Click here to Skip to main content
15,868,164 members
Articles / Programming Languages / ASM
Article

EzProcess

Rate me:
Please Sign up or sign in to vote.
4.74/5 (29 votes)
20 Oct 2007GPL32 min read 61.7K   1.7K   59   10
A processes and threads manager application.

Sample Image - EzProcess.jpg

Introduction

EzProcess is a GUI executable application that displays information about all running processes: Process Name, Process ID, Parent ID, and Priority. In addition, all the threads (together with their base priority) and loaded modules (DLLs) of the selected process are displayed.

Internals

EzProcess is based on seven API Functions, namely, CreateToolhelp32Snapshot, Process32First, Process32Next, Thread32First, Thread32Next, Module32First, and Module32Next.

Getting all running processes

A snapshot is created by calling the CreateToolhelp32Snapshot API function with the TH32CS_SNAPPROCESS OR TH32CS_SNAPTHREAD flags. After that, a call to the Process32First API function retrieves information about the first process encountered in the system snapshot we have created. Finally, calling Process32Next repeatedly, information about all processes recorded in the snapshot is retrieved. The code is:

ASM
Invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS OR TH32CS_SNAPTHREAD, NULL
MOV hSnapShot,EAX

;Get first process
MOV ProcEntry32.dwSize,SizeOf PROCESSENTRY32
Invoke Process32First,hSnapShot,ADDR ProcEntry32
@@:
.If EAX
    ;Display
    ;Process
    ;Information
    ;
    ;
    ;Get Next process
    Invoke Process32Next,hSnapShot,ADDR ProcEntry32
     
    JMP @B
.EndIf

Getting the threads of the selected process

A call to the Thread32First API function retrieves information about the first thread of any process encountered in the snapshot created above. If the identifier of the process that created the thread (ThreadEntry32.th32OwnerProcessID) is the ID of the selected process, then it is displayed. Calling Thread32Next repeatedly and comparing the IDs as explained above, information about all threads of the selected process is retrieved. The code is:

ASM
;Get first thread
MOV ThreadEntry32.dwSize,SizeOf THREADENTRY32
Invoke Thread32First,hSnapShot,ADDR ThreadEntry32
@@:
.If EAX
    .If ThreadEntry32.th32OwnerProcessID==EDI
        ;Display
        ;Thread
        ;Information
        ;
        ;
        ;   
    .EndIf
  
    ;Get Next Thread
    Invoke Thread32Next,hSnapShot,ADDR ThreadEntry32
  
    JMP @B
.EndIf

Getting the modules associated with the selected Process

In order to get the modules associated with the selected process, we need to take a new snapshot that includes the module list of the specified process. Using the newly created snapshot, we iterate through all modules associated with the specified process, by using the API functions Module32First and Module32Next. The code is:

ASM
;Let's create a new snapshot that includes the module list of the specified  process
Invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,EDI
MOV EBX,EAX
     
;Get first Module
MOV ModuleEntry32.dwSize,SizeOf MODULEENTRY32
Invoke Module32First,EBX,ADDR ModuleEntry32
@@:
.If EAX
    ;Display
    ;Module
    ;Information
    ;
    ;
    ;Get Next Module
    Invoke Module32Next,EBX,ADDR ModuleEntry32
    JMP @B
.EndIf
Invoke CloseHandle,EBX

Extended Functionality

In addition, the EzProcess Processes/Threads Manager is able to kill a selected process. This is done as follows:

ASM
Invoke OpenProcess,PROCESS_TERMINATE, FALSE,lvi.lParam ;where lvi.lParam is the process ID
.If EAX
    MOV EBX,EAX ;hProcess
    Invoke TerminateProcess,EBX,0
    .If !EAX
        Invoke ErrorMessage
    .EndIf
    Invoke CloseHandle,EBX ;hProcess
.Else
    Invoke ErrorMessage
.EndIf

Final Note

EzProcess is a project under heavy development, and Jupiter has undertaken to improve it. You can always check for a newer version at the Projects forum of the WinAsm Studio board.

Edit

New version, v1.82, has been released (full source code). You can find it at EzProcess.

License

This article, along with any associated source code and files, is licensed under The GNU General Public License (GPLv3)


Written By
Web Developer
Cyprus Cyprus
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
QuestionHow to make all threads active Pin
rajivalochanan_s29-Oct-09 4:21
rajivalochanan_s29-Oct-09 4:21 
GeneralPoli Kalo! Pin
manos_crete26-Jan-07 12:02
manos_crete26-Jan-07 12:02 
GeneralRe: Poli Kalo! Pin
akyprian26-Jan-07 20:58
akyprian26-Jan-07 20:58 
Thanks a lot for your good words. I agree that with the Assembly language the sky is the limit! A lot of people are using Assembly, have a look at the WinAsm Studio[^] site.


Regards,

Antonis



http://www.winasm.net

GeneralPotentially really useful! Pin
peterboulton23-Jan-07 1:07
professionalpeterboulton23-Jan-07 1:07 
GeneralRe: Potentially really useful! Pin
akyprian23-Jan-07 2:41
akyprian23-Jan-07 2:41 
GeneralNice code Pin
qiuqianren23-Jan-07 0:02
qiuqianren23-Jan-07 0:02 
GeneralRe: Nice code Pin
akyprian23-Jan-07 2:30
akyprian23-Jan-07 2:30 
GeneralRe: Nice code Pin
qiuqianren23-Jan-07 5:09
qiuqianren23-Jan-07 5:09 
GeneralWOW! Pin
NoellyB22-Jan-07 20:42
NoellyB22-Jan-07 20:42 
GeneralRe: WOW! [modified] Pin
akyprian23-Jan-07 2:19
akyprian23-Jan-07 2:19 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.