|
阅读:1227回复:1
请问如何取当前进程的的全路径?
我试了PEB的方法,不太好使,而且每个不同操作系统都不一样的。
有没有好使一点的办法? 我在论坛里找了一遍,又GOOGLE半天还是没找到啊 目前找的这种方法,取出来的全是 C #define BASE_PROCESS_PEB_OFFSET 0x01B0 #define BASE_PEB_PROCESS_PARAMETER_OFFSET 0x0010 #define BASE_PROCESS_PARAMETER_FULL_IMAGE_NAME 0x003C #define W2003_BASE_PROCESS_PEB_OFFSET 0x0190 #define W2003_BASE_PROCESS_PEB_OFFSET_SP1 0x01A0 #define VISTA_BASE_PROCESS_PEB_OFFSET 0x0188 PCWSTR GetProcessFullName() { DWORD dwAddress; PCWSTR Temp=NULL; if(KeGetCurrentIrql() != PASSIVE_LEVEL) { return NULL; } __try { dwAddress = (DWORD)PsGetCurrentProcess(); if(dwAddress == 0 || dwAddress == 0xFFFFFFFF) { return NULL; } //Ä¿Ç°Ö»Ö§³ÖWin 2000/xp/2003/VISTA if( gGetDriverStruct()->MajorVersion < 5 || gGetDriverStruct()->MinorVersion > 2 ) { return NULL; } //È¡µÃPEB£¬²»Í¬Æ½Ì¨µÄλÖÃÊDz»Í¬µÄ¡£ // //2000 0X0500 XP 0X0501 // if( gGetDriverStruct()->MajorVersion == 5 && gGetDriverStruct()->MinorVersion < 2) { dwAddress += BASE_PROCESS_PEB_OFFSET; } // //2003 0X0502 // if(gGetDriverStruct()->MajorVersion == 5 && gGetDriverStruct()->MinorVersion ==2) { dwAddress += W2003_BASE_PROCESS_PEB_OFFSET; } // //VISTA 0X0600 // if(gGetDriverStruct()->MajorVersion == 6 && gGetDriverStruct()->MinorVersion ==0) { dwAddress += VISTA_BASE_PROCESS_PEB_OFFSET; } if((dwAddress = *(DWORD*)dwAddress) == 0) { return NULL; } // // ͨ¹ýpebÈ¡µÃRTL_USER_PROCESS_PARAMETERS // dwAddress += BASE_PEB_PROCESS_PARAMETER_OFFSET; if((dwAddress = *(DWORD*)dwAddress) == 0) { return NULL; } // // ÔÚRTL_USER_PROCESS_PARAMETERS->ImagePathName±£´æÁË·¾¶£¬Æ«ÒÆΪ38, // dwAddress += BASE_PROCESS_PARAMETER_FULL_IMAGE_NAME; if((dwAddress = *(DWORD*)dwAddress) == 0) { return NULL; } // [10/14/2006] Temp=(PCWSTR)dwAddress; if (wcslen(Temp)>4) { if (Temp[0]==L'\\'&& Temp[1]==L'?'&& Temp[2]==L'?'&& Temp[3]==L'\\') { dwAddress+=8; } if (Temp[0]==L'\\'&& Temp[1]==L'\\'&& Temp[2]==L'?'&& Temp[3]==L'\\') { dwAddress+=8; } } } __except (EXCEPTION_EXECUTE_HANDLER) { __try { if(gGetDriverStruct()->MajorVersion == 5 && gGetDriverStruct()->MinorVersion ==2) {dwAddress = (DWORD)PsGetCurrentProcess(); dwAddress += W2003_BASE_PROCESS_PEB_OFFSET_SP1; if((dwAddress = *(DWORD*)dwAddress) == 0) { return NULL; } // // ͨ¹ýpebÈ¡µÃRTL_USER_PROCESS_PARAMETERS // dwAddress += BASE_PEB_PROCESS_PARAMETER_OFFSET; if((dwAddress = *(DWORD*)dwAddress) == 0) { return NULL; } // // ÔÚRTL_USER_PROCESS_PARAMETERS->ImagePathName±£´æÁË·¾¶£¬Æ«ÒÆΪ38, // dwAddress += BASE_PROCESS_PARAMETER_FULL_IMAGE_NAME; if((dwAddress = *(DWORD*)dwAddress) == 0) { return NULL; } // [10/14/2006] Temp=(PCWSTR)dwAddress; if (wcslen(Temp)>4) { if (Temp[0]==L'\\'&& Temp[1]==L'?'&& Temp[2]==L'?'&& Temp[3]==L'\\') { dwAddress+=8; } if (Temp[0]==L'\\'&& Temp[1]==L'\\'&& Temp[2]==L'?'&& Temp[3]==L'\\') { dwAddress+=8; } } return (PCWSTR)dwAddress; } } __except (EXCEPTION_EXECUTE_HANDLER) { } return 0; } return (PCWSTR)dwAddress; } |
|
|
沙发#
发布于:2008-04-22 12:51
好冷清啊
|
|