More on win32 Processes

The CreateToolhelp32Snapshot() function can be used to take a snapshot of the processes running on a system. If the CreateToolhelp32Snapshot() function succeeds, it returns an open handle to the snapshot. If it fails, it returns the value INVALID_HANDLE_VALUE. The CreateToolhelp32Snapshot() function is defined in the <TlHelp32.h> header file, which defines win32 tool help functions, types and definitions.

The CreateToolhelp32Snapshot() function takes two arguments. The first argument is a DWORD flag value.  We will use the flag value TH32CS_SNAPPROCESS; the TH32CS_SNAPPROCESS value includes all processes in the system in the snapshot.

PROCESSENTRY32 is a structure that describes an entry from the list of processes provided by the snapshot. The first member of the PROCESSENTRY32 structure is dwSize, which we should initialize to the size of the PROCESSENTRY32 structure itself, 296 bytes. We can set the dwSize member easily by using sizeof(PROCESSENTRY32).

The Process32First() function is used to retrieve information about the first process found in a system snapshot. It returns TRUE if the entry has been copied to the PROCESSENTRY32 structure, and FALSE, otherwise.

The Process32Next() function is used to retrieve information about the next process in the system snapshot. Like Process32First(), it takes two arguments, and returns a Boolean value. The Process32Next() function returns TRUE if the next entry in the process list has been copied to the provided structure, or else FALSE if it has not.

#include <Windows.h>
#include <TlHelp32.h>

int _tmain(void)
{
	//take a snapshot of the current processes in the system
	HANDLE hSnapshot = CreateToolhelp32Snapshot(
		TH32CS_SNAPPROCESS, //current processes
		0);

	//stores an entry from the snapshot list
	PROCESSENTRY32 pEntry;
	//don't forget to initialize!
	pEntry.dwSize = sizeof(PROCESSENTRY32);

	if(Process32First(hSnapshot, &pEntry)){
		do{
			printf("Process ID %-7u .exe file %s\n", pEntry.th32ProcessID, pEntry.szExeFile);
		} while(Process32Next(hSnapshot, &pEntry));
	}
	
	return 0;
}

Usually, Windows assigns a working set to each process. The working set determines how much memory the Windows memory manager should keep active for the process; the minimum number of pages and the maximum number of pages is specified via the working set.

We can learn the current size of the working set by calling the GetProcessWorkingSetSize() function. The GetProcessWorkingSetSize() function takes three arguments, the first is the HANDLE to the process, the second and third are pointers to integers of type SIZE_T. The SIZE_T type is an alias for an unsigned integer or unsigned long integer type. The first SIZE_T parameter is the minimum working set size in bytes of the process, the second SIZE_T parameter is the maximum working set size of the process, in bytes.

If we have sufficient privileges, we can change the working set size for the process by calling the SetProcessWorkingSetSize() function.

#include <Windows.h>
#include <TlHelp32.h>

int _tmain(void)
{
	HANDLE hCurrProcess = GetCurrentProcess();

	SIZE_T lMin, lMax;


	if(GetProcessWorkingSetSize(hCurrProcess, &lMin, &lMax)){
		printf("Minimum working set size: %u\n", lMin);
		printf("Maximum working set size: %u\n", lMax);
	}

	lMin+=100;
	lMax+=100;
	if(SetProcessWorkingSetSize(hCurrProcess, lMin, lMax)){
		printf("Working set size changed.\n");
	}

	
	return 0;
}

We will look at the CreateProcess() function in the next post.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s