From: Rick Howard [rhoward@ontrack.com] Sent: Wednesday, August 18, 1999 3:52 PM To: ateeqp; ntdev@atria.com Cc: muktar; zain peerzade; amjad inamdar Subject: RE: [ntdev] Process Name Here you go. Rick Howard Ontrack Data International #define PROCESS_SIZE MAX_PATH #define STATUS_INFO_LENGTH_MISMATCH ( ( long ) 0xC0000004L ) // // task list structure // typedef struct _TASK_ENTRY { DWORD dwProcessId; DWORD dwInheritedFromProcessId; BOOL flags; HWND hwnd; TCHAR ProcessName[ PROCESS_SIZE ]; TCHAR WindowTitle[ TITLE_SIZE ]; } TASK_ENTRY, *PTASK_ENTRY, *PTASK_LIST; typedef struct _TASK_LIST_ENUM { PTASK_LIST tlist; DWORD numtasks; } TASK_LIST_ENUM, *PTASK_LIST_ENUM; typedef struct _tagThreadInfo { FILETIME ftCreationTime; DWORD dwUnknown1; DWORD dwStartAddress; DWORD dwOwningPID; DWORD dwThreadID; DWORD dwCurrentPriority; DWORD dwBasePriority; DWORD dwContextSwitches; DWORD dwThreadState; DWORD dwWaitReason; DWORD dwUnknown2[ 5 ]; } THREADINFO, *PTHREADINFO; #pragma warning( disable:4200 ) typedef struct _tagProcessInfo { DWORD dwOffset; DWORD dwThreadCount; DWORD dwUnknown1[ 6 ]; FILETIME ftCreationTime; DWORD dwUnknown2[ 5 ]; WCHAR* pszProcessName; DWORD dwBasePriority; DWORD dwProcessID; DWORD dwParentProcessID; DWORD dwHandleCount; DWORD dwUnknown3; DWORD dwUnknown4; DWORD dwVirtualBytesPeak; DWORD dwVirtualBytes; DWORD dwPageFaults; DWORD dwWorkingSetPeak; DWORD dwWorkingSet; DWORD dwUnknown5; DWORD dwPagedPool; DWORD dwUnknown6; DWORD dwNonPagedPool; DWORD dwPageFileBytesPeak; DWORD dwPrivateBytes; DWORD dwPageFileBytes; DWORD dwUnknown7[ 4 ]; THREADINFO ti[ 0 ]; } _PROCESSINFO, *PPROCESSINFO; #pragma warning( default:4200 ) long ( __stdcall *NtQuerySystemInformation )( ULONG, PVOID, ULONG, ULONG ) = NULL; void GetProcessName(LPTSTR lpProcessName, DWORD dwPid) { PBYTE pbyInfo = NULL; DWORD cInfoSize = 0x2000; if ( !NtQuerySystemInformation ) NtQuerySystemInformation = ( long ( __stdcall * )( ULONG, PVOID, ULONG, ULONG ) ) GetProcAddress( GetModuleHandle( "ntdll.dll" ), "NtQuerySystemInformation" ); _tcscpy( lpProcessName, _T( "[ Unknown ]" ) ); pbyInfo = ( PBYTE ) malloc( cInfoSize ); if ( pbyInfo ) { while ( NtQuerySystemInformation( 5, pbyInfo, cInfoSize, 0 ) == STATUS_INFO_LENGTH_MISMATCH ) { cInfoSize += 0x2000; pbyInfo = ( PBYTE ) realloc( pbyInfo, cInfoSize ); } PPROCESSINFO pProcessInfo = ( PPROCESSINFO ) pbyInfo; bool bLast = false; do { if ( pProcessInfo->dwOffset == 0 ) bLast = true; if ( pProcessInfo->pszProcessName ) { if ( pProcessInfo->dwProcessID == dwPid ) { #ifdef UNICODE _tcscpy( lpProcessName, pProcessInfo->pszProcessName ); #else wcstombs( lpProcessName, pProcessInfo->pszProcessName, PROCESS_SIZE ); #endif break; } } pProcessInfo = ( PPROCESSINFO ) ( ( PBYTE ) pProcessInfo + pProcessInfo->dwOffset ); } while( bLast == false ); free( pbyInfo ); } } -----Original Message----- From: owner-ntdev@atria.com [mailto:owner-ntdev@atria.com]On Behalf Of ateeqp Sent: Wednesday, August 18, 1999 7:14 AM To: ntdev@atria.com Cc: muktar; zain peerzade; amjad inamdar Subject: [ntdev] Process Name Hello, Can somebody please tell me how to get the name of the process or processes running(All) .I need the process name and not a handle to it. Your replies will be highly appreciated. Thanks in advance luv Ateeq