|
阅读:1864回复:5
新手问题: 怎样从processid 获得全路径?
filemon中有段代码,不过好象是获得进程名,长度只有16字节。
if( ProcessNameOffset ) { curproc = PsGetCurrentProcess(); nameptr = (PCHAR) curproc + ProcessNameOffset; strncpy( ProcessName, nameptr, NT_PROCNAMELEN-1 ); ProcessName[NT_PROCNAMELEN-1] = 0; #if defined(_IA64_) sprintf( ProcessName + strlen(ProcessName), ":%I64d", PsGetCurrentProcessId()); #else sprintf( ProcessName + strlen(ProcessName), ":%d", PsGetCurrentProcessId()); #endif } else { strcpy( ProcessName, "???" ); } |
|
|
沙发#
发布于:2007-07-19 17:58
弄了这段代码:
///////////////////////////// #define BASE_PROCESS_PEB_OFFSET 0x01B0 #define BASE_PEB_PROCESS_PARAMETER_OFFSET 0x0010 #define BASE_PROCESS_PARAMETER_FULL_IMAGE_NAME 0x003C #define W2003_BASE_PROCESS_PEB_OFFSET 0x0190 PCWSTR FsdGetProcessFullName() { ULONG dwAddress,uMajorVersion, uMinorVersion, uBuildNumber; if(KeGetCurrentIrql() != PASSIVE_LEVEL) return NULL; PsGetVersion(&uMajorVersion, &uMinorVersion, &uBuildNumber, NULL); dwAddress = (ULONG)PsGetCurrentProcess(); if (dwAddress<10) return NULL; if(dwAddress == 0 || dwAddress == 0xFFFFFFFF) return NULL; //目前只支持Win 2000/xp/2003 if( (uMajorVersion < 5) || (uMinorVersion > 2 ) ) return NULL; //取得PEB,不同平台的位置是不同的。 if( (uMajorVersion == 5) && (uMinorVersion < 2) ) dwAddress += BASE_PROCESS_PEB_OFFSET; else dwAddress += W2003_BASE_PROCESS_PEB_OFFSET; if((dwAddress = *(ULONG*)dwAddress) == 0) return NULL; // 通过peb取得RTL_USER_PROCESS_PARAMETERS dwAddress += BASE_PEB_PROCESS_PARAMETER_OFFSET; if((dwAddress = *(ULONG*)dwAddress) == 0) return NULL; //在RTL_USER_PROCESS_PARAMETERS->ImagePathName保存了路径,偏移为38, dwAddress += BASE_PROCESS_PARAMETER_FULL_IMAGE_NAME; if((dwAddress = *(ULONG*)dwAddress) == 0) return NULL; return (PCWSTR)dwAddress; } 可以正常工作一会,可是为什么有的时候会蓝屏呢? 另外上面的是硬编码,兼容性差,有没有更好的方法? |
|
|
板凳#
发布于:2007-07-19 18:01
可以给我一份IFS DDK吗?
现在很着急要 |
|
|
地板#
发布于:2007-07-19 18:40
 |
|
|
|
地下室#
发布于:2007-07-20 09:22
这么大怎么给你啊,电驴有down的
|
|
|
5楼#
发布于:2007-09-21 14:28
上面的是硬编码的,不同的系统是不同的
|
|
