EnumProcesses
EnumProcesses
TheEnumProcessesfunction retrieves the process identifier for each process object in the system.
BOOL EnumProcesses(
DWORD* pProcessIds,
DWORD cb,
DWORD* pBytesReturned
);
Parameters
pProcessIds
[out] Pointer to an array that receives the list of process identifiers.
cb
Size of the pProcessIds array, in bytes.
pBytesReturned
[out] Number of bytes returned in the pProcessIds array.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
It is a good idea to use a large array, because it is hard to predict how many processes there will be at the time you call EnumProcesses.
To determine how many processes were enumerated, divide the pBytesReturned value by sizeof(DWORD). There is no indication given when the buffer is too small to store all process identifiers. Therefore, if pBytesReturned equals cb, consider retrying the call with a larger array.
To obtain process handles for the processes whose identifiers you have just obtained, call the OpenProcess function.
Requirements
Client RequiresWindows XP, Windows 2000 Professional, or Windows NT Workstation 4.0.
Server RequiresWindows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.
HeaderDeclared in Psapi.h.
LibraryLink to Psapi.lib.
DLLRequires Psapi.dll.
Example Code
For an example, see Enumerating All Processes or Enumerating All Modules for a Process.
Enumerating All Modules For a Process
To determine which processes have loaded a particular DLL, you must enumerate the modules for each process. The following sample code uses the EnumProcessModules function to enumerate the modules of current processes in the system.
#include <windows.h>
#include <stdio.h>
#include "psapi.h"
void PrintModules( DWORD processID )
{
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
unsigned int i;
// Print the process identifier.
printf( "
Process ID: %u
", processID );
// Get a list of all the modules in this process.
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
if (NULL == hProcess)
return;
if( EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
{
for ( i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ )
{
char szModName[MAX_PATH];
// Get the full path to the module's file.
if ( GetModuleFileNameEx( hProcess, hMods, szModName,
sizeof(szModName)))
{
// Print the module name and handle value.
printf("%s (0x%08X)
", szModName, hMods );
}
}
}
CloseHandle( hProcess );
}
void main( )
{
// Get the list of process identifiers.
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return;
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name of the modules for each process.
for ( i = 0; i < cProcesses; i++ )
PrintModules( aProcesses);
}
The main function obtains a list of processes by using the EnumProcesses function. For each process, the main function calls the PrintModules function, passing it the process identifier. PrintModules in turn calls the OpenProcess function to obtain the process handle. If OpenProcess fails, the output shows only the process identifier. For example, OpenProcess fails for the Idle and CSRSS processes because their access restrictions prevent user-level code from opening them. Next, PrintModules calls the EnumProcessModules function to obtain the module handles function. Finally, PrintModules calls the GetModuleFileNameEx function, once for each module, to obtain the module names.