Process and Thread Information

This section details how to retrieve and understand information about processes and threads within the Windows operating system. Understanding this information is crucial for system monitoring, debugging, and performance analysis.

Processes

A process is an instance of a running computer program. It is defined by a virtual address space, code, data, and other system resources. Each process has at least one thread.

Key Process Information Functions

The following functions are commonly used to query process-related information:

HANDLE OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId);

Opens a handle to an existing process object. This handle can be used to query information about the process.

Parameters:
Return Value:

If the function succeeds, the return value is an open handle to the specified process. If the function fails, the return value is NULL. To get extended error information, call GetLastError.

BOOL GetProcessMemoryInfo(HANDLE hProcess, PPROCESS_MEMORY_COUNTERS ppsmsc);

Retrieves information about the memory usage of the specified process.

Parameters:
Return Value:

If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError.

PROCESS_MEMORY_COUNTERS Structure

This structure contains information about the memory utilization of a process:

Member Description
WorkingSetSize The current working set size, in bytes.
PeakWorkingSetSize The maximum working set size, in bytes, attained by the process.
PagefileUsage The current commit charge, in bytes. Commit charge is the sum of the memory size of private pages and the memory size of image pages that have been mapped to the paging file.
PeakPagefileUsage The maximum commit charge, in bytes, attained by the process.

Threads

A thread is the basic unit of CPU utilization; it’s a sequence of instructions that can be executed independently by the operating system. A process can have multiple threads, allowing for concurrent execution of tasks within the same application.

Key Thread Information Functions

The following functions are commonly used to query thread-related information:

HANDLE OpenThread(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwThreadId);

Opens a handle to an existing thread object. This handle can be used to query information about the thread.

Parameters:
Return Value:

If the function succeeds, the return value is an open handle to the specified thread. If the function fails, the return value is NULL. To get extended error information, call GetLastError.

DWORD GetThreadPriority(HANDLE hThread);

Retrieves the priority of the specified thread.

Parameters:
Return Value:

If the function succeeds, the return value is the priority of the specified thread. If the function fails, the return value is THREAD_PRIORITY_ERROR_RETURN. To get extended error information, call GetLastError.

Thread Priorities

Thread priorities range from 0 (lowest) to 31 (highest). Common priority levels include:

Constant Value Description
THREAD_PRIORITY_LOWEST 0 Lowest priority.
THREAD_PRIORITY_BELOW_NORMAL 6 Below normal priority.
THREAD_PRIORITY_NORMAL 8 Normal priority.
THREAD_PRIORITY_ABOVE_NORMAL 10 Above normal priority.
THREAD_PRIORITY_HIGHEST 15 Highest priority.
THREAD_PRIORITY_TIME_CRITICAL 15 Time critical priority.

Note: Applications should use dynamic priority adjustments whenever possible to allow the system to manage thread priorities effectively. Static priority settings can lead to system instability if not managed carefully.

For more detailed information on process and thread management, refer to the Process and Thread Management Guide.