function is declared as follows:

Copy Code code as follows:

HANDLE openprocess (DWORD dwdesiredaccess,//Access flag
BOOL bInheritHandle,//handling inherited Flags
DWORD DWPROCESSID//process identification number);

If the function executes successfully, the process object handle specified by the process ID is returned. The following also gives a simple example of an application, in which the specified process is terminated by the TerminateProcess () function based on the acquired process object handle:

Copy Code code as follows:

Gets the data for the selected item in the list box, which is the ID value of the corresponding process
int index = M_ctlwndlist.getcursel ();
Gets the option in the list box at this point, that is, the ID value of the corresponding process for the item
DWORD data = m_ctlwndlist.getitemdata (index);
Use the Process ID value to open the process and get the process handle
HANDLE hprocess = OpenProcess (process_terminate, false,data);
Detects the validity of a handle, or terminates the process if it is valid
if (hprocess)
TerminateProcess (hprocess,0);

Because it is necessary to ensure that the process handle is valid when the process is terminated by calling the TerminateProcess () function, you need to specify that the access Peugeot is process_terminate when you call OpenProcess () earlier.

Iv. Summary

This paper briefly introduces the system snapshots and the implementation methods of enumerating and managing the current process of the system through the use of system snapshots. In this article, only a snapshot of the system with process information is discussed, and interested readers can use a similar method to implement a system snapshot that contains information such as a thread, heap, or touch block. The program described in this article is compiled by Microsoft Visual C + + 6.0 under Windows 98.

I hope this article on the VC program for everyone to help.