public static Dictionary <int, Process> get_process_list()
{
//Dictionary<string, Process> returnable_processes_ = new Dictionary<string, Process>();
Dictionary <int, Process> returnable_processes_ = new Dictionary <int, Process>();
IntPtr HANLDE_Processes = CreateToolhelp32SnapshotRtlMoveMemory(2, 0);
PROCESSENTRY32W p32Iw = new PROCESSENTRY32W();
int size = System.Runtime.InteropServices.Marshal.SizeOf(typeof(PROCESSENTRY32W));
p32Iw.dwSize = Convert.ToUInt32(size);
//IntPtr p32IntPtr = Marshal.AllocHGlobal(Marshal.SizeOf(p32Iw));
//Marshal.StructureToPtr(p32Iw, p32IntPtr, false);
bool blFirstProcess = Process32First(HANLDE_Processes, ref p32Iw); // returns false no matter what?
int x = Marshal.GetLastWin32Error();
if (blFirstProcess)
{
do
{
int PID = (int)p32Iw.th32ProcessID;
returnable_processes_.Add(PID, new Process());
Console.WriteLine(p32Iw.szExeFile);
}while (Process32Next(HANLDE_Processes, ref p32Iw));
}
return(returnable_processes_);
}
public static extern bool Process32Next(IntPtr hSnapshot, ref PROCESSENTRY32W lppe);
public void Start()
{
IntPtr HANLDE_Processes = CreateToolhelp32Snapshot(2, 0);
PROCESSENTRY32W p32Iw = new PROCESSENTRY32W();
int size = Marshal.SizeOf(typeof(PROCESSENTRY32W));
p32Iw.dwSize = Convert.ToUInt32(size);
bool blFirstProcess = Process32FirstW(HANLDE_Processes, ref p32Iw);
//int x = Marshal.GetLastWin32Error();
if (blFirstProcess)
{
do
{
// get the process ID for testing
int PID = (int)p32Iw.th32ProcessID;
// always skip when processID = 0 or 4 which are system critical, or is equal to my processID or my parent process
// theory behind skipping the parent process is that it is conhost in a console app, explorer.exe if run by the user
// in a GUI based app, or another app in a suite that is using this app as part of it's functionality.
if (PID != 0 && PID != 4 && PID != _myPID && PID != _myParentPID)
{
// check for child processes of this process and skip them, not that KillEmAll.NET does this but other apps I might use this class in might...
// so get the parent process ID and make sure that isn't me.
int ParentPID = (int)p32Iw.th32ParentProcessID;
if (ParentPID != _myPID)
{
// get the filename
string filename = p32Iw.szExeFile.ToLower();
// ensure we have a filename string, not sure why this would ever be empty but maybe I ran into it once, I don't recall...
if (!string.IsNullOrEmpty(filename.Trim()))
{
// another quick check for system critical processes (that aren't actually files with extensions)
if (!processIsSystemCritical(filename))
{
// check the filename only whitelist
if (!_internalFileNames.ContainsKey(filename))
{
// check an array of partial filenames
bool bPartialMatch = false;
foreach (string partialName in _internalPartialFileNameArray)
{
if (filename.Contains(partialName))
{
bPartialMatch = true;
break;
}
}
// if no match, proceed
if (!bPartialMatch)
{
// check the dictionary we created with a whitelist
if (!_allowList.ContainsKey(filename.ToLower()))
{
// get the full path AFTER the checks above, because getPathFromPID can throw an exception trying to OpenProcess on PID=0, etc.
string fullPath = getPathFromPID(PID).ToLower();
if (fullPath.Contains("\\"))
{
// check d7x 3rd party tools path and ignore anything in there
if (!in3ptDir(fullPath))
{
// we have a full path, so check against full path whitelist
if (!_internalWindowsFiles.ContainsKey(fullPath))
{
killProcess(PID, filename, fullPath);
}
}
}
else
{
// on failure to identify a full path, work with the filenames only.
// many Windows files and possibly others will fail path identification when this app is running at user level;
// chances are if we can't identify the path we probably can't terminate the app either, but no harm in trying anyway...
if (!_internalWindowsFileNames.ContainsKey(filename))
{
killProcess(PID, filename);
}
}
}
}
}
}
}
}
}
}while (Process32NextW(HANLDE_Processes, ref p32Iw));
}
}
