Python Win32 Process

In this article, we will discuss Python win32 process. And also we will discuss its methods one by one.

Basically, the Win32 process is a method in Python. Extended Win32 process creation and management capabilities are accessible through this module. The Create method creates process objects (the constructor). It is possible to kill, suspend, resume, and set the priority of processes on objects using additional methods.

Windows Management Instrumentation (WMI; formerly WBEM) and WMI extensions for the Windows Driver Model serve as the foundations for manageability in Windows 2019/2016/2012/2008 and Windows 10/7/XP (WDM).

The ability to create monitor check procedures based on WMI is offered by ActiveXperts Network Monitor. There are more than a hundred WMI samples that ActiveXperts has gathered. These examples might serve as a starting point for brand-new check routines that you create on your own.

Many WMI samples are available on this website.

ActiveXperts Network Monitor uses the Win32_Process WMI class to monitor your servers.

A series of events on a Windows operating system is represented by the Win32_Process WMI class. A sequence that involves the interaction of one or more processors or interpreters, some executable code, and a set of inputs, such as a client program running on a Windows system, is a descendent or member of this class.

Now the question arises what is Python win32?

So the Python win32 and Win32 application programming interface (API) capabilities can be used with Python by using the PyWin32 library of extensions for Windows.

Let's take a small introduction to the win32api Module.

The win32api module offers various extra methods for controlling processes. These give you the ability to carry out many of the usual steps needed to launch new processes, but they still fall short of offering the highest level of low-level control.

In contrast to the os.system function, which was previously explained, the WinExec function makes various accommodations for GUI programs. For example, no console is established, and the function doesn't wait until the new process has finished.

The function requires these two inputs:

  • The order to carry out
  • Alternatively, the application's window's initial state

Let's take a small introduction to the win32api.ShellExecute.

In addition, the win32api module offers another beneficial feature for starting new processes. In contrast to starting random processes, opening documents is the main purpose of the ShellExecute function. You may instruct ShellExecute to "open MyDocument.doc," for instance. Windows chooses which process to launch on your behalf in order to open.doc files. The click (or double-click) on an a.doc file causes Windows Explorer to perform the same action.

A program that is being run is referred to as a process (processed). A process need not be one that the user runs manually; it could instead be a system process that the operating system spawns. Any program that runs on an operating system must first generate a separate process before it can begin to operate. The majority of processes in a typical OS installation are background programs and operating system services that are used to keep the hardware, software, and operating system in good working order.

This post will look at a few alternative Python methods for getting a list of a Windows OS's currently active processes.

To get the desired outcome, we will first describe a Python method. We will then examine a command from the Windows Command Processor to accomplish the same thing.

pip install wmi

pip install wmi



Python Win32 Process

The WMI() function of the wmi library is first initialized. This enables us to access its internal functions, such as WMI.Win32_Service, WMI.Win32_Process, and WMI.Win32_Printjob, each of which is intended to carry out a certain duty. To obtain a list of the system's active processes, we would use the WMI.Win32_Process function. After that, we iterated through all the running processes and placed them in the variable process by calling the function WMI.Win32_Process(). The corresponding attributes were then used to derive the process's ProcessID (pid) and ProcessName (name). To add padding to the output and properly align it, we used F-strings for the output.

Now let's go through different methods of module Win32process.


In this method, we create a new STARTUPINFO object.

Let's understand how to create this, which is given below:



2. beginthreadex

In this method, we create a new thread.

Let's understand how to create this, which is given below:


PyHANDLE, int = beginthreadex(sa, stackSize , entryPoint , args , flags )

Let's understand its parameters is given below


  • sa: PySECURITY_ATTRIBUTES(The security attributes, or None)
  • stackSize : int (The new thread's stack size, or 0 for the default size.)
  • entryPoint : function (It is a thread function)
  • args : tuple
  • flags : int

CREATE_SUSPENDED is an option for delaying the start of a thread.

The thread handle and thread ID are returned as a tuple as the outcome.

3. CreateProcess

win32process.CreateProcess PyHANDLE, PyHANDLE, int, int = CreateProcess(appName, commandLine , processAttributes , threadAttributes , bInheritHandles , dwCreationFlags , newEnvironment , currentDirectory , startupinfo ) establishes a new process and the main thread for it. The newly created process runs the designated executable file.


  • appName: string (executable module's name, or None)
  • Commandline: string (command-line argument, or Nothing)
  • processAttributes: PySECURITY_ATTRIBUTES (attributes of process security, or None)
  • threadAttributes: PySECURITY_ATTRIBUTES (aspects of thread security, or None)
  • bInheritHandles: int
  • dwCreationFlags: int

4. CreateRemoteThread

win32process.CreateRemoteThread PyHANDLE, int = CreateRemoteThread(hprocess, sa , stackSize , entryPoint , Parameter , flags ) establishes a thread that executes in another process's virtual address space.


  • hprocess : PyHANDLE (the remote process's handle)
  • sa : PySECURITY_ATTRIBUTES (Security characteristics, or None)
  • stackSize : int (The new thread's stack size, or 0 for the default size.)
  • entryPoint : function (The address of the thread function.)
  • Parameter : int (a void pointer that served as the argument given to the function)
  • flags : int

The thread handle and thread ID are returned as a tuple as the outcome.

5. CreateProcessAsUser

win32process.CreateProcessAsUser creates a new process with the provided user as its context.

PyHANDLE, PyHANDLE, int, int = CreateProcessAsUser(hToken, appName , commandLine , processAttributes , threadAttributes , bInheritHandles , dwCreationFlags , newEnvironment , currentDirectory , startupinfo )


  • hToken: PyHANDLE (Handle to a token that indicates a user who is currently logged in)
  • appName: string (executable module's name, or None)
  • commandLine: string (command-line argument, or Nothing)
  • processAttributes: PySECURITY_ATTRIBUTES (attributes of process security, or None)
  • threadAttributes: PySECURITY_ATTRIBUTES (aspects of thread security, or None)
  • bInheritHandles: int (the inheritance flag handle)
  • dwCreationFlags: int (creating of flags)
  • newEnvironment: None (A dictionary of stringor Unicode pair definitions to specify the process environment, or None to use the default environment.)
  • currentDirectory: string (name of the current directory, or None)
  • startupinfo: PySTARTUPINFO (a STARTUPINFO object that describes the appearance of the new process's main window.)

Consequently, a tuple of (hProcess, hThread, dwProcessId, dwThreadId)

6. GetCurrentProcess

win32process.GetCurrentProcess obtains a fictitious handle for the active process.

int = GetCurrentProcess()

7. GetCurrentProcessId

win32process.GetCurrentProcessId reveals the caller process's unique process identification.

int = GetCurrentProcessId()

8. GetProcessVersion

win32process.GetProcessVersion reveals the system's main and minor version numbers, which are needed to conduct a specific process.

int = GetProcessVersion(processId)


  • processId: int (a designation for the desired process.)

9. GetCurrentProcessId

win32process.GetCurrentProcessId reveals the caller process's unique process identification.

int = GetCurrentProcessId()

10. GetStartupInfo

win32process.GetStartupInfo reveals the STARTUPINFO structure's contents, which were supplied when the caller process was established.

PySTARTUPINFO = GetStartupInfo()

11. GetPriorityClass


int = GetPriorityClass(handle)


  • handle: PyHANDLE (to the thread's handle)

12. GetExitCodeThread


int = GetExitCodeThread(handle)


  • handle: PyHANDLE (to the thread's handle)

13. GetExitCodeProcess


int = GetExitCodeProcess(handle)


  • handle: PyHANDLE (to the thread's handle)

14. GetWindowThreadProcessId

win32process.GetWindowThreadProcessId returns the thread and process IDs that were responsible for the provided window's creation.

int, int = GetWindowThreadProcessId(hwnd)


  • hwnd: int (this parameter handles the window)

Consequently, a tuple of (threadId, processId)

15. SetThreadPriority


SetThreadPriority(handle, nPriority)


  • handle: PyHANDLE (This parameter handles the thread)
  • nPriority: int (This parameter thread the priority level)

16. GetThreadPriority


int = GetThreadPriority(handle)


  • handle: PyHANDLE (this parameter handles the threads)

17. GetProcessPriorityBoost

win32process.GetProcessPriorityBoost determines whether a process's dynamic priority adjustment is enabled.

bool = GetProcessPriorityBoost(Process)


  • Process: PyHANDLE (This parameter handles to a process)

18. SetProcessPriorityBoost

win32process.SetProcessPriorityBoost enables or disables a process's dynamic priority adjustment.

SetProcessPriorityBoost(Process, DisablePriorityBoost)


  • Process: PyHANDLE (This parameter handles a process)
  • DisablePriorityBoost: boolean (This parameter indicates True to disable and False to enable)

19. GetThreadPriorityBoost


determines whether a thread's dynamic priority adjustment is enabled.

bool = GetThreadPriorityBoost(Thread)


  • Thread: PyHANDLE (This parameter handles to a thread)

20. SetThreadPriorityBoost

win32process.SetThreadPriorityBoost enables or disables a thread's dynamic priority adjustment.

SetThreadPriorityBoost(Thread, DisablePriorityBoost)


  • Thread: PyHANDLE (This parameter handles to a thread)
  • DisablePriorityBoost: boolean ((This parameter indicates True to disable and False to enable)

21. GetThreadIOPendingFlag

win32process.GetThreadIOPendingFlag determines whether a thread has any open IO requests.

bool = GetThreadIOPendingFlag(Thread)


  • Thread: PyHANDLE (This parameter handles to a thread)

22. GetThreadTimes


It returns the time statistics for a thread.

dict = GetThreadTimes(Thread)


  • Thread: PyHANDLE (This parameter handles to a thread)

23. GetProcessId

int = GetProcessId(Process)

It returns the Pid for a process handle.


  • Process: PyHANDLE (This parameter handles to a thread)

24. SetPriorityClass


SetPriorityClass(handle, dwPriorityClass)


  • handle: PyHANDLE (This parameter handles to the process)
  • dwPriorityClass: int (This parameter gives priority class value)

25. AttachThreadInput

win32process.AttachThreadInput connects and disconnects the input of two threads.

AttachThreadInput(idAttach, idAttachTo, Attach)


  • idAttach: int (This parameter shows id of a thread)
  • idAttachTo: int (This parameter shows the id of the thread)
  • Attach: bool (determines whether a thread should be joined or disconnected.)

26. SetThreadIdealProcessor




  • handle: PyHANDLE ( handle to the thread of interest )
  • dwIdealProcessor: int ( ideal processor number )

Return type

This method return the int value

27. GetProcessAffinityMask




  • hProcess: PyHANDLE ( handle to the process of interest )

Return type

This method returns a tuple of ( process affinity mask, system affinity mask ).

28. SetProcessAffinityMask



Sets a processor affinity mask for a specified process.


  • hProcess: PyHANDLE ( handle to the process of interest )
  • mask: int ( a processor affinity mask )

Note: Some platforms do not have this feature.

29. SetThreadAffinityMask




  • hThread: PyHANDLE ( handle to the thread of interest )
  • ThreadAffinityMask: int ( a processor affinity mask )

Return type

This method returns an int value.

30. SuspendThread



Suspends the specified thread.


  • handle: PyHANDLE ( handle to the thread )

Return value

The return value is the thread's previous suspend count

31. ResumeThread



Resumes the specified thread. When the suspend count is decremented to zero, the execution of the thread is resumed.


  • handle: PyHANDLE ( handle to the thread )

Return value

The return value is the thread's previous suspend count

32. TerminateProcess




  • handle: PyHANDLE ( handle to the process )
  • exitCode: int ( The exit code for the process )

33. xitProcess


  • ExitProcess: The process's end and all of its threads


  • exitCode: int (Exit code information is provided for the process, and all threads that are terminated as a result of this call.)

The best way to stop a process is with ExitProcess. A clean process shutdown is provided by this function. This includes contacting each associated dynamic-link library's (DLL) entry-point function with a value indicating that the process is separating from the DLL. The DLLs associated with the process are not informed of the process termination if a process terminates by invoking win32process::TerminateProcess.

34. EnumProcesses



Provides Pids for activities that are actually running.

35. EnumProcessModules



Lists loaded modules for a process handle


  • hProcess: PyHANDLE ( Process handle as returned by OpenProcess )

36. EnumProcessModulesEx



lists the 32- or 64-bit modules that a process has loaded.


  • hProcess : PyHANDLE ( The process handle that OpenProcess returned ) FilterFlag=LIST_MODULES_DEFAULT : int ( choose whether to return 32-bit or 64-bit modules. ) needs Windows Vista or later.

37. GetModuleFileNameEx




  • hProcess: PyHANDLE ( The process handle that OpenProcess returned )
  • hModule: PyHANDLE ( This parameter handles the modules )

38. GetProcessMemoryInfo



A dict representing a PROCESS_MEMORY_COUNTERS struct is returned as the process memory statistics.


  • hProcess: PyHANDLE ( Process handle as returned by OpenProcess )

39. GetProcessTimes



Obtain time statistics for a process using its handle. (In 100 nanosecond units for UserTime and KernelTime)


  • hProcess: PyHANDLE ( Process handle as returned by OpenProcess )

40. GetProcessIoCounters



I/O statistics for a process are returned as a dictionary corresponding to an IO_COUNTERS struct.


  • hProcess: PyHANDLE ( Process handle as returned by OpenProcess )

41. GetProcessWindowStation



Returns a handle to the window station for the calling process.

42. GetProcessWorkingSetSize



A process's minimum and maximum working set sizes are returned.


  • hProcess: PyHANDLE ( Process handle as returned by win32api::OpenProcess )

43. SetProcessWorkingSetSize



Sets minimum and maximum working set sizes for a process.


  • hProcess : PyHANDLE ( Process handle as returned by OpenProcess )
  • MinimumWorkingSetSize : int ( Minimum number of bytes to keep in physical memory )
  • MaximumWorkingSetSize : int ( Maximum number of bytes to keep in physical memory )

NOTE: To entirely swap out the procedure, set both min and max to -1.

44. GetProcessShutdownParameters



Reveals the process's current termination level and triggers.

The range is 000-0FF. windows reserved, Last, 200-2FF Middle, First, 300-3FF, and Fourth, 400-4FF Windows reserves.

45. SetProcessShutdownParameters



Sets the process's flags and termination priority.


  • Level: int (This parameter shows higher priority equals earlier)
  • Flags: int (This parameter shows only SHUTDOWN NORETRY is valid at the moment).

The range is 000-0FF. 100-1FF Last, 200-2FF Middle, 300-3FF First, 400-4FF, and reserved by windows window reserved.

46. GetGuiResources



Gives the amount of GDI or user object handles that a process is holding.


  • Process: PyHANDLE (This parameter Win32api::OpenProcess's returned handle to a process)
  • Flags: int (This parameter shows either GR USEROBJECTS or GR GDIOBJECTS (from win32con))

47. IsWow64Process



Identifies whether WOW64 is currently running the specified process.


  • Process=None: PyHANDLE (Process handle returned by win32api::OpenProcess, win32api::GetCurrentProcess, etc.; if None (the default) is given, the current process handle will be used.)

Let's see its Return Value.

The return value is False if the operating system does not provide this function (ie,

a NotImplemented exception will never be thrown). However, a

win32process.error exception to this is normally thrown if the function is available

but ineffective.


In this article, we have discussed Python win32 process. And also, we have discussed the different types of methods and their parameters and return values one by one.

