0

Does anybody know how Process Explorer determines these flags shown here?

enter image description here

Is there a .NET Api for this?

I am especially interested in the Native flag. I tried determine this on the CodeBase or Location property. But these seem to return always only path of the DLL and not the path of the native image.

Any ideas? I'm stuck.

mklein
  • 1,787
  • 1
  • 15
  • 18
  • Nothing complicated, it simply looks at the PE32 header of the file. It's Native when the COR header is missing, like in ngen-ed images. It's Executable when IMAGE_FILE_HEADER.Characteristics has the IMAGE_FILE_EXECUTABLE_IMAGE flag set. – Hans Passant Sep 28 '12 at 14:28
  • Hi Hans, thanks for your reply. But I'm still missing one thing. When I look at an assemlies properties from within an .net-Process I get only the path to the real dll (the Non-NGEN-Version). Although Process-Explorer somehow manages to determine the path where the native image has been loaded from. So the question is, how does Process Explorer know (from outside the process) what dlls and from where they are loaded. – mklein Sep 28 '12 at 17:01
  • CreateToolHelp32Snapshot() or Process.Modules – Hans Passant Sep 28 '12 at 17:12
  • Thanks Hans, Process.Modules was the missing link. I'd link to accept this as the correct answer. – mklein Sep 28 '12 at 20:19

0 Answers0