查找文件已重命名的进程的程序集名称 [英] Find the assembly name of a process who's file has been renamed

问题描述

我有一个文件，MyProcess.exe.我运行它，然后在它仍在运行时将其重命名为 old_MyProcess.exe.

I have a file, MyProcess.exe. I run it, and then while it is still running, rename it to old_MyProcess.exe.

我将使用 MyProcess.exe 名称查看所有进程，找到它但 process.Modules[0].FileName 返回 MyProcess.exe 而不是 old_MyProcess.

I'm going over all of the process with the MyProcess.exe name, find it but process.Modules[0].FileName returns MyProcess.exe and not old_MyProcess.

我注意到在任务管理器中，如果您添加图像路径名称"列，您可以看到 old_MyProcess.exe，但是 win32 都调用了 GetModuleFileNameEx 和 GetImagePathName 返回 MyProcess.exe.

I noticed that in Task Manager, if you add the 'Image path name' column you can see the old_MyProcess.exe, but both the win32 calls GetModuleFileNameEx and GetImagePathName returned MyProcess.exe.

推荐答案

使用 Dumpbin.exe/imports 浏览 Taskmgr.exe 以查看它使用的 winapi 函数，我在 QueryFullProcessImageName().需要 Windows v6.0 及更高版本(Vista 或更高版本).

Poking around Taskmgr.exe with Dumpbin.exe /imports to see what winapi functions it uses, I see a good match in QueryFullProcessImageName(). Windows v6.0 and up required (Vista or later).

事实证明猜测是正确的:)

Turns out that guess was correct :)

这篇关于查找文件已重命名的进程的程序集名称的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！