Process.GetProcesses and IsWow64Process does not return all the running processes

1

Im using this simple code to list all the running processes and their architecture (32bit or 64bit) on console, And it works nearly accurate but the number of processes in result is not even half of what i see in WindowsTaskManager or ProcessHacker. Most of my running processes are not included in the returning result. And it almost returns just the system processes. Some times i get "Win32Exception" or "Access Denied" (maybe because some processes are protected) and sometimes without Exception:

internal static class Program
{
    private static void Main()
    {
        foreach (var p in Process.GetProcesses())
        {
            try
            {
                if (p.IsWin64Emulator())
                {
                    Console.WriteLine(p.ProcessName + " x86 " + p.MainModule.FileName);
                }
                else
                {
                    Console.WriteLine(p.ProcessName + " x64 " + p.MainModule.FileName);
                }
            }
            catch (Win32Exception ex)
            {
                if (ex.NativeErrorCode != 0x00000005)
                {
                    throw;
                }
            }
        }

        Console.ReadLine();
    }

    private static bool IsWin64Emulator(this Process process)
    {
        if (Environment.OSVersion.Version.Major > 5 || Environment.OSVersion.Version.Major == 5 && Environment.OSVersion.Version.Minor >= 1)
        {
            return NativeMethods.IsWow64Process(process.Handle, out var retVal) && retVal;
        }

        return false;
    }
}

internal static class NativeMethods
{
    [DllImport("kernel32.dll", SetLastError = true, CallingConvention = CallingConvention.Winapi)]
    [return: MarshalAs(UnmanagedType.Bool)]
    internal static extern bool IsWow64Process([In] IntPtr process, [Out] out bool wow64Process);
}

So here is my question: Why this code does not show me all the processes in result? And how to solve this problem?

Example of What is included:

conhost x64
OpenWith x64
LockApp x64
ShellExperienceHost x64
SearchUI x64
...

Example of what is not included:

CSh_Test x64 --> Current Running Sotfware in debug mode
explorer x64
ccSvcHst x86 --> Symantec AV
devenv x86   --> Visual Studio
XYplorer x86 --> File manager
c#
import
cpu-architecture
windows-process
asked on Stack Overflow Jan 30, 2019 by 0_o • edited Jan 30, 2019 by 0_o

1 Answer

1

GetProcesses() gives you the running processes, but not the underlying services which are also shown in WindowsTaskManager. Maybe that's the difference you are experiencing?

Source: https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process.getprocesses?view=netframework-4.7.2

If not, please give some more information about what is shown and what is not.

answered on Stack Overflow Jan 30, 2019 by Sandy

User contributions licensed under CC BY-SA 3.0