获得指定 PID 的进程可执行文件全路径

好久没有贴代码了，搞得让别人觉得老汉好像改行了似的。今天粘一段。

函数原型为：

#ifndef __PSLIB_H__
#define __PSLIB_H__
DWORD WINAPI GetProcessName(DWORD dwProcessId, LPTSTR pszName, DWORD nSize, BOOL bFullPath);
#endif // __PSLIB_H__

#ifndef __PSLIB_H__

#define __PSLIB_H__

DWORD WINAPI GetProcessName(DWORD dwProcessId, LPTSTR pszName, DWORD nSize, BOOL bFullPath);

#endif // __PSLIB_H__

函数实现为：

#include <windows.h>
#include <tlhelp32.h>
#include <psapi.h>
// For _tcsrchr()
#include <stdlib.h>
#include <tchar.h>
#include "pslib.h"
// For Windows 9x series
typedef HANDLE (WINAPI * fnCreateToolhelp32Snapshot)(DWORD dwFlags, DWORD th32ProcessID);
typedef BOOL (WINAPI * fnProcess32First)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);
typedef BOOL (WINAPI * fnProcess32Next)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);
typedef BOOL (WINAPI * fnThread32First)(HANDLE hSnapshot, LPTHREADENTRY32 lpte);
typedef BOOL (WINAPI * fnThread32Next)(HANDLE hSnapshot, LPTHREADENTRY32 lpte);
// For Windows NT series
typedef BOOL (WINAPI * fnEnumProcessModules)(HANDLE hProcess, HMODULE *lphModule, DWORD cb, LPDWORD lpcbNeeded);
typedef DWORD (WINAPI * fnGetModuleBaseName)(HANDLE hProcess, HMODULE hModule, LPTSTR lpBaseName, DWORD nSize);
typedef DWORD (WINAPI * fnGetModuleFileNameEx)(HANDLE hProcess, HMODULE hModule, LPTSTR lpFilename, DWORD nSize);
#define DECL_PFUNC(f)   static fn##f my##f = NULL
DECL_PFUNC(CreateToolhelp32Snapshot);
DECL_PFUNC(Process32First);
DECL_PFUNC(Process32Next);
// DECL_PFUNC(Thread32First);
// DECL_PFUNC(Thread32Next);
DECL_PFUNC(EnumProcessModules);
DECL_PFUNC(GetModuleBaseName);
DECL_PFUNC(GetModuleFileNameEx);
#undef DECL_PFUNC
#ifdef UNICODE
#define TAIL_CHAR   TEXT("W")
#else
#define TAIL_CHAR   TEXT("A")
#endif // !UNICODE
static void GetSnapshotFunctions()
{
HINSTANCE hKernel32 = GetModuleHandle(TEXT("Kernel32.dll"));
#define GET_KERNEL_FUNCTION(f)  if(my##f == NULL) my##f = (fn##f)GetProcAddress(hKernel32, #f)
GET_KERNEL_FUNCTION(CreateToolhelp32Snapshot);
GET_KERNEL_FUNCTION(Process32First);
GET_KERNEL_FUNCTION(Process32Next);
//  GET_KERNEL_FUNCTION(Thread32First);
//  GET_KERNEL_FUNCTION(Thread32Next);
#undef GET_KERNEL_FUNCTION
}
static void GetPsapiFunctions()
{
HINSTANCE hPsapi = GetModuleHandle(TEXT("psapi.dll"));
if(hPsapi == NULL)
hPsapi = LoadLibrary(TEXT("psapi.dll"));
#define GET_PSAPI_FUNCTION(f)   if(my##f == NULL) my##f = (fn##f)GetProcAddress(hPsapi, #f)
#define GET_PSAPI_FUNCTION_T(f) if(my##f == NULL) my##f = (fn##f)GetProcAddress(hPsapi, #f ##TAIL_CHAR)
GET_PSAPI_FUNCTION(EnumProcessModules);
GET_PSAPI_FUNCTION_T(GetModuleBaseName);
GET_PSAPI_FUNCTION_T(GetModuleFileNameEx);
#undef GET_KERNEL_FUNCTION
#undef GET_KERNEL_FUNCTION_T
}
DWORD WINAPI GetProcessName(DWORD dwProcessId, LPTSTR pszName, DWORD nSize, BOOL bFullPath)
{
BOOL bWindows9x = (HIWORD(GetVersion()) & 0x8000);
if(bWindows9x)
{
GetSnapshotFunctions();
// Take a snapshot of all processes in the system.
HANDLE hProcessSnap = myCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
return 0;
DWORD dwRet = 0;
// Retrieve information
PROCESSENTRY32 pe32 = { sizeof(PROCESSENTRY32) };
if(myProcess32First(hProcessSnap, &pe32))
{
do
{
if(pe32.th32ProcessID == dwProcessId)
{
LPTSTR pszExeFile = pe32.szExeFile;
if(!bFullPath)
{
pszExeFile = _tcsrchr(pe32.szExeFile, _T('\\'));
if(pszExeFile)
pszExeFile++;
}
lstrcpyn(pszName, pszExeFile, nSize);
dwRet = lstrlen(pszName) + 1;
break;
}
} while(myProcess32Next(hProcessSnap, &pe32));
}
CloseHandle(hProcessSnap);     // Must clean up the snapshot object!
return dwRet;
}
else
{
GetPsapiFunctions();
// Get a handle to the process.
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwProcessId);
// Get the process name.
if(hProcess == NULL)
return 0;
HMODULE hMod;
DWORD cb;
BOOL bRet = myEnumProcessModules(hProcess, &hMod, sizeof(hMod), &cb);
if(bRet)
{
if(bFullPath)
cb = myGetModuleFileNameEx(hProcess, hMod, pszName, nSize);
else
cb = myGetModuleBaseName(hProcess, hMod, pszName, nSize);
}
CloseHandle(hProcess);
return bRet ? cb : 0;
}
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

#include <windows.h>

#include <tlhelp32.h>

#include <psapi.h>

// For _tcsrchr()

#include <stdlib.h>

#include <tchar.h>

#include "pslib.h"

// For Windows 9x series

typedef HANDLE (WINAPI * fnCreateToolhelp32Snapshot)(DWORD dwFlags, DWORD th32ProcessID);

typedef BOOL (WINAPI * fnProcess32First)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);

typedef BOOL (WINAPI * fnProcess32Next)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);

typedef BOOL (WINAPI * fnThread32First)(HANDLE hSnapshot, LPTHREADENTRY32 lpte);

typedef BOOL (WINAPI * fnThread32Next)(HANDLE hSnapshot, LPTHREADENTRY32 lpte);

// For Windows NT series

typedef BOOL (WINAPI * fnEnumProcessModules)(HANDLE hProcess, HMODULE *lphModule, DWORD cb, LPDWORD lpcbNeeded);

typedef DWORD (WINAPI * fnGetModuleBaseName)(HANDLE hProcess, HMODULE hModule, LPTSTR lpBaseName, DWORD nSize);

typedef DWORD (WINAPI * fnGetModuleFileNameEx)(HANDLE hProcess, HMODULE hModule, LPTSTR lpFilename, DWORD nSize);

#define DECL_PFUNC(f) static fn##f my##f = NULL

DECL_PFUNC(CreateToolhelp32Snapshot);

DECL_PFUNC(Process32First);

DECL_PFUNC(Process32Next);

// DECL_PFUNC(Thread32First);

// DECL_PFUNC(Thread32Next);

DECL_PFUNC(EnumProcessModules);

DECL_PFUNC(GetModuleBaseName);

DECL_PFUNC(GetModuleFileNameEx);

#undef DECL_PFUNC

#ifdef UNICODE

#define TAIL_CHAR TEXT("W")

#else

#define TAIL_CHAR TEXT("A")

#endif // !UNICODE

static void GetSnapshotFunctions()

{

HINSTANCE hKernel32 = GetModuleHandle(TEXT("Kernel32.dll"));

#define GET_KERNEL_FUNCTION(f) if(my##f == NULL) my##f = (fn##f)GetProcAddress(hKernel32, #f)

GET_KERNEL_FUNCTION(CreateToolhelp32Snapshot);

GET_KERNEL_FUNCTION(Process32First);

GET_KERNEL_FUNCTION(Process32Next);

// GET_KERNEL_FUNCTION(Thread32First);

// GET_KERNEL_FUNCTION(Thread32Next);

#undef GET_KERNEL_FUNCTION

}

static void GetPsapiFunctions()

{

HINSTANCE hPsapi = GetModuleHandle(TEXT("psapi.dll"));

if(hPsapi == NULL)

hPsapi = LoadLibrary(TEXT("psapi.dll"));

#define GET_PSAPI_FUNCTION(f) if(my##f == NULL) my##f = (fn##f)GetProcAddress(hPsapi, #f)

#define GET_PSAPI_FUNCTION_T(f) if(my##f == NULL) my##f = (fn##f)GetProcAddress(hPsapi, #f ##TAIL_CHAR)

GET_PSAPI_FUNCTION(EnumProcessModules);

GET_PSAPI_FUNCTION_T(GetModuleBaseName);

GET_PSAPI_FUNCTION_T(GetModuleFileNameEx);

#undef GET_KERNEL_FUNCTION

#undef GET_KERNEL_FUNCTION_T

}

DWORD WINAPI GetProcessName(DWORD dwProcessId, LPTSTR pszName, DWORD nSize, BOOL bFullPath)

{

BOOL bWindows9x = (HIWORD(GetVersion()) & 0x8000);

if(bWindows9x)

{

GetSnapshotFunctions();

// Take a snapshot of all processes in the system.

HANDLE hProcessSnap = myCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

if(hProcessSnap == INVALID_HANDLE_VALUE)

return 0;

DWORD dwRet = 0;

// Retrieve information

PROCESSENTRY32 pe32 = { sizeof(PROCESSENTRY32) };

if(myProcess32First(hProcessSnap, &pe32))

{

if(pe32.th32ProcessID == dwProcessId)

{

LPTSTR pszExeFile = pe32.szExeFile;

if(!bFullPath)

{

pszExeFile = _tcsrchr(pe32.szExeFile, _T('\\'));

if(pszExeFile)

pszExeFile++;

}

lstrcpyn(pszName, pszExeFile, nSize);

dwRet = lstrlen(pszName) + 1;

break;

}

} while(myProcess32Next(hProcessSnap, &pe32));

}

CloseHandle(hProcessSnap); // Must clean up the snapshot object!

return dwRet;

}

else

{

GetPsapiFunctions();

// Get a handle to the process.

HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwProcessId);

// Get the process name.

if(hProcess == NULL)

return 0;

HMODULE hMod;

DWORD cb;

BOOL bRet = myEnumProcessModules(hProcess, &hMod, sizeof(hMod), &cb);

if(bRet)

{

if(bFullPath)

cb = myGetModuleFileNameEx(hProcess, hMod, pszName, nSize);

else

cb = myGetModuleBaseName(hProcess, hMod, pszName, nSize);

}

CloseHandle(hProcess);

return bRet ? cb : 0;

}

已经在 Windows 95 以及 Windows XP 上调试通过。

打赏赞

张三太爷

看前面，黑洞洞

获得指定 PID 的进程可执行文件全路径

发表回复取消回复

发表回复 取消回复

发表回复取消回复