A Tree View shows you the hierarchy of processes, threads and windows on your computer. You can also view the process, thread and window enumeration lists on which the tree is based. Programs can be closed down cleanly and terminated unconditionally. Windows can be hidden and made visible.
The source code of Process Master contains VB Class and code modules which you can use in your own programs; see the download section below.
Process Master is freeware for any 32-bit Windows version. It requires the VB5 runtime program and Common Controls. If it does not run properly on your computer please visit the Visual Basic runtime and controls page. To download the software go to the download area. To find out how the Windows API calls are used go to How Process Master works.
Here are two of the dialogs which show more details. Immediately below is the window details dialog. The blue square represents the whole screen, the solid black area shows the selected window dimensions and the white lines show the borders of all the parent windows.
Below is the process list. A list like this is shown under Windows 9x and Windows 2000. Windows NT4 does not give so much information.
The zip file contains Setup.exe and Readme.txt. Run Setup to install Process Master on your computer. To remove it there is an Icon in the Start Menu, or you can use the Control Panel Add/Remove Programs applet.
Microsoft provides two ways of enumerating the processes running under a Windows operating system. On Windows 9x and Windows 2000 process and thread snapshots can be obtained with the CreateToolhelp32Snapshot API function. The snapshot information includes 32-bit and 16-bit processes, the parent of each process and the ability to enumerate threads. This is all Process Master needs to construct a complete tree.
Enumeration under Windows NT4
On Windows NT4 CreateToolhelp32Snapshot is not available. The PSAPI library is used to enumerate 32-bit processes (PSAPI stands for Processor Status API). Thread information is not available from this library, but it is possible to enumerate the modules (DLLs) being used by each process. 16-bit processes are run by a 32-bit executable called ntvdm.exe (NT Virtual DOS Machine). Another library called VDMDBG (Virtual DOS Machine Debug) is used to enumerate the 16-bit applications which are being run under each instance of NTVDM. 16-bit Windows applications which share their address space (as on 16-bit Windows) are run by a single instance of NTVDM. If you run a 16-bit Windows application in its own address space it has its own instance of NTVDM.
All Windows operating systems have API calls to enumerate windows. The returned information includes both the process ID and the thread ID. Process Master is therefore able to add thread information to any process which has opened windows.
Showing and hiding windows
Process Master uses the ShowWindow API call. If you show a window which is not designed to be visible you may get unexpected results, and you may not be able to hide it again. Hiding and showing a window which can be made visible through the normal Windows user interface should be safe.
Closing and killing processes
To close a process cleanly, Process Master does what Windows does, it sends a WM_CLOSE message to the top level windows created by that process. The application can then exit cleanly, giving the user a chance to save data, closing files, releasing resources and so on.
However, the application can refuse to close when sent a WM_CLOSE message. A more drastic method is to use the TerminateProcess API call, which simply stops all the threads created by the process without giving it a chance to clean up.
TerminateProcess does not work for 16-bit processes running under ntvdm.exe. These must be killed by calling VDMTerminateTaskWOW in the VDMDBG library, specifying both the NTVDM instance and the process ID of the application to be killed. It is a simple matter for Process Master to look at its process tree to determine whether a process has a parent called ntvdm.exe. If so, VDMTerminateTaskWOW is used instead of TerminateProcess.