Process + Thread + DLL Functions UDFs
Fully tested on O/S's from Windows 2000 -> Windows 7, in both 32-bit and 64-bit modes.
*Note: the dropdown box in the GUI has issues in Windows 2000 - workaround - type 1st letter of process.
Also, RemoteThreads may not start if Terminal Services is not installed on Win2000.
This is a compilation of all my Process, Thread, and DLL functions (and now Driver functions) into a number of UDF modules. Most every and anything useful can be done with these functions. The best part is the GUI interfaces (ProcessFunctionsTest, ThreadFunctionsTest) which let you experiment with what functions do without even touching a line of code. And whats that? Oh yes - it creates Threads. Even 'Wow64' threads, which requires a new way of thinking =)
Bundled with the core Process, Thread, and DLL UDF's are numerous support functions, examples, and even a DLL Injection module. A comparison program 'ProcessListPropertiesTest' is also included for comparison against PsaltyDS's _ProcessListProperties UDF).
The GUI's pictured above are the best way to explore the possible uses of the Process + Thread functions included, but the functionality extends beyond those default function calls. For example, there are more filters for the 'List' functions, plus other functionality that is not exposed in the GUI examples. There's also the DLL Functions which aren't even touched on (but are made use of nonetheless).
*For another example use of the Process Functions UDF see the ProcessGetWinPEImportExports UDF.
Below is a list of all the functions available (check the function headers for more info):
Thread Functions UDF's
DLL Functions UDF's
; _DriverList() ; Returns a list of Drivers that were loaded by the O/S
This is now a very comprehensive suite. Most everything a programmer or user would find useful is included. If by chance you can think of *any* other (useful) functions to add to this project, however, let me know.
For those that need to measure a Process's CPU Usage, please see my PDH Performance Counters UDF, another comprehensive UDF suite.
Special note: For most all _Process* functions that require a 'QUERY' info handle, use the constant $PROCESS_QUERY_LIMITED_INFO, which is set based on O/S. There's only one exception to this that I can think of: _ProcessMemoryVirtualQuery() which requires full Query access no matter what O/S (0x400). Thread* functions can make use of 2 constants which are set based on O/S - $THREAD_QUERY_LIMITED_INFO and $THREAD_SET_LIMITED_INFO. Experiment with the GUI's on Vista+ O/S's to see what's the minimum req's.
Optional addition: Special NomadMemory UDF designed to work with ProcessFunctions:
NomadMemoryPF.au3 16.23K 475 downloads
Ascend4nt's AutoIT Code License agreement:
While I provide this source code freely, if you do use the code in your projects, all I ask is that:
- If you provide source, keep the header as I have put it, OR, if you expand it, then at least acknowledge me as the original author, and any other authors I credit
- If the program is released, acknowledge me in your credits (it doesn't have to state which functions came from me, though again if the source is provided - see #1)
- The source on it's own (as opposed to part of a project) can not be posted unless a link to the page(s) where the code were retrieved from is provided and a message stating that the latest updates will be available on the page(s) linked to.
- Pieces of the code can however be discussed on the threads where Ascend4nt has posted the code without worrying about further linking.
Edited by Ascend4nt, 27 September 2011 - 02:24 PM.