0

When it comes to the Windows 7 task manager, I was easily able to get the process count, etc because the processes were stored in a traditional listview control that I could access using SendMessage functions. For explorer/win10 task mgr/etc however the list control that the processes are stored in does not seem to be a traditional control and seems to be a custom control. I was wondering if there is any documentation on the custom controls that Microsoft uses in their newer system applications, and/or if I can access them using SendMessage or something of the sort like I did before?

 //Get the handle of the list..you can find the handle in win7&10 pretty easily
 FindWindowExA(...parent,IntPtr.Zero,"SysListView32","Processes");//=listview handle
 
 //Sending a message to get the number of processes for instance, works in windows 7 only
 SendMessageA(process list handle,(IntPtr)0x1004,IntPtr.Zero,null);//=process count

If not, is it worth to try to debug my self how to access the list, or is that a bad idea? Why? I have a c# application and have no problem porting C++ methods with PInvoke. Thanks

πάντα ῥεῖ
  • 1
  • 13
  • 116
  • 190
jake
  • 25
  • 1
  • 5
  • Could you pick a language please? – πάντα ῥεῖ Sep 09 '20 at 18:15
  • 2
    Why do you want to get that list from the Task Manager? Just use https://learn.microsoft.com/en-us/windows/win32/psapi/enumerating-all-processes – Vlad Feinstein Sep 09 '20 at 18:23
  • 2
    Getting list of processes from Task manager sounds like very ... strange. Why can't you just do that normally via code https://stackoverflow.com/questions/648410/how-can-i-list-all-processes-running-in-windows? – Alexei Levenkov Sep 09 '20 at 18:26
  • Alexei Levenkov I don't want to only get the list of processes. I want to get the access to the handle of the control of the list of processes (which will include memory,cpu etc) and will give me full access of the list view as I have done before for windows 7, and besides, the list of processes displayed on non-elevated task manager sometimes is different from Process.GetProcesses().Where(owner==environment.username), so it is more accurate. Regardless my goal is immutable – jake Sep 09 '20 at 18:39
  • 1
    (off-topic: I was about to answer your other question https://stackoverflow.com/questions/64070927/subtracting-by-value-from-stack when you deleted it. It might be a duplicate so no real to reopen, but https://godbolt.org/z/rcWcox shows that compilers do this in practice. See also [Micro fusion and addressing modes](https://stackoverflow.com/q/26046634) and https://agner.org/optimize/ for more about performance of memory source operands.) – Peter Cordes Sep 25 '20 at 20:40

1 Answers1

1

Don't do that. Task Manager isn't doing any magic. It uses Windows APIs to get the list of processes, enumerate it, and obtain details. What you're doing is actually harder to get right than simply replicating what Task Manager is doing internally. A good starting point would be the Process Status API (psapi), and there are other APIs that will allow to get resource usage information etc. All it takes to figure out is a "stroll" through WINAPI documentation (admittedly sparse here and there). If in doubt, use a debugger to break the task manager and see what API calls it makes, or use depends tool to see what APIs it uses so that you'd get an idea where to look. You can also use reverse-engineering tools like IDA-Pro to do partial disassembly and look for API calls.

Kuba hasn't forgotten Monica
  • 95,931
  • 16
  • 151
  • 313
  • what debugger would I use to go about that? – jake Sep 09 '20 at 19:01
  • The normal Visual Studio debugger. You can use it to attach to a process. It should pull the symbols for your version of Windows from Microsoft's online server, so the API and other library calls will have meaningful symbolic names. – Kuba hasn't forgotten Monica Sep 09 '20 at 19:07