Reputation: 13058
View Windows activation context of a running process?
Is there any method to view the activation context of a running Windows process?
Ideally when I say "view" I mean to inspect it in a human-readable way, e.g. to see / confirm what DLLs have been loaded, etc.
My imagination is that some kind of debugger might attach to the running process and then display that information. But any kind of tool could be useful - debugger, log file, even using the activation context API to inspect things, etc.
Upvotes: 2
Views: 391
Answers (1)
Reputation: 1394
One of the fundamental way of retrieving Activation Context details is by using the QueryActCtxW() API. This API can be used to query a bunch of details. A good sample is available here.
In the sample code, pay attention to below line.
// Request the first file in the root assembly
QueryIndex.ulAssemblyIndex = 1;
QueryActCtxW() API can be repeatedly called by incrementing the value of ulAssemblyIndex as long as it returns success. Each successful call will return requested details of assembly represented by ulAssemblyIndex.
Above will work when QueryActCtxW() is called from within a process.
Now if you want to get the details of another process, one idea is to wrap activation context retrieval logic inside a DLL. The DLL can dump the details to a disk file or Pipe it to a Viewer. Then inject this DLL to a given process by the means of techniques such as DLL Injection or by making use of CreateRemoteThread() API.
Upvotes: 1
Related Questions
- How to identify the window is belong to a specific process?
- How to get Calling-Process Windows User Access Token
- Activation Context lost when working with WinForm?
- How to detect application activation
- How to get the process Id of not responding foreground app?
- Get STARTUPINFO for given process
- Get process id of a running metro app
- Creating an Activation Context with CreateActCtx Win32 API
- How to use Win32 API to get HANDLE of a process for an application in Windows
- Win32 determine process ID