Home > Back-end >  How to simply and directly obtain the process ID?
How to simply and directly obtain the process ID?

Time:10-11

I sometimes use remote threads, implicit links, and dynamic link libraries, and often need to obtain the ID of a target process:

BOOL MyCreateRemoteThread(DWORD dwProcessID, DWORD dwProcAddr)
{
    ...
}

In the past, I can open the Task Manager to view the process. But, because the work is secure and confidential, my company has implemented encryption, so now I cannot open the Task Manager to view the process ID.

I know that there are Windows APIs that can obtain process IDs, but each program needs to add an API. That seems too cumbersome, and takes up resources.

Is there an API that can be directly obtained and put in? For example, get the process name?

int main()
{
    MyCreateRemoteThread((DWORD)22436, (DWORD)0x00F91840);
    
    return 0;
}

The process ID changes after the process is reopened, so it needs to be modified every time.

CodePudding user response:

You can get the Process ID of a process by its name, by enumerating the running processes until you find the name you are interested in.

Process Enumeration

You can use EnumProcesses(), EnumProcessModules(), and GetModuleBaseName():

Enumerating All Processes

Or, you can use CreateToolhelp32Snapshot(), Process32First(), and Process32Next():

Taking a Snapshot and Viewing Processes

Once you find the process ID you are interested in, you can then open a handle to that process using OpenProcess().

CodePudding user response:

As Remy Lebeau said, the method of enumerating and traversing processes and comparing process names is effective. I can write a sample for your reference:

DWORD GetPIDByName(LPCTSTR szProcessName)
{
    STARTUPINFO st;
    PROCESS_INFORMATION pi;
    PROCESSENTRY32 ps;
    HANDLE hSnapshot;
    DWORD dwPID = 0;
    ZeroMemory(&st, sizeof(STARTUPINFO));
    ZeroMemory(&pi, sizeof(PROCESS_INFORMATION));
    st.cb = sizeof(STARTUPINFO);
    ZeroMemory(&ps, sizeof(PROCESSENTRY32));
    ps.dwSize = sizeof(PROCESSENTRY32);
    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hSnapshot == INVALID_HANDLE_VALUE)
    {
        return dwPID;
    }
    if (!Process32First(hSnapshot, &ps))
    {
        return dwPID;
    }
    do
    {
        if (lstrcmpi(ps.szExeFile, szProcessName) == 0)
        {
            dwPID = ps.th32ProcessID;
        }
    } while (Process32Next(hSnapshot, &ps));
    CloseHandle(hSnapshot);
    return dwPID;
}

Then add this to your execution main function:

int main{
DWORD pId = GetProcessIDByName("xxx.exe");//xxx is the process'name
.............
}

After the ellipsis, you can add the execution code according to your needs.

In fact, your method is much the same as enumeration. I found that your mian function gets a virtual memory page behind it. This is the second check of getting the memory address and process ID However, for dynamic library applications, remote threads and other operations, you still need to obtain the dll through the path. Of course, this is more convenient than changing the process ID every time.

  • Related