How do I obtain the main window of a process and the name of the program that created the process?

Compile the tool Program And system management program. You often need to obtain the main window of a process and the name of the program that creates the process. The purpose of obtaining the main window is to send various messages to the window. You can get the program name of the starting process to control the operations on the process. However, some processes often have multiple main windows. What is the main window you want? If you have used the outlook program, you will find that it has multiple main windows, one window listing the inbox and other folders. If you open e-mail, there will be another window to display information. They are all the main windows without parent windows (or host windows. Run the spy program and you may even find that their window class names are the same: rctrl_renwnd32. The Resource Manager (assumer.exe) also has more than one main window. As shown in figure 1, resource manager has two main windows. Generally, you have no way to know which window is the real Main Window Based on the style or Class Name of the window.
First, we will discuss how to obtain the main window from multiple windows? In fact, it is very easy. You can use two API functions. These two APIs are enumwindows and getwindowthreadprocessid. If you are not familiar with these two functions, do not be afraid. This article provides a C ++ class to encapsulate these two APIs. This class is called cmaindomainwiterator. It can be used to enumerate all the main windows of a process (known process ID. This is exactly what we want. The usage is as follows:

 
DWORD pid = // idcmain1_witerator itw (PID) for a known process; for (hwnd = itw. first (); hwnd = itw. next () {// do something}
 

In this simple way, cmain1_witerator is derived from a more common class: csf-witerator, which is responsible for packaging the: enumwindows function to hide callback details. It has a virtual function onwindow. You can rewrite this function in a derived class to enumerate the window in any way. Cmain1_witerator is to rewrite the onwindow function so that it can only obtain the main window belonging to a given process:

 
// (Set m_pid In the constructor) bool cmain1_witerator: onwindow (hwnd) {If (getwindowlong (hwnd, gwl_style) & ws_visible) {DWORD pidwin; getwindowthreadprocessid (hwnd, & pidwin); If (pidwin = m_pid) return true;} return false ;}
 

The two classes are defined as follows: (the corresponding files are enumproc. h and enumproc. cpp)

//////////////////////////////////////// ///// // This class is mainly encapsulated:: enumwindows, listing top-level windows // class c0000witerator {protected: hwnd * m_hwnds; // a process PID window handle array DWORD m_nalloc; // array size DWORD m_count; // The number of window handles found DWORD m_current; // the current window handle static bool callback enumproc (hwnd, lparam LP ); // virtual enumeration function virtual bool onenumproc (hwnd); // rewrite this function in derivation to filter different types of Windows virtual bool onwindow (hwnd) {return true ;} public: CWIN Dowiterator (DWORD nalloc = 1024 );~ Cwindowiterator (); DWORD getcount () {return m_count;} hwnd first (); hwnd next () {return m_hwnds & m_current <m_count? M_hwnds [m_current ++]: NULL ;}}; /// // top-level window of the Process // class cmain1_witerator: public cwindowiterator {protected: DWORD m_pid; // process idvirtual bool onwindow (hwnd); Public: cmain1_witerator (dword pid, DWORD nalloc = 1024 );~ Cmain1_witerator ();};
 

Figure 1 shows the output screen of a control platform program lp.exe compiled by the classiclink classifier. The last two columns are the "window handle" and "class name/window title" of the corresponding process ". Its command line switch "/CT" indicates listing the window class name (C) and window title (t ).

Figure 1

generally, if a window belonging to a process does not have a visible parent window, the window can be considered as the main window of the process. It is important to check ws_visible because some applications create multiple invisible top-level windows. For more information about cmain1_witerator, see Source Code .
next we will discuss how to obtain the program file name of the created process. Someone tried it in various ways, such as getmodulefilename, getmoduleinstance, and getmodulehandle. Why? In fact, the method is correct, but calling these functions only results in the module name (modules) already loaded by the currently running process and cannot be used to obtain the modules loaded by other processes. Therefore, you must consider two cases first. If the program you write runs in Windows NT, Windows 2000, and Windows XP, you can use psapi, this is a new DLL in the Windows operating system. The output API function can be used to obtain detailed information about processes and modules. The other is that if your program runs in Windows 9x or Windows ME, you must use toolhelp. Due to the length of this article, I will not describe how to use toolhelp here, if you are interested, refer to the Article q175030 of msdn technical support, entitled "How to enumerate applications in Win32 ".
one function in psapi is getmodulefilenameex. It uses a process and module handle as parameters to obtain the module name. So for a process, how do you know which module is the execution file of the startup process? Another function in psapi, enumprocessmodules, fills the module handles of all modules in a process into an array. The first element of this array is the handle of the main module, so you can use the following Code to obtain the first hmodule:

DWORD count; hmodule HM [1]; enumprocessmodules (hprocess, hm, 1, & COUNT );
 

Call getmodulefilenameex.
As shown in figure 1 above, we have implemented the listing process and its corresponding module name in the lp.exe program. The Implementation Details of the program also use the API function enumprocesses output by psapi to enumerate all running processes. to encapsulate the specific details, I have compiled two C ++ classes similar to csf-witerator and cmain+witerator: cprocessiterator and cprocessmoduleiterator, which encapsulate enumprocesses and enumprocessmodules API functions respectively. With these two packaging classes, everything becomes so simple.

 
Cprocessiterator IBD; For (DWORD pid = IBD. First (); PID; pid = IBD. Next () {// process every process}
 

The following describes how to obtain the EXE file name of the created process:

 
Cprocessmoduleiterator ITM (PID); hmodule = ITM. first ();//. exetchar modname [_ max_path]; getmodulebasename (ITM. getprocesshandle (), hmodule, modname, _ max_path );
 

because LP does not display a module File name with a full path, I use another psapi function getmodulebasename to replace getmodulefilenameex to obtain the full path name. In addition, because cprocessmoduleiterator itself opens the process enumeration module, you do not have to call OpenProcess. Use cprocessmoduleiterator: getprocesshandle to obtain the handle of the opened process. The LP program also uses cmain1_witerator to display all the main windows of each specific process. The definitions of cprocessiterator and cprocessmoduleiterator are as follows:

//////////////////////////////////////// //////////////////////////////////////// //////// Process enumeration class-list all processes in the system, however, the first process with PID = 0 is always skipped, that is, the idle process (idle) // class cprocessiterator {protected: DWORD * m_pids; // dwordm_count, the ancestor containing Process IDs; // array size dwordm_current; // The current array item public: cprocessiterator ();~ Cprocessiterator (); DWORD getcount () {return m_count;} DWORD first (); DWORD next () {return m_pids & m_current <m_count? M_pids [m_current ++]: 0 ;}}; //////////////////////////////////////// //////////////// // list the modules of a process, the first module is to create the main exe program for this process // class cprocessmoduleiterator {protected: handlem_hprocess; // Process Handle hmodule * m_hmodules; // module handle array dwordm_count; // array size dwordm_current; // The current module handle public: cprocessmoduleiterator (dword pid );~ Cprocessmoduleiterator (); handle getprocesshandle () {return m_hprocess;} DWORD getcount () {return m_count;} hmodule first (); hmodule next () {return m_hprocess & m_current <m_count? M_hmodules [m_current ++]: 0 ;}};
From





Http://www.vckbase.com/document/viewdoc? Id = 404