From: Rick Howard [rhoward@ontrack.com]
Sent: Wednesday, August 18, 1999 3:52 PM
To: ateeqp; ntdev@atria.com
Cc: muktar; zain peerzade; amjad inamdar
Subject: RE: [ntdev] Process Name

Here you go.
Rick Howard
Ontrack Data International
 
#define PROCESS_SIZE        MAX_PATH
#define STATUS_INFO_LENGTH_MISMATCH      ( ( long ) 0xC0000004L )
 
//
// task list structure
//
typedef struct _TASK_ENTRY
{
 DWORD dwProcessId;
 DWORD dwInheritedFromProcessId;
 BOOL flags;
 HWND hwnd;
 TCHAR ProcessName[ PROCESS_SIZE ];
 TCHAR WindowTitle[ TITLE_SIZE ];
} TASK_ENTRY, *PTASK_ENTRY, *PTASK_LIST;
 
typedef struct _TASK_LIST_ENUM
{
 PTASK_LIST tlist;
 DWORD  numtasks;
} TASK_LIST_ENUM, *PTASK_LIST_ENUM;
 
typedef struct _tagThreadInfo
{
        FILETIME ftCreationTime;
        DWORD dwUnknown1;
        DWORD dwStartAddress;
        DWORD dwOwningPID;
        DWORD dwThreadID;
        DWORD dwCurrentPriority;
        DWORD dwBasePriority;
        DWORD dwContextSwitches;
        DWORD dwThreadState;
  DWORD dwWaitReason;
        DWORD dwUnknown2[ 5 ];
} THREADINFO, *PTHREADINFO;
 
#pragma warning( disable:4200 )
typedef struct _tagProcessInfo
{
        DWORD dwOffset;
        DWORD dwThreadCount;
        DWORD dwUnknown1[ 6 ];
        FILETIME ftCreationTime;
        DWORD dwUnknown2[ 5 ];
        WCHAR* pszProcessName;
        DWORD dwBasePriority;
        DWORD dwProcessID;
        DWORD dwParentProcessID;
        DWORD dwHandleCount;
        DWORD dwUnknown3;
        DWORD dwUnknown4;
        DWORD dwVirtualBytesPeak;
        DWORD dwVirtualBytes;
        DWORD dwPageFaults;
        DWORD dwWorkingSetPeak;
        DWORD dwWorkingSet;
        DWORD dwUnknown5;
        DWORD dwPagedPool;
        DWORD dwUnknown6;
        DWORD dwNonPagedPool;
        DWORD dwPageFileBytesPeak;
        DWORD dwPrivateBytes;
        DWORD dwPageFileBytes;
        DWORD dwUnknown7[ 4 ];
        THREADINFO ti[ 0 ];
} _PROCESSINFO, *PPROCESSINFO;
#pragma warning( default:4200 )
 
long ( __stdcall *NtQuerySystemInformation )( ULONG, PVOID, ULONG, ULONG ) = NULL;

void GetProcessName(LPTSTR lpProcessName, DWORD dwPid)
{
 PBYTE pbyInfo = NULL;
 DWORD cInfoSize = 0x2000;
 
 if ( !NtQuerySystemInformation )
  NtQuerySystemInformation = ( long ( __stdcall * )( ULONG, PVOID, ULONG, ULONG ) ) GetProcAddress( GetModuleHandle( "ntdll.dll" ), "NtQuerySystemInformation" );
 
 _tcscpy( lpProcessName, _T( "[ Unknown ]" ) );
 
 pbyInfo = ( PBYTE ) malloc( cInfoSize );
 
 if ( pbyInfo )
 {
  while ( NtQuerySystemInformation( 5, pbyInfo, cInfoSize, 0 ) == STATUS_INFO_LENGTH_MISMATCH )
  {
   cInfoSize += 0x2000;
   pbyInfo = ( PBYTE ) realloc( pbyInfo, cInfoSize );
  }
 
  PPROCESSINFO pProcessInfo = ( PPROCESSINFO ) pbyInfo;
 
  bool bLast = false;
  do
  {
   if ( pProcessInfo->dwOffset == 0 )
    bLast = true;
   if ( pProcessInfo->pszProcessName )
   {
    if ( pProcessInfo->dwProcessID == dwPid )
    {
#ifdef UNICODE
     _tcscpy( lpProcessName, pProcessInfo->pszProcessName );
#else
     wcstombs( lpProcessName, pProcessInfo->pszProcessName, PROCESS_SIZE );
#endif
     break;
    }
   }
   pProcessInfo = ( PPROCESSINFO ) ( ( PBYTE ) pProcessInfo + pProcessInfo->dwOffset );
  } while( bLast == false );
 
  free( pbyInfo );
}
}

    -----Original Message-----
    From: owner-ntdev@atria.com [mailto:owner-ntdev@atria.com]On Behalf Of ateeqp
    Sent: Wednesday, August 18, 1999 7:14 AM
    To: ntdev@atria.com
    Cc: muktar; zain peerzade; amjad inamdar
    Subject: [ntdev] Process Name
    
    
    Hello,
    Can somebody please tell me how to get the name of the process or processes running(All) .I need the process name and not a handle to it.
    Your replies will be highly appreciated.
    Thanks in advance
       luv
     Ateeq
