none
EnumProcessModules() doesn't work on Windows 2008 Server (64 bit)

    Question

  • Hello

    I have a problem in enumerating the processes running on Win 2008 Server (64 bit) using my 32-bit application. It appears the API's that worked fine on 32-bit version of Windows don't work the same way on 64 bit machines.

    My intent is to find out if mmc.exe is running or not on a Windows machine.

    Here is what I do for enumerating the processes:
    Call OpenProcess()
    Then call EnumProcessModules()
    Then call GetModuleBaseName() to get the process name.

    I'd like my 32-bit application to work pretty much the same way on 64bit windows as well.

    Could somebody tell me if there any solution at all to this problem?


    Thanks & Best Regards
    Ravi


    Wednesday, September 10, 2008 10:56 AM

Answers

  • Hi Ravi,

     

    Yes, you are correct here. From a 32 bit application it is not possible to enumerate the process on 64 bit Windows. So if you want to run your existing code then you need to compile the code as 64 bit.

     

    Basically the reason why Process Explorer is able to enumerate modules of both 32-bit and 64-bit processes at the same time is, when process explorer launches , it also have a 64 bit version with it .There is some logic , 64-bit version is not actually visible to us , but it is there. So when through the Process Explorer you try to enum modules of 32-bit process , 32-bit version of Process explorer is active and displays the modules correctly. And same way you try to enum modules of 64-bit process , 64-bit version of Process explorer is active and displays the modules correctly.

     

    I cannot find a public document which states this behavior. However there is a new API EnumProcessModulesEx Function which seems to be fixing this issue on Windows Vista and Windows Server 2008.

     

    Also you can consider this as an official Microsoft response.

     

    Hope the above helps.

     

    Thanks

     

    Saswati

     

    Friday, September 12, 2008 10:28 PM

All replies

  •  

    Hi Ravi,

     

    This issue is being discussed ofline. Will update you on this at the earliest.

     

    Thanks

     

    Saswati

     

    Thursday, September 11, 2008 10:19 PM
  • Hi Saswati

    Thanks for your response. Could we safely say for the moment that there isn't a way at all to enumerate the processes on 64 bit windows by a 32-bit app, with the API's that are available?

    Also, please let me know if this an official Microsoft response.

    Thanks & Best Regards
    Ravi
    Friday, September 12, 2008 6:54 PM
  • Hi Ravi,

     

    Yes, you are correct here. From a 32 bit application it is not possible to enumerate the process on 64 bit Windows. So if you want to run your existing code then you need to compile the code as 64 bit.

     

    Basically the reason why Process Explorer is able to enumerate modules of both 32-bit and 64-bit processes at the same time is, when process explorer launches , it also have a 64 bit version with it .There is some logic , 64-bit version is not actually visible to us , but it is there. So when through the Process Explorer you try to enum modules of 32-bit process , 32-bit version of Process explorer is active and displays the modules correctly. And same way you try to enum modules of 64-bit process , 64-bit version of Process explorer is active and displays the modules correctly.

     

    I cannot find a public document which states this behavior. However there is a new API EnumProcessModulesEx Function which seems to be fixing this issue on Windows Vista and Windows Server 2008.

     

    Also you can consider this as an official Microsoft response.

     

    Hope the above helps.

     

    Thanks

     

    Saswati

     

    Friday, September 12, 2008 10:28 PM