For Windows, we can use the Windows API to enumerate processes and retrieve similar information (such as process names, IDs, and memory information). We'll use the EnumProcesses function to get the PIDs of all running processes and OpenProcess/GetModuleBaseName to retrieve their executable names.
#include<Windows.h>
#include<Psapi.h>
#include<iostream>
#include<string>
//List process Function
void ListProc() {
DWORD Proc[1024], MemtoStorePID, totalProc; //Initialize
//process ID enumrate
if (EnumProcesses(Proc, sizeof(Proc), &MemtoStorePID)) {
totalProc = MemtoStorePID / sizeof(DWORD);
for (unsigned int i = 1; i < totalProc; i++) {
DWORD pid = Proc[i];
HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
//Get the process name
if (hProc) {
char ProcName[MAX_PATH] = "<unknown>";
HMODULE hMod;
DWORD MemtoStorePID;
if (EnumProcessModules(hProc, &hMod, sizeof(&hMod), &MemtoStorePID)) {
GetModuleBaseNameA(hProc, hMod, ProcName, sizeof(ProcName) / sizeof(CHAR));
}
std::wcout << L"PID:" << pid << L": " << ProcName << std::endl; //Output
CloseHandle(hProc);
}
}
}
else {
std::cerr << L"Enum Failed!!" << std::endl; //Error
}
}
int main() {
ListProc();
return 0;
}
#include <Windows.h>
#include <Psapi.h>
#include <iostream>
#include <string>
//List process function
void ListProc() {
DWORD Proc[1024], MemtoStorePID, totalProc; //Initialize
//Process ID enum
if (EnumProcesses(Proc, sizeof(Proc), &MemtoStorePID)) {
totalProc = MemtoStorePID / sizeof(DWORD);
for (unsigned int i = 0; i < totalProc; i++) {
DWORD pid = Proc[i];
HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (hProc) {
char ProcName[MAX_PATH] = "<unknown>";
HMODULE hMod;
DWORD MemtoStorePID;
//Enumerate the process and get the name
if (EnumProcessModules(hProc, &hMod, sizeof(hMod), &MemtoStorePID)) {
GetModuleBaseNameA(hProc, hMod, ProcName, sizeof(ProcName) / sizeof(CHAR));
}
std::wcout << L"PID:" << pid << L": " << ProcName << std::endl; //Output
MEMORY_BASIC_INFORMATION mbi;
LPVOID ptr = 0;
SIZE_T totalSize = 0;
//Query memory regions
while (VirtualQueryEx(hProc, ptr, &mbi, sizeof(mbi))) {
//Filter committed memory that have ReadWriteExecute
if (mbi.State == MEM_COMMIT && (mbi.Protect == PAGE_READWRITE || mbi.Protect == PAGE_EXECUTE_READWRITE)) {
totalSize += mbi.RegionSize; //Add to totalSize
}
//Increment pointer to next region
ptr = (LPVOID)((SIZE_T)ptr + mbi.RegionSize);
}
std::cout << "Total Size = " << totalSize << " bytes\n";
CloseHandle(hProc);
}
}
}
else {
std::cerr << "Enum Failed!!" << std::endl; //Error
}
}
int main() {
ListProc();
return 0;
}
- This file uses Windows API functions for memory and process querying.
- No security vendors flagged the file, indicating it is safe but possibly requires context-specific analysis.
- The process list shows
PID,Process Name,Total Size Taken. They are all filterd for RWX files.