public static Dictionary <int, Process> get_process_list() { //Dictionary<string, Process> returnable_processes_ = new Dictionary<string, Process>(); Dictionary <int, Process> returnable_processes_ = new Dictionary <int, Process>(); IntPtr HANLDE_Processes = CreateToolhelp32SnapshotRtlMoveMemory(2, 0); PROCESSENTRY32W p32Iw = new PROCESSENTRY32W(); int size = System.Runtime.InteropServices.Marshal.SizeOf(typeof(PROCESSENTRY32W)); p32Iw.dwSize = Convert.ToUInt32(size); //IntPtr p32IntPtr = Marshal.AllocHGlobal(Marshal.SizeOf(p32Iw)); //Marshal.StructureToPtr(p32Iw, p32IntPtr, false); bool blFirstProcess = Process32First(HANLDE_Processes, ref p32Iw); // returns false no matter what? int x = Marshal.GetLastWin32Error(); if (blFirstProcess) { do { int PID = (int)p32Iw.th32ProcessID; returnable_processes_.Add(PID, new Process()); Console.WriteLine(p32Iw.szExeFile); }while (Process32Next(HANLDE_Processes, ref p32Iw)); } return(returnable_processes_); }
public static extern bool Process32Next(IntPtr hSnapshot, ref PROCESSENTRY32W lppe);
public void Start() { IntPtr HANLDE_Processes = CreateToolhelp32Snapshot(2, 0); PROCESSENTRY32W p32Iw = new PROCESSENTRY32W(); int size = Marshal.SizeOf(typeof(PROCESSENTRY32W)); p32Iw.dwSize = Convert.ToUInt32(size); bool blFirstProcess = Process32FirstW(HANLDE_Processes, ref p32Iw); //int x = Marshal.GetLastWin32Error(); if (blFirstProcess) { do { // get the process ID for testing int PID = (int)p32Iw.th32ProcessID; // always skip when processID = 0 or 4 which are system critical, or is equal to my processID or my parent process // theory behind skipping the parent process is that it is conhost in a console app, explorer.exe if run by the user // in a GUI based app, or another app in a suite that is using this app as part of it's functionality. if (PID != 0 && PID != 4 && PID != _myPID && PID != _myParentPID) { // check for child processes of this process and skip them, not that KillEmAll.NET does this but other apps I might use this class in might... // so get the parent process ID and make sure that isn't me. int ParentPID = (int)p32Iw.th32ParentProcessID; if (ParentPID != _myPID) { // get the filename string filename = p32Iw.szExeFile.ToLower(); // ensure we have a filename string, not sure why this would ever be empty but maybe I ran into it once, I don't recall... if (!string.IsNullOrEmpty(filename.Trim())) { // another quick check for system critical processes (that aren't actually files with extensions) if (!processIsSystemCritical(filename)) { // check the filename only whitelist if (!_internalFileNames.ContainsKey(filename)) { // check an array of partial filenames bool bPartialMatch = false; foreach (string partialName in _internalPartialFileNameArray) { if (filename.Contains(partialName)) { bPartialMatch = true; break; } } // if no match, proceed if (!bPartialMatch) { // check the dictionary we created with a whitelist if (!_allowList.ContainsKey(filename.ToLower())) { // get the full path AFTER the checks above, because getPathFromPID can throw an exception trying to OpenProcess on PID=0, etc. string fullPath = getPathFromPID(PID).ToLower(); if (fullPath.Contains("\\")) { // check d7x 3rd party tools path and ignore anything in there if (!in3ptDir(fullPath)) { // we have a full path, so check against full path whitelist if (!_internalWindowsFiles.ContainsKey(fullPath)) { killProcess(PID, filename, fullPath); } } } else { // on failure to identify a full path, work with the filenames only. // many Windows files and possibly others will fail path identification when this app is running at user level; // chances are if we can't identify the path we probably can't terminate the app either, but no harm in trying anyway... if (!_internalWindowsFileNames.ContainsKey(filename)) { killProcess(PID, filename); } } } } } } } } } }while (Process32NextW(HANLDE_Processes, ref p32Iw)); } }