Expand description
§tasklist
tasklist
is a crate let you easily get tasklist and process information on windows.
it based on windows-rs
crate.
§what information you can get
- Process name,pid,parrentID,theradsID.
- Process start_time,exit_time,and CPU_time(including kernel time and user time).
- Process path and commandline params.
- Process SID and Domain/User.
- Process IO infomation , including all of
IO_COUNTERS
member. - Process memory information , including all of
PROCESS_MEMORY_COUNTERS
member. - Process handles information , use
GetProcessHandleCount
Api. - Process file infomation , use
GetFileVersionInfoExW
Api. - Check whether the process is running in the WOW64 environment.
- Iterate over all processes
remember some infomation need higher privilege in some specific windows versions
§example
Get all process pid , process name and user .
use tasklist;
fn main(){
unsafe{
let tl = tasklist::Tasklist::new();
for i in tl{
println!("{} {} {}",i.get_pid(),i.get_pname(),i.get_user());
}
}
}
Get all process name , pid , company name , file description.
use tasklist;
fn main(){
for i in unsafe{tasklist::Tasklist::new()}{
let cpn = match i.get_file_info().get("CompanyName"){
Some(h)=>h.to_string(),
None=>"".to_string(),
};
let des = match i.get_file_info().get("FileDescription"){
Some(h)=>h.to_string(),
None=>"".to_string(),
};
println!("\t{} \t{} \t{} \t{}",i.get_pname(),i.get_pid(),cpn,des)
}
}
Modules§
Structs§
- the process’s IO counter struct
- process’s memory counter struct . can easily get memory infomation of a process.
- the process struct .
- this struct is
Process
Iterator.
Functions§
- enbale the debug privilege for your program , it return a
bool
to show if it success. - return the first process id by the name you gave , it return the
Option<u32>
,u32
is the process id. - find the process id by the name you gave , it return a
Vec<U32>
, if the process is not exist , it will return a emptyVec<u32>
- just like the name , this function will return a
Option<String>
by the id you gave,String
is the name of process. - get the file info of the process . use
GetFileVersionInfoExW
api . it will return aHashMap<String,String>
including a lot of infomation. you can get value throughtCompanyName
FileDescription
OriginalFilename
ProductName
ProductVersion
PrivateBuild
InternalName
LegalCopyright
FileVersion
keys. if a process do not haveFileVersionInfoSize
, it will return aHashMap
with anull
value, like this ->{}
. - get the process io counter , it will return a
IoCounter
if cant get the io counter , it will return a zeroIoCounter
- get process memory info . it will return a
MemoryCounter
struct . - get the process command line params . it will return
String
. - get process parrent id from pid , it will return a
Option<u32>
- get process full path from pid , it will return
String
which is the location of process. - get the process sid and domain/user name from pid . it will return a tuple consisting of
(domain/user,sid)
. if the privilege is not enough , it will return the failed reson. - get process thread id from pid , it will return
Vec<u32>
. - get process time , including Start time , Exit time , Kernel time and User time . it will return a
tuple
which is(start_time,exit_time,CpuTime)
- get process handle counter . return
u32
- judge the process is running on wow64 or not , it will return a
Option<bool>
(you must consider the situation that OpenProcess cannot be used) - kill⚠kill a process by process_id . if success , it will return
true
- get the windows tasklist ,return a
HashMap<String,u32>
String
is the name of process, andu32
is the id of process