Actually i was experimenting around with TerminateProcess API

And i stumbled upon this :confused:

I used the API OpenProcess to open the handle the a given PID and

the flags used were PROCESS_ALL_ACCESS

will this return a diffrent handle to the program bcoz when i tried to compare the handles

those were diffrent

PS: Can a same process have diffrent handles depending on FLAGS used in OpenProcess :confused:

Thanks For Reading
Posted on 2004-06-05 11:53:29 by telophase
Well, of course they can - a HANDLE is just an opaque value used to identify an internal kernel object. Especially if you open a process with different access privileges, it wouldn't make much sense if you got the same handle back...
Posted on 2004-06-05 15:24:33 by f0dder
I am using PROCESS_ALL_ACCESS to open handle to the process .

So how can i verify that the handle that i have is of the process i am looking for

because i dont know with wot access rights the process was opened ?
Posted on 2004-06-05 23:05:40 by telophase
So you wan't to check if "some process" is "the process you're interestd in"? You can never compare *handles* to do this.

Since XP SP1 there's a GetProcessId function that gives you the pid from the handle, and then you can compare the pid's. Not running on lower than XP SP1 is a bit sucky, though :)

There's probably some workarounds... if you want to check if "is this c:\windows\notepad.exe", rather than "is this a SPECIFIC instance of notepad", you could do some hacking around with psapi or toolhelp, and compare the filenames... but there's probably a slightly dirty way to get PID from process HANDLE on most win32 versions...
Posted on 2004-06-06 08:32:26 by f0dder
Could you please tell me this *dirty* way of getting PID from the handle that i have ??

One more thing can the same method be implimented under 9x aswell as 2k both ??
Posted on 2004-06-06 13:21:11 by telophase
I unfortunately don't know of any method, dirty or not - nor do I know how dirty it will be. But it should be possible, perhaps with separate 9x/NT versions. And perhaps there's some way that's so obvious I haven't thought of it ^_^
Posted on 2004-06-06 15:44:25 by f0dder
Okay, have a look at this test - NT only. I'd be very interested in hearing reports on plain XP (no service packs), win2000 (any service packs), and NT4 if anybody runs that - I don't currently have the time to set up a bunch of vmware's. Alternative method will have to be used for 9x. (The code is a bit ugly btw, a quick hack it is)

Btw, if you have some hwnd's of the processes you want to compare, you can use GetWindowThreadProcessId - I used this while testing a generic fix for the WM_TIMER problem before MS fixed it.
Posted on 2004-06-06 17:35:32 by f0dder
PS, from winternl.h in the PlatformSDK:


typedef enum _PROCESSINFOCLASS {
ProcessBasicInformation = 0,
ProcessWow64Information = 26
} PROCESSINFOCLASS;

typedef struct _PROCESS_BASIC_INFORMATION {
PVOID Reserved1;
PPEB PebBaseAddress;
PVOID Reserved2[2];
ULONG_PTR UniqueProcessId;
PVOID Reserved3;
} PROCESS_BASIC_INFORMATION;
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;

NTSTATUS
NtQueryInformationProcess (
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength OPTIONAL
);


note that some of the "reserved" fields seem to have meaning - http://www.codeguru.com/Cpp/W-P/win32/article.php/c1437/
Posted on 2004-06-06 17:45:30 by f0dder
DWORD GetWindowThreadProcessId(
HWND hWnd, // handle to window
LPDWORD lpdwProcessId // address of variable for process identifier
);

Parameters
hWnd
Handle to the window.

lpdwProcessId
Pointer to a 32-bit value that receives the process identifier. If this parameter is not NULL, GetWindowThreadProcessId copies the identifier of the process to the 32-bit value; otherwise, it does not.

The msdn library clearly specifies that it needs a window handle but i have a process handle so how do i use this ?
Posted on 2004-06-07 02:01:28 by telophase
As I said,

if you have some hwnd's of the processes you want to compare, you can use GetWindowThreadProcessId


... the NtQueryInformation I posted later doesn't require this.
Posted on 2004-06-07 04:41:00 by f0dder
But i wont be supporting 9x versions of windows that were my problem is :(

If there could be a method which would work on 9x / NT versions :confused:
Posted on 2004-06-07 04:44:26 by telophase
Well, find a 9x method and use GetVersion to call code depending on NT/9x?
Posted on 2004-06-07 04:46:49 by f0dder
Sorry to bother u again but where can i find the 9x version ?
Posted on 2004-06-07 04:47:46 by telophase
No idea - I found the NT version for you (which I hope is generic across most NT versions), and I don't deal in 9x anymore, sorry... but there might be somebody else here who does.
Posted on 2004-06-07 04:57:00 by f0dder
Anyways thankyou very much for helping as as you said in you earlier posts.

i can use GetWindowThreadProcessId to get the pid of the process

passing the handle to the process obtained using OpenProcess API ?
Posted on 2004-06-07 05:00:05 by telophase