[mw_shl_code=delphi,true]function GetPathFileofModule(ModuleName:String):String; //枚举进程文件所在路径
var
hProcSnap: THandle;
pProcess: THandle;
pe32: TProcessEntry32;
buf:array[0..MAX_PATH] of char;
hMod:HMODULE;
cbNeededWORD;
begin
hProcSnap := CreateToolHelp32SnapShot(TH32CS_SNAPALL, 0);
if hProcSnap = INVALID_HANDLE_VALUE then Exit;
pe32.dwSize := SizeOf(ProcessEntry32);
if Process32First(hProcSnap, pe32) = True then
while Process32Next(hProcSnap, pe32) = True do
begin
if uppercase(pe32.szExeFile)=uppercase(ModuleName) then
begin
pProcess:=OpenProcess(PROCESS_QUERY_INFORMATION or
PROCESS_VM_READ,
FALSE,
pe32.th32ProcessID);
if pProcess<>0 then
begin
if EnumProcessModules( pProcess,@hMod,sizeof(hMod),cbNeeded) then
begin
ZeroMemory(@buf,MAX_PATH+1);
GetModuleFileNameEx(pProcess, hMod,buf,MAX_PATH+1);
Result:=strpas(buf);
end;
end;
end;
end;
CloseHandle(hProcSnap);
end;[/mw_shl_code]
作者: worm 时间: 2018-10-9 14:15
查网上资料发现,可以用QueryFullProcessImageName 这个函数,最低要求VISTA系统,XP太老了,这个函数可以用! 但是不知道怎么利用~作者: worm 时间: 2018-10-9 15:26
[mw_shl_code=delphi,true]function NazwaProcesu(const uchwyt: Thandle): string;
type
TQueryFullProcessImageName = function(hProcess: Thandle; dwFlags: DWORD; lpExeName: PChar; nSize: PDWORD): BOOL; stdcall;
var
pid: DWORD;
hProcess: Thandle;
sciezka: array [0 .. MAX_PATH - 1] of Char;
QueryFullProcessImageName: TQueryFullProcessImageName;
nSize: cardinal;
begin
Result := '';
GetWindowThreadProcessId(uchwyt, pid);
hProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, false, pid);
if hProcess <> 0 then
try
if GetModuleFileNameEX(hProcess, 0, sciezka, MAX_PATH) <> 0 then Result := sciezka
else if Win32MajorVersion >= 6 then
begin
nSize := MAX_PATH;
ZeroMemory(@sciezka, MAX_PATH);
@QueryFullProcessImageName := GetProcAddress(GetModuleHandle('kernel32'), 'QueryFullProcessImageNameW');
if Assigned(QueryFullProcessImageName) then
if QueryFullProcessImageName(hProcess, 0, sciezka, @nSize) then Result := sciezka
end;
finally
CloseHandle(hProcess);
end;
end;[/mw_shl_code]
WORD;