Struct Process 

pub struct Process { /* private fields */ }

A handle to a Windows process.

Implementations

impl Process

pub fn inject_dll(&self, dll_path: &Path) -> Result<()>

Inject a DLL into this process.

Opens the process with the necessary rights, allocates memory for the DLL path, and creates a remote thread running LoadLibraryA in the target process.

Returns Err(ProcessError::AlreadyInjected) if the DLL filename is already loaded by the target process.

Remarks

• The DLL path must be valid UTF-8 and contain no embedded null characters.
• The calling process must have the privileges required to open the target process with PROCESS_CREATE_THREAD | PROCESS_VM_WRITE | PROCESS_VM_OPERATION.
• Injecting a 32-bit DLL into a 64-bit process (or vice versa) will silently fail; ensure bitness matches.

Example

use std::path::Path;
use windows_erg::process::{Process, ProcessId};

let process = Process::open(ProcessId::new(1234))?;
process.inject_dll(Path::new("C:\\path\\to\\my.dll"))?;

pub fn is_dll_loaded(&self, dll_name: &str) -> Result<bool>

Check whether a DLL with the given name (case-insensitive, filename only) is currently loaded in this process.

Example

use windows_erg::process::{Process, ProcessId};

let process = Process::open(ProcessId::new(1234))?;
if process.is_dll_loaded("kernel32.dll")? {
    println!("kernel32 is loaded");
}

impl Process

pub fn list() -> Result<Vec<ProcessInfo>>

List all processes in the system.

pub fn list_with_buffer(out_processes: &mut Vec<ProcessInfo>) -> Result<usize>

List all processes using a reusable output buffer.

Returns the number of processes found and added to the buffer.

pub fn list_with_filter<F>( out_processes: &mut Vec<ProcessInfo>, filter: F, ) -> Result<usize>

where F: Fn(&ProcessInfo) -> bool,

List all processes matching a filter using a reusable output buffer.

The filter function is called for each process. Only processes where the filter returns true are added to the buffer. This is more efficient than listing all and filtering afterwards as it avoids unnecessary buffer operations.

Returns the number of matching processes found and added to the buffer.

pub fn parent_id(&self) -> Result<Option<ProcessId>>

Get the parent process ID.

pub fn children(&self) -> Result<Vec<ProcessId>>

Get all immediate child processes.

pub fn children_with_buffer( &self, buffer: &mut Vec<ProcessInfo>, ) -> Result<usize>

Get all immediate child processes using a reusable buffer.

impl Process

pub fn memory_info(&self) -> Result<MemoryInfo>

Get memory usage information for this process.

impl Process

pub fn cpu_times(&self) -> Result<ProcessCpuTimes>

Get cumulative process CPU time counters.

Returned values are cumulative since process start in 100ns units.

pub fn memory_metrics(&self) -> Result<ProcessMemoryMetrics>

Get extended memory metrics for this process.

pub fn metrics(&self) -> Result<ProcessMetrics>

Get point-in-time CPU and memory metrics for this process.

pub fn cpu_usage(&self, interval: Duration) -> Result<f64>

Calculate process CPU usage percentage over a sampling interval.

The returned value is normalized to whole-machine CPU usage scale [0.0, 100.0].

impl Process

pub fn modules(&self) -> Result<Vec<ModuleInfo>>

Enumerate all modules (DLLs) loaded in this process.

pub fn modules_with_buffer( &self, out_modules: &mut Vec<ModuleInfo>, work_buffer: &mut Vec<u8>, ) -> Result<usize>

Enumerate modules using reusable output and work buffers.

Arguments

• out_modules: Output buffer to store ModuleInfo results
• work_buffer: Work buffer for module handles and string data (reused across calls)

pub fn modules_with_filter<F>( &self, out_modules: &mut Vec<ModuleInfo>, work_buffer: &mut Vec<u8>, filter: F, ) -> Result<usize>

where F: Fn(&ModuleInfo) -> bool,

Enumerate modules matching a filter using reusable output and work buffers.

The filter function is called for each module. Only modules where the filter returns true are added to the output buffer. This is more efficient than enumerating all and filtering afterwards.

Arguments

• out_modules: Output buffer to store ModuleInfo results
• work_buffer: Work buffer for module handles and string data (should be reused)
• filter: Predicate function to filter modules

Returns the number of matching modules found and added to the buffer.

impl Process

pub fn command_line(&self) -> Result<String>

Get the command line of the process.

This reads the command line from the Process Environment Block (PEB).

pub fn command_line_with_buffer( &self, out_buffer: &mut Vec<u8>, ) -> Result<String>

Get the command line using a reusable output buffer.

pub fn environment(&self) -> Result<HashMap<String, String>>

Get the environment variables of the process.

pub fn environment_with_buffer( &self, out_buffer: &mut Vec<u8>, ) -> Result<HashMap<String, String>>

Get the environment variables using a reusable output buffer.

pub fn parameters(&self) -> Result<ProcessParameters>

Get all process parameters (command line, current directory, image path).

pub fn parameters_with_buffer( &self, out_buffer: &mut Vec<u8>, ) -> Result<ProcessParameters>

Get all process parameters using a reusable output buffer.

impl Process

pub fn open(pid: ProcessId) -> Result<Self>

Open a process with default access (query information).

pub fn open_with_access(pid: ProcessId, access: ProcessAccess) -> Result<Self>

Open a process with specific access rights.

pub fn current() -> Self

Get a pseudo-handle to the current process.

This handle does not need to be closed and is valid for the lifetime of the process.

pub fn with_access(&self, access: ProcessAccess) -> Result<Self>

Open the same process with additional access rights.

This is useful when you have a process handle but need higher privileges (e.g., to read/write memory or terminate the process).

Example

let process = Process::open(pid)?;
// Need to read memory - upgrade to VmRead access
let process_with_vm_read = process.with_access(ProcessAccess::VmRead)?;

pub fn id(&self) -> ProcessId

Get the process ID.

pub fn name(&self) -> Result<String>

Get the process name (executable file name without path).

pub fn name_with_buffer(&self, out_buffer: &mut Vec<u8>) -> Result<String>

Get the process name using a reusable output buffer.

pub fn path(&self) -> Result<PathBuf>

Get the full path to the process executable.

pub fn path_with_buffer(&self, out_buffer: &mut Vec<u8>) -> Result<PathBuf>

Get the full path to the process executable using a reusable output buffer.

pub fn is_running(&self) -> Result<bool>

Check if the process is still running.

pub fn exit_code(&self) -> Result<Option<u32>>

Get the exit code of the process, if it has exited.

Returns None if the process is still running.

pub fn wait_for_exit(&self) -> Result<u32>

Wait until this process exits and return its final exit code.

pub fn wait_for_exit_timeout(&self, timeout: Duration) -> Result<Option<u32>>

Wait until this process exits or timeout elapses.

Returns Ok(Some(code)) when the process exits, Ok(None) on timeout.

pub fn as_wait(&self) -> Wait

Borrow this process handle as a Wait object.

The returned wait object does not own the process handle and will not close it on drop.

pub fn kill(&self) -> Result<()>

Terminate the process with exit code 1.

pub fn terminate(&self, exit_code: u32) -> Result<()>

Terminate the process with a specific exit code.

pub fn kill_by_id(pid: ProcessId) -> Result<()>

Kill a process by ID (convenience method).

pub unsafe fn as_raw_handle(&self) -> HANDLE

Get the raw Windows handle.

Safety

The handle must not outlive the Process instance.

impl Process

pub fn threads(&self) -> Result<Vec<ThreadInfo>>

Enumerate all threads in this process.

pub fn threads_with_buffer( &self, out_threads: &mut Vec<ThreadInfo>, ) -> Result<usize>

Enumerate threads using a reusable output buffer.

pub fn threads_with_filter<F>( &self, out_threads: &mut Vec<ThreadInfo>, filter: F, ) -> Result<usize>

where F: Fn(&ThreadInfo) -> bool,

Enumerate threads matching a filter using a reusable output buffer.

The filter function is called for each thread. Only threads where the filter returns true are added to the output buffer. This is more efficient than enumerating all and filtering afterwards.

Returns the number of matching threads found and added to the buffer.

impl Process

pub fn kill_tree(&self) -> Result<()>

Kill this process and all its descendants.

This will recursively kill all child processes first, then the parent.

pub fn kill_tree_by_id(pid: ProcessId) -> Result<()>

Kill a process and all its descendants by process ID.

pub fn kill_tree_by_id_with_buffer( pid: ProcessId, out_processes: &mut Vec<ProcessInfo>, ) -> Result<()>

Kill a process tree using a reusable output buffer.

pub fn kill_tree_from_root(pid: ProcessId) -> Result<()>

Find the root ancestor of a process and kill the entire tree.

This walks up the parent chain to find the topmost process, then kills that entire tree.

pub fn kill_tree_from_root_with_buffer( pid: ProcessId, out_processes: &mut Vec<ProcessInfo>, ) -> Result<()>

Kill tree from root using a reusable output buffer.

Trait Implementations

impl Drop for Process

fn drop(&mut self)

Executes the destructor for this type.

impl Send for Process