/*++

Copyright (c) 1994-1998  Microsoft Corporation

Module Name:

    tlist.c

Abstract:

    This module implements a task list application.

Author:

    Wesley Witt (wesw) 20-May-1994
    Mike Sartain (mikesart) 28-Oct-1994  Added detailed task information
    Julian Jiggins (julianj) 19-Mar-1998 Added list processes using specific module feature
    Shaun Cox (shaunco) 9-Jul-1998 Display services running in processes

Environment:

    User Mode

--*/

#include "pch.h"
#pragma hdrstop
#include <dbghelp.h>
#include "psapi.h"
#include <tchar.h>


#define BAD_PID     ((DWORD)-1)


DWORD       numTasks;
TASK_LIST   tlist[MAX_TASKS];
BOOL        fShowServices;
BOOL        fShowMtsPackages;
BOOL        fShowSessionIds;
BOOL        fShowCommandLines;

const char *Blanks = "                                                                               ";


VOID Usage(VOID);
VOID PrintThreadInfo(PTASK_LIST pTaskList);
BOOL FMatchTaskName(LPTSTR szPN, LPTSTR szWindowTitle, LPTSTR szProcessName);
VOID GetFirstPidWithName(LPTSTR szTask);

VOID
PrintTask(
    DWORD i
    )
{
    BOOL NameShown = FALSE;

    if (fShowSessionIds) {
        printf("%2d ", tlist[i].SessionId);
    }
    
    printf( "%4d %-15s ", tlist[i].dwProcessId, tlist[i].ProcessName );

    if (fShowServices && tlist[i].ServiceNames[0]) {
        printf( "Svcs:  %s", tlist[i].ServiceNames);
        NameShown = TRUE;
    }

    if (fShowMtsPackages && tlist[i].MtsPackageNames[0]) {
        printf( "%sMts:   %s", NameShown ? "  " : "",
                tlist[i].MtsPackageNames);
        NameShown = TRUE;
    }

    if (!NameShown && tlist[i].hwnd) {
        if (fShowServices || fShowMtsPackages) {
            printf( "Title: %s", tlist[i].WindowTitle );
        }
        else {
            printf( "  %s", tlist[i].WindowTitle );
        }
    }

    printf( "\n" );

    if (fShowCommandLines) {
        printf("     Command Line: %s\n", tlist[i].CommandLine);
    }
}

VOID
PrintTaskTree(
    DWORD level,
    DWORD id
    )
{
    DWORD i;

    DetectOrphans( tlist, numTasks );
    for (i=0; i<numTasks; i++) {
        if (tlist[i].flags) {
            continue;
        }

        // NOTE: The format of the output below should stay fixed forever.  There are tools
        // at MS that depend on it.

        if (level == 0 || tlist[i].dwInheritedFromProcessId == id) {
            printf( "%.*s", level*2, Blanks );
            printf( "%s (%d)", tlist[i].ProcessName, tlist[i].dwProcessId );
            if (tlist[i].hwnd) {
                printf( " %s", tlist[i].WindowTitle );
            }
            printf( "\n" );
            tlist[i].flags = TRUE;
            if (tlist[i].dwProcessId != 0) {
                PrintTaskTree( level+1, tlist[i].dwProcessId );
            }
        }
    }
}

int __cdecl
main(
    int argc,
    char *argv[]
    )

/*++

Routine Description:

    Main entrypoint for the TLIST application.  This app prints
    a task list to stdout.  The task list include the process id,
    task name, ant the window title.

Arguments:

    argc             - argument count
    argv             - array of pointers to arguments

Return Value:

    0                - success

--*/

{
    DWORD           i;
    TASK_LIST_ENUM  te;
    BOOL            fTree;
    BOOL            fFindTasksUsingModule;
    BOOL            fPidOnly = FALSE;
    DWORD           cchPN = 0;
    LPSTR           szPN  = NULL;
    DWORD           dwPID = BAD_PID;
    DWORD                           dwNumServices = 0;
    LPENUM_SERVICE_STATUS_PROCESS   pServiceInfo  = NULL;

    if (argc > 1 && (argv[1][0] == '-' || argv[1][0] == '/') && argv[1][1] == '?') {
        Usage();
    }

    fTree = FALSE;
    fFindTasksUsingModule = FALSE;
    if (argc > 1) {
        if ((argv[1][0] == '-' || argv[1][0] == '/') &&
            (argv[1][1] == 't' || argv[1][1] == 'T')) {
            fTree = TRUE;
        } else if ((argv[1][0] == '-' || argv[1][0] == '/') &&
                   (argv[1][1] == 's' || argv[1][1] == 'S')) {
            fShowServices = TRUE;
        } else if ((argv[1][0] == '-' || argv[1][0] == '/') &&
                   (argv[1][1] == 'k' || argv[1][1] == 'K')) {
            fShowMtsPackages = TRUE;
        } else if ((argv[1][0] == '-' || argv[1][0] == '/') &&
                   (argv[1][1] == 'e' || argv[1][1] == 'E')) {
            fShowSessionIds = TRUE;
        } else if ((argv[1][0] == '-' || argv[1][0] == '/') &&
                   (argv[1][1] == 'c' || argv[1][1] == 'C')) {
            fShowCommandLines = TRUE;
        } else if ((argv[1][0] == '-' || argv[1][0] == '/') &&
                   (argv[1][1] == 'v' || argv[1][1] == 'V')) {
            fShowServices = TRUE;
            fShowMtsPackages = TRUE;
            fShowSessionIds = TRUE;
            fShowCommandLines = TRUE;
        } else if ((argv[1][0] == '-' || argv[1][0] == '/') &&
                   (argv[1][1] == 'p' || argv[1][1] == 'P') && argc == 3) {
            _strlwr(argv[2]);
            if (!strcmp(argv[2], "system process")) {
                printf("0\n");
                return 0;
            }
            fPidOnly = TRUE;
        } else if ((argv[1][0] == '-' || argv[1][0] == '/') &&
                   (argv[1][1] == 'p' || argv[1][1] == 'P') && argc == 4) {
            _strlwr(argv[2]);
            if (!strcmp(argv[2], "system")) {
                _strlwr(argv[3]);
                if (!strcmp(argv[3], "process")) {
                    printf("0\n");
                    return 0;
                }
            }
            Usage();
        } else if ((argv[1][0] == '-' || argv[1][0] == '/') &&
                   (argv[1][1] == 'm' || argv[1][1] == 'M') && argc == 3) {
            fFindTasksUsingModule = TRUE;
        } else {
            szPN = argv[1];
            if (!(dwPID = atol(szPN)) && szPN[0] != '0' && szPN[1] != 0) {
                dwPID = BAD_PID;
                cchPN = strlen(szPN);
                _strupr(szPN);
            }
        }
    }

    //
    // lets be god
    //
    EnableDebugPriv();

    //
    // Include 32bit modules in enumeration
    //
    {
        DWORD SymOpt = SymGetOptions();
        SymOpt |= SYMOPT_INCLUDE_32BIT_MODULES;
        SymSetOptions(SYMOPT_INCLUDE_32BIT_MODULES);
    }

    //
    // get the task list for the system
    //
    //
    // Get the process information for all active Win32 services.
    // This allows us to print the service names next to the processes
    // that host them.
    //
    dwNumServices = GetServiceProcessInfo( &pServiceInfo );

    numTasks = GetTaskListEx(
                    tlist,
                    MAX_TASKS,
                    cchPN || (dwPID != BAD_PID),
                    dwNumServices,
                    pServiceInfo);

    free( pServiceInfo );

    if (fShowMtsPackages) {
        AddMtsPackageNames(tlist, numTasks);
    }
            
    if (fShowCommandLines) {
        AddCommandLines(tlist, numTasks);
    }
            
    //
    // enumerate all windows and try to get the window
    // titles for each task
    //
    te.tlist = tlist;
    te.numtasks = numTasks;
    GetWindowTitles( &te );

    //
    // print the task list
    //
    if (fTree) {
        PrintTaskTree( 0, 0 );
    } else if (fFindTasksUsingModule) {
        PrintTasksUsingModule(argv[2]);
    } else if (fPidOnly) {
        GetFirstPidWithName(argv[2]);
    } else {
        for (i=0; i<numTasks; i++) {
            if ((dwPID == BAD_PID) && (!cchPN)) {
                PrintTask( i );
            }
            else
            if ((dwPID == tlist[i].dwProcessId) ||
                (cchPN && FMatchTaskName(szPN, tlist[i].WindowTitle, tlist[i].ProcessName))) {
                    PrintTask( i );
                    PrintThreadInfo(tlist + i);
            }

            if (tlist[i].pThreadInfo) {
                free(tlist[i].pThreadInfo);
            }
        }
    }

    //
    // end of program
    //
    return 0;
}


VOID
GetFirstPidWithName(
    LPTSTR szTask
    )
/*++
Routine Description:

    Returns the PID of the first task with a Name matching the specified
    Name.  IF no task is found -1 is returned
Arguments:

    szTask    - module name to search for

--*/
{
    DWORD i;
    TCHAR szPName[PROCESS_SIZE + 1];
    TCHAR szNameWExe[PROCESS_SIZE + 1] = {0};

    _tcsncat(szNameWExe, szTask, (sizeof(szNameWExe)/sizeof(szNameWExe[0]))-1);
    _tcsncat(szNameWExe, ".exe", (sizeof(szNameWExe)/sizeof(szNameWExe[0]))-_tcslen(szNameWExe)-1);

    for (i=0; i<numTasks; i++) {
        ZeroMemory(szPName, sizeof(szPName));
        _tcsncat(szPName, tlist[i].ProcessName, (sizeof(szPName)/sizeof(szPName[0]))-1);
        _tcslwr(szPName);

        if ((!_tcscmp(szPName, szTask))||(!_tcscmp(szPName, szNameWExe))) {
            if (tlist[i].dwProcessId != 0) {
                printf("%d\n", tlist[i].dwProcessId);
                return;
            }
        }
    }
    printf("-1\n");
}


VOID
Usage(
    VOID
    )

/*++

Routine Description:

    Prints usage text for this tool.

Arguments:

    None.

Return Value:

    None.

--*/

{
    fprintf( stderr,
            "Microsoft (R) Windows NT (TM) Version 5.1 TLIST\n"
            VER_LEGALCOPYRIGHT_STR
            "\n\n"
            "usage: TLIST"
            " <<-m <pattern>> | <-t> | <pid> | <pattern> | <-p <processname>>> | <-k> | <-s>\n"
            "           [options]:\n"
            "           -t\n"
            "              Print Task Tree\n\n"
            "           <pid>\n"
            "              List module information for this task.\n\n"
            "           <pattern>\n"
            "              The pattern can be a complete task\n"
            "              name or a regular expression pattern\n"
            "              to use as a match.  Tlist matches the\n"
            "              supplied pattern against the task names\n"
            "              and the window titles.\n\n"
            "           -c\n"
            "              Show command lines for each process\n\n"
            "           -e\n"
            "              Show session IDs for each process\n\n"
            "           -k\n"
            "              Show MTS packages active in each process.\n\n"
            "           -m <pattern>\n"
            "              Lists all tasks that have DLL modules loaded\n"
            "              in them that match the given pattern name\n\n"
            "           -s\n"
            "              Show services active in each process.\n\n"
            "           -p <processname>\n"
            "              Returns the PID of the process specified or -1\n"
            "              if the specified process doesn't exist.  If there\n"
            "              are multiple instances of the process running only\n"
            "              the instance with the first PID value is returned.\n\n"
            "           -v\n"
            "              Show all process information\n\n"
            );
    ExitProcess(0);
}


//
// Routines used to list all processes that have a specific module in use
//

BOOL
FindSpecificModuleCallback(
    LPSTR       Name,
    DWORD_PTR   Base,
    DWORD       Size,
    PVOID       Context
    )

/*++

Routine Description:

    Callback function for module enumeration to find a specific module

Arguments:

    Name        - Module name
    Base        - Base address
    Size        - Size of image
    Context     - User context pointer

Return Value:

    TRUE             - Continue enumeration
    FALSE            - Stop enumeration

--*/

{
    PFIND_MODULE_INFO pFindModuleInfo;

    pFindModuleInfo = (PFIND_MODULE_INFO)Context;

    if (MatchPattern(Name, pFindModuleInfo->szModuleToFind))
    {
        pFindModuleInfo->fFound = TRUE;
        strcpy(pFindModuleInfo->szMatchingModuleName, Name);
        return FALSE; // Found Module so stop enumerating
    }

    return TRUE;
}

BOOL
IsTaskUsingModule(
    PTASK_LIST pTask,
    LPTSTR     szModuleName,
    LPTSTR     szMatchingModuleName
    )

/*++

Routine Description:

    Checks if the given task has the given module loaded

Arguments:

    pTaskList   - task to search for module
    szModule    - module name to search for

Return Value:

    TRUE             - if the module is loaded in the task
    FALSE            - if the module is not loaded in the task

--*/

{
    FIND_MODULE_INFO FindModuleInfo;

    FindModuleInfo.fFound = FALSE;
    FindModuleInfo.szModuleToFind = szModuleName;
    FindModuleInfo.szMatchingModuleName = szMatchingModuleName;

    EnumerateLoadedModules(
        (HANDLE) UlongToPtr(pTask->dwProcessId),
        FindSpecificModuleCallback,
        &FindModuleInfo
        );

    return FindModuleInfo.fFound;
}

void
PrintTasksUsingModule(
    LPTSTR szModuleName
    )

/*++

Routine Description:

    Enumerates through all the tasks in the system looking for those that
    have loaded modules of the given name.

Arguments:

    szModule    - module name to search for

Return Value:

    None

--*/

{
    BOOL fUsed = FALSE;
    DWORD i;
    CHAR szMatchingModuleName[64];

    _strupr(szModuleName); // Needed for wildcarding

    for (i=0; i<numTasks; i++) {
        if (IsTaskUsingModule(tlist + i, szModuleName, szMatchingModuleName)) {
            printf("%s - ", szMatchingModuleName);
            PrintTask( i );
            fUsed = TRUE;
        }
    }
    if (!fUsed) {
        printf( "No tasks found using %s\n", szModuleName );
    }
}


BOOL
GetVersionStuff(
    LPTSTR szFileName,
    VS_FIXEDFILEINFO *pvsRet
    )

/*++

Routine Description:

    Get fixedfileinfo for szFileName.

Arguments:

    szFileName       - name of file
    pvsRet           - fixedfileinfo return struct

Return Value:

    TRUE             - success
    FALSE            - failure

--*/

{
    DWORD               dwHandle;
    DWORD               dwLength;
    BOOL                fRet = FALSE;
    LPVOID              lpvData = NULL;

    if (!(dwLength = GetFileVersionInfoSize(szFileName, &dwHandle))) {
        goto err;
    }

    if (lpvData = malloc(dwLength)) {
        if (GetFileVersionInfo(szFileName, 0, dwLength, lpvData)) {

            UINT                uLen;
            VS_FIXEDFILEINFO    *pvs;
            DWORD               *pdwTranslation;
            DWORD               dwDefLang = 0x409;

            if (!VerQueryValue(lpvData, "\\VarFileInfo\\Translation",
                &pdwTranslation, &uLen)) {
                // if we can't get the langid, default to usa
                pdwTranslation = &dwDefLang;
                uLen = sizeof(DWORD);
            }

            if (VerQueryValue(lpvData, "\\", (LPVOID *)&pvs, &uLen)) {
                *pvsRet = *pvs;
                fRet = TRUE;
            }
        }
    }

err:
    if (lpvData)
        free(lpvData);
    return fRet;
}

BOOL
EnumLoadedModulesCallback(
    LPSTR       Name,
    DWORD_PTR   Base,
    DWORD       Size,
    PVOID       Context
    )

/*++

Routine Description:

    Callback function for module enumeration

Arguments:

    Name        - Module name
    Base        - Base address
    Size        - Size of image
    Context     - User context pointer

Return Value:

    TRUE             - Continue enumeration
    FALSE            - Stop enumeration

--*/

{
    VS_FIXEDFILEINFO    vs;
    CHAR                szBuffer[100];

    szBuffer[0] = 0;
    if (GetVersionStuff( Name, &vs )) {
        sprintf( szBuffer, "%u.%u.%u.%u %s",
            HIWORD(vs.dwFileVersionMS),
            LOWORD(vs.dwFileVersionMS),
            HIWORD(vs.dwFileVersionLS),
            LOWORD(vs.dwFileVersionLS),
            vs.dwFileFlags & VS_FF_DEBUG ? "dbg" : "shp"
            );
    }
    printf( " %18.18s  0x%p  %s\n", szBuffer, (void *)Base, Name );
    return TRUE;
}

BOOL
PrintModuleList(
    ULONG ProcessId
    )

/*++

Routine Description:

    Prints list of modules in ProcessId

Arguments:

    ProcessID       - process id

Return Value:

    TRUE             - success
    FALSE            - failure

--*/

{
    EnumerateLoadedModules(
        (HANDLE) UlongToPtr(ProcessId),
        EnumLoadedModulesCallback,
        NULL
        );
    return TRUE;
}

DWORD
GetWin32StartAddress(
    HANDLE hThread
    )

/*++

Routine Description:

    Get starting address for thread

Arguments:

    hThread

Return Value:

    Starting Thread address or 0

--*/

{
    NTSTATUS    Status;
    DWORD       ThreadInformation;

    // make sure we have a handle
    if (!hThread)
        return 0;

    // get the threadinfo
    Status = NtQueryInformationThread(hThread, ThreadQuerySetWin32StartAddress,
        &ThreadInformation, sizeof(ThreadInformation), NULL);
    if (!NT_SUCCESS(Status))
        return 0;

    return ThreadInformation;
}

ULONG
GetLastThreadErr(
    HANDLE hThread
    )

/*++

Routine Description:

    Get Last Error for a Thread

Arguments:

    hThread

Return Value:

    LastError or 0

--*/

{
    TEB                         Teb;
    NTSTATUS                    Status;
    HANDLE                      hProcess;
    ULONG                       LastErrorValue;
    THREAD_BASIC_INFORMATION    ThreadInformation;

    // make sure we have a handle
    if (!hThread)
        return 0;

    // query for basic thread info
    Status = NtQueryInformationThread(hThread, ThreadBasicInformation,
        &ThreadInformation, sizeof(ThreadInformation), NULL);
    if (!NT_SUCCESS(Status))
        return 0;

    // get handle to process
    if (!(hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,
        (DWORD)(DWORD_PTR)ThreadInformation.ClientId.UniqueProcess))) {
        return 0;
    }

    __try {
        // read the TEB from the process and get the last error value
        if (ReadProcessMemory(hProcess,
            ThreadInformation.TebBaseAddress, &Teb, sizeof(TEB), NULL)) {
            LastErrorValue = Teb.LastErrorValue;
        }
    }
    __except(EXCEPTION_EXECUTE_HANDLER) {
    }

    // close the hProcess
    CloseHandle(hProcess);

    return LastErrorValue;
}

BOOL
FPrintPEBInfo(
    HANDLE hProcess
    )

/*++

Routine Description:

    Prints cmdline and cwd of hProcess

Arguments:

    hProcess.

Return Value:

    TRUE             - success
    FALSE            - failure

--*/

{
    PEB                         Peb;
    NTSTATUS                    Status;
    PROCESS_BASIC_INFORMATION   BasicInfo;
    BOOL                        fRet = FALSE;
    WCHAR                       szT[MAX_PATH * 2];
    RTL_USER_PROCESS_PARAMETERS ProcessParameters;

    Status = NtQueryInformationProcess(hProcess, ProcessBasicInformation,
        &BasicInfo, sizeof(BasicInfo), NULL);
    if (!NT_SUCCESS(Status)) {
        SetLastError(RtlNtStatusToDosError(Status));
        return fRet;
    }

    __try {
        // get the PEB
        if (ReadProcessMemory(hProcess, BasicInfo.PebBaseAddress, &Peb,
            sizeof(PEB), NULL)) {
            // get the processparameters
            if (ReadProcessMemory(hProcess, Peb.ProcessParameters,
                &ProcessParameters, sizeof(ProcessParameters), NULL)) {
                // get the CWD
                if (ReadProcessMemory(hProcess,
                    ProcessParameters.CurrentDirectory.DosPath.Buffer, szT,
                    sizeof(szT), NULL)) {
                        wprintf(L"   CWD:     %s\n", szT);
                }

                // get cmdline
                if (ReadProcessMemory(hProcess, ProcessParameters.CommandLine.Buffer,
                    szT, sizeof(szT), NULL)) {
                        wprintf(L"   CmdLine: %s\n", szT);
                }

                fRet = TRUE;
            }
        }
    }
    __except(EXCEPTION_EXECUTE_HANDLER) {
    }

    return fRet;
}


// copied from the win32 API code since we need to run on NT 4 and this is a
// new API to NT 5

HANDLE
TlistOpenThread(
    DWORD dwDesiredAccess,
    BOOL bInheritHandle,
    DWORD dwThreadId
    )

/*++

Routine Description:

    A handle to a thread object may be created using OpenThread.

    Opening a thread creates a handle to the specified thread.
    Associated with the thread handle is a set of access rights that
    may be performed using the thread handle.  The caller specifies the
    desired access to the thread using the DesiredAccess parameter.

Arguments:

    mDesiredAccess - Supplies the desired access to the thread object.
        For NT/Win32, this access is checked against any security
        descriptor on the target thread.  The following object type
        specific access flags can be specified in addition to the
        STANDARD_RIGHTS_REQUIRED access flags.

        DesiredAccess Flags:

        THREAD_TERMINATE - This access is required to terminate the
            thread using TerminateThread.

        THREAD_SUSPEND_RESUME - This access is required to suspend and
            resume the thread using SuspendThread and ResumeThread.

        THREAD_GET_CONTEXT - This access is required to use the
            GetThreadContext API on a thread object.

        THREAD_SET_CONTEXT - This access is required to use the
            SetThreadContext API on a thread object.

        THREAD_SET_INFORMATION - This access is required to set certain
            information in the thread object.

        THREAD_SET_THREAD_TOKEN - This access is required to set the
            thread token using SetTokenInformation.

        THREAD_QUERY_INFORMATION - This access is required to read
            certain information from the thread object.

        SYNCHRONIZE - This access is required to wait on a thread object.

        THREAD_ALL_ACCESS - This set of access flags specifies all of the
            possible access flags for a thread object.

    bInheritHandle - Supplies a flag that indicates whether or not the
        returned handle is to be inherited by a new process during
        process creation.  A value of TRUE indicates that the new
        process will inherit the handle.

    dwThreadId - Supplies the thread id of the thread to open.

Return Value:

    NON-NULL - Returns an open handle to the specified thread.  The
        handle may be used by the calling process in any API that
        requires a handle to a thread.  If the open is successful, the
        handle is granted access to the thread object only to the
        extent that it requested access through the DesiredAccess
        parameter.

    NULL - The operation failed. Extended error status is available
        using GetLastError.

--*/

{
    NTSTATUS Status;
    OBJECT_ATTRIBUTES Obja;
    HANDLE Handle;
    CLIENT_ID ClientId;

    ClientId.UniqueThread = (HANDLE)LongToHandle(dwThreadId);
    ClientId.UniqueProcess = (HANDLE)NULL;

    InitializeObjectAttributes(
        &Obja,
        NULL,
        (bInheritHandle ? OBJ_INHERIT : 0),
        NULL,
        NULL
        );
    Status = NtOpenThread(
                &Handle,
                (ACCESS_MASK)dwDesiredAccess,
                &Obja,
                &ClientId
                );
    if ( NT_SUCCESS(Status) ) {
        return Handle;
        }
    else {
        return NULL;
        }
}



VOID
PrintThreadInfo(
    PTASK_LIST pTaskList
    )

/*++

Routine Description:

    Prints all kinds of info about a task

Arguments:

    PTASK_LIST of task to print

Return Value:

    None.

--*/

{
    UINT    nThread;
    HANDLE  hProcess;

    // from \\kernel\razzle2\src\ntos\inc\ke.h
    #define MAX_THREADSTATE    (sizeof(szThreadState) / sizeof(TCHAR *))
    static const TCHAR  *szThreadState[] = {
        "Initialized",
        "Ready     ",
        "Running   ",
        "Standby   ",
        "Terminated",
        "Waiting   ",
        "Transition",
        "???       " };

    // get a handle to the process
    hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pTaskList->dwProcessId);
    if (!hProcess)
        return;

    // print the CWD and CmdLine
    FPrintPEBInfo(hProcess);

    printf( "   VirtualSize:   %6ld KB"
            "   PeakVirtualSize:   %6ld KB\n",
                pTaskList->VirtualSize / 1024,
                pTaskList->PeakVirtualSize / 1024);

    printf( "   WorkingSetSize:%6ld KB"
            "   PeakWorkingSetSize:%6ld KB\n",
            pTaskList->WorkingSetSize / 1024,
            pTaskList->PeakWorkingSetSize / 1024);

    printf( "   NumberOfThreads: %ld\n",
            pTaskList->NumberOfThreads);

    // if we got any threadinfo, spit it out
    if (pTaskList->pThreadInfo) {
        for (nThread = 0; nThread < pTaskList->NumberOfThreads; nThread++) {

            PTHREAD_INFO pThreadInfo = &pTaskList->pThreadInfo[nThread];
            HANDLE hThread = TlistOpenThread(THREAD_QUERY_INFORMATION, FALSE,
                (DWORD)(DWORD_PTR)pThreadInfo->UniqueThread);

            printf("   %4d Win32StartAddr:0x%08x LastErr:0x%08x State:%s\n",
                HandleToUlong(pThreadInfo->UniqueThread),
                GetWin32StartAddress(hThread),
                GetLastThreadErr(hThread),
                szThreadState[min(pThreadInfo->ThreadState, MAX_THREADSTATE - 1)]);

            if (hThread)
                NtClose(hThread);
        }
    }

    // print the modules
    PrintModuleList( pTaskList->dwProcessId );

    // close the hProcess
    CloseHandle(hProcess);
}

BOOL
FMatchTaskName(
    LPTSTR szPN,
    LPTSTR szWindowTitle,
    LPTSTR szProcessName
    )
{
    LPTSTR  szT;
    TCHAR    szTName[PROCESS_SIZE]= {0};

    _tcsncat( szTName, szProcessName, (sizeof(szTName)/sizeof(szTName[0]))-1 );
    if (szT = _tcschr( szTName, _T('.') ))
        szT[0] = _T('\0');

    if (MatchPattern( szTName, szPN ) ||
        MatchPattern( szProcessName, szPN ) ||
        MatchPattern( szWindowTitle, szPN )) {
            return TRUE;
    }

    return FALSE;
}