AutoHotkey Community

Posted: **15 Apr 2016, 07:31**

AHK Process Explorer
AHK implementation for Process Explorer / Taskmanager

EXPERIMENTAL - USE AT YOUR OWN RISK

Source (2017-10-20)

Class_ProcessExplorer.ahk (GitHub)

Examples

todo

Features (Function Lists)

- AdjustTokenPrivileges
- CloseHandle
- CreateToolhelp32Snapshot
- EnumProcessModulesEx
- GetModuleBaseAddr
- GetModuleFileNameEx
- GetPerformanceInfo
- GetPriorityClass
- GetProcessImageFileName
- GetProcessMemoryInfo
- GetProcessModules
- GetProcessName
- GetProcessThreads
- GetTickCount64
- GetTokenInformation
- GlobalMemoryStatusEx
- IsProcessCritical
- IsProcessElevated
- LookupAccountSid
- LookupPrivilegeValue
- Module32First
- Module32Next
- OpenProcess
- OpenProcessToken
- OpenThread
- Process32First
- Process32Next
- QueryFullProcessImageName
- SetDebugPrivilege
- Thread32First
- Thread32Next
- WTSEnumerateProcessesEx
- WTSFreeMemoryEx

Todo

- CPU usage
- CPU usage / process
- some other useful infos

Questions / Bugs / Issues

If you notice any kind of bugs or issues, report them here. Same for any kind of questions.

Copyright and License

MIT License

Posted: **15 Apr 2016, 17:23**

Nice one!!!
maybe add command Line column to show what command line the process is using i normally like to see that too

Posted: **16 Apr 2016, 10:57**

It would also be cool to see disk and network usage. And a column that shows which process is running elevated.

Posted: **05 May 2016, 00:33**

Looks good, but the same Name as the Microsoft Product, is that a good Idea?

https://technet.microsoft.com/en-us/sys ... 96653.aspx

Posted: **07 May 2016, 22:45**

Are you going to add more tools to it such as process suspension, reducing process priority etc. like the real Process Explorer (or Process Hacker, which is even better)?

Here's some code example for suspending calc.exe, maybe it'll help:

Spoiler

Posted: **09 May 2016, 03:43**

Since I got no time atm to work on it, I post the link to the beta source in top post.

Todo:
- WTSEnumerateProcessesEx 32-Bit (atm just 64-Bit works)
- GetProcessTimes

Feel free to work on / improve this project and / or add new features.
Post here what you got and maybe, if I got the time, I will add them into the main project.

Posted: **27 Aug 2016, 21:54**

Hi, How to obtain the "CommandLine"?
AND, Now it seems to be unable to work. WIN8-64 L1-32

Posted: **28 Aug 2016, 01:06**

lol good job:D

Posted: **20 Oct 2017, 03:49**

Source completely rewritten!

Posted: **17 May 2022, 15:20**

Hello, do you know a "faster" alternative to get a process command line than below?

Code: Select all

      For process in ComObjGet("winmgmts:").ExecQuery("Select * from Win32_Process where ProcessId=" pid)
         Return, process["CommandLine"]

Posted: **18 May 2022, 02:49**

@c7aesa7r
-> viewtopic.php?p=176837#p176837 by @teadrinker

Posted: **18 May 2022, 15:31**

c7aesa7r wrote: ↑
17 May 2022, 15:20
Hello, do you know a "faster" alternative to get a process command line than below?
Code: Select all
      For process in ComObjGet("winmgmts:").ExecQuery("Select * from Win32_Process where ProcessId=" pid)
         Return, process["CommandLine"]

If you want only a specific field, then dont use "SELECT * FROM". Better use "SELECT ProcessId, CommandLine FROM"

Posted: **18 May 2022, 15:35**

@KruschenZ could you give a working example? i didnt understand how to correctly fill it like you mentioned

Posted: **18 May 2022, 15:40**

c7aesa7r wrote: ↑
18 May 2022, 15:35
@KruschenZ could you give a working example? i didnt understand how to correctly fill it like you mentioned

Sure

Code: Select all

      For process in ComObjGet("winmgmts:").ExecQuery("Select ProcessId, CommandLine from Win32_Process where ProcessId=" pid)
         Return, process["CommandLine"]

I'm currently on my smartphone so... I hope it works for you

Posted: **30 May 2022, 08:05**

I'm using this function to constantly check for two specific processes, to detect when new ones are created or older ones are closed
with a delay of just 300ms its using 0,4% of CPU (i9990k) do you think there's another alternative that could use less resource?

Code: Select all

   GetProc(proc, proc2:="") {

      ; WTSEnumerateProcessesEx()
      ; https://www.autohotkey.com/boards/viewtopic.php?t=19323

      static hWTSAPI := DllCall("LoadLibrary", "str", "wtsapi32.dll", "ptr")

      If !(DllCall("wtsapi32\WTSEnumerateProcessesEx", "ptr", 0, "uint*", 0, "uint", -2, "ptr*", buf, "uint*", TTL))
         Throw Exception("WTSEnumerateProcessesEx failed", -1)

      addr       := buf
      arr        := {}
      arr[proc]  := []
      arr[proc2] := []

      Loop %TTL% {

         ProcessName := StrGet(NumGet(addr+8, "ptr"))

         If (ProcessName = proc) or (ProcessName = proc2) {
            PID      := NumGet(addr+4, "uint")
            arr[ProcessName].Push(PID)
         }

         addr += 8 + (A_PtrSize * 2)
         
      }

      If !(DllCall("wtsapi32\WTSFreeMemoryEx", "int", 0, "ptr", buf, "uint", TTL))
         Throw Exception("WTSFreeMemoryEx failed", -1)
     
      Return arr

   }

Posted: **31 May 2022, 02:34**

You could try (and / or modify) this: viewtopic.php?p=335596#p335596

Posted: **12 Jun 2022, 10:57**

I couldn't find any mention in your Process Explorer lib about ParentProcessId, would like to ask if you or maybe @teadrinker (someone else also welcome

) know any faster method than:

Code: Select all

pid:=5984
for process in ComObjGet("winmgmts:").ExecQuery("Select * from Win32_Process where ProcessId=" pid)
    parent:=process["ParentProcessId"]

msgbox % parent

Posted: **12 Jun 2022, 11:31**

Code: Select all

GetProcessParent(PID) {
   static MAX_PATH := 260, TH32CS_SNAPPROCESS := 2
   hSnap := DllCall("CreateToolhelp32Snapshot", "UInt", TH32CS_SNAPPROCESS, "UInt", 0, "Ptr")
   VarSetCapacity(PROCESSENTRY32, sz := 4*7 + A_PtrSize*2 + MAX_PATH << !!A_IsUnicode, 0)
   NumPut(sz, PROCESSENTRY32, "UInt")
   DllCall("Process32First", "Ptr", hSnap, "Ptr", &PROCESSENTRY32)
   Loop {
      if NumGet(PROCESSENTRY32, 4*2, "UInt") = PID {
         ParentPID := NumGet(PROCESSENTRY32, 4*4 + A_PtrSize*2, "UInt")
         break
      }
   } until !DllCall("Process32Next", "Ptr", hSnap, "Ptr", &PROCESSENTRY32)
   DllCall("CloseHandle", "Ptr", hSnap)
   Return ParentPID
}

Posted: **12 Jun 2022, 12:29**

Thank you teadrinker and jNizM!!! always helping a lot.
What other information is available using this method?

Code: Select all

ParentPID := NumGet(PROCESSENTRY32, 4*4 + A_PtrSize*2, "UInt")

The comobj method is very slow, and even more slow when you have a lot of process open.

Posted: **12 Jun 2022, 13:22**

You can see here: PROCESSENTRY32

AutoHotkey Community

Process Explorer

Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer

Re: Process Explorer