我在谷歌的几个地方找到了以下代码,所以我已经开始测试了。它工作正常(ish)但问题是“ QueryFullProcessImageNameA ”,因为根据Microsoft:https://msdn.microsoft.com/en-us/library/windows/desktop/ms684919(v=vs.85).aspx,此功能适用于最低Windows Vista。
代码:
int Is64(HANDLE ProcessHandle, PBOOL Is64)
{
int Status = 1;
HANDLE hFile = INVALID_HANDLE_VALUE;
LPVOID lpFile = 0;
DWORD dwFileSize = 0, dwReaded = 0, dwSize = MAX_PATH;
PIMAGE_NT_HEADERS NtHeaders = 0;
char Path[MAX_PATH];
//Minimum supported client Windows Vista[desktop apps only]
//TODO
if (!QueryFullProcessImageNameA(ProcessHandle, 0, Path, &dwSize) || !Is64)
{
Status = 2;
goto EXIT;
}
hFile = CreateFileA(Path, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0);
if (!hFile || hFile == INVALID_HANDLE_VALUE)
{
Status = 3;
goto EXIT;
}
dwFileSize = GetFileSize(hFile, 0);
lpFile = VirtualAlloc(0, dwFileSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!lpFile)
{
Status = 4;
goto EXIT;
};
if (!ReadFile(hFile, lpFile, dwFileSize, &dwReaded, 0))
{
Status = 5;
goto EXIT;
}
NtHeaders = reinterpret_cast<PIMAGE_NT_HEADERS>((reinterpret_cast<DWORD_PTR>(lpFile) + PIMAGE_DOS_HEADER(lpFile)->e_lfanew));
if (!NtHeaders ||
NtHeaders->Signature != IMAGE_NT_SIGNATURE)
{
Status = 6;
goto EXIT;
}
if (NtHeaders->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64 || NtHeaders->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64)
{
*Is64 = true;
Status = 7;
goto EXIT;
}
if (NtHeaders->FileHeader.Machine == IMAGE_FILE_MACHINE_I386)
{
*Is64 = false;
Status = 7;
goto EXIT;
}
EXIT:
if (hFile)
CloseHandle(hFile);
if (lpFile)
VirtualFree(lpFile, dwFileSize, MEM_DECOMMIT);
return true;
}
所以我的问题是,“QueryFullProcessImageNameA”的“替代”是否也可以在Windows XP上运行,而不会更改此功能?
谢谢