Cheat Engine

Filipe_Br · Posted: Wed Dec 14, 2016 7:24 am Post subject: Process Filters

I have already learned how to create a list of processes, as if comparing the process modules.
Now I want to know other things.
1 - How to differentiate which processes have a window being displayed, and which ones do not.
2 - Is it possible to differentiate which processes belong to an application?

Corroder · Posted: Wed Dec 14, 2016 9:42 am Post subject:

I am not trying to answer the two questions, but it's better to understand about definition of application, process and service (as show in windows task manager).

An application is a program which you interact with on the desktop. This is what you spend almost all of your time using on the computer. Cheat Engine, browsers, Notepad, etc - they are all applications.

A process is an instance of a particular executable (.exe, com, bat program file) running. A given application may have several processes running simultaneously. For example, some modern browsers such as google chrome run several processes at once, with each tab actually being a separate instance/process of the same executable. In some cases, complicated applications may have multiple processes; for example, Visual Studio runs a separate process when it compiles code from when it displays the IDE. However, most often, a given application is running from a single process; for example, no matter how many microsoft word windows you have open, only a single instance of winword.exe is running.

A service is a process which runs in the background and does not interact with the desktop. In Windows, services almost always run as an instance of the svchost.exe process, the windows service host process; however there are sometimes exceptions to this.

So, is possible to maintenance these 3 definitions as that two questions ?
Maybe able to get running process and filtering by use windows tasklist command,

Regards

ParkourPenguin · Posted: Wed Dec 14, 2016 9:48 am Post subject:

1 - Find the window handle (e.g. FindWindow, EnumWindows) and call GetWindowThreadProcessId.

2 - You could make a pretty good guess. Look at the parent of the process, process names, where the images are located, when they were started, etc. See the tool help functions for more information.

Filipe_Br · Posted: Wed Dec 14, 2016 12:28 pm Post subject:

In Lua has a function called "getWindowlist ()" which returns a list of windows.
Most are shown all windows, hidden or not. How can I differentiate between visible and hidden windows?

ParkourPenguin · Posted: Wed Dec 14, 2016 5:03 pm Post subject:

Call IsWindowVisible.

Filipe_Br · Posted: Wed Dec 14, 2016 7:00 pm Post subject:

Of course I will not know how to do it.

ParkourPenguin · Posted: Wed Dec 14, 2016 7:17 pm Post subject:

Is 0x6AF0 the handle of a window or the identifier of a process that created a window?

If it's the PID, you should at least take a brief look at the documentation on that function (see my previous post).

Filipe_Br · Posted: Thu Dec 15, 2016 3:02 am Post subject:

It is the PID of the process. That's why I said I do not know how. How to get the PID from the window?

ParkourPenguin · Posted: Thu Dec 15, 2016 9:59 am Post subject:

PID stands for process identifier. A window does not have a PID. It has a handle.

I already told you how to find a window's handle in my first post.