Menu
Hi i am trying to do a project using windows API in C language. The small part in my project is to get process ID of lsass.exe.
i have tried the program below but it wont work. i have read about the CreateToolhelp32Snapshot, Process32First, Process32Next functions can anyone help me explaining how to use them in the code.
So please help me. i am a beginner to windows API so i will appreciate it if anyone can suggest me an good ebook to refer.
454
To find the PID of a process, type Get-Process . Indicates that the UserName value of the Process object is returned with results of the command. Specifies one or more process objects. Enter a variable that contains the objects, or type a command or expression that gets the objects.
Use the Command Prompt In the Start menu search bar, search for command prompt and select Run as administrator. Type tasklist. Press Enter. Command Prompt will now display the PID for the running processes.
Because there might be several instances of a process name running, there is no one-to-one correlation between a process's image name and a PID. You'll have to enumerate the processes and check the base module names for each one as Burgos describes, by using EnumProcesses.
FWIW, .Net approaches this problem by providing the GetProcessesByName API, which returns a collection of process objects. Not much use to you of course :-(
106
I don't know for simplier way. This is working by finding every running PID and comparing its name to "lsass.exe".
// pid.cpp : Defines the entry point for the console application.
#include "stdafx.h"
#include <windows.h>
#include <psapi.h>
int PrintProcessNameAndID( DWORD processID, const char *name )
{
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
// Get a handle to the process.
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
// Get the process name.
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
&cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, szProcessName,
sizeof(szProcessName)/sizeof(TCHAR) );
}
}
if(strcmp(szProcessName, name) == 0) // right process
{
CloseHandle(hProcess);
return 1;
}
// Release the handle to the process.
CloseHandle( hProcess );
return 0;
}
int find(const char *name)
{
// Get the list of process identifiers.
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
{
return 1;
}
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name and process identifier for each process.
for ( i = 0; i < cProcesses; i++ )
{
if( aProcesses[i] != 0 )
{
if(PrintProcessNameAndID( aProcesses[i], name ))
{
//found it
_tprintf("%d %s\n", aProcesses[i], name);
}
}
}
}
int _tmain(int argc, _TCHAR* argv[])
{
find("lsass.exe");
return 0;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
