/// <summary>Gets process infos for each process on the specified machine.</summary>
/// <param name="processNameFilter">Optional process name to use as an inclusion filter.</param>
/// <param name="machineName">The target machine.</param>
/// <returns>An array of process infos, one per found process.</returns>
public static ProcessInfo[] GetProcessInfos(string?processNameFilter, string machineName)
{
if (!IsRemoteMachine(machineName))
{
return(NtProcessInfoHelper.GetProcessInfos(processNameFilter: processNameFilter));
}
ProcessInfo[] processInfos = NtProcessManager.GetProcessInfos(machineName, isRemoteMachine: true);
if (string.IsNullOrEmpty(processNameFilter))
{
return(processInfos);
}
ArrayBuilder <ProcessInfo> results = default;
foreach (ProcessInfo pi in processInfos)
{
if (string.Equals(processNameFilter, pi.ProcessName, StringComparison.OrdinalIgnoreCase))
{
results.Add(pi);
}
}
return(results.ToArray());
}
/// <summary>Gets the process name for the specified process ID on the specified machine.</summary>
/// <param name="processId">The process ID.</param>
/// <param name="machineName">The machine name.</param>
/// <returns>The process name for the process if it could be found; otherwise, null.</returns>
public static string?GetProcessName(int processId, string machineName)
{
if (IsRemoteMachine(machineName))
{
// remote case: we take the hit of looping through all results
ProcessInfo[] processInfos = NtProcessManager.GetProcessInfos(machineName, isRemoteMachine: true);
foreach (ProcessInfo processInfo in processInfos)
{
if (processInfo.ProcessId == processId)
{
return(processInfo.ProcessName);
}
}
}
else
{
// local case: do not use performance counter and also attempt to get the matching (by pid) process only
string?processName = Interop.Kernel32.GetProcessName((uint)processId);
if (processName is not null)
{
return(NtProcessInfoHelper.GetProcessShortName(processName));
}
}
return(null);
}
/// <summary>Gets the ProcessInfo for the specified process ID on the specified machine.</summary>
/// <param name="processId">The process ID.</param>
/// <param name="machineName">The machine name.</param>
/// <returns>The ProcessInfo for the process if it could be found; otherwise, null.</returns>
public static ProcessInfo GetProcessInfo(int processId, string machineName)
{
if (IsRemoteMachine(machineName))
{
// remote case: we take the hit of looping through all results
ProcessInfo[] processInfos = NtProcessManager.GetProcessInfos(machineName, isRemoteMachine: true);
foreach (ProcessInfo processInfo in processInfos)
{
if (processInfo.ProcessId == processId)
{
return(processInfo);
}
}
}
else
{
// local case: do not use performance counter and also attempt to get the matching (by pid) process only
ProcessInfo[] processInfos = NtProcessInfoHelper.GetProcessInfos(pid => pid == processId);
if (processInfos.Length == 1)
{
return(processInfos[0]);
}
}
return(null);
}
public static int[] GetProcessIds()
{
if (IsNt)
{
return(NtProcessManager.GetProcessIds());
}
return(WinProcessManager.GetProcessIds());
}
public static int GetProcessIdFromHandle(Microsoft.Win32.SafeHandles.SafeProcessHandle processHandle)
{
if (!IsNt)
{
throw new PlatformNotSupportedException(SR.GetString("WinNTRequired"));
}
return(NtProcessManager.GetProcessIdFromHandle(processHandle));
}
public static ModuleInfo[] GetModuleInfos(int processId)
{
if (IsNt)
{
return(NtProcessManager.GetModuleInfos(processId));
}
return(WinProcessManager.GetModuleInfos(processId));
}
/// <summary>Gets process infos for each process on the specified machine.</summary>
/// <param name="machineName">The target machine.</param>
/// <returns>An array of process infos, one per found process.</returns>
public static ProcessInfo[] GetProcessInfos(string machineName)
{
if (!IsRemoteMachine(machineName))
{
throw new PlatformNotSupportedException(SR.GetProcessInfoNotSupported); // NtDll.NtQuerySystemInformation is not available in Uap
}
return(NtProcessManager.GetProcessInfos(machineName, isRemoteMachine: true));
}
/// <summary>Gets the IDs of all processes on the specified machine.</summary>
/// <param name="machineName">The machine to examine.</param>
/// <returns>An array of process IDs from the specified machine.</returns>
public static int[] GetProcessIds(string machineName)
{
// Due to the lack of support for EnumModules() on coresysserver, we rely
// on PerformanceCounters to get the ProcessIds for both remote desktop
// and the local machine, unlike Desktop on which we rely on PCs only for
// remote machines.
return(IsRemoteMachine(machineName) ?
NtProcessManager.GetProcessIds(machineName, true) :
GetProcessIds());
}
public static ProcessInfo[] GetProcessInfos(string machineName)
{
bool isRemoteMachine = IsRemoteMachine(machineName);
// Do not use performance counter for local machine
if (!isRemoteMachine)
{
return(NtProcessInfoHelper.GetProcessInfos());
}
return(NtProcessManager.GetProcessInfos(machineName, isRemoteMachine));
}
// Due to the lack of support for EnumModules() on coresysserver.
// We reply on PerformanceCounters to get the ProcessIds for both remote desktop
// and the local machine unlike Desktop which reply on PCs only for remote machines.
public static int[] GetProcessIds(string machineName)
{
if (IsRemoteMachine(machineName))
{
return(NtProcessManager.GetProcessIds(machineName, true));
}
else
{
return(GetProcessIds());
}
}
public static int[] GetProcessIds(string machineName)
{
if (!IsRemoteMachine(machineName))
{
return(GetProcessIds());
}
if (!IsNt)
{
throw new PlatformNotSupportedException(SR.GetString("WinNTRequiredForRemote"));
}
return(NtProcessManager.GetProcessIds(machineName, true));
}
public static ProcessInfo[] GetProcessInfos(string machineName)
{
bool isRemoteMachine = IsRemoteMachine(machineName);
if (IsNt)
{
if (!isRemoteMachine && (Environment.OSVersion.Version.Major >= 5))
{
return(NtProcessInfoHelper.GetProcessInfos());
}
return(NtProcessManager.GetProcessInfos(machineName, isRemoteMachine));
}
if (isRemoteMachine)
{
throw new PlatformNotSupportedException(SR.GetString("WinNTRequiredForRemote"));
}
return(WinProcessManager.GetProcessInfos());
}
/// <summary>Gets process infos for each process on the specified machine.</summary>
/// <param name="machineName">The target machine.</param>
/// <returns>An array of process infos, one per found process.</returns>
public static ProcessInfo[] GetProcessInfos(string machineName)
{
return(IsRemoteMachine(machineName) ?
NtProcessManager.GetProcessInfos(machineName, isRemoteMachine: true) :
NtProcessInfoHelper.GetProcessInfos());
}
/// <summary>Gets an array of module infos for the specified process.</summary>
/// <param name="processId">The ID of the process whose modules should be enumerated.</param>
/// <returns>The array of modules.</returns>
public static ProcessModuleCollection GetModules(int processId)
{
return(NtProcessManager.GetModules(processId));
}
/// <summary>Gets the ID of a process from a handle to the process.</summary>
/// <param name="processHandle">The handle.</param>
/// <returns>The process ID.</returns>
public static int GetProcessIdFromHandle(SafeProcessHandle processHandle)
{
return(NtProcessManager.GetProcessIdFromHandle(processHandle));
}
/// <summary>Gets the IDs of all processes on the current machine.</summary>
public static int[] GetProcessIds()
{
return(NtProcessManager.GetProcessIds());
}
private static unsafe ProcessInfo[] GetProcessInfos(IntPtr dataPtr)
{
// Use a dictionary to avoid duplicate entries if any
// 60 is a reasonable number for processes on a normal machine.
Dictionary <int, ProcessInfo> processInfos = new Dictionary <int, ProcessInfo>(60);
long totalOffset = 0;
while (true)
{
IntPtr currentPtr = (IntPtr)((long)dataPtr + totalOffset);
ref SystemProcessInformation pi = ref *(SystemProcessInformation *)(currentPtr);
// get information for a process
ProcessInfo processInfo = new ProcessInfo();
// Process ID shouldn't overflow. OS API GetCurrentProcessID returns DWORD.
processInfo.ProcessId = pi.UniqueProcessId.ToInt32();
processInfo.SessionId = (int)pi.SessionId;
processInfo.PoolPagedBytes = (long)pi.QuotaPagedPoolUsage;;
processInfo.PoolNonPagedBytes = (long)pi.QuotaNonPagedPoolUsage;
processInfo.VirtualBytes = (long)pi.VirtualSize;
processInfo.VirtualBytesPeak = (long)pi.PeakVirtualSize;
processInfo.WorkingSetPeak = (long)pi.PeakWorkingSetSize;
processInfo.WorkingSet = (long)pi.WorkingSetSize;
processInfo.PageFileBytesPeak = (long)pi.PeakPagefileUsage;
processInfo.PageFileBytes = (long)pi.PagefileUsage;
processInfo.PrivateBytes = (long)pi.PrivatePageCount;
processInfo.BasePriority = pi.BasePriority;
processInfo.HandleCount = (int)pi.HandleCount;
if (pi.ImageName.Buffer == IntPtr.Zero)
{
if (processInfo.ProcessId == NtProcessManager.SystemProcessID)
{
processInfo.ProcessName = "System";
}
else if (processInfo.ProcessId == NtProcessManager.IdleProcessID)
{
processInfo.ProcessName = "Idle";
}
else
{
// for normal process without name, using the process ID.
processInfo.ProcessName = processInfo.ProcessId.ToString(CultureInfo.InvariantCulture);
}
}
else
{
string processName = GetProcessShortName(Marshal.PtrToStringUni(pi.ImageName.Buffer, pi.ImageName.Length / sizeof(char)));
processInfo.ProcessName = processName;
}
// get the threads for current process
processInfos[processInfo.ProcessId] = processInfo;
currentPtr = (IntPtr)((long)currentPtr + Marshal.SizeOf(pi));
int i = 0;
while (i < pi.NumberOfThreads)
{
ref SystemThreadInformation ti = ref *(SystemThreadInformation *)(currentPtr);
ThreadInfo threadInfo = new ThreadInfo();
threadInfo._processId = (int)ti.ClientId.UniqueProcess;
threadInfo._threadId = (ulong)ti.ClientId.UniqueThread;
threadInfo._basePriority = ti.BasePriority;
threadInfo._currentPriority = ti.Priority;
threadInfo._startAddress = ti.StartAddress;
threadInfo._threadState = (ThreadState)ti.ThreadState;
threadInfo._threadWaitReason = NtProcessManager.GetThreadWaitReason((int)ti.WaitReason);
processInfo._threadInfoList.Add(threadInfo);
currentPtr = (IntPtr)((long)currentPtr + Marshal.SizeOf(ti));
i++;
}
static ProcessInfo[] GetProcessInfos(IntPtr dataPtr)
{
// 60 is a reasonable number for processes on a normal machine.
Dictionary <int, ProcessInfo> processInfos = new Dictionary <int, ProcessInfo>(60);
long totalOffset = 0;
while (true)
{
IntPtr currentPtr = (IntPtr)((long)dataPtr + totalOffset);
SystemProcessInformation pi = new SystemProcessInformation();
Marshal.PtrToStructure(currentPtr, pi);
// get information for a process
ProcessInfo processInfo = new ProcessInfo();
// Process ID shouldn't overflow. OS API GetCurrentProcessID returns DWORD.
processInfo._processId = pi.UniqueProcessId.ToInt32();
processInfo._handleCount = (int)pi.HandleCount;
processInfo._sessionId = (int)pi.SessionId;
processInfo._poolPagedBytes = (long)pi.QuotaPagedPoolUsage;;
processInfo._poolNonpagedBytes = (long)pi.QuotaNonPagedPoolUsage;
processInfo._virtualBytes = (long)pi.VirtualSize;
processInfo._virtualBytesPeak = (long)pi.PeakVirtualSize;
processInfo._workingSetPeak = (long)pi.PeakWorkingSetSize;
processInfo._workingSet = (long)pi.WorkingSetSize;
processInfo._pageFileBytesPeak = (long)pi.PeakPagefileUsage;
processInfo._pageFileBytes = (long)pi.PagefileUsage;
processInfo._privateBytes = (long)pi.PrivatePageCount;
processInfo._basePriority = pi.BasePriority;
if (pi.NamePtr == IntPtr.Zero)
{
if (processInfo._processId == NtProcessManager.SystemProcessID)
{
processInfo._processName = "System";
}
else if (processInfo._processId == NtProcessManager.IdleProcessID)
{
processInfo._processName = "Idle";
}
else
{
// for normal process without name, using the process ID.
processInfo._processName = processInfo._processId.ToString(CultureInfo.InvariantCulture);
}
}
else
{
string processName = GetProcessShortName(Marshal.PtrToStringUni(pi.NamePtr, pi.NameLength / sizeof(char)));
processInfo._processName = processName;
}
// get the threads for current process
processInfos[processInfo._processId] = processInfo;
currentPtr = (IntPtr)((long)currentPtr + Marshal.SizeOf(pi));
int i = 0;
while (i < pi.NumberOfThreads)
{
SystemThreadInformation ti = new SystemThreadInformation();
Marshal.PtrToStructure(currentPtr, ti);
ThreadInfo threadInfo = new ThreadInfo();
threadInfo._processId = (int)ti.UniqueProcess;
threadInfo._threadId = (int)ti.UniqueThread;
threadInfo._basePriority = ti.BasePriority;
threadInfo._currentPriority = ti.Priority;
threadInfo._startAddress = ti.StartAddress;
threadInfo._threadState = (ThreadState)ti.ThreadState;
threadInfo._threadWaitReason = NtProcessManager.GetThreadWaitReason((int)ti.WaitReason);
processInfo._threadInfoList.Add(threadInfo);
currentPtr = (IntPtr)((long)currentPtr + Marshal.SizeOf(ti));
i++;
}
if (pi.NextEntryOffset == 0)
{
break;
}
totalOffset += pi.NextEntryOffset;
}
ProcessInfo[] temp = new ProcessInfo[processInfos.Values.Count];
processInfos.Values.CopyTo(temp, 0);
return(temp);
}
/// <summary>Gets process infos for each process on the specified machine.</summary>
/// <param name="machineName">The target machine.</param>
/// <returns>An array of process infos, one per found process.</returns>
public static ProcessInfo[] GetProcessInfos(string machineName)
{
return(IsRemoteMachine(machineName) ?
NtProcessManager.GetProcessInfos(machineName, true) :
NtProcessInfoHelper.GetProcessInfos()); // Do not use performance counter for local machine
}
private static ProcessInfo[] GetProcessInfos(IntPtr dataPtr)
{
IntPtr ptr;
Hashtable hashtable = new Hashtable(60);
long num = 0L;
Label_000B:
ptr = (IntPtr)(((long)dataPtr) + num);
SystemProcessInformation structure = new SystemProcessInformation();
Marshal.PtrToStructure(ptr, structure);
ProcessInfo info = new ProcessInfo {
processId = structure.UniqueProcessId.ToInt32(),
handleCount = (int)structure.HandleCount,
sessionId = (int)structure.SessionId,
poolPagedBytes = (long)((ulong)structure.QuotaPagedPoolUsage),
poolNonpagedBytes = (long)((ulong)structure.QuotaNonPagedPoolUsage),
virtualBytes = (long)((ulong)structure.VirtualSize),
virtualBytesPeak = (long)((ulong)structure.PeakVirtualSize),
workingSetPeak = (long)((ulong)structure.PeakWorkingSetSize),
workingSet = (long)((ulong)structure.WorkingSetSize),
pageFileBytesPeak = (long)((ulong)structure.PeakPagefileUsage),
pageFileBytes = (long)((ulong)structure.PagefileUsage),
privateBytes = (long)((ulong)structure.PrivatePageCount),
basePriority = structure.BasePriority
};
if (structure.NamePtr == IntPtr.Zero)
{
if (info.processId == NtProcessManager.SystemProcessID)
{
info.processName = "System";
}
else if (info.processId == 0)
{
info.processName = "Idle";
}
else
{
info.processName = info.processId.ToString(CultureInfo.InvariantCulture);
}
}
else
{
string processShortName = GetProcessShortName(Marshal.PtrToStringUni(structure.NamePtr, structure.NameLength / 2));
if (ProcessManager.IsOSOlderThanXP && (processShortName.Length == 15))
{
if (processShortName.EndsWith(".", StringComparison.OrdinalIgnoreCase))
{
processShortName = processShortName.Substring(0, 14);
}
else if (processShortName.EndsWith(".e", StringComparison.OrdinalIgnoreCase))
{
processShortName = processShortName.Substring(0, 13);
}
else if (processShortName.EndsWith(".ex", StringComparison.OrdinalIgnoreCase))
{
processShortName = processShortName.Substring(0, 12);
}
}
info.processName = processShortName;
}
hashtable[info.processId] = info;
ptr = (IntPtr)(((long)ptr) + Marshal.SizeOf(structure));
for (int i = 0; i < structure.NumberOfThreads; i++)
{
SystemThreadInformation information2 = new SystemThreadInformation();
Marshal.PtrToStructure(ptr, information2);
ThreadInfo info2 = new ThreadInfo {
processId = (int)information2.UniqueProcess,
threadId = (int)information2.UniqueThread,
basePriority = information2.BasePriority,
currentPriority = information2.Priority,
startAddress = information2.StartAddress,
threadState = (ThreadState)information2.ThreadState,
threadWaitReason = NtProcessManager.GetThreadWaitReason((int)information2.WaitReason)
};
info.threadInfoList.Add(info2);
ptr = (IntPtr)(((long)ptr) + Marshal.SizeOf(information2));
}
if (structure.NextEntryOffset != 0)
{
num += structure.NextEntryOffset;
goto Label_000B;
}
ProcessInfo[] array = new ProcessInfo[hashtable.Values.Count];
hashtable.Values.CopyTo(array, 0);
return(array);
}
