Get a list of running processes

Description

This example uses the Win32 API and PSAPI.DLL to get a list of all running processes on the system.

Caveats

Since this uses PSAPI, it will not work on Win9x (PSAPI is only available on Windows NT, 2000, XP, Vista, etc). Some processes cannot be interrogated for their information for whatever reason; this script silently ignores these errors and keeps going.

The Script

OutFile PsapiTest.exe
 
Function .onInit
    System::Alloc 1024
    Pop $R9
    System::Call "Psapi::EnumProcesses(i R9, i 1024, *i .R1)i .R8"
    StrCmp $R8 0 HandleError
 
    IntOp $R2 $R1 / 4 ; Divide by sizeof(DWORD) to get number of processes
 
    StrCpy $R4 0 ; R4 is our counter variable
iterate:
    System::Call "*$R9(i .R5)" ; Get next PID
    IntCmp $R5 0 next_iteration iterate_end 0 ; break if PID < 0, continue if PID = 0
 
    System::Call "Kernel32::OpenProcess(i 1040, i 0, i R5)i .R8"
    StrCmp $R8 0 next_iteration
    System::Alloc 1024
    Pop $R6
    System::Call "Psapi::EnumProcessModules(i R8, i R6, i 1024, *i .R1)i .R7"
    StrCmp $R7 0 0 no_enumproc_error
    System::Free $R6
    GoTo next_iteration
no_enumproc_error:
    System::Alloc 256
    Pop $R7
    System::Call "*$R6(i .r6)" ; Get next module
    System::Free $R6
    System::Call "Psapi::GetModuleBaseName(i R8, i r6, t .R7, i 256)i .r6"
    StrCmp $6 0 0 no_getmod_error
    System::Free $R7
    GoTo HandleError
no_getmod_error:
    MessageBox MB_OK "Found process called $R7 with length $6!"
    System::Free $R7
 
next_iteration:
    IntOp $R4 $R4 + 1 ; Add 1 to our counter
    IntOp $R9 $R9 + 4 ; Add sizeof(int) to our buffer address
 
    IntCmp $R4 $R2 iterate_end iterate iterate_end
iterate_end:
    MessageBox MB_OK "Success!"
    System::Free $R9
    Return
HandleError:
    MessageBox MB_OK "Something went wrong here."
    Return
FunctionEnd
 
Section
SectionEnd