Expand description
§tasklist
tasklist is a crate let you easily get tasklist and process information on windows.
it based on windows-rs crate.
§what information you can get
- Process name,pid,parrentID,theradsID.
- Process start_time,exit_time,and CPU_time(including kernel time and user time).
- Process path and commandline params.
- Process SID and Domain/User.
- Process IO infomation , including all of
IO_COUNTERSmember. - Process memory information , including all of
PROCESS_MEMORY_COUNTERSmember. - Process handles information , use
GetProcessHandleCountApi. - Process file infomation , use
GetFileVersionInfoExWApi. - Check whether the process is running in the WOW64 environment.
- Iterate over all processes
remember some infomation need higher privilege in some specific windows versions
§example
Get all process pid , process name and user .
use tasklist;
fn main(){
unsafe{
let tl = tasklist::Tasklist::new();
for i in tl{
println!("{} {} {}",i.get_pid(),i.get_pname(),i.get_user());
}
}
}Get all process name , pid , company name , file description.
use tasklist;
fn main(){
for i in unsafe{tasklist::Tasklist::new()}{
let cpn = match i.get_file_info().get("CompanyName"){
Some(h)=>h.to_string(),
None=>"".to_string(),
};
let des = match i.get_file_info().get("FileDescription"){
Some(h)=>h.to_string(),
None=>"".to_string(),
};
println!("\t{} \t{} \t{} \t{}",i.get_pname(),i.get_pid(),cpn,des)
}
}
Modules§
Structs§
- IoCounter
- the process’s IO counter struct
- Memory
Counter - process’s memory counter struct . can easily get memory infomation of a process.
- Process
- the process struct .
- Tasklist
- this struct is
ProcessIterator.
Functions§
- enable_
debug_ ⚠priv - enbale the debug privilege for your program , it return a
boolto show if it success. - find_
first_ ⚠process_ id_ by_ name - return the first process id by the name you gave , it return the
Option<u32>,u32is the process id. - find_
process_ ⚠id_ by_ name - find the process id by the name you gave , it return a
Vec<U32>, if the process is not exist , it will return a emptyVec<u32> - find_
process_ ⚠name_ by_ id - just like the name , this function will return a
Option<String>by the id you gave,Stringis the name of process. - get_
proc_ ⚠file_ info - get the file info of the process . use
GetFileVersionInfoExWapi . it will return aHashMap<String,String>including a lot of infomation. you can get value throughtCompanyNameFileDescriptionOriginalFilenameProductNameProductVersionPrivateBuildInternalNameLegalCopyrightFileVersionkeys. if a process do not haveFileVersionInfoSize, it will return aHashMapwith anullvalue, like this ->{}. - get_
proc_ ⚠io_ counter - get the process io counter , it will return a
IoCounterif cant get the io counter , it will return a zeroIoCounter - get_
proc_ ⚠memory_ info - get process memory info . it will return a
MemoryCounterstruct . - get_
proc_ ⚠params - get the process command line params . it will return
String. - get_
proc_ ⚠parrent - get process parrent id from pid , it will return a
Option<u32> - get_
proc_ ⚠path - get process full path from pid , it will return
Stringwhich is the location of process. - get_
proc_ ⚠sid_ and_ user - get the process sid and domain/user name from pid . it will return a tuple consisting of
(domain/user,sid). if the privilege is not enough , it will return the failed reson. - get_
proc_ ⚠threads - get process thread id from pid , it will return
Vec<u32>. - get_
proc_ ⚠time - get process time , including Start time , Exit time , Kernel time and User time . it will return a
tuplewhich is(start_time,exit_time,CpuTime) - get_
process_ ⚠handle_ counter - get process handle counter . return
u32 - is_
wow_ ⚠64 - judge the process is running on wow64 or not , it will return a
Option<bool>(you must consider the situation that OpenProcess cannot be used) - kill⚠
- kill a process by process_id . if success , it will return
true - tasklist⚠
- get the windows tasklist ,return a
HashMap<String,u32>Stringis the name of process, andu32is the id of process