I have the handle of some application that is running on the system. I have no clue what the name of the exe is. I need to find the filepath of the app knowing only the handle. I am doing this in c++ of course. Thank you for the help.
Joe
Printable View
I have the handle of some application that is running on the system. I have no clue what the name of the exe is. I need to find the filepath of the app knowing only the handle. I am doing this in c++ of course. Thank you for the help.
Joe
I'm not very good with file access in C++ but heres an idea. Try printing the first few dozen bytes of the file to a text file and then use the Find utility to search all files on the drive for that set of bytes (paste it into the contains text box).
I know this is an utterly ludicrous idea but I have had a long day and a few cans of the landlords finest.
There is an API function called GetModuleFilename() (or something close). That should do the trick.
Z.
but there was a problem. I am using a systemwide hook. I am taking the wParam parameter of the ShellProc function. It contains the handle. I convert it to HINSTANCE type using:
hInstance = (HINSTANCE)wParam ;
Then I put the name in szFileName using this:
GetModuleFileName(hInstance, szFileName, MAX_PATH);
The only time it returns a filename is when it is explorer.exe. It is not working for aol windows or even the vb project that is linking to the dll I need to find the filepath. If you have another suggestion I would gladly listen. Thank you for the help. (Also, I know how to do it in vb, so if you can translate it into c++ from the vb, I can post my code here).
Joe
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * 260
End Type
Private Type OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion As Long
dwMinorVersion As Long
dwBuildNumber As Long
dwPlatformId As Long
szCSDVersion As String * 128
End Type
'-- Above version info --
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Private Declare Function CloseHandle Lib "Kernel32.dll" (ByVal Handle As Long) As Long
Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Declare Function GetModuleFileNameExA Lib "psapi.dll" (ByVal hProcess As Long, ByVal hModule As Long, ByVal ModuleName As String, ByVal nSize As Long) As Long
Private Declare Function EnumProcessModules Lib "psapi.dll" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (lpVersionInformation As OSVERSIONINFO) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Const VER_PLATFORM_WIN32_WINDOWS = 1
Private Const PROCESS_QUERY_INFORMATION = 1024
Private Const PROCESS_VM_READ = 16
Private Const TH32CS_SNAPPROCESS = &H2
Private Function CheckVersion() As Long
Dim tOS As OSVERSIONINFO
tOS.dwOSVersionInfoSize = Len(tOS)
Call GetVersionEx(tOS)
CheckVersion = tOS.dwPlatformId
End Function
Public Function GetHwndEXE(ByVal hwnd As Long) As String
Dim lProcessID As Long, lThread As Long
Dim lProcessHandle As Long
Dim sName As String, lModule As Long
Dim bMore As Boolean, tPROCESS As PROCESSENTRY32
Dim lSnapShot As Long
lThread = GetWindowThreadProcessId(hwnd, lProcessID)
If CheckVersion() = VER_PLATFORM_WIN32_WINDOWS Then
'Windows 9x
'Create a SnapShot of the Currently Running Processes
lSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
If lSnapShot < 0 Then Exit Function
tPROCESS.dwSize = Len(tPROCESS)
'Enumerate those processes until we find a match
bMore = Process32First(lSnapShot, tPROCESS)
While bMore And tPROCESS.th32ProcessID <> lProcessID
bMore = Process32Next(lSnapShot, tPROCESS)
Wend
'If a match was found, get the EXE Path and Filename
If tPROCESS.th32ProcessID = lProcessID Then
sName = Left$(tPROCESS.szExeFile, InStr(tPROCESS.szExeFile, Chr(0)) - 1)
End If
End If
'Close the Process Handle
Call CloseHandle(lProcessHandle)
End If
Why are you converting wParam to an application instance handle? wParam is a handle to a window, therefor you should use a hwnd datatype.
Code:HWND hWnd = (HWND)wParam;
The VB works. I can't explian it to you. It was given to me. Do you know the syntax for this in c++.(By the way: please don't tell me to just go to msdn. I do not understand c++ api well enough and types to know what must be converted correctly). Thank you very much for the help.
Joe
Here's something, but it's not totally debugged. I didn't have enough time to go through, and debug it, but this should give you a head start.
Code:DWORD CheckVersion()
{
OSVERSIONINFO tOS;
tOS.dwOSVersionInfoSize = sizeof(tOS);
GetVersionEx( &tOS );
return tOS.dwPlatformId;
}
void GetHwndEXE(HWND hWnd, LPSTR lpBuffer)
{
DWORD lProcessID, lThread;
HANDLE lProcessHandle;
CHAR *sName;
HMODULE hModule;
BOOL bMore;
PROCESSENTRY32 tPROCESS;
HANDLE lSnapShot;
lThread = GetWindowThreadProcessId(hWnd, &lProcessID);
if( CheckVersion() == VER_PLATFORM_WIN32_WINDOWS )
{
// Windows 9x
// Create a SnapShop of the currently running processes
lSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( lSnapShop >= 0 )
{
tPROCESS.dwSize = sizeof(tPROCESS);
// Enumerate those processes until we find a match
bMore = Process32First( lSnapShot, &tPROCESS );
while( (bMore) && (tProcess.th32ProcessID != lProcessID) )
bMore = Process32Next( lSnapShot, &tPROCESS );
// If a match was found get the EXE Path and Filename
if( tPROCESS.th32ProcessID = lProcessID )
strncpy( sName, tPROCESS.szExeFile, strlen(tPROCESS.szExeFile));
// Close the process handle
CloseHandle(lSnapShot)
}
}
}
I'll try to translate the VB code 1:1
Code:#ifdef UNICODE
#ifndef _UNICODE
#define _UNICODE
#endif
#endif
#ifdef _UNICODE
#ifndef UNICODE
#define UNICODE
#endif
#endif
#include <windows.h>
#include <tchar.h>
DWORD CheckVersion()
{
OSVERSIONINFO ovi;
ovi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&ovi);
return ovi.dwPlatformId;
}
BOOL GetHwndEXE(HWND hWnd, LPTSTR szExeName)
{
DWORD dwProcessID, dwThreadID;
HANDLE hSnapShot;
PROCESSENTRY32 pe32;
BOOL bMore;
dwThreadID = GetWindowThreadProcessId( hWnd, &dwProcessID);
if(CheckVersion() == VER_PLATFORM_WIN32_WINDOWS)
{
// Windows 9x
// Create a SnapShot of the Currently Running Processes
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if(hSnapShot == INVALID_HANDLE_VALUE) return FALSE;
pe32.dwSize = sizeof(PROCESSENTRY32);
// Enumerate those processes until we find a match
bMore = Process32First(hSnapShot, &pe32);
while(bMore && pe32.th32ProcessID != dwProcessID)
bMore = Process32Next(hSnapShot, &pe32);
// If a match was found, get the EXE Path and Filename
if(pe32.thProcessID == dwProcessID)
// I don't know the VB string functions, so I will just copy the name of the exe including full path
_tcscpy(szExeName, pe32.szExeFile);
CloseHandle(hSnapShot);
}
return TRUE;
}