I use ZwQuerySystemInformation() to get a list of process, what
interrest me in this list is the path to the image
of those process, the problem is that this function give me only the
filename, not the path. I browsed ntddk.h and
found that the ZwQueryInformationProcess() function with
ProcessImageFileName as parameter would give me
what I want, but this parameter is supported only on Windows XP, I have
to support Windows 2k and XP…
Is there a way to get the full path of the image of a process ?
Thanks,
Benjamin Lauzi?re
Been asked many times, nope, it’s not possible. Have user mode pull a
GetModuleFileNameEx for you.
Benjamin Lauzière wrote:
I use ZwQuerySystemInformation() to get a list of process, what
interrest me in this list is the path to the image
of those process, the problem is that this function give me only the
filename, not the path. I browsed ntddk.h and
found that the ZwQueryInformationProcess() function with
ProcessImageFileName as parameter would give me
what I want, but this parameter is supported only on Windows XP, I have
to support Windows 2k and XP…
Is there a way to get the full path of the image of a process ?
Thanks,
Benjamin Lauzière
–
Nick Ryan (MVP for DDK)