Crate tasklist

Source

Expand description

§tasklist

tasklist is a crate let you easily get tasklist and process information on windows. it based on windows-rs crate.

§what information you can get

Process name, pid, parentID, threadsID
Process start_time, exit_time, and CPU_time (including kernel time and user time)
Process path and commandline parameters
Process SID and Domain/User information
Process IO counters (all IO_COUNTERS members)
Process memory information (all PROCESS_MEMORY_COUNTERS members)
Process handles count via GetProcessHandleCount API
Process file information via GetFileVersionInfoExW API
Detect WOW64 (Windows 32-bit on Windows 64-bit) environment and get architecture info
Full process iteration capabilities
Process termination functionality
Debug privilege elevation support

remember some infomation need higher privilege in some specific windows versions

§example

Get all process pid , process name and user .

fn main(){
    unsafe{
        match tasklist::Tasklist::new(){
            Ok(tasks) => {
                for task in tasks{
                    println!("pid: {} , name: {}", task.pid, task.pname);
                }
            },
            Err(e) => {
                println!("error: {}", e);
            }
        }
    }
}

Get all process name , pid , company name , file description.


fn main(){
    for i in unsafe{tasklist::Tasklist::new().unwrap()}{
        let cpn = match i.get_file_info(){
            Ok(cpn) =>{
                println!("{:?}",cpn)
            },
            Err(_) => println!("not fonud"),
        };
}
}

Modules§

info
infos

Structs§

IoCounter: the process’s IO counter struct
MemoryCounter: process’s memory counter struct . can easily get memory infomation of a process.
Process: the process struct .
Tasklist: this struct is Process Iterator.

Functions§

enable_debug_priv: enbale the debug privilege for your program , it return a bool to show if it success.
find_first_process_id_by_name: return the first process id by the name you gave , it return the Result<u32,String> , u32 is the process id.
find_process_id_by_name: find the process id by the name you gave , it return a Result<Vec<u32>,String>
find_process_name_by_id: just like the name , this function will return a Option<String> by the id you gave, String is the name of process.
get_proc_file_info: Retrieves file version information of a process by its PID.
get_proc_io_counter: Retrieves the I/O counters of a process by its PID.
get_proc_memory_info: Retrieves memory information of a process by its PID.
get_proc_params: Retrieves the command line parameters of a process by its PID.
get_proc_parrent: Get the parent process ID of a process by its PID.
get_proc_path: Get the full path of a process by its PID.
get_proc_sid_and_user: Get the SID and domain/user name of a process by its PID.
get_proc_threads: Get the thread IDs of a process by its PID.
get_proc_time: get process time , including Start time , Exit time , Kernel time and User time . it will return a tuple which is (start_time,exit_time,CpuTime)
get_process_handle_counter: Retrieves the handle count of a process by its PID.
is_wow_64: judge the process is running on wow64 or not ， it will return a Option<bool> (you must consider the situation that OpenProcess cannot be used)
is_wow_64_2^⚠: Check if process is running under WOW64 and get architecture info Returns tuple: (is_wow64: bool, process_arch: &str, native_arch: &str) Returns None if failed to get information
kill: Terminates a process by its process ID.
tasklist: Retrieves a snapshot of all running processes in the system.