1

I know that using Windows API one can get a short file name of the module that corresponds to that process ID: Example below. Error handling omitted. Question: is there a Windows API just like GetModuleBaseName that returns full path to the module?

// open process 
hProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwPid);

// get the module handle
EnumProcessModules(hProc, &hMod, sizeof(hMod), &dwSize2))

// get the module name
DWORD rez =::GetModuleBaseName(hProc, hMod, szFileName, sizeof(szFileName));
Andy
  • 12,859
  • 5
  • 41
  • 56
dgrandm
  • 375
  • 3
  • 12
  • 2
    Have you tried `GetModuleFileName()` or `GetModuleFileNameEx()`? More information here: https://learn.microsoft.com/en-us/windows/win32/psapi/module-information – Andy Aug 17 '20 at 23:15
  • 4
    open process with `PROCESS_QUERY_LIMITED_INFORMATION` and call `QueryFullProcessImageName` – RbMm Aug 17 '20 at 23:19
  • 1
    or can use `NtQuerySystemInformation` with `SystemProcessIdInformation` https://stackoverflow.com/a/40920774/6401656 – RbMm Aug 17 '20 at 23:22
  • ```GetModuleFileNameEx``` was enough for my task. RbMm, thank you for listing alternative options – dgrandm Aug 17 '20 at 23:46
  • 2
    @dgrandm just note that the documentation for `GetModuleFileNameEx()` says: "*To retrieve the name of the main executable module for a remote process, use the GetProcessImageFileName or QueryFullProcessImageName function. This is more efficient and more reliable than calling the GetModuleFileNameEx function with a NULL module handle.*" – Remy Lebeau Aug 17 '20 at 23:47
  • I only needed this for local processes. BTW ```GetProcessImageFileName``` gave me something like ```\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe``` which isn't exactly what was needed – dgrandm Aug 18 '20 at 00:03
  • 1
    `GetProcessImageFileName` give you nt-path. if want win32 path use `QueryFullProcessImageName`. also `SystemProcessIdInformation` very good option. – RbMm Aug 18 '20 at 01:12

0 Answers0