Process Management through system snapshots under VC

Introduction

After each application instance runs, a process is generated in the current system. Most applications have a visual interface. You can close the program by clicking the close button on the title bar. However, there is no visual interface for many programs running in the background, for such applications, you can only use the CTRL + ALT + DEL hot key to call out the "close program" dialog box to display the current system process list, from which you can end the specified task. Obviously, this function is necessary in some system monitoring software, and its processing process can be roughly divided into two steps: you can use system snapshots to enumerate the current process of the system and manage the process based on the enumerated results. The implementation of this process will be introduced below.

Enumeration of the current process

To enumerate all enabled processes in the current system, you must first obtain information about the current status of the processes loaded to the memory. In Windows, the current status of these processes cannot be obtained directly from the process itself, the system has created a read-only copy of the current State information of all processes, threads, and modules stored in the system memory-system snapshots, you can check the current state of a process by accessing the system snapshot. In specific implementation, the System Snapshot handle is obtained through the Win32 API function createconlhelp32snapshot (). Through this function, not only process snapshots can be obtained, you can also obtain system snapshots of the heap, module, and thread. The function prototype declaration is as follows:

Handle winapi createconlhelp32snapshot (DWORD dwFlags, DWORD th32ProcessID );

The dwFlags parameter specifies the snapshot handle of the system information to be created. In this program, you only need to retrieve the system process information, so you can set it to TH32CS_SNAPPROCESS; the second parameter th32ProcessID of the function specifies the ID of the process. When it is set to 0, the current process is specified. If the function is successful, a System Snapshot handle containing process information is returned. After obtaining the snapshot handle, you can only access it in read-only mode. The use of System Snapshot handles is no different from that of common object handles. After using them, you need to destroy them using the CloseHandle () function.

After obtaining the snapshot handle of the system, you can enumerate the identification numbers of the current process. With these cited process identification numbers, you can easily manage the process. Process identification numbers are obtained through the Process32First () and Process32Next () functions. These two functions can enumerate all the processes currently enabled by the system and obtain relevant process information. The two function prototypes are declared as follows:

Bool winapi Process32First (HANDLE hSnapshot, LPPROCESSENTRY32 lppe ); Bool winapi Process32Next (HANDLE hSnapshot, LPPROCESSENTRY32 lppe );

The above two functions are used to obtain the information of the first and next processes in the system snapshot, and save the obtained information in the PROCESSENTRY32 structure pointed to by the lppe pointer. The first hSnapshot parameter of the function is the System Snapshot handle returned by the createconlhelp32snapshot () function. The second parameter lppe is a pointer to the PROCESSENTRY32 structure. The PROCESSENTRY32 structure can provide a more comprehensive description of the process, it is defined as follows:

Typedef struct tagPROCESSENTRY32 { DWORD dwSize; // structure size; DWORD cntUsage; // reference count of this process; DWORD th32ProcessID; // process ID; DWORD th32DefaultHeapID; // The default heap ID of the process; DWORD th32ModuleID; // Process Module ID; DWORD cntThreads; // The number of threads enabled by this process; DWORD th32ParentProcessID; // parent process ID; LONG pcPriClassBase; // thread priority; DWORD dwFlags; // reserved; Char szExeFile [MAX_PATH]; // process full name; } PROCESSENTRY32;

The preceding three API functions are declared in the header file tlhelp32.h. Support for the kernel32.lib library is required for running. The three functions can be used to list all processes enabled by the system and obtain information about the processes. The following is a simple example. In this example, we will enumerate all the processes in the system and obtain the identification numbers of each process and the absolute path of the corresponding program. The process identification numbers will be used in the next step of process management, the program path is displayed directly through the list control:

// PROCESSENTRY32 structure object PROCESSENTRY32 pe; // Create a snapshot handle HANDLE hSnapshot = createconlhelp32snapshot (TH32CS_SNAPPROCESS, 0 ); // First search for information about the first PROCESS IN THE SYSTEM Process32First (hSnapshot, & pe ); // Enumerate all processes in the system and save their information Do { // Fill in the file path name corresponding to the process in the list box Int index = m_ctlwndList.AddString (pe. szExeFile ); // Set the ID of the process corresponding to the Data entry in the list box, facilitating the termination of the process in the future M_ctlwndList.SetItemData (index, pe. th32ProcessID ); } While (Process32Next (hSnapshot, & pe )); // Close the snapshot handle CloseHandle (hSnapshot );

Process Management

After obtaining the identification number of each enumeration process, you can manage the process. Because the managed process is out of the current process, you must first use OpenProcess () function to obtain the handle of an existing process object, and then you can use this handle to manage and control the specified process. When calling the OpenProcess () function, pass in the process ID number as a parameter. The prototype Declaration of the OpenProcess () function is as follows:

HANDLE OpenProcess (DWORD dwDesiredAccess, // access flag BOOL bInheritHandle, // process the inherited flag DWORD dwProcessId // process ID );

If the function is successfully executed, the process object handle specified by the process ID is returned. The following is a simple application example. In this example, the specified process is terminated by using the TerminateProcess () function based on the obtained process object handle:

// Obtain the selected data in the list box at this time, that is, the ID value of the process corresponding to this item. Int index = m_ctlwndList.GetCurSel (); // Obtain the options in the list box at this time, that is, the ID value of the process corresponding to this item. DWORD data = m_ctlwndList.GetItemData (index ); // Use the process ID to open the process and obtain the Process Handle HANDLE hProcess = OpenProcess (PROCESS_TERMINATE, FALSE, data ); // Check the validity of the handle. If the handle is valid, terminate the process. If (hProcess) TerminateProcess (hProcess, 0 );

To terminate a process by calling the TerminateProcess () function, make sure that the Process Handle can be used effectively. Therefore, when calling OpenProcess (), you must specify that the access to Peugeot is PROCESS_TERMINATE.

Summary

This article briefly introduces the system snapshots and the implementation methods of enumeration and management of the current process by using system snapshots. This article only discusses system snapshots that contain process information. Interested readers can use similar methods to apply system snapshots that contain thread, heap, or block detection information. The program described in this article is compiled by Microsoft Visual C ++ 6.0 under Windows 98.