list running processes on windows via kernel32.dll and CreateToolhelp32Snapshot

ps.go

package main

import (
	"fmt"
	"syscall"
	"unicode/utf16"
	"unsafe"
)

const invalidHandle = ^uintptr(0)

var (
	kernel32       = syscall.NewLazyDLL("kernel32.dll")
	createSnapshot = kernel32.NewProc("CreateToolhelp32Snapshot")
	firstProcess   = kernel32.NewProc("Process32FirstW")
	nextProcess    = kernel32.NewProc("Process32NextW")
	closeHandle    = kernel32.NewProc("CloseHandle")
)

type processEntry32 struct {
	size     uint32
	usage    uint32
	pid      uint32
	heapID   uintptr
	moduleID uint32
	threads  uint32
	parent   uint32
	priority int32
	flags    uint32
	exeFile  [260]uint16
}

func (p *processEntry32) exe() string {
	for i := 0; i < 259; i++ {
		if p.exeFile[i] == 0 && p.exeFile[i+1] == 0 {
			return string(utf16.Decode(p.exeFile[:i]))
		}
	}
	return string(utf16.Decode(p.exeFile[:260]))
}

func main() {
	h, _, err := createSnapshot.Call(2, 0)
	if h == invalidHandle {
		panic(err)
	}
	defer closeHandle.Call(h)

	var entry processEntry32
	entry.size = uint32(unsafe.Sizeof(entry))

	ok, _, err := firstProcess.Call(h, uintptr(unsafe.Pointer(&entry)))
	if ok == 0 {
		panic(err)
	}
	fmt.Printf("pid: %d\tparent: %d%s\n", entry.pid, entry.parent, entry.exe())

	for {
		entry = processEntry32{}
		entry.size = uint32(unsafe.Sizeof(entry))
		ok, _, err = nextProcess.Call(h, uintptr(unsafe.Pointer(&entry)))
		if ok == 0 {
			if err == syscall.ERROR_NO_MORE_FILES {
				break
			}
			panic(err)
		}
		fmt.Printf("pid: %d\tparent: %d\t%s\n", entry.pid, entry.parent, entry.exe())
	}
}