Can you give some “demos” when it’s not going to work? It was working just
fine (well, for me) on W2K and, as I can recall, on NT. So, I started to
worry
Vladimir
-----Original Message-----
From: Wesley Witt [mailto:xxxxx@veritas.com]
Sent: Tuesday, April 03, 2001 11:35 AM
To: File Systems Developers
Subject: [ntfsd] RE: Process Path
you cannot count on this working as there are many cases under which you
will never get the name. this has been a constant problem for debuggers and
they have played many tricks to work around this. i do believe that this is
much better on whistler, but on win2k you’ll have to work a lot harder.
-----Original Message-----
From: Chtchetkine, Vladimir [mailto:xxxxx@Starbase.com]
Sent: Tuesday, April 03, 2001 11:15 AM
To: File Systems Developers
Subject: [ntfsd] RE: Process Path
Well, it seems that this list filters e-mail with attachments (or is it just
.cpp extension that you, guys, filter?
So, here is a code that I use in my system:
#include “C:\Program Files\Microsoft Platform SDK\Include\psapi.h”
BOOL GetProcessPathFromKMProcID( DWORD dwKMProcID, CString& aProcModulePath)
{
HANDLE hProcess = NULL;
HMODULE* pModules = NULL;
BOOL bRet = FALSE;
try
{
aProcModulePath = _T(“Not Available”);
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, (DWORD)dwKMProcID );
if( hProcess )
{
DWORD dwSize = 10240*sizeof(HMODULE); // Don’t bother with actual proc.
number
pModules = new HMODULE[dwSize/sizeof(HMODULE)];
if( EnumProcessModules( hProcess, pModules, dwSize, &dwSize ) )
{
dwSize /= sizeof(HMODULE);
for( DWORD nMod = 0; nMod < dwSize; nMod++ )
{
TCHAR szModPath[MAX_PATH+1];
if( GetModuleFileNameEx( hProcess, pModules[nMod], szModPath,
sizeof(szModPath)/sizeof(TCHAR)) )
{
//
// Not sure it’s the right way, but works for me se far!
//
LPCTSTR pszExtension = GetFileExtension( szModPath );
if( !lstrcmpi( pszExtension, _T(“EXE”)) ||
!lstrcmpi( pszExtension, _T(“COM”)) ||
!lstrcmpi( pszExtension, _T(“CMD”)) )
{
aProcModulePath = szModPath;
bRet = TRUE;
break;
}
}
}
}
}
}
catch( … )
{
bRet = FALSE;
}
if( pModules )
{
delete pModules;
}
if( hProcess )
{
CloseHandle(hProcess);
}
return bRet;
}
-----Original Message-----
From: Francisco Avila Gonz?lez [mailto:xxxxx@seg.inf.cu]
Sent: Tuesday, April 03, 2001 7:45 AM
To: File Systems Developers
Subject: [ntfsd] Process Path
Hello there!
I’m writing a device driver under Windows NT and I need to get the
full path for the executable file of a process given its process id.
Anyone know how to do that? I’ve traced the execution of GetModuleFileName
in Kernel32.dll but I din’t find anything interesting, this function doesn’t
seem to relay on kernel-mode subsystems. Any hint will be welcome.
Thanks in advance
You are currently subscribed to ntfsd as: xxxxx@Starbase.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: xxxxx@veritas.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: xxxxx@Starbase.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com