Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Windows 64bit > EnumProcessModules() weirdness

Reply
Thread Tools

EnumProcessModules() weirdness

 
 
Mickey Lane
Guest
Posts: n/a
 
      07-21-2005
This is a question about running 32-bit applications on 64-bit machines.
It's kind of tedious...

32-bit OS = Win XP Sp1
64-bit OS = RTM Standard Server 2003 Sp1

There's some example code that's been around for a long time that shows how
to print the names of all the running processes on the system.

It goes EnumProcesses() - OpenProcess() - EnumProcessModules() -
GetModuleFileNameEx() - printf()

I modified the example to not enumerate all of the component modules - I
just want the executable name - and to put everything on one line.

To compile on 32-bits, I use:
1) Visual Studio 6
2) The IFS DDK + 32-bit Platform SDK and the build utility

(no difference in results)

To compile on 64-bit, I use the 64-bit version of option 2 above.


When I compile and run this on 32-bits, it mostly works. The few access
denied errors are acceptable. When I copy the 32-bit image to the 64-bit
machine, it mostly doesn't work. When I compile and run on 64-bits, it
works. Three outputs below:


===== 32-bit image running on 32-bit machine =====

Process ID: 00004: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 00504: \SystemRoot\System32\smss.exe
Process ID: 00552: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00576: \??\F:\WINDOWS\system32\winlogon.exe
Process ID: 00620: F:\WINDOWS\system32\services.exe
Process ID: 00632: F:\WINDOWS\system32\lsass.exe
Process ID: 00800: F:\WINDOWS\system32\Ati2evxx.exe
Process ID: 00816: F:\WINDOWS\system32\svchost.exe
Process ID: 00872: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00940: F:\WINDOWS\System32\svchost.exe
Process ID: 01012: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 01088: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 01276: F:\WINDOWS\system32\spoolsv.exe
Process ID: 01452: F:\WINDOWS\system32\Ati2evxx.exe
Process ID: 01532: F:\WINDOWS\Explorer.EXE
Process ID: 01632: F:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
Process ID: 01640: F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
Process ID: 01648: F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
Process ID: 01660: F:\Program Files\Intel\Intel(R) Active
Monitor\imontray.exe
Process ID: 01668: F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Process ID: 01676: F:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe
Process ID: 01684: F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
Process ID: 01692: F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Process ID: 01700: F:\Program Files\Messenger\msmsgs.exe
Process ID: 01708: F:\WINDOWS\system32\ctfmon.exe
Process ID: 01740: F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Process ID: 01852: F:\WINDOWS\System32\drivers\CDAC11BA.EXE
Process ID: 01876: F:\PowerPanelPlus\upssrv.exe
Process ID: 01908: F:\WINDOWS\system32\inetsrv\inetinfo.exe
Process ID: 01916: F:\PowerPanelPlus\upsio.exe
Process ID: 01952: F:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
Process ID: 00136: F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Process ID: 00176: F:\WINDOWS\System32\svchost.exe
Process ID: 00232: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00416: F:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
Process ID: 02160: F:\WINDOWS\system32\wscntfy.exe
Process ID: 02588: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 02792: F:\WINDOWS\System32\svchost.exe
Process ID: 02180: F:\Program Files\Outlook Express\msimn.exe
Process ID: 02780: F:\WINDOWS\system32\notepad.exe
Process ID: 00128: F:\Program Files\Microsoft Visual
Studio\Common\MSDev98\Bin\MSDEV.EXE
Process ID: 03472: F:\WINDOWS\system32\cmd.exe
Process ID: 02788: G:\Pid\objchk_wxp_x86\i386\Pid.exe

===== same 32-bit image running on 64-bit machine =====

Process ID: 00004: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 00360: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 00408: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00432: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 00476: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 00488: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 00696: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 00764: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00860: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00896: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00908: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 01036: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 01064: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 01188: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 01228: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 01288: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 01312: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 01340: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 01424: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 01524: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 01728: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 01952: E:\WINDOWS\SysWOW64\svchost.exe
Process ID: 02012: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 00840: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 02212: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 02540: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 02684: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 02756: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 02184: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 01876: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 00392: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 02188: E:\Pid\32\objchk_wxp_x86\i386\Pid.exe

===== 64-bit image running on 64-bit machine =====

Process ID: 00004: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
Process ID: 00360: \SystemRoot\System32\smss.exe
Process ID: 00408: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00432: \??\E:\WINDOWS\system32\winlogon.exe
Process ID: 00476: E:\WINDOWS\system32\services.exe
Process ID: 00488: E:\WINDOWS\system32\lsass.exe
Process ID: 00696: E:\WINDOWS\system32\svchost.exe
Process ID: 00764: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00860: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00896: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 00908: E:\WINDOWS\System32\svchost.exe
Process ID: 01036: E:\WINDOWS\system32\spoolsv.exe
Process ID: 01064: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 01188: E:\WINDOWS\System32\dns.exe
Process ID: 01228: E:\WINDOWS\System32\svchost.exe
Process ID: 01288: E:\WINDOWS\system32\inetsrv\inetinfo.exe
Process ID: 01312: E:\WINDOWS\system32\tcpsvcs.exe
Process ID: 01340: E:\WINDOWS\system32\sfmsvc.exe
Process ID: 01424: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 01524: E:\WINDOWS\System32\wins.exe
Process ID: 01728: E:\WINDOWS\System32\svchost.exe
Process ID: 01952: E:\WINDOWS\SysWOW64\svchost.exe
Process ID: 02012: E:\WINDOWS\System32\svchost.exe
Process ID: 00840: E:\WINDOWS\Explorer.EXE
Process ID: 02212: E:\WINDOWS\System32\svchost.exe
Process ID: 02540: E:\WINDOWS\system32\wuauclt.exe
Process ID: 02684: *** OpenProcess() returns ERROR_ACCESS_DENIED
Process ID: 02756: E:\WINDOWS\system32\wpabaln.exe
Process ID: 02184: E:\WINDOWS\system32\cmd.exe
Process ID: 01876: E:\WINDOWS\system32\cmd.exe
Process ID: 00392: E:\WINDOWS\system32\cmd.exe
Process ID: 00724: E:\Pid\64\objchk_wnet_amd64\amd64\Pid.exe

Anybody have any suggestions as to why EnumProcesses() and OpenProcess()
will work in either situation but EnumProcessModules() won't?

Anybody have the ability to define ERROR_PARTIAL_COPY from
EnumProcessModules()?

Regards,
Mickey.


 
Reply With Quote
 
 
 
 
R.B.
Guest
Posts: n/a
 
      07-21-2005
Mickey Lane wrote:
> This is a question about running 32-bit applications on 64-bit machines.
> It's kind of tedious...
>
> 32-bit OS = Win XP Sp1
> 64-bit OS = RTM Standard Server 2003 Sp1
>
> There's some example code that's been around for a long time that shows how
> to print the names of all the running processes on the system.
>
> It goes EnumProcesses() - OpenProcess() - EnumProcessModules() -
> GetModuleFileNameEx() - printf()
>
> I modified the example to not enumerate all of the component modules - I
> just want the executable name - and to put everything on one line.
>
> To compile on 32-bits, I use:
> 1) Visual Studio 6
> 2) The IFS DDK + 32-bit Platform SDK and the build utility
>
> (no difference in results)
>
> To compile on 64-bit, I use the 64-bit version of option 2 above.
>
>
> When I compile and run this on 32-bits, it mostly works. The few access
> denied errors are acceptable. When I copy the 32-bit image to the 64-bit
> machine, it mostly doesn't work. When I compile and run on 64-bits, it
> works. Three outputs below:
>
>
> ===== 32-bit image running on 32-bit machine =====
>
> Process ID: 00004: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 00504: \SystemRoot\System32\smss.exe
> Process ID: 00552: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00576: \??\F:\WINDOWS\system32\winlogon.exe
> Process ID: 00620: F:\WINDOWS\system32\services.exe
> Process ID: 00632: F:\WINDOWS\system32\lsass.exe
> Process ID: 00800: F:\WINDOWS\system32\Ati2evxx.exe
> Process ID: 00816: F:\WINDOWS\system32\svchost.exe
> Process ID: 00872: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00940: F:\WINDOWS\System32\svchost.exe
> Process ID: 01012: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 01088: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 01276: F:\WINDOWS\system32\spoolsv.exe
> Process ID: 01452: F:\WINDOWS\system32\Ati2evxx.exe
> Process ID: 01532: F:\WINDOWS\Explorer.EXE
> Process ID: 01632: F:\Program Files\ATI Technologies\ATI Control
> Panel\atiptaxx.exe
> Process ID: 01640: F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
> Process ID: 01648: F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
> Process ID: 01660: F:\Program Files\Intel\Intel(R) Active
> Monitor\imontray.exe
> Process ID: 01668: F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
> Process ID: 01676: F:\Program Files\Roxio\Easy CD Creator
> 5\DirectCD\DirectCD.exe
> Process ID: 01684: F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
> Process ID: 01692: F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
> Process ID: 01700: F:\Program Files\Messenger\msmsgs.exe
> Process ID: 01708: F:\WINDOWS\system32\ctfmon.exe
> Process ID: 01740: F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
> Process ID: 01852: F:\WINDOWS\System32\drivers\CDAC11BA.EXE
> Process ID: 01876: F:\PowerPanelPlus\upssrv.exe
> Process ID: 01908: F:\WINDOWS\system32\inetsrv\inetinfo.exe
> Process ID: 01916: F:\PowerPanelPlus\upsio.exe
> Process ID: 01952: F:\Program Files\Common Files\Microsoft
> Shared\VS7Debug\mdm.exe
> Process ID: 00136: F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
> Process ID: 00176: F:\WINDOWS\System32\svchost.exe
> Process ID: 00232: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00416: F:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
> Process ID: 02160: F:\WINDOWS\system32\wscntfy.exe
> Process ID: 02588: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 02792: F:\WINDOWS\System32\svchost.exe
> Process ID: 02180: F:\Program Files\Outlook Express\msimn.exe
> Process ID: 02780: F:\WINDOWS\system32\notepad.exe
> Process ID: 00128: F:\Program Files\Microsoft Visual
> Studio\Common\MSDev98\Bin\MSDEV.EXE
> Process ID: 03472: F:\WINDOWS\system32\cmd.exe
> Process ID: 02788: G:\Pid\objchk_wxp_x86\i386\Pid.exe
>
> ===== same 32-bit image running on 64-bit machine =====
>
> Process ID: 00004: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 00360: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 00408: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00432: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 00476: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 00488: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 00696: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 00764: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00860: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00896: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00908: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 01036: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 01064: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 01188: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 01228: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 01288: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 01312: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 01340: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 01424: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 01524: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 01728: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 01952: E:\WINDOWS\SysWOW64\svchost.exe
> Process ID: 02012: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 00840: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 02212: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 02540: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 02684: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 02756: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 02184: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 01876: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 00392: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 02188: E:\Pid\32\objchk_wxp_x86\i386\Pid.exe
>
> ===== 64-bit image running on 64-bit machine =====
>
> Process ID: 00004: *** EnumProcessModules() returns ERROR_PARTIAL_COPY
> Process ID: 00360: \SystemRoot\System32\smss.exe
> Process ID: 00408: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00432: \??\E:\WINDOWS\system32\winlogon.exe
> Process ID: 00476: E:\WINDOWS\system32\services.exe
> Process ID: 00488: E:\WINDOWS\system32\lsass.exe
> Process ID: 00696: E:\WINDOWS\system32\svchost.exe
> Process ID: 00764: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00860: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00896: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 00908: E:\WINDOWS\System32\svchost.exe
> Process ID: 01036: E:\WINDOWS\system32\spoolsv.exe
> Process ID: 01064: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 01188: E:\WINDOWS\System32\dns.exe
> Process ID: 01228: E:\WINDOWS\System32\svchost.exe
> Process ID: 01288: E:\WINDOWS\system32\inetsrv\inetinfo.exe
> Process ID: 01312: E:\WINDOWS\system32\tcpsvcs.exe
> Process ID: 01340: E:\WINDOWS\system32\sfmsvc.exe
> Process ID: 01424: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 01524: E:\WINDOWS\System32\wins.exe
> Process ID: 01728: E:\WINDOWS\System32\svchost.exe
> Process ID: 01952: E:\WINDOWS\SysWOW64\svchost.exe
> Process ID: 02012: E:\WINDOWS\System32\svchost.exe
> Process ID: 00840: E:\WINDOWS\Explorer.EXE
> Process ID: 02212: E:\WINDOWS\System32\svchost.exe
> Process ID: 02540: E:\WINDOWS\system32\wuauclt.exe
> Process ID: 02684: *** OpenProcess() returns ERROR_ACCESS_DENIED
> Process ID: 02756: E:\WINDOWS\system32\wpabaln.exe
> Process ID: 02184: E:\WINDOWS\system32\cmd.exe
> Process ID: 01876: E:\WINDOWS\system32\cmd.exe
> Process ID: 00392: E:\WINDOWS\system32\cmd.exe
> Process ID: 00724: E:\Pid\64\objchk_wnet_amd64\amd64\Pid.exe
>
> Anybody have any suggestions as to why EnumProcesses() and OpenProcess()
> will work in either situation but EnumProcessModules() won't?
>
> Anybody have the ability to define ERROR_PARTIAL_COPY from
> EnumProcessModules()?
>
> Regards,
> Mickey.
>
>



This is just a guess (sorry), but do you have a large enough lphModule
array?

BOOL EnumProcessModules(
HANDLE hProcess,
HMODULE* lphModule,
DWORD cb,
LPDWORD lpcbNeeded
);

Try calling EnumProcessModules() first with cb (size of array) set to
zero. Then allocate the returned lpcbNeeded * sizeof(HMODULE) and call
EnumProcessModules() again with the new data. Hopefully this is what
ERROR_PARTIAL_COPY means. (If you have error number you can use
errlook.exe in visual studio tools directory to get a better description).
 
Reply With Quote
 
 
 
 
Mickey Lane
Guest
Posts: n/a
 
      07-21-2005

"R.B." <(E-Mail Removed)> wrote in message
news:e0$(E-Mail Removed)...
>
> This is just a guess (sorry), but do you have a large enough lphModule
> array?
>
> BOOL EnumProcessModules(
> HANDLE hProcess,
> HMODULE* lphModule,
> DWORD cb,
> LPDWORD lpcbNeeded
> );
>
> Try calling EnumProcessModules() first with cb (size of array) set to
> zero. Then allocate the returned lpcbNeeded * sizeof(HMODULE) and call
> EnumProcessModules() again with the new data. Hopefully this is what
> ERROR_PARTIAL_COPY means. (If you have error number you can use
> errlook.exe in visual studio tools directory to get a better description).


Doesn't seem to change anything. Didn't think it would. You can call the
routine with a buffer length of 1 element and get back only one handle - the
handle of the main process name.

In my test program, I had arbitrarly set the buffer size to 200 elements.
The 4th variable is then set to the number used. (or the number of bytes
used)

I even tried making sure everything was 64-bit aligned. No luck there
either.

Mickey.


 
Reply With Quote
 
R.B.
Guest
Posts: n/a
 
      07-21-2005
Mickey Lane wrote:
> Doesn't seem to change anything. Didn't think it would. You can call the
> routine with a buffer length of 1 element and get back only one handle - the
> handle of the main process name.
>
> In my test program, I had arbitrarly set the buffer size to 200 elements.
> The 4th variable is then set to the number used. (or the number of bytes
> used)
>
> I even tried making sure everything was 64-bit aligned. No luck there
> either.
>
> Mickey.
>
>


What error number does GetLastError() return when the function fails?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tkinter WEIRDNESS or Python WEIRDNESS? steve Python 4 03-13-2005 12:34 AM
Weirdness. Poly-poly man Firefox 1 03-02-2005 12:26 AM
Weirdness with FireFox Drude Firefox 2 02-19-2005 08:34 PM
POK Flag Weirdness wth binary files Wayne Myers Perl 1 05-27-2004 03:20 PM
Browser-blocking weirdness. Daniel Bell Firefox 2 08-11-2003 01:28 PM



Advertisments