/// <summary>Gets process infos for each process on the specified machine.</summary> /// <param name="processNameFilter">Optional process name to use as an inclusion filter.</param> /// <param name="machineName">The target machine.</param> /// <returns>An array of process infos, one per found process.</returns> public static ProcessInfo[] GetProcessInfos(string?processNameFilter, string machineName) { if (!IsRemoteMachine(machineName)) { return(NtProcessInfoHelper.GetProcessInfos(processNameFilter: processNameFilter)); } ProcessInfo[] processInfos = NtProcessManager.GetProcessInfos(machineName, isRemoteMachine: true); if (string.IsNullOrEmpty(processNameFilter)) { return(processInfos); } ArrayBuilder <ProcessInfo> results = default; foreach (ProcessInfo pi in processInfos) { if (string.Equals(processNameFilter, pi.ProcessName, StringComparison.OrdinalIgnoreCase)) { results.Add(pi); } } return(results.ToArray()); }
/// <summary>Gets the process name for the specified process ID on the specified machine.</summary> /// <param name="processId">The process ID.</param> /// <param name="machineName">The machine name.</param> /// <returns>The process name for the process if it could be found; otherwise, null.</returns> public static string?GetProcessName(int processId, string machineName) { if (IsRemoteMachine(machineName)) { // remote case: we take the hit of looping through all results ProcessInfo[] processInfos = NtProcessManager.GetProcessInfos(machineName, isRemoteMachine: true); foreach (ProcessInfo processInfo in processInfos) { if (processInfo.ProcessId == processId) { return(processInfo.ProcessName); } } } else { // local case: do not use performance counter and also attempt to get the matching (by pid) process only string?processName = Interop.Kernel32.GetProcessName((uint)processId); if (processName is not null) { return(NtProcessInfoHelper.GetProcessShortName(processName)); } } return(null); }
/// <summary>Gets the ProcessInfo for the specified process ID on the specified machine.</summary> /// <param name="processId">The process ID.</param> /// <param name="machineName">The machine name.</param> /// <returns>The ProcessInfo for the process if it could be found; otherwise, null.</returns> public static ProcessInfo GetProcessInfo(int processId, string machineName) { if (IsRemoteMachine(machineName)) { // remote case: we take the hit of looping through all results ProcessInfo[] processInfos = NtProcessManager.GetProcessInfos(machineName, isRemoteMachine: true); foreach (ProcessInfo processInfo in processInfos) { if (processInfo.ProcessId == processId) { return(processInfo); } } } else { // local case: do not use performance counter and also attempt to get the matching (by pid) process only ProcessInfo[] processInfos = NtProcessInfoHelper.GetProcessInfos(pid => pid == processId); if (processInfos.Length == 1) { return(processInfos[0]); } } return(null); }
public static int[] GetProcessIds() { if (IsNt) { return(NtProcessManager.GetProcessIds()); } return(WinProcessManager.GetProcessIds()); }
public static int GetProcessIdFromHandle(Microsoft.Win32.SafeHandles.SafeProcessHandle processHandle) { if (!IsNt) { throw new PlatformNotSupportedException(SR.GetString("WinNTRequired")); } return(NtProcessManager.GetProcessIdFromHandle(processHandle)); }
public static ModuleInfo[] GetModuleInfos(int processId) { if (IsNt) { return(NtProcessManager.GetModuleInfos(processId)); } return(WinProcessManager.GetModuleInfos(processId)); }
/// <summary>Gets process infos for each process on the specified machine.</summary> /// <param name="machineName">The target machine.</param> /// <returns>An array of process infos, one per found process.</returns> public static ProcessInfo[] GetProcessInfos(string machineName) { if (!IsRemoteMachine(machineName)) { throw new PlatformNotSupportedException(SR.GetProcessInfoNotSupported); // NtDll.NtQuerySystemInformation is not available in Uap } return(NtProcessManager.GetProcessInfos(machineName, isRemoteMachine: true)); }
/// <summary>Gets the IDs of all processes on the specified machine.</summary> /// <param name="machineName">The machine to examine.</param> /// <returns>An array of process IDs from the specified machine.</returns> public static int[] GetProcessIds(string machineName) { // Due to the lack of support for EnumModules() on coresysserver, we rely // on PerformanceCounters to get the ProcessIds for both remote desktop // and the local machine, unlike Desktop on which we rely on PCs only for // remote machines. return(IsRemoteMachine(machineName) ? NtProcessManager.GetProcessIds(machineName, true) : GetProcessIds()); }
public static ProcessInfo[] GetProcessInfos(string machineName) { bool isRemoteMachine = IsRemoteMachine(machineName); // Do not use performance counter for local machine if (!isRemoteMachine) { return(NtProcessInfoHelper.GetProcessInfos()); } return(NtProcessManager.GetProcessInfos(machineName, isRemoteMachine)); }
// Due to the lack of support for EnumModules() on coresysserver. // We reply on PerformanceCounters to get the ProcessIds for both remote desktop // and the local machine unlike Desktop which reply on PCs only for remote machines. public static int[] GetProcessIds(string machineName) { if (IsRemoteMachine(machineName)) { return(NtProcessManager.GetProcessIds(machineName, true)); } else { return(GetProcessIds()); } }
public static int[] GetProcessIds(string machineName) { if (!IsRemoteMachine(machineName)) { return(GetProcessIds()); } if (!IsNt) { throw new PlatformNotSupportedException(SR.GetString("WinNTRequiredForRemote")); } return(NtProcessManager.GetProcessIds(machineName, true)); }
public static ProcessInfo[] GetProcessInfos(string machineName) { bool isRemoteMachine = IsRemoteMachine(machineName); if (IsNt) { if (!isRemoteMachine && (Environment.OSVersion.Version.Major >= 5)) { return(NtProcessInfoHelper.GetProcessInfos()); } return(NtProcessManager.GetProcessInfos(machineName, isRemoteMachine)); } if (isRemoteMachine) { throw new PlatformNotSupportedException(SR.GetString("WinNTRequiredForRemote")); } return(WinProcessManager.GetProcessInfos()); }
/// <summary>Gets process infos for each process on the specified machine.</summary> /// <param name="machineName">The target machine.</param> /// <returns>An array of process infos, one per found process.</returns> public static ProcessInfo[] GetProcessInfos(string machineName) { return(IsRemoteMachine(machineName) ? NtProcessManager.GetProcessInfos(machineName, isRemoteMachine: true) : NtProcessInfoHelper.GetProcessInfos()); }
/// <summary>Gets an array of module infos for the specified process.</summary> /// <param name="processId">The ID of the process whose modules should be enumerated.</param> /// <returns>The array of modules.</returns> public static ProcessModuleCollection GetModules(int processId) { return(NtProcessManager.GetModules(processId)); }
/// <summary>Gets the ID of a process from a handle to the process.</summary> /// <param name="processHandle">The handle.</param> /// <returns>The process ID.</returns> public static int GetProcessIdFromHandle(SafeProcessHandle processHandle) { return(NtProcessManager.GetProcessIdFromHandle(processHandle)); }
/// <summary>Gets the IDs of all processes on the current machine.</summary> public static int[] GetProcessIds() { return(NtProcessManager.GetProcessIds()); }
private static unsafe ProcessInfo[] GetProcessInfos(IntPtr dataPtr) { // Use a dictionary to avoid duplicate entries if any // 60 is a reasonable number for processes on a normal machine. Dictionary <int, ProcessInfo> processInfos = new Dictionary <int, ProcessInfo>(60); long totalOffset = 0; while (true) { IntPtr currentPtr = (IntPtr)((long)dataPtr + totalOffset); ref SystemProcessInformation pi = ref *(SystemProcessInformation *)(currentPtr); // get information for a process ProcessInfo processInfo = new ProcessInfo(); // Process ID shouldn't overflow. OS API GetCurrentProcessID returns DWORD. processInfo.ProcessId = pi.UniqueProcessId.ToInt32(); processInfo.SessionId = (int)pi.SessionId; processInfo.PoolPagedBytes = (long)pi.QuotaPagedPoolUsage;; processInfo.PoolNonPagedBytes = (long)pi.QuotaNonPagedPoolUsage; processInfo.VirtualBytes = (long)pi.VirtualSize; processInfo.VirtualBytesPeak = (long)pi.PeakVirtualSize; processInfo.WorkingSetPeak = (long)pi.PeakWorkingSetSize; processInfo.WorkingSet = (long)pi.WorkingSetSize; processInfo.PageFileBytesPeak = (long)pi.PeakPagefileUsage; processInfo.PageFileBytes = (long)pi.PagefileUsage; processInfo.PrivateBytes = (long)pi.PrivatePageCount; processInfo.BasePriority = pi.BasePriority; processInfo.HandleCount = (int)pi.HandleCount; if (pi.ImageName.Buffer == IntPtr.Zero) { if (processInfo.ProcessId == NtProcessManager.SystemProcessID) { processInfo.ProcessName = "System"; } else if (processInfo.ProcessId == NtProcessManager.IdleProcessID) { processInfo.ProcessName = "Idle"; } else { // for normal process without name, using the process ID. processInfo.ProcessName = processInfo.ProcessId.ToString(CultureInfo.InvariantCulture); } } else { string processName = GetProcessShortName(Marshal.PtrToStringUni(pi.ImageName.Buffer, pi.ImageName.Length / sizeof(char))); processInfo.ProcessName = processName; } // get the threads for current process processInfos[processInfo.ProcessId] = processInfo; currentPtr = (IntPtr)((long)currentPtr + Marshal.SizeOf(pi)); int i = 0; while (i < pi.NumberOfThreads) { ref SystemThreadInformation ti = ref *(SystemThreadInformation *)(currentPtr); ThreadInfo threadInfo = new ThreadInfo(); threadInfo._processId = (int)ti.ClientId.UniqueProcess; threadInfo._threadId = (ulong)ti.ClientId.UniqueThread; threadInfo._basePriority = ti.BasePriority; threadInfo._currentPriority = ti.Priority; threadInfo._startAddress = ti.StartAddress; threadInfo._threadState = (ThreadState)ti.ThreadState; threadInfo._threadWaitReason = NtProcessManager.GetThreadWaitReason((int)ti.WaitReason); processInfo._threadInfoList.Add(threadInfo); currentPtr = (IntPtr)((long)currentPtr + Marshal.SizeOf(ti)); i++; }
static ProcessInfo[] GetProcessInfos(IntPtr dataPtr) { // 60 is a reasonable number for processes on a normal machine. Dictionary <int, ProcessInfo> processInfos = new Dictionary <int, ProcessInfo>(60); long totalOffset = 0; while (true) { IntPtr currentPtr = (IntPtr)((long)dataPtr + totalOffset); SystemProcessInformation pi = new SystemProcessInformation(); Marshal.PtrToStructure(currentPtr, pi); // get information for a process ProcessInfo processInfo = new ProcessInfo(); // Process ID shouldn't overflow. OS API GetCurrentProcessID returns DWORD. processInfo._processId = pi.UniqueProcessId.ToInt32(); processInfo._handleCount = (int)pi.HandleCount; processInfo._sessionId = (int)pi.SessionId; processInfo._poolPagedBytes = (long)pi.QuotaPagedPoolUsage;; processInfo._poolNonpagedBytes = (long)pi.QuotaNonPagedPoolUsage; processInfo._virtualBytes = (long)pi.VirtualSize; processInfo._virtualBytesPeak = (long)pi.PeakVirtualSize; processInfo._workingSetPeak = (long)pi.PeakWorkingSetSize; processInfo._workingSet = (long)pi.WorkingSetSize; processInfo._pageFileBytesPeak = (long)pi.PeakPagefileUsage; processInfo._pageFileBytes = (long)pi.PagefileUsage; processInfo._privateBytes = (long)pi.PrivatePageCount; processInfo._basePriority = pi.BasePriority; if (pi.NamePtr == IntPtr.Zero) { if (processInfo._processId == NtProcessManager.SystemProcessID) { processInfo._processName = "System"; } else if (processInfo._processId == NtProcessManager.IdleProcessID) { processInfo._processName = "Idle"; } else { // for normal process without name, using the process ID. processInfo._processName = processInfo._processId.ToString(CultureInfo.InvariantCulture); } } else { string processName = GetProcessShortName(Marshal.PtrToStringUni(pi.NamePtr, pi.NameLength / sizeof(char))); processInfo._processName = processName; } // get the threads for current process processInfos[processInfo._processId] = processInfo; currentPtr = (IntPtr)((long)currentPtr + Marshal.SizeOf(pi)); int i = 0; while (i < pi.NumberOfThreads) { SystemThreadInformation ti = new SystemThreadInformation(); Marshal.PtrToStructure(currentPtr, ti); ThreadInfo threadInfo = new ThreadInfo(); threadInfo._processId = (int)ti.UniqueProcess; threadInfo._threadId = (int)ti.UniqueThread; threadInfo._basePriority = ti.BasePriority; threadInfo._currentPriority = ti.Priority; threadInfo._startAddress = ti.StartAddress; threadInfo._threadState = (ThreadState)ti.ThreadState; threadInfo._threadWaitReason = NtProcessManager.GetThreadWaitReason((int)ti.WaitReason); processInfo._threadInfoList.Add(threadInfo); currentPtr = (IntPtr)((long)currentPtr + Marshal.SizeOf(ti)); i++; } if (pi.NextEntryOffset == 0) { break; } totalOffset += pi.NextEntryOffset; } ProcessInfo[] temp = new ProcessInfo[processInfos.Values.Count]; processInfos.Values.CopyTo(temp, 0); return(temp); }
/// <summary>Gets process infos for each process on the specified machine.</summary> /// <param name="machineName">The target machine.</param> /// <returns>An array of process infos, one per found process.</returns> public static ProcessInfo[] GetProcessInfos(string machineName) { return(IsRemoteMachine(machineName) ? NtProcessManager.GetProcessInfos(machineName, true) : NtProcessInfoHelper.GetProcessInfos()); // Do not use performance counter for local machine }
private static ProcessInfo[] GetProcessInfos(IntPtr dataPtr) { IntPtr ptr; Hashtable hashtable = new Hashtable(60); long num = 0L; Label_000B: ptr = (IntPtr)(((long)dataPtr) + num); SystemProcessInformation structure = new SystemProcessInformation(); Marshal.PtrToStructure(ptr, structure); ProcessInfo info = new ProcessInfo { processId = structure.UniqueProcessId.ToInt32(), handleCount = (int)structure.HandleCount, sessionId = (int)structure.SessionId, poolPagedBytes = (long)((ulong)structure.QuotaPagedPoolUsage), poolNonpagedBytes = (long)((ulong)structure.QuotaNonPagedPoolUsage), virtualBytes = (long)((ulong)structure.VirtualSize), virtualBytesPeak = (long)((ulong)structure.PeakVirtualSize), workingSetPeak = (long)((ulong)structure.PeakWorkingSetSize), workingSet = (long)((ulong)structure.WorkingSetSize), pageFileBytesPeak = (long)((ulong)structure.PeakPagefileUsage), pageFileBytes = (long)((ulong)structure.PagefileUsage), privateBytes = (long)((ulong)structure.PrivatePageCount), basePriority = structure.BasePriority }; if (structure.NamePtr == IntPtr.Zero) { if (info.processId == NtProcessManager.SystemProcessID) { info.processName = "System"; } else if (info.processId == 0) { info.processName = "Idle"; } else { info.processName = info.processId.ToString(CultureInfo.InvariantCulture); } } else { string processShortName = GetProcessShortName(Marshal.PtrToStringUni(structure.NamePtr, structure.NameLength / 2)); if (ProcessManager.IsOSOlderThanXP && (processShortName.Length == 15)) { if (processShortName.EndsWith(".", StringComparison.OrdinalIgnoreCase)) { processShortName = processShortName.Substring(0, 14); } else if (processShortName.EndsWith(".e", StringComparison.OrdinalIgnoreCase)) { processShortName = processShortName.Substring(0, 13); } else if (processShortName.EndsWith(".ex", StringComparison.OrdinalIgnoreCase)) { processShortName = processShortName.Substring(0, 12); } } info.processName = processShortName; } hashtable[info.processId] = info; ptr = (IntPtr)(((long)ptr) + Marshal.SizeOf(structure)); for (int i = 0; i < structure.NumberOfThreads; i++) { SystemThreadInformation information2 = new SystemThreadInformation(); Marshal.PtrToStructure(ptr, information2); ThreadInfo info2 = new ThreadInfo { processId = (int)information2.UniqueProcess, threadId = (int)information2.UniqueThread, basePriority = information2.BasePriority, currentPriority = information2.Priority, startAddress = information2.StartAddress, threadState = (ThreadState)information2.ThreadState, threadWaitReason = NtProcessManager.GetThreadWaitReason((int)information2.WaitReason) }; info.threadInfoList.Add(info2); ptr = (IntPtr)(((long)ptr) + Marshal.SizeOf(information2)); } if (structure.NextEntryOffset != 0) { num += structure.NextEntryOffset; goto Label_000B; } ProcessInfo[] array = new ProcessInfo[hashtable.Values.Count]; hashtable.Values.CopyTo(array, 0); return(array); }