How do i get the process version path from via only knowing the processID?

Hellouser · October 24, 2009

Hi All

Authenticity · October 24, 2009

If you mean to get the path/filename.exe this process was executed from initially then you can do something like this:

#include <WinAPI.au3>

$PID = Run('notepad')
$avProcs = ProcessList()
$sImageName = ""

For $i = 1 To $avProcs[0][0]
    If $avProcs[$i][1] = $PID Then
        $sImageName = $avProcs[$i][0]
        ExitLoop
    EndIf
Next

If $sImageName <> "" Then ConsoleWrite(_WinAPI_FindExecutable($sImageName) & @CRLF)

Alternatively, you can try this example converted to AutoIt which is more explicit and more wordy.

PsaltyDS · October 24, 2009

Hi All
How do i get the process version path from via only knowing the processID?

I don't know what "process version path" is, but _ProcessListProperties() demonstrates how to get many properties, including the executable path and full command line used to start it.

PsaltyDS · October 24, 2009

If you mean to get the path/filename.exe this process was executed from initially then you can do something like this:

#include <WinAPI.au3>

$PID = Run('notepad')
$avProcs = ProcessList()
$sImageName = ""

For $i = 1 To $avProcs[0][0]
    If $avProcs[$i][1] = $PID Then
        $sImageName = $avProcs[$i][0]
        ExitLoop
    EndIf
Next

If $sImageName <> "" Then ConsoleWrite(_WinAPI_FindExecutable($sImageName) & @CRLF)

I didn't think that was the intended use of _WinAPI_FindExecutable() and tried it this way:

#include <WinAPI.au3>

$avProcs = ProcessList()
$sImageName = ""

For $i = 1 To $avProcs[0][0]
    $sImageName = $avProcs[$i][0]
    If $sImageName <> "" Then ConsoleWrite($sImageName & " = " & _WinAPI_FindExecutable($sImageName) & @CRLF)
Next

Although it works for Notepad, it doesn't return the executable path for many things (like firefox.exe).

Authenticity · October 24, 2009

Yes, this is the problem with FindExecutable and QueryAssocString() functions. They're inconsistent, I guess.

#include <NomadMemory.au3>
SetPrivilege("SeDebugPrivilege", 1)


Local $avProcs = ProcessList()

For $i = 1 To $avProcs[0][0]
    $hSnapShot = _CreateToolhelp32Snapshot(8, $avProcs[$i][1])
    If $hSnapShot Then
        $tME32 = _Module32First($hSnapShot)
        If Not @error Then
            $sExePath = DllStructGetData($tME32, 10)
            ConsoleWrite(FileGetLongName($sExePath) & @CRLF)
        EndIf
        _CloseHandle($hSnapShot)
    EndIf
Next
    

Func _CreateToolhelp32Snapshot($iFlags, $iTh32ProcessID)
    Local $aResult = DllCall("kernel32.dll", "hwnd", "CreateToolhelp32Snapshot", "uint", $iFlags, "uint", $iTh32ProcessID)

    If @error Then Return SetError(@error, @extended, 0)
    Return $aResult[0]
EndFunc

Func _Module32First($hSnapShot)
    Local $tMODULEENTRY32 = DllStructCreate("uint;uint;uint;uint;uint;ptr;uint;hwnd;wchar[256];wchar[260]")
    Local $pMODULEENTRY32 = DllStructGetPtr($tMODULEENTRY32)
    Local $iMODULEENTRY32 = DllStructGetSize($tMODULEENTRY32)
    Local $aResult
    
    DllStructSetData($tMODULEENTRY32, 1, $iMODULEENTRY32)
    $aResult = DllCall("kernel32.dll", "int", "Module32FirstW", "hwnd", $hSnapShot, "ptr", $pMODULEENTRY32)
    
    If @error Or $aResult[0] = 0 Then Return SetError(1, 0, 0)
    Return SetError(0, 0, $tMODULEENTRY32)
EndFunc

Func _CloseHandle($hHandle)
    Local $aResult = DllCall("kernel32.dll", "int", "CloseHandle", "int", $hHandle)
    
    Return $aResult[0]
EndFunc

Sign In

How do i get the process version path from via only knowing the processID?

Recommended Posts

Hellouser

Authenticity

PsaltyDS

PsaltyDS

Authenticity

Create an account or sign in to comment

Create an account

Sign in

Browse

AutoIt Resources

Release

Beta