System Services - Process Information

The Process Information API provides functions to retrieve details about processes running on the local system. These functions enable developers to query process identifiers, execution times, session information, and executable image paths.

GetCurrentProcessId

Retrieves the process identifier of the calling process.

DWORD GetCurrentProcessId(void);

Example:

#include <windows.h>
#include <iostream>

int main() {
    DWORD pid = GetCurrentProcessId();
    std::cout << "Current Process ID: " << pid << std::endl;
    return 0;
}

GetProcessId

Retrieves the process identifier of the specified process handle.

DWORD GetProcessId(HANDLE Process);

Parameters:

• Process – Handle to the process. The handle must have PROCESS_QUERY_INFORMATION access.

Example:

#include <windows.h>
#include <iostream>

int main() {
    HANDLE h = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId());
    if (h) {
        DWORD pid = GetProcessId(h);
        std::cout << "Process ID: " << pid << std::endl;
        CloseHandle(h);
    }
    return 0;
}

GetProcessTimes

Retrieves timing information for the specified process.

BOOL GetProcessTimes(
    HANDLE hProcess,
    LPFILETIME lpCreationTime,
    LPFILETIME lpExitTime,
    LPFILETIME lpKernelTime,
    LPFILETIME lpUserTime
);

Example:

#include <windows.h>
#include <iostream>

int main() {
    HANDLE h = GetCurrentProcess();
    FILETIME ct, et, kt, ut;
    if (GetProcessTimes(h, &ct, &et, &kt, &ut)) {
        ULONGLONG kernel = ((ULONGLONG)kt.dwHighDateTime << 32) | kt.dwLowDateTime;
        ULONGLONG user   = ((ULONGLONG)ut.dwHighDateTime << 32) | ut.dwLowDateTime;
        std::cout << "Kernel Time: " << kernel / 10000000 << "s\\n";
        std::cout << "User Time: "   << user   / 10000000 << "s\\n";
    }
    return 0;
}

QueryFullProcessImageName

Retrieves the full name of the executable image for the specified process.

BOOL QueryFullProcessImageNameW(
    HANDLE hProcess,
    DWORD dwFlags,
    LPWSTR lpExeName,
    PDWORD lpdwSize
);

Example:

#include <windows.h>
#include <iostream>

int main() {
    HANDLE h = GetCurrentProcess();
    wchar_t path[MAX_PATH];
    DWORD size = MAX_PATH;
    if (QueryFullProcessImageNameW(h, 0, path, &size)) {
        std::wcout << L"Executable Path: " << path << std::endl;
    }
    return 0;
}

• Process Management Overview
• Thread Functions
• Security Functions
• Memory Management Functions