// list running process on system
DWORD pslist (int cpu_mode)
{
HANDLE hSnap, hProc;
PROCESSENTRY32 pe32;
DWORD dwId = 0, ulen, dlen, mode=0;
BOOL bWow64;
char *cpu, *uid, *dom;
char domain[64], uname[64];
hSnap = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, 0);
if (hSnap != INVALID_HANDLE_VALUE)
{
pe32.dwSize = sizeof (PROCESSENTRY32);
printf("\n%-35s %-5s %5s %s", "Image Name", "PID", "CPU", "domain\\username");
printf("\n=================================== ===== ====== ===============\n");
if (Process32First (hSnap, &pe32))
{
do {
cpu="??";
uid="??";
dom="??";
// open process to determine CPU mode and user information
hProc=OpenProcess (PROCESS_QUERY_INFORMATION,
FALSE, pe32.th32ProcessID);
if (hProc!=NULL) {
bWow64=FALSE;
IsWow64Process (hProc, &bWow64);
ulen=sizeof(uname);
dlen=sizeof(domain);
proc2uid (hProc, domain, &dlen, uname, &ulen);
dom=domain;
uid=uname;
// i agree that the test probably fails for 32-bit systems
// i'm running 64-bit windows
cpu = (bWow64) ? "32" : "64";
CloseHandle (hProc);
}
if (cpu_mode==32 && bWow64) continue;
if (cpu_mode==64 && !bWow64) continue;
printf ("%-35s %-5lu %5s-bit %s\\%s\n",
pe32.szExeFile, pe32.th32ProcessID,
cpu, dom, uid);
} while (Process32Next (hSnap, &pe32));
}
CloseHandle (hSnap);
}
return dwId;
}
// list running process on system
DWORD pslist (int exclude)
{
HANDLE hProc;
DWORD dwId = 0, ulen, dlen, mode=0;
BOOL bWow64;
wchar_t *cpu, *uid, *dom;
wchar_t domain[64], uname[64];
LPVOID procList;
PPROCENTRY pe;
procList = GetProcessList();
if (procList != NULL)
{
wprintf(L"\n%-35s %-5s %5s %s", L"Image Name", L"PID", L"CPU", L"domain\\username");
wprintf(L"\n=================================== ===== ====== ===============\n");
mode = GetMode();
for (pe=(PPROCENTRY)procList; pe->id != 0; pe++)
{
cpu = L"??";
uid = L"??";
dom = L"??";
// open process to determine CPU mode and user information
hProc=OpenProcess (PROCESS_QUERY_INFORMATION, FALSE, pe->id);
if (hProc!=NULL)
{
bWow64 = IsWow64(hProc);
ulen=sizeof(uname);
dlen=sizeof(domain);
if (proc2uid (hProc, domain, &dlen, uname, &ulen))
{
dom=domain;
uid=uname;
}
CloseHandle (hProc);
// if we're excluding 32-bit process and this is Wow64, continue
if (exclude==32 && bWow64) {
continue;
}
// if we're excluding 64-bit apps and not Wow64, continue
if (exclude==64 && !bWow64 && mode != X86_MODE) {
continue;
}
// if remote process is not wow64
if (!bWow64) {
// if we're running on 32-bit mode
if (GetMode() == X86_MODE) {
// it's a 32-bit process
cpu = L"32";
} else {
// otherwise it's 64-bit
cpu = L"64";
}
} else {
cpu = L"32";
}
}
wprintf (L"%-35s %-5lu %5s-bit %s\\%s\n",
pe->name, pe->id, cpu, dom, uid);
}
xfree (procList);
} else {
xstrerror("GetProcessList");
}
return dwId;
}
