-
FullPathName of exe
Little explaination so as some dont think im hacking or etc..
Im writing a little process monitoring/access utility program. Ive completed the driver portion with psCreateProcessNotifyRoutine callback and can send the ProcessID,ParentID and MainThread of Process to usermode program.
In the usermode program I am suspending the thread so I can do checks on the exeutable thats starting up. I need to get the fullpathname to do the checks. So my question is, how can I get the fullpathname of the another process given its processid?
packetvb
-
you can open the process with OpenProcess with rights PROCESS_QUERY_INFORMATION. Then you can call GetProcessImageFileName() to get the fully qualified path. Then don't forget to call CloseHandle on the process!
Good luck!
-
Thanks sunburnt
Is that the full path name?
Ive tried the PSAPI routines, other ones, and I cant get it to return anything if the processes main thread is suspended immedately after the process was created.
Also I guess I should have been a bit more specific. I need it for Win2k and above. GetProcessImageFileName is XP and above.
packetvb
-
Nevermind I Guess.
The only way I could find, I had to use NtQueryInformationProcess to get the Process Environment Block of the other process and then use ReadProcessMemory to get the FullPathName from the parameters block of the PEB.
Note: I also tried GetModuleFileNameEx. But it fails when main thread is Suspended. Go figure.
Pain in the ars.
Thanks
packetvb