1 USING: accessors alien alien.c-types alien.data alien.syntax
2 arrays byte-arrays classes.struct destructors fry io
3 io.encodings.string io.encodings.utf16n kernel literals locals
4 math nested-comments sequences strings system tools.ps
5 windows.errors windows.handles windows.kernel32 windows.ntdll
9 : do-snapshot ( snapshot-type -- handle )
10 0 CreateToolhelp32Snapshot dup win32-error=0/f ;
12 : default-process-entry ( -- obj )
13 PROCESSENTRY32 <struct> PROCESSENTRY32 heap-size >>dwSize ;
15 : first-process ( handle -- PROCESSENTRY32 )
17 [ Process32First win32-error=0/f ] keep ;
19 : next-process ( handle -- PROCESSENTRY32/f )
20 default-process-entry [ Process32Next ] keep swap
21 FALSE = [ drop f ] when ;
23 : open-process-read ( dwProcessId -- HANDLE )
25 flags{ PROCESS_QUERY_INFORMATION PROCESS_VM_READ }
29 : query-information-process ( HANDLE -- PROCESS_BASIC_INFORMATION )
31 PROCESS_BASIC_INFORMATION <struct> [
34 NtQueryInformationProcess drop
37 :: read-process-memory ( HANDLE alien offset len -- byte-array )
39 offset alien <displaced-alien>
40 len <byte-array> dup :> ba
43 ReadProcessMemory win32-error=0/f
46 : read-peb ( handle address -- peb )
47 0 PEB heap-size read-process-memory PEB memory>struct ;
52 [ <win32-handle> &dispose drop ]
53 [ dup query-information-process PebBaseAddress>> read-peb ] bi
56 :: read-args ( handle -- string/f )
57 handle <win32-handle> &dispose drop
58 handle query-information-process :> process-basic-information
59 handle process-basic-information PebBaseAddress>>
61 "ProcessParameters" PEB offset-of
64 PVOID deref :> args-offset
65 args-offset ALIEN: 0 = [
70 "CommandLine" RTL_USER_PROCESS_PARAMETERS offset-of
71 UNICODE_STRING heap-size
74 UNICODE_STRING deref [ Buffer>> 0 ] [ Length>> ] bi read-process-memory
79 : process-list ( -- assoc )
81 TH32CS_SNAPALL do-snapshot
82 [ <win32-handle> &dispose drop ]
84 [ '[ drop _ next-process ] follow ] tri
87 [ th32ProcessID>> open-process-read dup [ read-args ] when ]
88 [ szExeFile>> [ 0 = ] trim-tail >string or ] tri 2array
92 M: windows ps ( -- assoc ) process-list ;