Crate tasklist

source · [−]

Expand description

tasklist

tasklist is a crate let you easily get tasklist and process information on windows. it based on windows-rs crate.

what information you can get

Process name,pid,parrentID,theradsID.
Process start_time,exit_time,and CPU_time(including kernel time and user time).
Process path and commandline params.
Process SID and Domain/User.
Process IO infomation , including all of IO_COUNTERS member.
Process memory information , including all of PROCESS_MEMORY_COUNTERS member.
Process handles information , use GetProcessHandleCount Api.
Process file infomation , use GetFileVersionInfoExW Api.
Iterate over all processes

remember some infomation need higher privilege in some specific windows versions

example

Get all process pid , process name and user .

use tasklist;
fn main(){
    unsafe{
        let tl = tasklist::Tasklist::new();
        for i in tl{
            println!("{} {} {}",i.get_pid(),i.get_pname(),i.get_user());
        }
    }
}

Get all process name , pid , company name , file description.

use tasklist;
 
fn main(){
    for i in unsafe{tasklist::Tasklist::new()}{
        let cpn = match i.get_file_info().get("CompanyName"){
            Some(h)=>h.to_string(),
            None=>"".to_string(),
        };
        let des = match i.get_file_info().get("FileDescription"){
            Some(h)=>h.to_string(),
            None=>"".to_string(),
        };
        println!("\t{} \t{} \t{} \t{}",i.get_pname(),i.get_pid(),cpn,des)
       }
}

Structs

IoCounter

the process’s IO counter struct

MemoryCounter

process’s memory counter struct . can easily get memory infomation of a process.

Process

the process struct .

Tasklist

this struct is Process Iterator.

Functions

enable_debug_priv ^⚠

enbale the debug privilege for your program , it return a bool to show if it success.

find_first_process_id_by_name ^⚠

return the first process id by the name you gave , it return the Option<u32> , u32 is the process id.

find_process_id_by_name ^⚠

find the process id by the name you gave , it return a Vec<U32> , if the process is not exist , it will return a empty Vec<u32>

find_process_name_by_id ^⚠

just like the name , this function will return a Option<String> by the id you gave, String is the name of process.

get_proc_file_info ^⚠

get the file info of the process . use GetFileVersionInfoExW api . it will return a HashMap<String,String> including a lot of infomation. you can get value throught CompanyName FileDescription OriginalFilename ProductName ProductVersion PrivateBuild InternalName LegalCopyright FileVersion keys.

get_proc_io_counter ^⚠

get the process io counter , it will return a IoCounter if cant get the io counter , it will return a zero IoCounter

get_proc_memory_info ^⚠

get process memory info . it will return a MemoryCounter struct .

get_proc_params ^⚠

get the process command line params . it will return String .

get_proc_parrent ^⚠

get process parrent id from pid , it will return a Option<u32>

get_proc_path ^⚠

get process full path from pid , it will return String which is the location of process.

get_proc_sid_and_user ^⚠

get the process sid and domain/user name from pid . it will return a tuple consisting of (domain/user,sid). if the privilege is not enough , it will return the failed reson.

get_proc_threads ^⚠

get process thread id from pid , it will return Vec<u32> .

get_proc_time ^⚠

get process time , including Start time , Exit time , Kernel time and User time . it will return a tuple which is (start_time,exit_time,CpuTime)

get_process_handle_counter ^⚠

get process handle counter . return u32

kill ^⚠

kill a process by process_id . if success , it will return true

tasklist ^⚠