Process Explorer

Post your working scripts, libraries and tools for AHK v1.1 and older
User avatar
jNizM
Posts: 3183
Joined: 30 Sep 2013, 01:33
Contact:

Process Explorer

15 Apr 2016, 07:31

AHK Process Explorer
AHK implementation for Process Explorer / Taskmanager

:!: EXPERIMENTAL - USE AT YOUR OWN RISK :!:


Source (2017-10-20)
Class_ProcessExplorer.ahk (GitHub)


Examples
todo


Features (Function Lists)
- AdjustTokenPrivileges
- CloseHandle
- CreateToolhelp32Snapshot
- EnumProcessModulesEx
- GetModuleBaseAddr
- GetModuleFileNameEx
- GetPerformanceInfo
- GetPriorityClass
- GetProcessImageFileName
- GetProcessMemoryInfo
- GetProcessModules
- GetProcessName
- GetProcessThreads
- GetTickCount64
- GetTokenInformation
- GlobalMemoryStatusEx
- IsProcessCritical
- IsProcessElevated
- LookupAccountSid
- LookupPrivilegeValue
- Module32First
- Module32Next
- OpenProcess
- OpenProcessToken
- OpenThread
- Process32First
- Process32Next
- QueryFullProcessImageName
- SetDebugPrivilege
- Thread32First
- Thread32Next
- WTSEnumerateProcessesEx
- WTSFreeMemoryEx


Todo
- CPU usage
- CPU usage / process
- some other useful infos


Questions / Bugs / Issues
If you notice any kind of bugs or issues, report them here. Same for any kind of questions.


Copyright and License
MIT License
[AHK] v2.0.5 | [WIN] 11 Pro (Version 22H2) | [GitHub] Profile
Xatmo

Re: Process Explorer

15 Apr 2016, 17:23

Nice one!!!
maybe add command Line column to show what command line the process is using i normally like to see that too
Bruttosozialprodukt
Posts: 463
Joined: 24 Jan 2014, 22:28

Re: Process Explorer

16 Apr 2016, 10:57

It would also be cool to see disk and network usage. And a column that shows which process is running elevated.
Best-Code-in-Use
Posts: 184
Joined: 01 Dec 2015, 05:13
Location: Germany

05 May 2016, 00:33

Looks good, but the same Name as the Microsoft Product, is that a good Idea?

https://technet.microsoft.com/en-us/sys ... 96653.aspx
Greetings Best-Code-in-Use
User avatar
WAZAAAAA
Posts: 88
Joined: 13 Jan 2015, 19:48

Re: Process Explorer

07 May 2016, 22:45

Are you going to add more tools to it such as process suspension, reducing process priority etc. like the real Process Explorer (or Process Hacker, which is even better)?

Here's some code example for suspending calc.exe, maybe it'll help:
Spoiler
YOU'RE NOT ALEXANDER
User avatar
jNizM
Posts: 3183
Joined: 30 Sep 2013, 01:33
Contact:

Re: Process Explorer

09 May 2016, 03:43

Since I got no time atm to work on it, I post the link to the beta source in top post.

Todo:
- WTSEnumerateProcessesEx 32-Bit (atm just 64-Bit works)
- GetProcessTimes

Feel free to work on / improve this project and / or add new features.
Post here what you got and maybe, if I got the time, I will add them into the main project.
[AHK] v2.0.5 | [WIN] 11 Pro (Version 22H2) | [GitHub] Profile
arcticir
Posts: 693
Joined: 17 Nov 2013, 11:32

Re: Process Explorer

27 Aug 2016, 21:54

Hi, How to obtain the "CommandLine"?
AND, Now it seems to be unable to work. WIN8-64 L1-32
loter
Posts: 38
Joined: 26 May 2016, 00:35

Re: Process Explorer

28 Aug 2016, 01:06

lol good job:D
User avatar
jNizM
Posts: 3183
Joined: 30 Sep 2013, 01:33
Contact:

Re: Process Explorer

20 Oct 2017, 03:49

Source completely rewritten!
[AHK] v2.0.5 | [WIN] 11 Pro (Version 22H2) | [GitHub] Profile
c7aesa7r
Posts: 209
Joined: 02 Jun 2016, 21:09

Re: Process Explorer

17 May 2022, 15:20

Hello, do you know a "faster" alternative to get a process command line than below?

Code: Select all

      For process in ComObjGet("winmgmts:").ExecQuery("Select * from Win32_Process where ProcessId=" pid)
         Return, process["CommandLine"]
User avatar
jNizM
Posts: 3183
Joined: 30 Sep 2013, 01:33
Contact:

Re: Process Explorer

18 May 2022, 02:49

@c7aesa7r
-> viewtopic.php?p=176837#p176837 by @teadrinker
[AHK] v2.0.5 | [WIN] 11 Pro (Version 22H2) | [GitHub] Profile
User avatar
KruschenZ
Posts: 44
Joined: 20 Jan 2021, 07:05
Location: Germany (Rheinhessen)
Contact:

Re: Process Explorer

18 May 2022, 15:31

c7aesa7r wrote:
17 May 2022, 15:20
Hello, do you know a "faster" alternative to get a process command line than below?

Code: Select all

      For process in ComObjGet("winmgmts:").ExecQuery("Select * from Win32_Process where ProcessId=" pid)
         Return, process["CommandLine"]
If you want only a specific field, then dont use "SELECT * FROM". Better use "SELECT ProcessId, CommandLine FROM"
c7aesa7r
Posts: 209
Joined: 02 Jun 2016, 21:09

Re: Process Explorer

18 May 2022, 15:35

@KruschenZ could you give a working example? i didnt understand how to correctly fill it like you mentioned
User avatar
KruschenZ
Posts: 44
Joined: 20 Jan 2021, 07:05
Location: Germany (Rheinhessen)
Contact:

Re: Process Explorer

18 May 2022, 15:40

c7aesa7r wrote:
18 May 2022, 15:35
@KruschenZ could you give a working example? i didnt understand how to correctly fill it like you mentioned
Sure

Code: Select all

      For process in ComObjGet("winmgmts:").ExecQuery("Select ProcessId, CommandLine from Win32_Process where ProcessId=" pid)
         Return, process["CommandLine"]

I'm currently on my smartphone so... I hope it works for you
c7aesa7r
Posts: 209
Joined: 02 Jun 2016, 21:09

Re: Process Explorer

30 May 2022, 08:05

I'm using this function to constantly check for two specific processes, to detect when new ones are created or older ones are closed
with a delay of just 300ms its using 0,4% of CPU (i9990k) do you think there's another alternative that could use less resource?

Code: Select all

   GetProc(proc, proc2:="") {

      ; WTSEnumerateProcessesEx()
      ; https://www.autohotkey.com/boards/viewtopic.php?t=19323

      static hWTSAPI := DllCall("LoadLibrary", "str", "wtsapi32.dll", "ptr")

      If !(DllCall("wtsapi32\WTSEnumerateProcessesEx", "ptr", 0, "uint*", 0, "uint", -2, "ptr*", buf, "uint*", TTL))
         Throw Exception("WTSEnumerateProcessesEx failed", -1)

      addr       := buf
      arr        := {}
      arr[proc]  := []
      arr[proc2] := []

      Loop %TTL% {

         ProcessName := StrGet(NumGet(addr+8, "ptr"))

         If (ProcessName = proc) or (ProcessName = proc2) {
            PID      := NumGet(addr+4, "uint")
            arr[ProcessName].Push(PID)
         }

         addr += 8 + (A_PtrSize * 2)
         
      }

      If !(DllCall("wtsapi32\WTSFreeMemoryEx", "int", 0, "ptr", buf, "uint", TTL))
         Throw Exception("WTSFreeMemoryEx failed", -1)
     
      Return arr

   }
User avatar
jNizM
Posts: 3183
Joined: 30 Sep 2013, 01:33
Contact:

Re: Process Explorer

31 May 2022, 02:34

You could try (and / or modify) this: viewtopic.php?p=335596#p335596
[AHK] v2.0.5 | [WIN] 11 Pro (Version 22H2) | [GitHub] Profile
c7aesa7r
Posts: 209
Joined: 02 Jun 2016, 21:09

Re: Process Explorer

12 Jun 2022, 10:57

I couldn't find any mention in your Process Explorer lib about ParentProcessId, would like to ask if you or maybe @teadrinker (someone else also welcome :D) know any faster method than:

Code: Select all

pid:=5984
for process in ComObjGet("winmgmts:").ExecQuery("Select * from Win32_Process where ProcessId=" pid)
    parent:=process["ParentProcessId"]

msgbox % parent
teadrinker
Posts: 4309
Joined: 29 Mar 2015, 09:41
Contact:

Re: Process Explorer

12 Jun 2022, 11:31

Code: Select all

GetProcessParent(PID) {
   static MAX_PATH := 260, TH32CS_SNAPPROCESS := 2
   hSnap := DllCall("CreateToolhelp32Snapshot", "UInt", TH32CS_SNAPPROCESS, "UInt", 0, "Ptr")
   VarSetCapacity(PROCESSENTRY32, sz := 4*7 + A_PtrSize*2 + MAX_PATH << !!A_IsUnicode, 0)
   NumPut(sz, PROCESSENTRY32, "UInt")
   DllCall("Process32First", "Ptr", hSnap, "Ptr", &PROCESSENTRY32)
   Loop {
      if NumGet(PROCESSENTRY32, 4*2, "UInt") = PID {
         ParentPID := NumGet(PROCESSENTRY32, 4*4 + A_PtrSize*2, "UInt")
         break
      }
   } until !DllCall("Process32Next", "Ptr", hSnap, "Ptr", &PROCESSENTRY32)
   DllCall("CloseHandle", "Ptr", hSnap)
   Return ParentPID
}
c7aesa7r
Posts: 209
Joined: 02 Jun 2016, 21:09

Re: Process Explorer

12 Jun 2022, 12:29

Thank you teadrinker and jNizM!!! always helping a lot.
What other information is available using this method?

Code: Select all

ParentPID := NumGet(PROCESSENTRY32, 4*4 + A_PtrSize*2, "UInt")
The comobj method is very slow, and even more slow when you have a lot of process open.
teadrinker
Posts: 4309
Joined: 29 Mar 2015, 09:41
Contact:

Re: Process Explorer

12 Jun 2022, 13:22

You can see here: PROCESSENTRY32

Return to “Scripts and Functions (v1)”

Who is online

Users browsing this forum: No registered users and 159 guests