VC through the system snapshot process management method

This article illustrates the VC through the system snapshot process management method, sharing for your reference. The specific implementation method is as follows:

One, the introduction

Each instance of the application, when running, generates a process on the current system. Most applications have a visual interface, and the user can close the program by clicking the close button on the title bar. However, there are also a number of programs running in the background that do not have a visual interface. For such applications, users can only use CTRL+ALT+DEL hotkey to exhale the "close program" dialog box, which displays a list of current system processes, from which they can finish the specified task. Obviously, this function is still very necessary in some system monitoring software, the process can be roughly divided into two steps: with the help of the system snapshot to achieve the current process of the system enumeration and according to the enumeration results of the process management. The implementation of this process is described below.

Enumeration of the current process

To enumerate all the processes that are already open on the current system, you must first obtain information about the current state of those processes that are loaded into memory. Under the Windows operating system, the process of the current state of the information cannot be directly obtained from the process itself, the system has been stored in the system for all process in the memory, threads, and module of information on the current state of the copies made a read-only snapshot - system, users can access to system snapshot to complete the process of the current state of detection. At implementation time, the system snapshot handle is obtained through the Win32 API function CreateToolhelp32Snapshot(), which not only captures process snapshots, but also system snapshots of the heap, modules, and threads. The function prototype is declared as follows:

HANDLE WINAPI CreateToolhelp32Snapshot(DWORD dwFlags,DWORD th32ProcessID);

Where, parameter dwFlags: specifies the type of snapshot handle to be created containing the system information. In this program, only the system process information needs to be retrieved, so it can be set to TH32CS_SNAPPROCESS. The second parameter of the function, th32ProcessID ', specifies the id number of the process, and when set to 0, specifies the current process. The success function returns a system snapshot handle containing process information. After the snapshot handle is obtained, it can only be accessed read-only. The use of the system snapshot handle is not much different from the use of a normal object handle, which also needs to be destroyed by the CloseHandle() function after it is used.
After getting the snapshot handle of the system, you can enumerate the current process id, through which the process id can be easily managed. The process id number is obtained by the functions Process32First() and Process32Next(), which enumerate all the currently open processes in the system and get the relevant process information. The two function prototypes are declared as follows:

BOOL WINAPI Process32First(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);

BOOL WINAPI Process32Next(HANDLE hSnapshot,LPPROCESSENTRY32 lppe);

The above two functions are used to get information about the first and next process in the system snapshot, respectively, and to save the obtained information in the PROCESSENTRY32 structure pointed to by the pointer lppe. The first parameter of the function, hSnapshot, returns the resulting system snapshot handle from the CreateToolhelp32Snapshot() function. The second parameter, lppe, is a pointer to the structure PROCESSENTRY32, which can give a more comprehensive description of the process. It is defined as follows:

typedef struct tagPROCESSENTRY32 {

DWORD dwSize; //Structure size; < br / >
DWORD cntUsage; //Reference count for this process; < br / >
DWORD th32ProcessID; //The process ID. < br / >
DWORD th32DefaultHeapID; //Process default heap ID; < br / >
DWORD th32ModuleID; //Process module ID; < br / >
DWORD cntThreads; //The thread count on which this process is started; < br / >
DWORD th32ParentProcessID; //Parent process ID; < br / >
LONG pcPriClassBase; //Thread priority; < br / >
DWORD dwFlags; //Reservation; < br / >
char szExeFile[MAX_PATH]; //Full name of the process; < br / >
} PROCESSENTRY32;

The above three API functions are declared in the header file tlhelp32.h, and the runtime needs support from the kernel32.lib library. Through these three functions can enumerate the current system has opened all the processes, and can get the process of the relevant information, the following is a simple application example. In this example, all processes of the system will be enumerated, and get the id number of each process and the absolute path of the corresponding program. The process id number will be used in the next step of process management, and the program path will be displayed directly through the list control:

//PROCESSENTRY32 structure object 

PROCESSENTRY32 pe;

//Create snapshot handle 

HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

//First, search the system for information about the first process 

Process32First(hSnapshot, &pe);

//The following enumerates all the processes in the system and saves their information 

do{

//Fill the list box 
 with the file path name for the process
int index = m_ctlwndList.AddString(pe.szExeFile);

//Set the ID number of the process corresponding to the Data of the item in the list box to facilitate the later termination of the process 

m_ctlwndList.SetItemData(index, pe.th32ProcessID);

} while (Process32Next(hSnapshot, &pe));

//Close the snapshot handle 

CloseHandle(hSnapshot);

Third, the management of the process

After obtaining the identification number of each enumerated process, the management of the process can be realized. Since the managed process is outside the current process, it must first obtain the handle of an existing process object through the OpenProcess() function, and then the specified process can be managed and controlled through the handle. When the OpenProcess() function is called, the process id is passed in as a parameter. The prototype of the OpenProcess() function is declared as follows:

HANDLE OpenProcess(DWORD dwDesiredAccess, //Access flag 

BOOL bInheritHandle, //Handles inherited flags 

DWORD dwProcessId //  Process id );

If the function executes successfully, it returns the process object handle specified by the process id. The following is also a simple example of an application where the specified process is terminated via the TerminateProcess() function based on the acquired process object handle:

//Gets the data selected in the list box at this point, that is, the ID value of the process corresponding to this item 

int index = m_ctlwndList.GetCurSel();

//Gets the option in the list box at this point, that is, the ID value of the process for this item 

DWORD data = m_ctlwndList.GetItemData(index);

//Using the process's ID value, open the process and get the process handle 

HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE,data);

//Detects the validity of the handle and, if so, terminates the process 

if (hProcess)

TerminateProcess(hProcess,0);

Since you need to ensure that the process handle is available when the TerminateProcess() function is called to terminate the process, when you call OpenProcess() earlier, you need to specify its access Peugeot as PROCESS_TERMINATE.

Four, summary

This paper mainly introduces the system snapshot and the method of enumerating and managing the current process of the system. Only system snapshots with process information have been discussed in this article, and interested readers can apply a similar approach to system snapshots with thread, heap, or block information. The program described in this article is compiled by Microsoft Visual C++ 6.0 under Windows 98.

Hope that this article described the VC programming for you to help.