如何在64位系统中从PID获取系统的进程路径?
正如标题所说,我想从PID中找到系统的过程路径。 我见过几个这样的帖子:get the full path from a PID using delphi 并且搜索了很多。
我尝试了很多功能,但所有功能都只适用于32位进程。
有没有办法使用PID ??
找到64位进程的路径3 个答案:
答案 0 :(得分:8)
type
TQueryFullProcessImageNameW = function(AProcess: THANDLE; AFlags: DWORD;
AFileName: PWideChar; var ASize: DWORD): BOOL; stdcall;
TGetModuleFileNameExW = function(AProcess: THANDLE; AModule: HMODULE;
AFilename: PWideChar; ASize: DWORD): DWORD; stdcall;
function IsWindows200OrLater: Boolean;
begin
Result := Win32MajorVersion >= 5;
end;
function IsWindowsVistaOrLater: Boolean;
begin
Result := Win32MajorVersion >= 6;
end;
var
PsapiLib: HMODULE;
GetModuleFileNameExW: TGetModuleFileNameExW;
procedure DonePsapiLib;
begin
if PsapiLib = 0 then Exit;
FreeLibrary(PsapiLib);
PsapiLib := 0;
@GetModuleFileNameExW := nil;
end;
procedure InitPsapiLib;
begin
if PsapiLib <> 0 then Exit;
PsapiLib := LoadLibrary('psapi.dll');
if PsapiLib = 0 then RaiseLastOSError;
@GetModuleFileNameExW := GetProcAddress(PsapiLib, 'GetModuleFileNameExW');
if not Assigned(GetModuleFileNameExW) then
try
RaiseLastOSError;
except
DonePsapiLib;
raise;
end;
end;
function GetFileNameByProcessID(AProcessID: DWORD): UnicodeString;
const
PROCESS_QUERY_LIMITED_INFORMATION = $00001000; //Vista and above
var
HProcess: THandle;
Lib: HMODULE;
QueryFullProcessImageNameW: TQueryFullProcessImageNameW;
S: DWORD;
begin
if IsWindowsVistaOrLater then
begin
Lib := GetModuleHandle('kernel32.dll');
if Lib = 0 then RaiseLastOSError;
@QueryFullProcessImageNameW := GetProcAddress(Lib, 'QueryFullProcessImageNameW');
if not Assigned(QueryFullProcessImageNameW) then RaiseLastOSError;
HProcess := OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, False, AProcessID);
if HProcess = 0 then RaiseLastOSError;
try
S := MAX_PATH;
SetLength(Result, S + 1);
while not QueryFullProcessImageNameW(HProcess, 0, PWideChar(Result), S) and (GetLastError = ERROR_INSUFFICIENT_BUFFER) do
begin
S := S * 2;
SetLength(Result, S + 1);
end;
SetLength(Result, S);
Inc(S);
if not QueryFullProcessImageNameW(HProcess, 0, PWideChar(Result), S) then
RaiseLastOSError;
finally
CloseHandle(HProcess);
end;
end
else
if IsWindows200OrLater then
begin
InitPsapiLib;
HProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, AProcessID);
if HProcess = 0 then RaiseLastOSError;
try
S := MAX_PATH;
SetLength(Result, S + 1);
if GetModuleFileNameExW(HProcess, 0, PWideChar(Result), S) = 0 then
RaiseLastOSError;
Result := PWideChar(Result);
finally
CloseHandle(HProcess);
end;
end;
end;
initialization
PsapiLib := 0;
finalization
DonePsapiLib;
使用示例:
procedure EnumProcesses(AStrings: TStrings);
var Snapshot: THandle;
Entry: TProcessEntry32;
Found: Boolean;
Count: Integer;
begin
Snapshot := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (Snapshot = INVALID_HANDLE_VALUE) or (Snapshot = 0) then Exit;
try
ZeroMemory(@Entry, SizeOf(Entry));
Entry.dwSize := SizeOf(Entry);
if Process32First(Snapshot, Entry) then
repeat
try
AStrings.Add(GetFileNameByProcessID(Entry.th32ProcessID));
except
AStrings.Add('System process #' + IntToStr(Entry.th32ProcessID));
end;
ZeroMemory(@Entry, SizeOf(Entry));
Entry.dwSize := SizeOf(Entry);
until not Process32Next(Snapshot, Entry);
finally
CloseHandle(Snapshot)
end;
end;
procedure TForm11.FormCreate(Sender: TObject);
begin
EnumProcesses(ListBox1.Items);
end;
结果(Win64上的32位示例应用程序,其中Explorer是64位应用程序):
答案 1 :(得分:1)
没有Win32函数允许您从32位仿真器(WOW64)内部执行此操作。您应该以64位进程执行代码。不,这不是真的。丹尼斯证明我错了。您需要的功能是QueryFullProcessImageName。
或者您可以使用WMI。具体来说是Win32_Process。这里有一些示例代码:http://theroadtodelphi.wordpress.com/2011/11/06
借用@ RRUZ的示例代码,这是一个简短的程序,它打印可以使用WMI枚举的正在运行的进程的PID和可执行文件名。
{$APPTYPE CONSOLE}
uses
Variants, ComObj, ActiveX;
const
wbemFlagForwardOnly = $00000020;
var
FSWbemLocator : OLEVariant;
FWMIService : OLEVariant;
FWbemObjectSet: OLEVariant;
FWbemObject : OLEVariant;
oEnum : IEnumVariant;
iValue : LongWord;
begin
CoInitialize(nil);
FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
FWMIService := FSWbemLocator.ConnectServer('localhost', 'root\CIMV2', '', '');
FWbemObjectSet:= FWMIService.ExecQuery('SELECT ExecutablePath, ProcessId FROM Win32_Process','WQL',wbemFlagForwardOnly);
oEnum := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
while oEnum.Next(1, FWbemObject, iValue) = 0 do
begin
if not VarIsNull(FWbemObject.ExecutablePath) then
Writeln(string(FWbemObject.ProcessId) + ': ' + string(FWbemObject.ExecutablePath));
FWbemObject:=Unassigned; //avoid memory leak in oEnum.Next
end;
end.
答案 2 :(得分:0)
似乎语言并不重要,所以在C#中你可以使用WMI来获取进程(包括64位)。
using System.Management;
var wmiQueryString = "SELECT ProcessId, ExecutablePath, CommandLine FROM Win32_Process";
using (var searcher = new ManagementObjectSearcher(wmiQueryString))
using (var results = searcher.Get())
{
var query = results.Cast<ManagementObject>();
foreach (var obj in query)
{
var filePath = obj.GetPropertyValue("ExecutablePath").Dump();
}
}
您必须引用System.Management.dll
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?