In Windows Resource Monitor there are four tabs - CPU,MEMORY,DISK,NETWORK This program shows us every process with their respective PID(process ID) which are involving with I/O activities with disk drives and network.
Issue
I am using Win32 Programming plus Visual C++(Visual Studio).I created a process(Using CreateProcess function) "VBS3_64.exe",suppose that I don't know it's internal behavior,In my program my only intention was to create that process,let it execute for several minutes and Terminate it using Terminate or SendMessage functions. After I terminate that process progrmatically Windows Resource monitor shown that both CPU and Memory usage on "Terminated" state(gray color) but both Disk activity and Network activity were running(black color) at the moment for several minutes. Even Windows Task Manager did not show that Process.
I used Win32 functions to check whether that the process still running on the system even it get called Terminate or force kill but all of those function given me the same result.But only Resource Monitor detects its clean up -Disk activities and Network activities.
Question
1.How terminated process still Run in background for its cleanup stuff and only Resource Monitor detects it with its respective PID ?
2.Which Win32 functions helps us to detect such Process ? (which Win32 functions is being used by Resource Monitor to detect background/clean up activities of Terminated process).
Please refer following question that I asked on MSDN :-
[
^]
What I have tried:
I tried to get status of Process and it's I/O activities through following Win32 Functions:
DWORD pid = 14216;
HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
HPSS snapShot;
PSS_PROCESS_INFORMATION info;
PSS_PERFORMANCE_COUNTERS traceInfo;
BOOL status = STILL_ACTIVE;
do
{
auto ret = PssCaptureSnapshot(process, PSS_CAPTURE_HANDLES | PSS_CREATE_MEASURE_PERFORMANCE, NULL, &snapShot);
if (ret == ERROR_SUCCESS)
{
std::cout << "SnapShot okey" << std::endl;
ret = PssQuerySnapshot(snapShot, PSS_QUERY_PROCESS_INFORMATION, &info, sizeof(info));
if (ret == ERROR_SUCCESS)
{
status = info.ExitStatus;
std::cout << status << std::endl;
std::cout << info.PebBaseAddress << std::endl;
}
ret = PssQuerySnapshot(snapShot, PSS_QUERY_PERFORMANCE_COUNTERS, &traceInfo, sizeof(traceInfo));
if (ret == ERROR_SUCCESS)
{
std::cout << "Cycles:" << traceInfo.TotalCycleCount << std::endl;
}
};
} while (status == STILL_ACTIVE);
And
IO_COUNTERS counters;
while (process && GetProcessIoCounters(process, &counters))
{
std::cout << "Read operations: " << counters.ReadOperationCount << std::endl;
std::cout << "Read Transfers: " << counters.ReadTransferCount << std::endl;
CloseHandle(process);
Sleep(1000);
process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
}