Getting process information of every process

Question

I am trying to create a program that any normal user can run on windows and generate a process list of all processes, including the executable location. I have used CreateToolhelp32Snapshot() to get all process names, pid, ppid. But having issues getting the image path. Everything I do results in pretty much Access Denied.

I have tried ZwQueryInformationProcess, GetProcessImageFileName, etc. and also using OpenProcess to get the handle to each process. I can get the handle by using PROCESS_QUERY_LIMITED_INFORMATION, but any other option doesn't work. I am lost and have been at this for a few days. Can anyone point me in the right direction?

Answer 1

This is the code that works for non-admin user on Windows. Use the szExeFile member of PROCESSENTRY32 to get the path:

HANDLE hProcessSnap = NULL;
HANDLE hProcess = NULL;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass = 0;

// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
    return;
}

// Set the size of the structure before using it.
pe32.dwSize = sizeof(PROCESSENTRY32);

// Retrieve information about the first process,
// and exit if unsuccessful
if (!Process32First(hProcessSnap, &pe32))
{
    CloseHandle(hProcessSnap);          // clean the snapshot object
    return;
}

// Now walk the snapshot of processes, and
// display information about each process in turn
do
{
    // do something with the pe32 struct.
    // pe32.szExeFile -> path of the file

} while (Process32Next(hProcessSnap, &pe32));

CloseHandle(hProcessSnap);