我正在为Windows图片查看器编写一个“附加组件”,需要向其发送命令(如“显示下一个/上一个图像”)并获取当前所选图像的文件路径。我设法通过SendMessage实现发送命令,但我不知道如何从进程请求信息。这可能吗? 到目前为止,我只能从窗口标题中提取文件名,但是这只限制了一个文件夹,我需要完整的路径。
[编辑]我做了一些搜索并发现,有(未记录?)可能找到进程使用的所有句柄的列表,使用函数 NTQuerySystemInformation (如此处Delphi - get what files are opened by an application所示) 。 但问题是,那里提供的示例根本没有显示文件句柄(只有非硬盘设备句柄),而我在http://www.codeguru.com/Cpp/W-P/system/processesmodules/article.php/c2827/找到了工作示例,看起来像图片查看器不从资源管理器启动时保留预览文件的任何句柄。
答案 0 :(得分:4)
您可以获取流程“当前目录”(如Process Explorer所示)
按Two ways to get the command line of another process using Delphi查看RRUZ
根据该文章,我们可以在CurrentDirectory
(偏移量36 )结构中找到RTL_USER_PROCESS_PARAMETERS
:
type
Uint4B = Cardinal;
Uint2B = Word;
UChar = Byte;
Ptr32 = Pointer;
TUNICODE_STRING = UNICODE_STRING;
TCURDIR = packed record
DosPath : TUNICODE_STRING;
Handle : Ptr32;
end;
TRTL_USER_PROCESS_PARAMETERS = packed record
MaximumLength : Uint4B;
Length : Uint4B;
Flags : Uint4B;
DebugFlags : Uint4B;
ConsoleHandle : Ptr32;
ConsoleFlags : Uint4B;
StandardInput : Ptr32;
StandardOutput : Ptr32;
StandardError : Ptr32;
CurrentDirectory : TCURDIR;
DllPath : TUNICODE_STRING;
ImagePathName : TUNICODE_STRING;
CommandLine : TUNICODE_STRING;
Environment : Ptr32;
StartingX : Uint4B;
StartingY : Uint4B;
CountX : Uint4B;
CountY : Uint4B;
CountCharsX : Uint4B;
CountCharsY : Uint4B;
FillAttribute : Uint4B;
WindowFlags : Uint4B;
ShowWindowFlags : Uint4B;
WindowTitle : TUNICODE_STRING;
DesktopInfo : TUNICODE_STRING;
ShellInfo : TUNICODE_STRING;
RuntimeData : TUNICODE_STRING;
// +0x090 CurrentDirectores : [32] _RTL_DRIVE_LETTER_CURDIR
end;
以下是获取CurrentDirectory
:
function GetCurrentDirectoryFromPid(PID: THandle): string;
const
STATUS_SUCCESS = $00000000;
SE_DEBUG_NAME = 'SeDebugPrivilege';
OffsetProcessParametersx32 = $10; //16
OffsetCurrentDirectoryx32 = $24; //36
var
ProcessHandle : THandle;
rtlUserProcAddress : Pointer;
CurrentDirectory : TCURDIR;
CurrentDirectoryContents : WideString;
ProcessBasicInfo : PROCESS_BASIC_INFORMATION;
ReturnLength : Cardinal;
TokenHandle : THandle;
lpLuid : TOKEN_PRIVILEGES;
OldlpLuid : TOKEN_PRIVILEGES;
begin
Result:='';
if OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, TokenHandle) then
begin
try
if not LookupPrivilegeValue(nil, SE_DEBUG_NAME, lpLuid.Privileges[0].Luid) then
RaiseLastOSError
else
begin
lpLuid.PrivilegeCount := 1;
lpLuid.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
ReturnLength := 0;
OldlpLuid := lpLuid;
//Set the SeDebugPrivilege privilege
if not AdjustTokenPrivileges(TokenHandle, False, lpLuid, SizeOf(OldlpLuid), OldlpLuid, ReturnLength) then RaiseLastOSError;
end;
ProcessHandle := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, false, PID);
if ProcessHandle=0 then RaiseLastOSError
else
try
// get the PROCESS_BASIC_INFORMATION to access to the PEB Address
if (NtQueryInformationProcess(ProcessHandle,0{=>ProcessBasicInformation},@ProcessBasicInfo, sizeof(ProcessBasicInfo), @ReturnLength)=STATUS_SUCCESS) and (ReturnLength=SizeOf(ProcessBasicInfo)) then
begin
//get the address of the RTL_USER_PROCESS_PARAMETERS struture
if not ReadProcessMemory(ProcessHandle, Pointer(Longint(ProcessBasicInfo.PEBBaseAddress) + OffsetProcessParametersx32), @rtlUserProcAddress, sizeof(Pointer), ReturnLength) then
RaiseLastOSError
else
if ReadProcessMemory(ProcessHandle, Pointer(Longint(rtlUserProcAddress) + OffsetCurrentDirectoryx32), @CurrentDirectory, sizeof(CurrentDirectory), ReturnLength) then
begin
SetLength(CurrentDirectoryContents, CurrentDirectory.DosPath.length);
//get the CurrentDirectory field
if ReadProcessMemory(ProcessHandle, CurrentDirectory.DosPath.Buffer, @CurrentDirectoryContents[1], CurrentDirectory.DosPath.Length, ReturnLength) then
Result := WideCharLenToString(PWideChar(CurrentDirectoryContents), CurrentDirectory.DosPath.length div 2)
else
RaiseLastOSError;
end;
end
else
RaiseLastOSError;
finally
CloseHandle(ProcessHandle);
end;
finally
CloseHandle(TokenHandle);
end;
end
else
RaiseLastOSError;
end;
答案 1 :(得分:1)
您无法执行此操作,因为应用程序没有定义可根据请求提供该信息的COM接口。如果您已经指出,它可以在窗口标题中显示路径和文件名,但是因为它没有信息不可用,所以你可以得到它。