Starting Guide
Application and PID
Understanding Applications and Processes
What is an application?
An application is a program that you interact with on your computer. When you start an application, typically a window appears which allows you to input commands and control the application via clicking and typing.
What is an application window?
An application window is an interface that allows you to interact with the application. It lets you control the application and view its output.
What happens when you close an application window?
Usually, when you close an application window, the corresponding application process also ends and is removed from the task manager. However, there are instances where the window is closed, yet the process remains in the task manager.
What does 'killing a process' mean?
Killing a process refers to manually terminating it, typically through a tool like the task manager. When you kill a process, its associated application window will close and disappear from the task manager.
Can an application have multiple windows?
Yes, an application can operate with one, several, or even no windows.
Can a single window be linked to multiple processes?
No, each window is directly associated with a single application process.
What is the difference between an application and a process?
A process refers to any task that's visible in the task manager, whether it's tied to a window or not. An application, on the other hand, requires a window because you need an interface to interact with and control it.
What is a PID or Process-ID?
PID stands for Process Identifier. In the context of computing, a PID is a unique numerical identifier assigned by the operating system to each running process. This allows the system and users to track and manage processes. It's similar to how each student in a school is assigned a unique roll number.
A multitasking OS enables you to run hundreds or Processes at the same time.
Each of these processes can contain several parallel running Threads.
All of these are defined by a unique Process ID and Thread ID.
What is a Thread?
A Thread is "Multitasking inside of a Single process". If an Application has several Threads running, this means it has several small processes running at the same time.
A thread is the smallest unit of execution within a process. While a process contains the program code and its own memory space, a thread contains a program counter, a register set, and a stack space. Multiple threads within a process share the same data space with the main thread and can therefore communicate with each other more easily than if they were separate processes. Threads are sometimes called lightweight processes.
What is a Thread-ID (TID)?
Similar to a PID, a Thread-ID (TID) is a unique identifier assigned by the operating system to each thread within a process.
In computing, a thread is the smallest sequence of programmed instructions that can be managed independently by an operating system's scheduler. Essentially, a thread is a unit of execution within a process.
Each thread within a process has a unique identifier known as a Thread-ID or TID. This identifier allows the operating system to manage and keep track of individual threads within a process. It's important to note that a single process can have multiple threads, each with its own unique TID.
In terms of how threads are used, they allow for concurrent operations within a process, making it possible for multiple tasks to be performed at the same time within the same program. For example, in a web browser, one thread may display the user interface, another might handle network communication, and yet another might run JavaScript code on a webpage.
This allows for the tracking and management of individual threads. It's important to note that a single process can have multiple threads, each with its own unique TID.
How can robot-scripts interact with applications?
Robot scripts can be written to perform a variety of tasks within an application, such as clicking buttons, entering data, and more.
What can we do with applications using the robot-scripts?
We can start an application in multiple ways. For example using:
We can kill an application using the commands:
We can check if an specified application is actually running.
IEP. / NEP. - If-Exists-Process
And finally we can enumerate/count all running processes using
Which is less often used.
Lets take a look into the task-manager, which applications/processes are currently running:
What we can see is that there are several processes with the same name "iexplore.exe".
But how do we find the one we need?
How can we select a specific process/application?
Rather then selecting a process "by name", we can use the process-ID (PID).
The PID is a number that is unique to each process. Having the PID, we can work with the process.
Using the PID we can do things like:
Find out which user has started the process:
we can wait until a process ends. Using
WPT. - Wait-Process-Termination
If we have just started a process - for example with -
then we can use
to be sure the process we need is running. A PID is a magic number when dealing with applications and processes. If you have the PID, you can do anything you want with that process. As long as you have the sufficient rights.
How do we get the PID from an process or application?
1. We may get the PID directly from the starting command. Only starting commands that wait until the process is running, can support filling #pid#. Therefore see the description of the starting command if it supports #pid#.
If we use:
EXE.?pfad\UltraVNC_1.0.9.6.1_Setup.exe
VAR.$$PID=#pid#
MBX.MY PID is: $$PID
we get the PID in the system variable #pid# automatically.
2. We get the PID from any window. It doesn't matter if its a Top-Level window or a control (child-window). If we have the window, we can get the PID like this:
STW.t|Testapp
' We'll put the PID of the process from that window
' into the variable $$PID using the GDF.-command
GDF.ap|$$PID
It does not need to be a Top-Window, it can be any actual localized window, try this
STW.t|Testapp
SCW.c|butto
GDF.ap|$$PID
' Will print the PID in the Debug-Area of the Editor
DBP.$$PID
ENR.
3. We can get the PID from the name of the EXE-File
VAR.$$FIL=?exepath\MR01.exe
GDF.fp|$$FIL|$$PID
' Will print the PID in the Debug-Area of the Editor
DBP.$$PID
ENR.
or we can use IEF. for that.
' Get the PID using IEP.
IEP.Testapp_01.exe
MBX.#pid#
ELS.
MBX. That Application is not running!
EIF.
ENR.
GDF. works with any process in the Task-Manager, no matter if that process has a window or not.
What makes IEP. (If exist process) so powerful?
IEP. primarly helps you to find out, if a process is running. For this you can specify the process in several ways, including the use of 3.2 Standard-Search Pattern.
Assume you use IEP. to check if there is a process like this:
Now IEP. finds such a process. But what is the real name of the process?
sky ... what?
We have just specified "sky". As IEP. uses Standards Search Patterns, any part of thereal name is valid.
The name of the process must only contain that phrase. We get this information if we take a look on the actual stack.
IEP. provides us with a lot of information about the found process. In position zero
IEP.x64.exe
MBX. Process ID is: #pid#
EIF.
If you have multiple EXE running with the same name, you can specify a number. If the EXE is found, the #pid# is set to the EXE's Process-ID. Please note that #tid# is always set to zero.
You can specify a full path, or only the filename or a part of it. If you search for a dll, then the extension ".dll" must be included in the pattern.
You can use NEP., the negative Form of this command (NEP. - Not Exists Process).
If a process is found, valuable information is placed on the actual stack. These include the full name and path of the found executable.
Below are two snapshots of the windows-taskmanager. Skype.exe has the PID (process-id) 4600. Its on the stack on position 02 in the picture above.
The 2312 which is on position 01 (picture above) is the parent-process, that is the process which has started skype.exe.
In the task manager, we can see that this is the PID of the windows-explorer. This way you can find out which process has started another process.
If you give IEP. a variable as third parameter, then the stack will not get the full path of the found file. You will find it in the given variable instead.
Please note that the 2.4 The global and local Stack as Que or as Stack will influence the sequence in which the items appear on the stack.
You can also use IEP. to verify, if a process with a specified PID is alive or not.
To do this, the Syntax is:
STS.GLOBAL
IEP.>1234
MBX.PID 1234 (Filename=$$000) is alive!
EIF.