C How to determine if a Windows Process is running

Question

This is concerning Windows XP processes   I have a process running  let s call it Process1  Process1 creates a new process  Process2  and saves its id   Now  at some point Process1 wants Process2 to do something  so it first needs to make sure that Process2 is still alive and that the user has not not killed it   How can I check that this process is still running  Since I created it  I have the Process ID  I would think there is some library function along the lines of IsProcessIDValid  id   but I can t find it on MSDN

User · Answer

The process handle will be signaled if it exits.

So the following will work (error handling removed for brevity):

BOOL IsProcessRunning(DWORD pid)
{
    HANDLE process = OpenProcess(SYNCHRONIZE, FALSE, pid);
    DWORD ret = WaitForSingleObject(process, 0);
    CloseHandle(process);
    return ret == WAIT_TIMEOUT;
}

Note that process ID's can be recycled - it's better to cache the handle that is returned from the CreateProcess call.

You can also use the threadpool API's (SetThreadpoolWait on Vista+, RegisterWaitForSingleObject on older platforms) to receive a callback when the process exits.

EDIT: I missed the "want to do something to the process" part of the original question. You can use this technique if it is ok to have potentially stale data for some small window or if you want to fail an operation without even attempting it. You will still have to handle the case where the action fails because the process has exited.

User · Answer

The solution provided by  user152949  as it was noted in commentaries  skips the first process and doesn t break when  exists  is set to true  Let me provide a fixed version    include  lt windows h gt   include  lt tlhelp32 h gt   include  lt tchar h gt   bool IsProcessRunning const TCHAR  const executableName        PROCESSENTRY32 entry      entry dwSize   sizeof PROCESSENTRY32        const auto snapshot   CreateToolhelp32Snapshot TH32CS SNAPPROCESS  NULL        if   Process32First snapshot   amp entry             CloseHandle snapshot           return false             do           if    tcsicmp entry szExeFile  executableName                 CloseHandle snapshot               return true                  while  Process32Next snapshot   amp entry         CloseHandle snapshot       return false

User · Answer

You can never check and see if a process is running  you can only check to see if a process was running at some point in the recent past   A process is an entity that is not controlled by your application and can exit at any moment in time   There is no way to guaranteed that a process will not exit in between the check to see if it s running and the corresponding action   The best approach is to just do the action required and catch the exception that would be thrown if the process was not running

User · Answer

This is a solution that I ve used in the past  Although the example here is in VB net - I ve used this technique with c and c    It bypasses all the issues with Process IDs  amp  Process handles  and return codes  Windows is very faithful in releasing the mutex no matter how Process2 is terminated  I hope it is helpful to someone       PROCESS1  -        Randomize       mutexname    myprocess   amp  Mid Format CDbl Long MaxValue    Rnd     00000000000000000000    1  16      hnd   CreateMutex 0  False  mutexname         pass this name to Process2     File WriteAllText  mutexname txt   mutexname        lt start Process2 gt       lt wait for Process2 to start gt       pr   WaitForSingleObject hnd  0      ReleaseMutex hnd       If pr   WAIT OBJECT 0 Then            lt Process2 not running gt       Else            lt Process2 is running gt       End If              CloseHandle hnd      EXIT        PROCESS2  -        mutexname   File ReadAllText  mutexname txt       hnd   OpenMutex MUTEX ALL ACCESS Or SYNCHRONIZE  True  mutexname               ReleaseMutex hnd      CloseHandle hnd      EXIT

User · Answer

You can use GetExitCodeProcess   It will return STILL ACTIVE  259  if the process is still running  or if it happened to exit with that exit code

User · Answer

I found this today  it is from 2003  It finds a process by name  you don t even need the pid     include windows h    include tlhelp32 h    include iostream h  int FIND PROC BY NAME const char      int main int argc  char  argv            Check whether a process is currently running  or not  char szName 100   notepad exe        Name of process to find  int isRunning       isRunning FIND PROC BY NAME szName           Note  isRunning 0 means process not found   1 means yes  it is found in memor     return isRunning     int FIND PROC BY NAME const char  szToFind      Created  12 29 2000   RK      Last modified  6 16 2003   RK      Please report any problems or bugs to kochhar physiology wisc edu     The latest version of this routine can be found at          http   www neurophys wisc edu ravi software killproc      Check whether the process  szToFind  is currently running in memory     This works for Win 95 98 ME and also Win NT 2000 XP     The process name is case-insensitive  i e   notepad exe  and  NOTEPAD EXE      will both work  for szToFind      Return codes are as follows        0     Process was not found       1     Process was found       605   Unable to search for process       606   Unable to identify system type       607   Unsupported OS       632   Process name is invalid     Change history       3 10 2002   - Fixed memory leak in some cases  hSnapShot and                    and hSnapShotm were not being closed sometimes       6 13 2003   - Removed iFound  was not being used  as pointed out                    by John Emmas          BOOL bResult bResultm      DWORD aiPID 1000  iCb 1000 iNumProc iV2000 0      DWORD iCbneeded i      char szName MAX PATH  szToFindUpper MAX PATH       HANDLE hProc hSnapShot hSnapShotm      OSVERSIONINFO osvi      HINSTANCE hInstLib      int iLen iLenP indx      HMODULE hMod      PROCESSENTRY32 procentry            MODULEENTRY32 modentry          PSAPI Function Pointers       BOOL  WINAPI  lpfEnumProcesses   DWORD    DWORD cb  DWORD           BOOL  WINAPI  lpfEnumProcessModules   HANDLE  HMODULE            DWORD  LPDWORD         DWORD  WINAPI  lpfGetModuleBaseName   HANDLE  HMODULE          LPTSTR  DWORD              ToolHelp Function Pointers        HANDLE  WINAPI  lpfCreateToolhelp32Snapshot  DWORD DWORD          BOOL  WINAPI  lpfProcess32First  HANDLE LPPROCESSENTRY32          BOOL  WINAPI  lpfProcess32Next  HANDLE LPPROCESSENTRY32          BOOL  WINAPI  lpfModule32First  HANDLE LPMODULEENTRY32          BOOL  WINAPI  lpfModule32Next  HANDLE LPMODULEENTRY32            Transfer Process name into  szToFindUpper  and        convert it to upper case     iLenP strlen szToFind       if iLenP lt 1    iLenP gt MAX PATH  return 632      for indx 0 indx lt iLenP indx            szToFindUpper indx  toupper szToFind indx        szToFindUpper iLenP  0          First check what version of Windows we re in     osvi dwOSVersionInfoSize   sizeof OSVERSIONINFO       bResult GetVersionEx  amp osvi       if  bResult         Unable to identify system version         return 606          At Present we only support Win NT 2000 or Win 9x ME     if  osvi dwPlatformId    VER PLATFORM WIN32 NT   amp  amp           osvi dwPlatformId    VER PLATFORM WIN32 WINDOWS           return 607       if osvi dwPlatformId  VER PLATFORM WIN32 NT                   Win NT or 2000 or XP              Load library and get the procedures explicitly  We do             this so that we don t have to worry about modules using             this code failing to load under Windows 95  because             it can t resolve references to the PSAPI DLL           hInstLib   LoadLibraryA  PSAPI DLL             if hInstLib    NULL              return 605               Get procedure addresses           lpfEnumProcesses    BOOL WINAPI    DWORD   DWORD DWORD                GetProcAddress  hInstLib   EnumProcesses               lpfEnumProcessModules    BOOL WINAPI    HANDLE  HMODULE                DWORD  LPDWORD   GetProcAddress  hInstLib               EnumProcessModules               lpfGetModuleBaseName   DWORD  WINAPI    HANDLE  HMODULE              LPTSTR  DWORD    GetProcAddress  hInstLib               GetModuleBaseNameA                if  lpfEnumProcesses    NULL                lpfEnumProcessModules    NULL                lpfGetModuleBaseName    NULL                               FreeLibrary hInstLib                  return 605                         bResult lpfEnumProcesses aiPID iCb  amp iCbneeded           if  bResult                           Unable to get process list  EnumProcesses failed             FreeLibrary hInstLib               return 605                        How many processes are there          iNumProc iCbneeded sizeof DWORD               Get and match the name of each process         for i 0 i lt iNumProc i                             Get the  module  name for this process              strcpy szName  Unknown                   First  get a handle to the process             hProc OpenProcess PROCESS QUERY INFORMATION PROCESS VM READ FALSE                  aiPID i                   Now  get the process name             if hProc                               if lpfEnumProcessModules hProc  amp hMod sizeof hMod   amp iCbneeded                                       iLen lpfGetModuleBaseName hProc hMod szName MAX PATH                                              CloseHandle hProc                  Match regardless of lower or upper case             if strcmp  strupr szName  szToFindUpper   0                                   Process found                 FreeLibrary hInstLib                   return 1                                     if osvi dwPlatformId  VER PLATFORM WIN32 WINDOWS                   Win 95 or 98 or ME          hInstLib   LoadLibraryA  Kernel32 DLL            if  hInstLib    NULL               return FALSE               Get procedure addresses             We are linking to these functions of Kernel32            explicitly  because otherwise a module using            this code would fail to load under Windows NT             which does not have the Toolhelp32            functions in the Kernel 32          lpfCreateToolhelp32Snapshot               HANDLE WINAPI    DWORD DWORD               GetProcAddress  hInstLib               CreateToolhelp32Snapshot              lpfProcess32First               BOOL WINAPI    HANDLE LPPROCESSENTRY32               GetProcAddress  hInstLib   Process32First              lpfProcess32Next               BOOL WINAPI    HANDLE LPPROCESSENTRY32               GetProcAddress  hInstLib   Process32Next              lpfModule32First               BOOL WINAPI    HANDLE LPMODULEENTRY32               GetProcAddress  hInstLib   Module32First              lpfModule32Next               BOOL WINAPI    HANDLE LPMODULEENTRY32               GetProcAddress  hInstLib   Module32Next              if  lpfProcess32Next    NULL                lpfProcess32First    NULL                lpfModule32Next    NULL                lpfModule32First    NULL                lpfCreateToolhelp32Snapshot    NULL                         FreeLibrary hInstLib               return 605                        The Process32   and Module32   routines return names in all uppercase             Get a handle to a Toolhelp snapshot of all the systems processes           hSnapShot   lpfCreateToolhelp32Snapshot              TH32CS SNAPPROCESS  0             if  hSnapShot    INVALID HANDLE VALUE                         FreeLibrary hInstLib               return 605                        Get the first process  information          procentry dwSize   sizeof PROCESSENTRY32           bResult lpfProcess32First hSnapShot  amp procentry               While there are processes  keep looping and checking          while bResult                           Get a handle to a Toolhelp snapshot of this process              hSnapShotm   lpfCreateToolhelp32Snapshot                  TH32CS SNAPMODULE  procentry th32ProcessID                if  hSnapShotm    INVALID HANDLE VALUE                                 CloseHandle hSnapShot                   FreeLibrary hInstLib                   return 605                               Get the module list for this process             modentry dwSize sizeof MODULEENTRY32               bResultm lpfModule32First hSnapShotm  amp modentry                   While there are modules  keep looping and checking             while bResultm                                if strcmp modentry szModule szToFindUpper   0                                           Process found                     CloseHandle hSnapShotm                       CloseHandle hSnapShot                       FreeLibrary hInstLib                       return 1                                    else                       Look for next modules for this process                     modentry dwSize sizeof MODULEENTRY32                       bResultm lpfModule32Next hSnapShotm  amp modentry                                                  Keep looking             CloseHandle hSnapShotm               procentry dwSize   sizeof PROCESSENTRY32               bResult   lpfProcess32Next hSnapShot  amp procentry                     CloseHandle hSnapShot             FreeLibrary hInstLib       return 0

User · Answer

JaredPar is right in that you can t know if the process is running   You can only know if the process was running at the moment you checked   It might have died in the mean time   You also have to be aware the PIDs can be recycled pretty quickly   So just because there s a process out there with your PID  it doesn t mean that it s your process   Have the processes share a GUID    Process 1 could generate the GUID and pass it to Process 2 on the command line    Process 2 should create a named mutex with that GUID   When Process 1 wants to check  it can do a WaitForSingleObject on the mutex with a 0 timeout   If Process 2 is gone  the return code will tell you that the mutex was abandoned  otherwise you ll get a timeout

User · Answer

TL DR Use GetProcessVersion   All of these function are available in Windows XP  desktop apps   UWP apps    GetProcessVersion uses a Process ID and returns 0 if the process of the given id is not running   GetExitCodeProcess uses a Process handle and gives you the process exit code  if the code is STILL ACTIVE  259  the process is still running so you could check if it is not STILL ACTIVE  259  meaning that the process is not running  This is likely to work in basically every situation  unless the process exits with code 259   WaitForSingleObject uses a Process handle with the SYNCHRONIZE access right and returns 0 if the process is not running  You should not specify INFINITE for the dwMilliseconds parameter because the function would not return until the process state became signaled process is terminated

User · Answer

Another way of monitoring a child-process is to create a worker thread that will     call CreateProcess   call WaitForSingleObject      the worker thread will now wait till the child-process finishes execution  it s possible to grab the return code  from the main   function  too

User · Answer

include  lt cstdio gt   include  lt windows h gt   include  lt tlhelp32 h gt        brief Check if a process is running  param  in  processName Name of process to check if is running  returns  c True if the process is running  or  c False if the process is not running    bool IsProcessRunning const wchar t  processName        bool exists   false      PROCESSENTRY32 entry      entry dwSize   sizeof PROCESSENTRY32        HANDLE snapshot   CreateToolhelp32Snapshot TH32CS SNAPPROCESS  NULL        if  Process32First snapshot   amp entry           while  Process32Next snapshot   amp entry               if   wcsicmp entry szExeFile  processName                   exists   true       CloseHandle snapshot       return exists

User · Answer

While writing a monitoring tool  i took a slightly different approach   It felt a bit wasteful to spin up an extra thread just to use WaitForSingleObject or even the RegisterWaitForSingleObject  which does that for you   Since in my case i don t need to know the exact instant a process has closed  just that it indeed HAS closed    I m using the GetProcessTimes   instead   https   msdn microsoft com en-us library windows desktop ms683223 v vs 85  aspx  GetProcessTimes   will return a FILETIME struct for the process s ExitTime only if the process has actually exited  So is just a matter of checking if the ExitTime struct is populated and if the time isn t 0   This solution SHOULD account the case where a process has been killed but it s PID was reused by another process  GetProcessTimes needs a handle to the process  not the PID  So the OS should know that the handle is to a process that was running at some point  but not any more  and give you the exit time   Relying on the ExitCode felt dirty

User · Answer

call EnumProcesses    and check if the PID is in the list   http   msdn microsoft com en-us library ms682629 28VS 85 29 aspx

User · Answer

You may find if a  process  given its name or PID  is running or not by iterating over the running processes simply by taking a snapshot of running processes via CreateToolhelp32Snapshot  and by using Process32First and Process32Next calls on that snapshot   Then you may use th32ProcessID field or szExeFile field of the resulting PROCESSENTRY32 struct depending on whether you want to search by PID or executable name  A simple implementation can be found here

[c++] C++, How to determine if a Windows Process is running?

Examples related to c++

Examples related to windows

Examples related to process