Jump to content
Sign in to follow this  
WeMartiansAreFriendly

_ProcessGetPath

Recommended Posts

WeMartiansAreFriendly

Retrieve a file path from a process (using nothing but DLLCall, WMI stinks :( ).

Originally by JScript, (I think, I recall Larry writing something similar, not to sure who authored it actually). I just reformatted and added some error checking --pardon the code size, I'm still learning proper error checking :mellow: )

I haven't seen very many others that don't rely on WMI.. maybe except these.

Get all modules loaded in a process.

Get CMDLine of a process

Only tested on Windows XP.

Here is the function and example.

#include <Process.au3>

;========================================================
;-------------------------------
; Example get path of all running processes
;-------------------------------
$a = ProcessList()

For $i = 1 To UBound($a)-1
    ConsoleWrite($a[$i][0] &" = "& _ProcessGetPath($a[$i][1]) &@lf)
Next

;-------------------------------
; Example get explorers file path
;-------------------------------
ConsoleWrite( _ProcessGetPath("explorer.exe") &@lf)
;========================================================


; #FUNCTION# ===============================================================================
; Name...........: _ProcessGetPath(
; Description ...: Retrieves a process file path
; Syntax.........: _ProcessGetPath($vProcess)
; Parameters ....: $vProcess - PID or name of a process
; Requirements...: kernel32.dll, psapi.dll
; Return values .: Success - A full process path
;                    @error = 0
;                   Failure - Empty string
;                    @error = 1 - Invalid process name/PID
;                    @error = 2 - kernel32.dll failed to open (wrong version?)
;                    @error = 3 - Could not OpenProcess
;                     @error = 4 - psapi.dll failed to open (doesn't exist?)
;                    @error = 5 - returned path is empty or invalid
; Author ........: JScript, Larry, SmOke_N
; Modified.......: mrRevoked - reformated, error checking
; Remarks .......:
; Related .......:
; Link ..........;
; Example .......;
; ============================================================================================
Func _ProcessGetPath($vProcess)
    Local $i_PID, $hKernel32, $hPsapi, $aProcessHandle, $tDLLStruct, $iError, $sProcessPath
    
    $i_PID = ProcessExists($vProcess)
    
    If Not $i_PID Then Return SetError(1, 0, "");process doesn't exist?
    
    $hKernel32 = DllOpen("Kernel32.dll")
    $iError = @error
    If $iError Then
        DllClose($hKernel32)
        Return SetError(2, $iError, ""); dllopen kernell32.dll failed
    EndIf
    
    $aProcessHandle = DllCall($hKernel32, "int", "OpenProcess", "int", 0x0400 + 0x0010, "int", 0, "int", $i_PID)
    $iError = @error
    If $iError Or $aProcessHandle[0] = 0 Then
        DllClose($hKernel32)
        Return SetError(2, $iError, "");openprocess failed
    EndIf
    
    $hPsapi = DllOpen("Psapi.dll")
    $iError = @error
    If $iError Then
        DllClose($hKernel32)
        DllClose($hPsapi)
        Return SetError(3, $iError, ""); dllopen psapi.dll failed
    EndIf
    
    $tDLLStruct = DllStructCreate("char[1000]")
    
    DllCall($hPsapi, "long", "GetModuleFileNameEx", "int", $aProcessHandle[0], "int", 0, "ptr", DllStructGetPtr($tDLLStruct), "long", DllStructGetSize($tDLLStruct))
    $iError = @error

    DllCall($hKernel32, "int", "CloseHandle", "int", $aProcessHandle[0])
    DllClose($hKernel32)
    DllClose($hPsapi)
    
    If $iError Then 
        $tDLLStruct = 0
        Return SetError(4, $iError, "");getmodulefilenamex failed
    EndIf
    
    $sProcessPath = DllStructGetData($tDLLStruct, 1)
    $tDLLStruct = 0
    
;format the output
    If StringLen($sProcessPath) < 2 Then Return SetError(5, 0, "");is empty or non readable
    If StringLeft($sProcessPath, 4) = "\??\" Then $sProcessPath = StringReplace($sProcessPath, "\??\", "")
    If StringLeft($sProcessPath, 20) = "\SystemRoot\System32" Then $sProcessPath = StringReplace($sProcessPath, "\SystemRoot\System32", @SystemDir)
    
    Return SetError(0, 0, $sProcessPath)
EndFunc;==>_ProcessGetPath
Edited by mrRevoked

Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()

Share this post


Link to post
Share on other sites
WeMartiansAreFriendly

When I search for functions, I normally don't search "General Help and Support" part of the forum :(

[Edit]

http://www.autoitscript.com/forum/index.ph...st&p=514338

http://www.autoitscript.com/forum/index.ph...st&p=532206

:mellow:

Edited by mrRevoked

Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()

Share this post


Link to post
Share on other sites
TheSaint

@mrRevoked - Good work!

You seem up with it all, so you might like to have a go at this!

:mellow:


AutoIt.4.Life Clubrooms - Life is like a Donut (secret key)

Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×