Solved

Process Running ?

Posted on 1998-12-04
6
188 Views
Last Modified: 2010-04-02
Is there a function in NT which returns the ProcessId
of a Process, if I only know the process-name ? What
am I looking for is something like this:

pid = processId ( "NameOfTheProcess" );
0
Comment
Question by:gnow
6 Comments
 
LVL 22

Expert Comment

by:nietod
ID: 1179196
Processes don't have names.  What information do you have about the process?  Did your program start the process?  Do you know anything about windows the process creates, if any?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1179197
You could use the functions provided with 'psapi.dll' to achieve this - sorry, but as i'm at home now, you'll have to wait for an example 'til tomorrow ;-)
0
 
LVL 8

Expert Comment

by:MikeP090797
ID: 1179198
If you have the name of the window caption, or it's class name, you can use FindWindow, and then GetWindowThreadProcessID
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:gnow
ID: 1179199
That's my problem. The process are started in a command prompt and started during startup of NT.

My goal is to generate a watchdog-process, which is checking several processes
from time to time if they are still running. If not, it should restart these processes. Due
to I don't want any interprocess-communication I need something indepandent from
the other processes.

It could be that my idea is wrong and I have to go a different way. Has anybody
expirience in doing this ? Is it better to start the processes as a service and then
have a "watchdog-service" check the other services ?

0
 
LVL 22

Accepted Solution

by:
nietod earned 50 total points
ID: 1179200
I think you can use EnumProcesses() to enumerate all the processes.  Then use GetModuleFileNameEx() for each processed to get the path and file name of the executable.  
0
 
LVL 22

Expert Comment

by:nietod
ID: 1179201
Opps.  Missed one thing.  To enumerate 16 bit processes in NT you must use VDMEnumTaskWOWEx().  This will save you from having to use GetModuleFilenameEx() as the callback routine will be passed the executable's path and file name.

Look up article Q175030 in the MS knowledgebase.  It describes the details.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
What is C++ STL?: STL stands for Standard Template Library and is a part of standard C++ libraries. It contains many useful data structures (containers) and algorithms, which can spare you a lot of the time. Today we will look at the STL Vector. …
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now