It shows that every running process has 4 PIDs. Like that:
Code: Select all
Explorer.EXE (1908) ; this is "real PID", it is shown in task manager and can control process using it
Explorer.EXE (1909) ; the other 3 incremented by +1 are not usable with any program/function I tried
Explorer.EXE (1910)
Explorer.EXE (1911)
Something internal to track processes state or to be used with MMU? Or something used as shipped by MS backdoor to exploit any process by some way, hah?Code: Select all
EnableExplicit
; ===============================================================
; API/ IMPORT
; ===============================================================
Prototype.l GetModuleFileNameEx(hProcess.l, hModule.l, *lpFilename.String, nSize.l)
Global GetModuleFileNameEx.GetModuleFileNameEx
If OpenLibrary(0, "Psapi.dll")
If #PB_Compiler_Unicode
GetModuleFileNameEx.GetModuleFileNameEx = GetFunction(0, "GetModuleFileNameExW")
Else
GetModuleFileNameEx.GetModuleFileNameEx = GetFunction(0, "GetModuleFileNameExA")
EndIf
EndIf
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Retrieves the fully qualified path for the file containing the specified module.
Procedure.s process_FileFromPID (PID)
Protected Handle.i = OpenProcess_(#PROCESS_QUERY_INFORMATION | #PROCESS_VM_READ, #False, PID)
Protected Buffer.s {#MAX_PATH}
If Handle
If GetModuleFileNameEx ; check if function imported oK
If GetModuleFileNameEx(Handle, 0, @Buffer, #MAX_PATH)
Buffer = GetFilePart(Buffer)
EndIf
EndIf
CloseHandle_(Handle)
ProcedureReturn Buffer
EndIf
EndProcedure
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Define A.l, R.s
For A = 1 To 204800
R = process_FileFromPID (A)
If Not Len(R) = 0
Debug R + " (" + Str(A) + ")"
EndIf
Next A