Results 1 to 4 of 4

Thread: FullPathName of exe

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2002
    Location
    Okinawa, Japan
    Posts
    271

    FullPathName of exe

    Little explaination so as some dont think im hacking or etc..
    Im writing a little process monitoring/access utility program. Ive completed the driver portion with psCreateProcessNotifyRoutine callback and can send the ProcessID,ParentID and MainThread of Process to usermode program.
    In the usermode program I am suspending the thread so I can do checks on the exeutable thats starting up. I need to get the fullpathname to do the checks. So my question is, how can I get the fullpathname of the another process given its processid?


    packetvb

  2. #2
    PowerPoster sunburnt's Avatar
    Join Date
    Feb 2001
    Location
    Boulder, Colorado
    Posts
    1,403
    you can open the process with OpenProcess with rights PROCESS_QUERY_INFORMATION. Then you can call GetProcessImageFileName() to get the fully qualified path. Then don't forget to call CloseHandle on the process!

    Good luck!
    Every passing hour brings the Solar System forty-three thousand miles closer to Globular Cluster M13 in Hercules -- and still there are some misfits who insist that there is no such thing as progress.

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2002
    Location
    Okinawa, Japan
    Posts
    271
    Thanks sunburnt

    Is that the full path name?
    Ive tried the PSAPI routines, other ones, and I cant get it to return anything if the processes main thread is suspended immedately after the process was created.

    Also I guess I should have been a bit more specific. I need it for Win2k and above. GetProcessImageFileName is XP and above.


    packetvb
    Last edited by packetVB; Oct 12th, 2004 at 03:48 AM.

  4. #4

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2002
    Location
    Okinawa, Japan
    Posts
    271
    Nevermind I Guess.
    The only way I could find, I had to use NtQueryInformationProcess to get the Process Environment Block of the other process and then use ReadProcessMemory to get the FullPathName from the parameters block of the PEB.

    Note: I also tried GetModuleFileNameEx. But it fails when main thread is Suspended. Go figure.


    Pain in the ars.

    Thanks

    packetvb
    Last edited by packetVB; Oct 12th, 2004 at 05:23 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width