Anyone know how to get a processes runtime/uptime/whatever you want to call it?
what about EnumProcesses (http://msdn.microsoft.com/en-us/library/ms682629(VS.85).aspx)
Hi Qword,
unless i'm missing something that function just returns a list of running processes pids,i'm looking for processes runtime(e.g firefox.exe has been running 2 hours 15 mins)
I found the API GetProcessTimes, this seems to be what I want, thanks.
:red I've misread ... however, you've got it :bg
I wrote quick test code to try it out and im getting really random results, nothing close to what i'm after. I realize to get process runtime I have to take the current time(I guess using gettickcount?) and subtract it by the creation time retrieved below, only the values retrieved are very large numbers so i'm confused how to do this.
.586
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
include \masm32\include\masm32.inc
includelib \masm32\lib\masm32.lib
CTEXT MACRO text:VARARG
local TxtName
.data
TxtName BYTE text,0
.code
EXITM <ADDR TxtName>
ENDM
GetProcessDuration proto :DWORD
start:
invoke GetProcessDuration,5421 ;random process pid, is firefox.com on my system
invoke ExitProcess,0
GetProcessDuration proc pid:DWORD
LOCAL lpCreationTime:FILETIME
LOCAL lpExitTime:FILETIME
LOCAL lpKernelTime:FILETIME
LOCAL lpUserTime:FILETIME
LOCAL systetime:SYSTEMTIME
LOCAL durationbuf[255]:BYTE
LOCAL procid:DWORD
LOCAL proch:DWORD
invoke RtlZeroMemory,addr durationbuf,255
invoke OpenProcess,PROCESS_QUERY_INFORMATION,FALSE,pid
mov proch,eax
invoke GetProcessTimes,proch,addr lpCreationTime,addr lpExitTime,addr lpKernelTime,addr lpUserTime
invoke CloseHandle,proch
invoke FileTimeToSystemTime,addr lpCreationTime,addr systetime
invoke wsprintf,addr durationbuf,CTEXT("%dd,%dh,%dm,%ds"),systetime.wDay,systetime.wHour,systetime.wMinute,systetime.wSecond
invoke MessageBox,0,addr durationbuf,NULL,MB_OK
ret
GetProcessDuration endp
end start
Getting the current time with getsystemtime or getlocaltime into a systemtime struct may simplify the calculations.
MichaelW recently posted a proggie for this
I posted a program that was somewhat similar. This is a quick example that uses 64-bit integers in place of FILETIME structures, uses GetSystemTimeAsFileTime to avoid the SYSTEMTIME structure, and returns the run time for the current process to avoid additional complexity.
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
include \masm32\include\masm32rt.inc
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
printf MACRO format:REQ, args:VARARG
IFNB <args>
invoke crt_printf, cfm$(format), args
ELSE
invoke crt_printf, cfm$(format)
ENDIF
ENDM
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
.data
creationTime dq 0
sysTime dq 0
runTime REAL8 ?
hProcess dd 0
.code
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
start:
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
invoke Sleep, 3500
invoke GetCurrentProcessId
invoke OpenProcess, PROCESS_QUERY_INFORMATION, FALSE, eax
mov hProcess, eax
invoke GetProcessTimes, hProcess, ADDR creationTime, ADDR sysTime,
ADDR sysTime, ADDR sysTime
invoke GetSystemTimeAsFileTime, ADDR sysTime
fild sysTime
fild creationTime
fsub
fld8 100.0e-9
fmul
fstp runTime
printf "%.1fs\n\n", runTime
inkey "Press any key to exit..."
exit
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
end start
BTW, in case it's not obvious, the times returned by GetProcessTimes and GetSystemTimeAsFileTime are in 100-nanosecond time units.
Wow thanks MichaelW,
your wisdom seems to be never ending. :bg