EzProcess is a GUI executable application that displays information about all running processes: Process Name, Process ID, Parent ID, and Priority. In addition, all the threads (together with their base priority) and loaded modules (DLLs) of the selected process are displayed.
EzProcess is based on seven API Functions, namely,
Getting all running processes
A snapshot is created by calling the
CreateToolhelp32Snapshot API function with the
TH32CS_SNAPTHREAD flags. After that, a call to the
Process32First API function retrieves information about the first process encountered in the system snapshot we have created. Finally, calling
Process32Next repeatedly, information about all processes recorded in the snapshot is retrieved. The code is:
Invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS OR TH32CS_SNAPTHREAD, NULL
MOV ProcEntry32.dwSize,SizeOf PROCESSENTRY32
Invoke Process32First,hSnapShot,ADDR ProcEntry32
Invoke Process32Next,hSnapShot,ADDR ProcEntry32
Getting the threads of the selected process
A call to the
Thread32First API function retrieves information about the first thread of any process encountered in the snapshot created above. If the identifier of the process that created the thread (
ThreadEntry32.th32OwnerProcessID) is the ID of the selected process, then it is displayed. Calling
Thread32Next repeatedly and comparing the IDs as explained above, information about all threads of the selected process is retrieved. The code is:
MOV ThreadEntry32.dwSize,SizeOf THREADENTRY32
Invoke Thread32First,hSnapShot,ADDR ThreadEntry32
Invoke Thread32Next,hSnapShot,ADDR ThreadEntry32
Getting the modules associated with the selected Process
In order to get the modules associated with the selected process, we need to take a new snapshot that includes the module list of the specified process. Using the newly created snapshot, we iterate through all modules associated with the specified process, by using the API functions
Module32Next. The code is:
MOV ModuleEntry32.dwSize,SizeOf MODULEENTRY32
Invoke Module32First,EBX,ADDR ModuleEntry32
Invoke Module32Next,EBX,ADDR ModuleEntry32
In addition, the EzProcess Processes/Threads Manager is able to kill a selected process. This is done as follows:
Invoke OpenProcess,PROCESS_TERMINATE, FALSE,lvi.lParam
EzProcess is a project under heavy development, and Jupiter has undertaken to improve it. You can always check for a newer version at the Projects forum of the WinAsm Studio board.
New version, v1.82, has been released (full source code). You can find it at EzProcess.
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.