Design and Implementation of Windows Process Management Tools

Introduction

I have mentioned a few graduation designs to meet the needs of some people, one of which isWindowsProcess management tool.

In the preliminary planning, it is difficult to makeWindowsProcess management tools,

That is, the driver is used at the underlying layer.ProgramIn the upper layerVCCreate a user interface layer.

As to why the driver is used at the underlying layer to obtain process information, rather than directly obtaining process information using advanced languages at the upper layer,

This is because some hidden processes cannot be obtained when the process information is obtained through advanced languages in the upper layer,

In addition, the operations on these obtained processes are limited. In the kernel layer, you can perform almost any operation on these processes.

At the user interface layer, I have beenC #OfWindowsForm applications have some exclusive feelings,

Although a beautiful interface is oppositeVCFor exampleC #OfWindowsForms applications are 10 thousand times easier,

But if it weren't for the currentCPUIf it is so strong, I always feel like it will blow up.

However, due to the influence of time and personal ability, the above scheme was rejected.

First, it is not easy to traverse all processes in the kernel layer,

I saw a few cops in the snow.ArticleAfter reading it, I was confused,

It is really abnormal to retrieve all processes by traversing the specified memory block,

In additionWindowsThe OS versions are completely different,

Secondly, because there were indeed many graduation designs during that period,

The time is too tight, and there is not much time to think about this abnormal method,

So laterWindowsIn the process management tool development, I did not use the above method to obtain process information in the kernel layer,

Instead, it calls the simpleWin32 APITo complete the acquisition of all processes.

On the user interface layer, I really want to useVCBut as we all knowVCIt is not easy to create a beautiful interface,

In additionVCTo be honest, I am not so proficient.C #For example, I am familiar with many things and the development speed will be much faster,

Therefore, in determining the final solution, I usedC #InC #CallingWin32 APIIt is also very easy,

It can be implemented directly by calling the platform. The above mentioned is the development background of this small project.

Design

For the design part, it is a graduation design for someone,

So I just copied some from his graduation thesis, and I saved a lot of effort.

(So many of the following texts come from other people's graduation thesis, a lot of nonsense)

The project adopts a three-tier architecture design. In fact, database operations are not involved in this project,

So someone will certainly ask whether the database does not exist and what data access layer is required,

But don't forget that the Platform calls this thing. In fact, we canWin32The platform is regarded as a database,

And ourWin32 APIIsSQLStatement.

In fact, here we willWin32 APIIn the data access layerCodeThe logic between them is clearer, and there is no practical significance.

Three-layer architecture:

Function module diagram:

1. New Task Module

The new task module allows you to selectWindowsCreate a new process using standard executable files in the operating system.

In this module, you must be able to select an executable file,

In addition, the program must create a new process based on the executable file selected by the user to run the executable file.

2. Application Window Management Module

The application window management module listsWindowsAll application windows under the user currently logged on to the operating system,

Common information such as the icon and title of these application windows can be obtained.

Window management can be used to control the maximization or minimization of a specified window, or to control the frontend and restoration of the window.

An application window is only the main interface window of a process. Therefore, an application window corresponds to a process,

Therefore, in the application window, you must be able to jump to the process corresponding to the application window.

3. Memory information viewing Module

In the task manager provided by the Windows operating system, only page file usage is available in memory information display,

In many cases, we want to view not only the page file usage, but also the virtual memory usage,

Physical memory usage, so inWindowsIn the process management software, you can view the virtual memory usage of the machine,

Physical memory usage and page file usage. To make it easier for users to view the usage of physical memory in the recent period,

In the memory information display module, there should be a record curve of physical memory usage.

4. processor information viewing Module

AndWindowsThe same is true for the task manager that comes with the operating system,

InWindowsThe process management software also providesCPUUsage,

And relativeWindowsFor the Task Manager that comes with the operating system,

InWindowsIn the process management softwareCPUHigher usage accuracy.

5. Shutdown Management Module

InWindows ServerThe task manager that comes with the operating system provides the shutdown function,

HoweverWindows 7AndWindows VistaThe built-in task manager does not provide the shutdown function,

Although the shutdown operation isWindowsThe operating system is very convenient, but sometimes it is not very convenient,

ThereforeWindowsThe process management software will provide the function of shutdown management,

This function module provides functions such as lock, logout, standby, sleep, sleep, restart, and shutdown.

6. Process Management Module

The process management module first needs to obtain the currentWindowsAll processes in the operating system,

List these processes in the table control. You need to obtain the process icon and process flag,

In addition, you also need to calculate the number of processes occupiedCPUUsage. Then, process management needs to provide the function of ending a specified process,

To suspend a process or resume a suspended process,

At the same time, for some non-specific processes, you can set the priority to improve or reduce the process to obtainCPUUsage probability,

To better control the process.

7. Process Module information module

Process Module information refers to the modules referenced by a process during its operation. These modules include the executable files of the process,

It also includesWindowsDynamic Link Library provided by the operating system,

In many cases, we need to check which modules a process references,

In addition, we also need to control the reference of a process to a module so that the process cannot reference certain modules.

In the process module information module, all the modules referenced by the specified process must be listed,

The module icons, module names, sizes, and other common information can be obtained.

8. Process tree Module

A process must be created by another process.

(Of course this does not includeWindowsDuring the boot process, some operations are merged into idle processes andSystemProcess ),

Since a process must be created by another process, there must be a process tree between these processes,

The process tree module lists all parent processes of a specified process,

For system developers andWindowsResearchers are very useful.

9. Process private memory information module

In some cases, such as debuggingWindowsDuring the application, we may use the debugger to obtain a memory address in the process,

However, we cannot know more details about the memory address, which is important for debugging,

InWindowsThe process management software provides this function to list private memory address information under a specified process.

10. Thread Management Module

InWindowsThe task manager that comes with the operating system cannot operate the thread of the specified process,

This makes it inconvenient for developers to a certain extent.WindowsIn the process management software, special operations are performed on threads.

In the thread management module, all the thread information under the specified process is listed first, and the user can end a thread,

Suspends a thread or resumes a suspended process.

Additional code

Processdal in the data access layer

 
UsingSystem;
 

 
UsingSystem. runtime. interopservices;
 

 
UsingComtype = system. runtime. interopservices. comtypes;
 

UsingTASKMANAGER. entity;
 

 
NamespaceTASKMANAGER. dal
 

 
{
 

 
Public ClassProcessdal
 

 
{
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

 
Public Static Extern BoolClosehandle (intptr hobject );
 

 
[Dllimport ("User32.dll", Charset = charset. Auto)]
 

Public Static Extern BoolDestroyicon (intptr hicon );
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

 
Public Static Extern BoolProcess32first (intptr hsnapshot,
 

 
RefProcessentity. processentry32 lppe );
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

Public Static Extern BoolProcess32next (intptr hsnapshot,
 

 
RefProcessentity. processentry32 lppe );
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

 
Public Static ExternIntptr OpenProcess (uint32 fdwaccess,
 

 
BoolFinherit, uint32 idprocess );
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

Public Static Extern BoolTerminateprocess (intptr hprocess, uint32 uexitcode );
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

 
Public Static ExternUint32 getcurrentprocessid ();
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

 
Public Static Extern BoolQueryfullprocessimagename (intptr hprocess,
 

Int32 dwflags, string lpexename,RefUint32 lpdwsize );
 

 
[Dllimport ("Psapi. dll", Charset = charset. Auto)]
 

 
Public Static ExternUint32 getprocessimagefilename (intptr hprocess,
 

 
Char [] lpimagefilename, uint32 nsize );
 

 
/// <Summary>
 

 
/// Obtain the time information of the process by passing in the Process Handle
 

 
/// </Summary>
 

 
/// <Param name = "processhandle"> </param>
 

/// <Param name = "creationtime"> </param>
 

 
/// <Param name = "exittime"> </param>
 

 
/// <Param name = "kerneltime"> </param>
 

 
/// <Param name = "usertime"> </param>
 

 
/// <Returns> </returns>
 

 
[Dllimport ("Kernel32.dll")]
 

 
Public Static Extern BoolGetprocesstimes (intptr processhandle,
 

OutComtype. filetime creationtime,OutComtype. filetime exittime,
 

 
OutComtype. filetime kerneltime,OutComtype. filetime usertime );
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

 
Public Static ExternUint32 getpriorityclass (intptr hprocess );
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

Public Static Extern BoolSetpriorityclass (intptr hprocess, uint32 dwpriorityclass );
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

 
Public Static Extern IntVirtualqueryex (intptr hprocess, intptr lpaddress,
 

 
OutProcessentity. memory_basic_information lpbuffer,UintDwlength );
 

 
[Dllimport ("Psapi. dll", Charset = charset. Auto)]
 

Public Static Extern BoolGetprocessmemoryinfo (intptr process,
 

 
RefProcessentity. process_memory_counters ppsmemcounters, int32 CB );
 

 
[Dllimport ("Kernel32.dll", Charset = charset. Auto)]
 

 
Public Static Extern BoolGetprocessiocounters (intptr hprocess,
 

 
RefProcessentity. io_counters lpiocounters );
 

// [Dllimport ("NTDLL. dll", charset = charset. Auto)]
 

 
// Public static extern int32 ntqueryinformationprocess (intptr hprocesshandle,
 

 
// Processinfoclass processinformationclass, pvoid processinformation,
 

 
// Uint32 processinformationlength, ref uint32 returnlength );
 

 
}
 

 
}
 

Display

In fact, it is useless to say so much nonsense. Instead, we can cut a few pictures and leave me an email address if I am interested in the things,

I sent him directly.Source codeHe looks at it on his own and estimates that the effect is much better. So here it is.

Application Form (like Windows Task Manager, list all opened windows ):

Application Form management:

Process interface (list all processes ):

Process Management:

Processor interface (depicts the CPU usage diagram ):

Memory interface (depicts the memory usage diagram ):

View the process tree (depicts the process tree ):

View the process module information:

View the process memory information:

View process thread information:

Process Management through thread management:

View process details:

Shutdown:

Conclusion

The aboveWindowsProcess management tools, in fact, also have a little connotation,

At least on the platform, if you callWindowsIf the process management tool is done, it will be difficult for the platform to call you.

In the end, I have always adhered to my previous style of work. As long as it is not a company project and I feel that I can still share it with others.

But I am always hereWindows Live writerSo I don't know how to package this project,

So if you think you can take it for a while, just leave me a mailbox, and then I will send the source code to you.

Next, we should note that we should not spread this thing freely. Just learn it by yourself,

Although I did my graduation design for others, I don't want this to happen to another graduate and become his graduation design,

This is not good for me and him.

Copyright,HuanWelcome to reprint, but please note: Reprinted fromZachary. Xiaozhen-the sky of dreams