tags:

views:

29

answers:

1
Q: 

Construct Process Tree in Windows

Hi,

To construct a process tree in Windows "C" given a PID, which one is a good approach to go for Win2k, XP, Windows Server 2008, Windows 7.

  1. ZwQuerySystemInformation
  2. NtQuerySystemInformation
  3. CreateToolhelp32Snapshot

I remember ToolHelp had issue in leaking memory for win2k. Please correct me if I am wrong.

And using ZwQuerySystemInformation/NtQuerySystemInformation, I am not sure what the // System Information Class 5 structure should be for 64-bit architecture. Can someone provide pointers to it?

-Karthik

+1  A: 

Off the top of my head, the documented ways to list processes include:

  • WTSEnumerateProcesses (Must delayload, call will fail if Terminal Services/Fastuserswitching is off)
  • EnumProcesses (Only a list of PID's)
  • CreateToolhelp32Snapshot
  • Performance Counters
  • WMI
Anders  2010-07-22 20:11:48

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)