确定路径或WOW64上的进程/使用GetProcessImageFileName [英] Determine the path or a process on WOW64 / use of GetProcessImageFileName

问题描述

大家好，
我目前在确定WOW64上进程的路径时遇到一个有趣的问题.

通过快照上的GetModuleFileName或Module32First/Module32Next的常用方法
出现错误ERROR_PARTIAL_COPY.互联网上有几页建议
使用Get GetProcessImageFileName.该命令有效，但结果相当
设备名称作为文件系统上的路径(例如\ Device \ Harddisk1 \ DP(1)0-0 + 4 \ myprocess.exe
用于在已安装的USB记忆棒上启动的过程).

这使我完成了如何将设备信息转换为文件上的路径的任务
系统.通常建议的方法是通过
确定所有映射的驱动器号 GetLogicalDriveStrings并通过QueryDosDevice确定其路径.当然是
故事的一半，因为您还必须了解已安装的设备(例如my
上面的USB记忆棒)，UNC网络路径(例如\\ mycomputer \ myshare \ ...)，也许还有更多
在文件系统上挂载设备的其他方法.

这把我带到了我的终极:)问题:
-除了文件
以外，是否有任何通用的方法来查询文件系统中的设备映射 测试所有不同的方式(驱动器号，安装的设备，
网络映射等)?

-在用户模式下，GetProcessImageFileName的更深层含义是什么?
万一GetModuleFileName可以工作，我目前看不到此命令
如果您不是在内核模式下编码.

Hi all,
I''m currently facing an interesting problem to determine the path of a process on WOW64.

The usual approaches via GetModuleFileName or Module32First / Module32Next on a snapshot
are failing with the error ERROR_PARTIAL_COPY. Several pages on the internet advises
to use Get GetProcessImageFileName. This command works, but the result is rather
the device name as the path on the file system (e.g. \Device\Harddisk1\DP(1)0-0+4\myprocess.exe
for a process launched on a mounted USB stick).

This brings me to the task how to convert the device information to a path on the file
system. The usual adviced approach is to determine all mapped drive letters by
GetLogicalDriveStrings and determine their path by QueryDosDevice. Of course this is
only half of the story since you also have to be aware for mounted devices (like my
USB stick above), UNC network paths (e.g \\mycomputer\myshare\... ) and maybe more
other ways to mount devices on a file system.

This brings me to my ultimate :) questions:
- Is there any general way to query for a device mapping in the file system except
from testing for all the different ways (drive letters, mounted devices,
network mapping etc)?

- What is the deeper meaning of the GetProcessImageFileName in the user mode?
in case the GetModuleFileName would work, I currently see no sense of this command
if you are not coding in the kernel mode. Maybe somebody as a clue on this.

推荐答案

对于您的第一个问题，我可以给您一个建议.
您使用Winodws Platform SDK并使用SetUpDiXXXX API
用于文件系统中的设备映射.

For your first question I can give you one suggestion.
You use the Winodws Platform SDK and use the SetUpDiXXXX APIs
for device mapping in the file system.

非常感谢此提示，但看来我无法设法获取所需的信息.我能够遍历所有设备并访问它们的属性，并由此访问物理设备对象名称.这可以帮助我找到正确设备的手柄，但仍然无法确定安装点(例如上面USB示例中的c:\ mount.

我通过简单设备管理器 [如何准备用于安全移除的USB驱动器 [

Thanks a lot for this hint, but it looks like I don''t manage to retreive the required information. I am able to iterator over all devices and access their properties and by this the physical device object name. This helps me to find the handle to the correct device, but I still fail to determine the mount point (e.g. c:\mount for my USB example above.

I worked through the example of the Simple Device Manager[]and How to Prepare a USB Drive for Safe Removal[^] but I was not able to find the missing link for my application.

I you have any further hints how to do this via the Device Installation Functions I would be glad to hear more about that.

这篇关于确定路径或WOW64上的进程/使用GetProcessImageFileName的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！