Process ID changes when the program is visible or minimized
I am trying to get the process id of a program (PID), but for some odd reason the PID changes. When the target program ( Alarms & Clock
) is visible it gives me the wrong PID, when the program is minimized it gives me the correct PID.
My guess is that the minification of the target program is being suspends
handled, allowing it to be read. However, simply reading the PID should not be a limitation, even if the process is running.
Does anyone have an idea what I am doing wrong?
Current methods:
- Ran in administrative mode
- Compiled for 64-bit
- Compiled for 32-bit
ere is a working, succinct piece of code that displays the problem:
#include <iostream>
#include <Windows.h>
#include <string>
int main()
{
std::string window_name = "Alarms & Clock"; //Feel free to replace this with another program
HWND hwnd = FindWindowA(NULL, window_name.c_str());
if (!hwnd)
{
std::cerr << "Error: Could not find window" << std::endl;
return -1;
}
DWORD processID = 0;
GetWindowThreadProcessId(hwnd, &processID);
std::cout << "Process ID: " << processID << std::endl;
std::cin.get();
return 0;
}
source to share
I managed to fix the problem on my Win / 10 using GCC 5.3. I tested it using the Calculator app. When the application window was not minimized, I got PID = 14440 which belonged to ApplicationFrameHost.exe . However, I got PID = 1936 correctly when the calc window is minimized.
This is because Calculator is a tablet app and not a desktop app. Desktop applications provide the correct PID regardless of whether the window is minimized or not.
I think this SO post will be helpful to you.
It seems that ApplicationFrameHost.exe is an application container that handles many child applications. Additional code is needed to get the exact child pid you are looking for.
on this page, I wrote this piece of code and it worked for me, however you may need to clarify it.
typedef struct {
DWORD ownerpid;
DWORD childpid;
} windowinfo;
BOOL CALLBACK EnumChildWindowsCallback(HWND hWnd, LPARAM lp) {
windowinfo* info = (windowinfo*)lp;
DWORD pid = 0;
GetWindowThreadProcessId(hWnd, &pid);
if (pid != info->ownerpid) info->childpid = pid;
return TRUE;
}
void Show_PID()
{
Sleep(1000);
std::string window_name = "Calculator";
HWND hwnd = FindWindowA(NULL, window_name.c_str());
windowinfo info = { 0 };
GetWindowThreadProcessId(hwnd, &info.ownerpid);
info.childpid = info.ownerpid;
EnumChildWindows(hwnd, EnumChildWindowsCallback, (LPARAM)&info);
std::cout << "Process ID: " << info.childpid << std::endl;
}
int main()
{
for (int i = 0; i < 9; ++i)
{
Show_PID();
}
return 0;
}
source to share
you need to check the return value of hwnd - you can see that when the app is appcontainer (you minimize its window), and when it is active - you get different hwnd . for all application containers in an active state - this main frame window belongs not to the process, but to ApplicationFrameHost.exe and has the ApplicationFrameWindow class . but when it is minimized - you need to click on the "Minimize" button - the process is paused and .. but let's run this code
if (HWND hwnd = FindWindowW(0, L"Alarms & Clock"))
{
ULONG pid, tid = GetWindowThreadProcessId(hwnd, &pid);
DbgPrint("%x %x.%x", hwnd, pid, tid);
WCHAR sz[MAX_PATH];
if (GetClassName(hwnd, sz, RTL_NUMBER_OF(sz)))
{
DbgPrint(" [%S]", sz);
}
if (HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid))
{
PROCESS_EXTENDED_BASIC_INFORMATION pebi;
if (0 <= ZwQueryInformationProcess(hProcess, ProcessBasicInformation, &pebi, sizeof(pebi), 0))
{
DbgPrint(" Suspended=%x, flags(%x)", pebi.IsFrozen, pebi.Flags);
}
ULONG len = RTL_NUMBER_OF(sz);
if (QueryFullProcessImageNameW(hProcess, 0, sz, &len))
{
DbgPrint(" %S", sz);
}
CloseHandle(hProcess);
}
DbgPrint("\n");
}
and I got the following output for two states:
1902e6 510.155c [Windows.UI.Core.CoreWindow] Suspended=1, flags(58) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1605.1742.0_x64__8wekyb3d8bbwe\Time.exe
740414 574.934 [ApplicationFrameWindow] Suspended=0, flags(8) C:\Windows\System32\ApplicationFrameHost.exe
source to share