EzProcess

akyprian

4.74/5 (29 votes)

20 Oct 2007GPL32 min read

1.7K

A processes and threads manager application.

Introduction

EzProcess is a GUI executable application that displays information about all running processes: Process Name, Process ID, Parent ID, and Priority. In addition, all the threads (together with their base priority) and loaded modules (DLLs) of the selected process are displayed.

Internals

EzProcess is based on seven API Functions, namely, CreateToolhelp32Snapshot, Process32First, Process32Next, Thread32First, Thread32Next, Module32First, and Module32Next.

Getting all running processes

A snapshot is created by calling the CreateToolhelp32Snapshot API function with the TH32CS_SNAPPROCESS OR TH32CS_SNAPTHREAD flags. After that, a call to the Process32First API function retrieves information about the first process encountered in the system snapshot we have created. Finally, calling Process32Next repeatedly, information about all processes recorded in the snapshot is retrieved. The code is:

ASM

Invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS OR TH32CS_SNAPTHREAD, NULL
MOV hSnapShot,EAX

;Get first process
MOV ProcEntry32.dwSize,SizeOf PROCESSENTRY32
Invoke Process32First,hSnapShot,ADDR ProcEntry32
@@:
.If EAX
    ;Display
    ;Process
    ;Information
    ;
    ;
    ;Get Next process
    Invoke Process32Next,hSnapShot,ADDR ProcEntry32
     
    JMP @B
.EndIf

Getting the threads of the selected process

A call to the Thread32First API function retrieves information about the first thread of any process encountered in the snapshot created above. If the identifier of the process that created the thread (ThreadEntry32.th32OwnerProcessID) is the ID of the selected process, then it is displayed. Calling Thread32Next repeatedly and comparing the IDs as explained above, information about all threads of the selected process is retrieved. The code is:

ASM

;Get first thread
MOV ThreadEntry32.dwSize,SizeOf THREADENTRY32
Invoke Thread32First,hSnapShot,ADDR ThreadEntry32
@@:
.If EAX
    .If ThreadEntry32.th32OwnerProcessID==EDI
        ;Display
        ;Thread
        ;Information
        ;
        ;
        ;   
    .EndIf
  
    ;Get Next Thread
    Invoke Thread32Next,hSnapShot,ADDR ThreadEntry32
  
    JMP @B
.EndIf

Getting the modules associated with the selected Process

In order to get the modules associated with the selected process, we need to take a new snapshot that includes the module list of the specified process. Using the newly created snapshot, we iterate through all modules associated with the specified process, by using the API functions Module32First and Module32Next. The code is:

ASM

;Let's create a new snapshot that includes the module list of the specified  process
Invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,EDI
MOV EBX,EAX
     
;Get first Module
MOV ModuleEntry32.dwSize,SizeOf MODULEENTRY32
Invoke Module32First,EBX,ADDR ModuleEntry32
@@:
.If EAX
    ;Display
    ;Module
    ;Information
    ;
    ;
    ;Get Next Module
    Invoke Module32Next,EBX,ADDR ModuleEntry32
    JMP @B
.EndIf
Invoke CloseHandle,EBX

Extended Functionality

In addition, the EzProcess Processes/Threads Manager is able to kill a selected process. This is done as follows:

ASM

Invoke OpenProcess,PROCESS_TERMINATE, FALSE,lvi.lParam ;where lvi.lParam is the process ID
.If EAX
    MOV EBX,EAX ;hProcess
    Invoke TerminateProcess,EBX,0
    .If !EAX
        Invoke ErrorMessage
    .EndIf
    Invoke CloseHandle,EBX ;hProcess
.Else
    Invoke ErrorMessage
.EndIf

Final Note

EzProcess is a project under heavy development, and Jupiter has undertaken to improve it. You can always check for a newer version at the Projects forum of the WinAsm Studio board.

Edit

New version, v1.82, has been released (full source code). You can find it at EzProcess.

License

This article, along with any associated source code and files, is licensed under The GNU General Public License (GPLv3)