Process Information

This section details the functions and structures used to retrieve information about processes running on the Windows operating system. Understanding process information is crucial for system monitoring, debugging, and performance analysis.

Key Functions for Retrieving Process Information

Function	Description
`GetCurrentProcessId`	Retrieves the identifier of the current process.
`GetCurrentProcess`	Retrieves a handle to the current process.
`GetProcessTimes`	Retrieves timing information for the specified process.
`GetProcessMemoryInfo`	Retrieves various statistics about the memory usage of the specified process.
`EnumProcesses`	Enumerates the processes that are currently running on a local or remote computer.
`GetProcessImageFileName`	Retrieves the full path of the executable file for the specified process.
`GetProcessOwnerEx`	Retrieves the user account and security identifier (SID) for the owner of the specified process.

`GetCurrentProcessId`

The GetCurrentProcessId function returns the process identifier of the calling process.

DWORD GetCurrentProcessId(void);

Return Value: The return value is the process identifier of the calling process.

`GetCurrentProcess`

The GetCurrentProcess function returns a pseudo-handle for the current process. A pseudo-handle is a special constant that is equal to the real handle of the process.

HANDLE GetCurrentProcess(void);

Return Value: The return value is a pseudo-handle to the current process. A pseudo-handle is a way of referring to the current process. It can be used by functions that require a process handle, such as the DuplicateHandle function.

`GetProcessTimes`

The GetProcessTimes function retrieves timing information for the specified process. This information includes creation time, exit time, kernel mode time, and user mode time.

BOOL GetProcessTimes(
  HANDLE hProcess,
  LPFILETIME lpCreationTime,
  LPFILETIME lpExitTime,
  LPFILETIME lpKernelTime,
  LPFILETIME lpUserTime
);

Parameters:

hProcess: A handle to the process for which timing information is to be retrieved.
lpCreationTime: A pointer to a FILETIME structure that receives the creation time of the process.
lpExitTime: A pointer to a FILETIME structure that receives the exit time of the process.
lpKernelTime: A pointer to a FILETIME structure that receives the amount of time the process has spent in kernel mode.
lpUserTime: A pointer to a FILETIME structure that receives the amount of time the process has spent in user mode.

Return Value: If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError.

`GetProcessMemoryInfo`

The GetProcessMemoryInfo function retrieves detailed information about the memory usage of a specified process.

BOOL GetProcessMemoryInfo(
  HANDLE             hProcess,
  PPMEMORY_BASIC_INFORMATION ppsbi,
  DWORD_PTR          Size
);

Parameters:

hProcess: A handle to the process whose memory information is to be retrieved.
ppsbi: A pointer to a PMEMORY_BASIC_INFORMATION structure that receives the memory information.
Size: The size of the PMEMORY_BASIC_INFORMATION structure.

Return Value: If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError.

`EnumProcesses`

The EnumProcesses function enumerates the processes currently running on the system. It retrieves the process identifiers (PIDs) for all processes.

BOOL EnumProcesses(
  DWORD   *lpidProcess,
  DWORD   cb,
  DWORD   *pcbNeeded
);

Parameters:

lpidProcess: A pointer to an array that receives a list of process identifiers.
cb: The size of the array pointed to by lpidProcess, in bytes.
pcbNeeded: A pointer to a variable that receives the number of bytes required to store all process identifiers.

Return Value: If the function succeeds, the return value is nonzero. If the function fails, the return value is zero.

`GetProcessImageFileName`

The GetProcessImageFileName function retrieves the name of the executable image for the specified process.

DWORD GetProcessImageFileName(
  HANDLE  hProcess,
  LPTSTR  lpImageFileName,
  DWORD   nSize
);

Parameters:

hProcess: A handle to the process.
lpImageFileName: A pointer to a buffer that receives the process image name.
nSize: The size of the buffer pointed to by lpImageFileName, in characters.

Return Value: If the function succeeds, the return value is the length of the string copied to lpImageFileName, in characters. If the function fails, the return value is zero.

`GetProcessOwnerEx`

The GetProcessOwnerEx function retrieves the user account and security identifier (SID) for the owner of the specified process.

BOOL GetProcessOwnerEx(
  HANDLE          ProcessHandle,
  PSID            *ProcessOwner,
  LPDWORD         OwnerSize
);

Parameters:

ProcessHandle: A handle to the process.
ProcessOwner: A pointer to a pointer to a SID structure that receives the SID of the process owner. The caller must free this buffer using FreeSid.
OwnerSize: A pointer to a DWORD that receives the size of the buffer pointed to by ProcessOwner.

Return Value: If the function succeeds, the return value is nonzero. If the function fails, the return value is zero.

Windows API Reference

Process Functions

Related Topics