Sign in to follow this  
Followers 0
PerryRaptor

Get the Path for a Running Process

9 posts in this topic

#1 ·  Posted (edited)

Can we get the path for a running process?

Even {PID # to path} would work. Is there a DLLCall() that could do it?

I looked at SysInternal's Handle.exe; however, that's overkill and painful to parse the results for just one line of data.

Edited by PerryRaptor

Share this post


Link to post
Share on other sites



See Autoit Wrappers, its in there!!

8)


NEWHeader1.png

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

search "process path" on forum

this post has an example from WMI scriptomatic

winclose regular exp​ression

EDIT: used post instead of topic

example by Mega

$path = _WinGetPath()
MsgBox(0,WinGetTitle(""),$path)

Func _WinGetPath($Title="", $strComputer='localhost')
    $win = WinGetTitle($Title)
    $pid = WinGetProcess($win)
   $wbemFlagReturnImmediately = 0x10
   $wbemFlagForwardOnly = 0x20
   $colItems = ""
   $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
   $colItems = $objWMIService.ExecQuery ("SELECT * FROM Win32_Process WHERE ProcessId = " & $pid, "WQL", _
         $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
   If IsObj($colItems) Then
      For $objItem In $colItems
         If $objItem.ExecutablePath Then Return $objItem.ExecutablePath
      Next
   EndIf
EndFunc
Edited by rover

I see fascists...

Share this post


Link to post
Share on other sites

Can we get the path for a running process?

Even {PID # to path} would work. Is there a DLLCall() that could do it?

I looked at SysInternal's Handle.exe; however, that's overkill and painful to parse the results for just one line of data.

Another possibility is _ProcessListProperties().

You can pass it the PID, or the process name, and if you pass it nothing the results are returned for all processes. Results are in a 2D array with the executable path in [n][5].

<_<


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Another possibility is _ProcessListProperties().

You can pass it the PID, or the process name, and if you pass it nothing the results are returned for all processes. Results are in a 2D array with the executable path in [n][5].

<_<

Nice use of self promotion! You can also make some fancy graphs with this function: http://www.autoitscript.com/forum/index.php?showtopic=55877

And while we're on the topic of graphs you can check out something a little more universal: http://www.autoitscript.com/forum/index.php?showtopic=56271

Share this post


Link to post
Share on other sites

You can also make some fancy graphs with this function: http://www.autoitscript.com/forum/index.php?showtopic=55877

And while we're on the topic of graphs you can check out something a little more universal: http://www.autoitscript.com/forum/index.php?showtopic=56271

Both very nice indeed!

<_<


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

or see this


UDFS & Apps:


DDEML.au3 - DDE Client + Server[*]
Localization.au3- localize your scripts[*]
TLI.au3 - type information on COM objects (TLBINF emulation)[*]
TLBAutoEnum.au3 - auto-import of COM constants (enums)[*]
AU3Automation - export AU3 scripts via COM interfaces
TypeLibInspector

- OleView was yesterday

Coder's last words before final release: WE APOLOGIZE FOR INCONVENIENCE 

Share this post


Link to post
Share on other sites

or see this

There are many ways to do that, it's true. You should turn yours into a function so it can be called with just the PID/name/etc. and return the path. The function I did was meant to be kind of a Swiss Army Knife-syle tool that got lots of things done with just the one function. Efficiency wasn't the primary goal, and any one of the stats returned could probably be done more efficiently with a dedicated function, like maybe yours for the path (when you write it).

<_<


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Thanks Everyone!

This works very efficiently...

$list = ProcessList("SvcHost.exe")
for $i = 1 to $list[0][0]
    $pid = $list[$i][1]
    Local $hProc = DllCall("kernel32.dll", "int", "OpenProcess", "int", 0x0410, "int", False, "int", $pid)
    If $hProc[0] Then
        Local $stHMod = DllStructCreate("int hMod")
        Local $stCB = DllStructCreate("dword cbNeeded")
        Local $resEnum = DllCall("psapi.dll", "int", "EnumProcessModules", "int", $hProc[0], "ptr", DllStructGetPtr($stHMod), "dword", DllStructGetSize($stHMod), "ptr", DllStructGetPtr($stCB, 1))
        If $resEnum[0] Then
            Local $resPath = DllCall("psapi.dll", "int", "GetModuleFileNameEx", "int", $hProc[0], "int", DllStructGetData($stHMod, 1), "str", "", "dword", 32768)
            MsgBox(0, "PID 2 Path", "" & $Pid & " = " & $resPath[3])
            EndIf
        $stHMod = 0
        $stCB = 0
        DllCall("kernel32.dll", 'int', 'CloseHandle', 'int', $hProc[0])
    EndIf
Next

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0