Getting information from a process

Scott · Jul 22, 2008

I have a service that starts 0->several processes to do work for the main
service. These processes are always the same xxx.exe that are generally
attached to a specific MSMQ that the process with monitor. The MSMQ queue is
passes to the process via a command line parameter.

What I need to be able to do is identify the queue that each of these
processes is monitoring from the Process information.

When the main service starts it does a Process.GetProcessByName for the
xxx.exe in an attempt to reconnect to any processes that may (still) be
running.

The problem is that I don't see any information in the Process object that
allows me to identify the queue (or anything else) that identifies this
process.

All I need is the original commandline options. But I don't see a way to get
that information either. The Arguments are in the startinfo member but are
usually not set. So is there some way to set and retrieve some type of
information to identify the process? Preferably something through the
ProcessStartInfo that can be retrieved directly through the process object.

OR is there away to snoop into the running process using reflection?

Jeffrey Tan[MSFT] · Jul 23, 2008

Hi Scott,

I am not a MSMQ expert, but I want to share my experience on .Net process
programming.

Do you start the remote processes using Process.Start()? If so, .Net
Process class will store the reference to the ProcessStartInfo in the
Process.StartInfo property, so we can retrieve it later. For example, the
following code snippet demonstrates the logic and works well on my side:

Process m_RemoteProcess;
private void button1_Click(object sender, EventArgs e)
{
ProcessStartInfo psi = new ProcessStartInfo(@"C:\windows\notepad.exe",
@"D:\msjeff2008_services.txt");
m_RemoteProcess = Process.Start(psi);
}

private void button2_Click(object sender, EventArgs e)
{
MessageBox.Show("The command line argument for the process is: " +
m_RemoteProcess.StartInfo.Arguments);
}

However, if the remote processes are not started by your code, the .Net
Process class has no chance to store the ProcessStartInfo structure. Then,
we can not retrieve it this way; we have to find another way to get this
done.

From the OS point of view, the CommandLine is stored in a private structure
that is accessible via the PEB. Windows provides GetCommandLine() API to
retrieve command line argument for current process, however, there is no
API to retrieve the command line of another process since different
processes have different virtual address space.

Fortunately, WMI exposes Win32_Process class which contains the CommandLine
property. In .Net, we can use the classes in System.Management namespace to
invoke WMI. The code snippet below dumps the command line of all the
notepad.exe processes:

using System.Management;
private void button1_Click(object sender, EventArgs e)
{
ManagementObjectSearcher mos = new
ManagementObjectSearcher(@"\root\cimv2", "Select * from Win32_Process where
name = \"notepad.exe\"");
foreach (ManagementObject mo in mos.Get())
{
MessageBox.Show("Command Line : " + mo["CommandLine"].ToString());
}
}
Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Scott · Jul 23, 2008

Jeffery,

Thanks for this, works just fine!

I keep forgetting about WMI, in my mind it is for static machine
configuration values but (obviously) it is much more.
--
Scott

"Jeffrey Tan[MSFT]" said:
Hi Scott,

I am not a MSMQ expert, but I want to share my experience on .Net process
programming.

Do you start the remote processes using Process.Start()? If so, .Net
Process class will store the reference to the ProcessStartInfo in the
Process.StartInfo property, so we can retrieve it later. For example, the
following code snippet demonstrates the logic and works well on my side:

Process m_RemoteProcess;
private void button1_Click(object sender, EventArgs e)
{
ProcessStartInfo psi = new ProcessStartInfo(@"C:\windows\notepad.exe",
@"D:\msjeff2008_services.txt");
m_RemoteProcess = Process.Start(psi);
}

private void button2_Click(object sender, EventArgs e)
{
MessageBox.Show("The command line argument for the process is: " +
m_RemoteProcess.StartInfo.Arguments);
}

However, if the remote processes are not started by your code, the .Net
Process class has no chance to store the ProcessStartInfo structure. Then,
we can not retrieve it this way; we have to find another way to get this
done.

From the OS point of view, the CommandLine is stored in a private structure
that is accessible via the PEB. Windows provides GetCommandLine() API to
retrieve command line argument for current process, however, there is no
API to retrieve the command line of another process since different
processes have different virtual address space.

Fortunately, WMI exposes Win32_Process class which contains the CommandLine
property. In .Net, we can use the classes in System.Management namespace to
invoke WMI. The code snippet below dumps the command line of all the
notepad.exe processes:

using System.Management;
private void button1_Click(object sender, EventArgs e)
{
ManagementObjectSearcher mos = new
ManagementObjectSearcher(@"\root\cimv2", "Select * from Win32_Process where
name = \"notepad.exe\"");
foreach (ManagementObject mo in mos.Get())
{
MessageBox.Show("Command Line : " + mo["CommandLine"].ToString());
}
}
Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Jeffrey Tan[MSFT] · Jul 24, 2008

Hi Scott,

Glad to see my reply can help you.

Yes, I was also surprised to see WMI provide more function than Win32 APIs.
I am still wondering how WMI retrieves the command line data from remote
process. Maybe it is using a secrete system call or remote process memory
reading, but I am not sure.

Anyway, if you need further help, please feel free to post, thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
=========================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

This posting is provided "AS IS" with no warranties, and confers no rights.