从一个x86应用程序获取x64的过程mainmodule位置? [英] Get x64 process mainmodule location from an x86 application?
问题描述
我试图让所有的文件路径为OS上运行的进程,我从 Process.GetProcesses得到()的方法,它在基于x64运行完美。 NET应用程序,但事情的变化,如果我尝试从一个x86 .NET应用程序遍历进程列表,因为 Process.MainModule.FileName 属性将引发一个Win32异常(在我的本地语言)说是这样的: 32位进程无法访问到64位进程模块 ,行,我明白了这个问题,但我怎么能解决这个问题?
I'm trying to get all the filepaths for the running processes on the OS which I get from Process.GetProcesses() method, it works perfect under an x64 .NET application but the thing changes If I try to iterate the processes list from an x86 .NET application because the Process.MainModule.FileName property throws a Win32 exception (in my local language) saying something like: A 32 bit process can't access to 64 bit process modules, ok, I understand the problem, but how I can fix it?.
这将引发此异常一个code为例(下 86 .NET解决方案,而不是值为anycpu ):
A code example that throws this exception (under an x86 .NET solution, not AnyCPU):
Dim path As String =
Process.GetProcessesByName("Myx64Process").First.MainModule.FileName
我看到了另一种方式来获得使用WMI查询64位进程的文件路径,但这种方式似乎没有更有效的方式呢,我在寻找更好的东西,也许通过.NET Framework类库,而不使用WMI接口搞乱,如果可能的。
I saw an alternative way to get a 64 bit process filepath using WMI queries, but this way does not seem the more efficient way, I'm looking for something better maybe through .NET framework class library without messing with WMI interface, if possibly.
推荐答案
查询WMI为每个进程的是的将是痛苦的慢的。你应该做的是返回的所有的类,然后做一个有管理的比较按进程ID。在下面的例子中,我读的所有的每一个类的属性,每个类映射到其对应的进程。执行时间: 165.53毫秒。请注意,这包括 Process.GetProcesses()。不,我没有一台超级计算机。
Querying WMI for each process is going to be painfully slow. What you should do is to return all classes and then do a "managed comparison" by process id. In the following example I read all properties of each class and map each class to its corresponding Process. Execution time: 165.53 ms. Note, this includes Process.GetProcesses(). And no, I don't have a supercomputer.
(注意:您需要添加一个引用的 System.Management.dll )
(Note: You need to add a reference to System.Management.dll)
Imports System.Management
Public Class Win32Process
Public Property Caption() As String
Public Property CommandLine() As String
Public Property CreationClassName() As String
Public Property CreationDate() As DateTime?
Public Property CSCreationClassName() As String
Public Property CSName() As String
Public Property Description() As String
Public Property ExecutablePath() As String
Public Property ExecutionState() As UInt16?
Public Property Handle() As String
Public Property HandleCount() As UInt32?
Public Property InstallDate() As DateTime?
Public Property KernelModeTime() As UInt64?
Public Property MaximumWorkingSetSize() As UInt32?
Public Property MinimumWorkingSetSize() As UInt32?
Public Property Name() As String
Public Property OSCreationClassName() As String
Public Property OSName() As String
Public Property OtherOperationCount() As UInt64?
Public Property OtherTransferCount() As UInt64?
Public Property PageFaults() As UInt32?
Public Property PageFileUsage() As UInt32?
Public Property ParentProcessId() As UInt32?
Public Property PeakPageFileUsage() As UInt32?
Public Property PeakVirtualSize() As UInt64?
Public Property PeakWorkingSetSize() As UInt32?
Public Property Priority() As UInt32?
Public Property PrivatePageCount() As UInt64?
Public Property ProcessId() As UInt32?
Public Property QuotaNonPagedPoolUsage() As UInt32?
Public Property QuotaPagedPoolUsage() As UInt32?
Public Property QuotaPeakNonPagedPoolUsage() As UInt32?
Public Property QuotaPeakPagedPoolUsage() As UInt32?
Public Property ReadOperationCount() As UInt64?
Public Property ReadTransferCount() As UInt64?
Public Property SessionId() As UInt32?
Public Property Status() As String
Public Property TerminationDate() As DateTime?
Public Property ThreadCount() As UInt32?
Public Property UserModeTime() As UInt64?
Public Property VirtualSize() As UInt64?
Public Property WindowsVersion() As String
Public Property WorkingSetSize() As UInt64?
Public Property WriteOperationCount() As UInt64?
Public Property WriteTransferCount() As UInt64?
Public Shared Function GetProcesses() As Win32Process()
Using searcher As New ManagementObjectSearcher("select * from Win32_Process")
Return (
From
item As ManagementObject
In
searcher.[Get]().Cast(Of ManagementObject)()
Select New Win32Process() With {
.Caption = CType(item.Properties("Caption").Value, String),
.CommandLine = CType(item.Properties("CommandLine").Value, String),
.CreationClassName = CType(item.Properties("CreationClassName").Value, String),
.CreationDate = ManagementUtils.ToDateTime(item.Properties("CreationDate").Value),
.CSCreationClassName = CType(item.Properties("CSCreationClassName").Value, String),
.CSName = CType(item.Properties("CSName").Value, String),
.Description = CType(item.Properties("Description").Value, String),
.ExecutablePath = CType(item.Properties("ExecutablePath").Value, String),
.ExecutionState = CType(item.Properties("ExecutionState").Value, UInt16?),
.Handle = CType(item.Properties("Handle").Value, String),
.HandleCount = CType(item.Properties("HandleCount").Value, UInt32?),
.InstallDate = ManagementUtils.ToDateTime(item.Properties("InstallDate").Value),
.KernelModeTime = CType(item.Properties("KernelModeTime").Value, UInt64?),
.MaximumWorkingSetSize = CType(item.Properties("MaximumWorkingSetSize").Value, UInt32?),
.MinimumWorkingSetSize = CType(item.Properties("MinimumWorkingSetSize").Value, UInt32?),
.Name = CType(item.Properties("Name").Value, String),
.OSCreationClassName = CType(item.Properties("OSCreationClassName").Value, String),
.OSName = CType(item.Properties("OSName").Value, String),
.OtherOperationCount = CType(item.Properties("OtherOperationCount").Value, UInt64?),
.OtherTransferCount = CType(item.Properties("OtherTransferCount").Value, UInt64?),
.PageFaults = CType(item.Properties("PageFaults").Value, UInt32?),
.PageFileUsage = CType(item.Properties("PageFileUsage").Value, UInt32?),
.ParentProcessId = CType(item.Properties("ParentProcessId").Value, UInt32?),
.PeakPageFileUsage = CType(item.Properties("PeakPageFileUsage").Value, UInt32?),
.PeakVirtualSize = CType(item.Properties("PeakVirtualSize").Value, UInt64?),
.PeakWorkingSetSize = CType(item.Properties("PeakWorkingSetSize").Value, UInt32?),
.Priority = CType(item.Properties("Priority").Value, UInt32?),
.PrivatePageCount = CType(item.Properties("PrivatePageCount").Value, UInt64?),
.ProcessId = CType(item.Properties("ProcessId").Value, UInt32?),
.QuotaNonPagedPoolUsage = CType(item.Properties("QuotaNonPagedPoolUsage").Value, UInt32?),
.QuotaPagedPoolUsage = CType(item.Properties("QuotaPagedPoolUsage").Value, UInt32?),
.QuotaPeakNonPagedPoolUsage = CType(item.Properties("QuotaPeakNonPagedPoolUsage").Value, UInt32?),
.QuotaPeakPagedPoolUsage = CType(item.Properties("QuotaPeakPagedPoolUsage").Value, UInt32?),
.ReadOperationCount = CType(item.Properties("ReadOperationCount").Value, UInt64?),
.ReadTransferCount = CType(item.Properties("ReadTransferCount").Value, UInt64?),
.SessionId = CType(item.Properties("SessionId").Value, UInt32?),
.Status = CType(item.Properties("Status").Value, String),
.TerminationDate = ManagementUtils.ToDateTime(item.Properties("TerminationDate").Value),
.ThreadCount = CType(item.Properties("ThreadCount").Value, UInt32?),
.UserModeTime = CType(item.Properties("UserModeTime").Value, UInt64?),
.VirtualSize = CType(item.Properties("VirtualSize").Value, UInt64?),
.WindowsVersion = CType(item.Properties("WindowsVersion").Value, String),
.WorkingSetSize = CType(item.Properties("WorkingSetSize").Value, UInt64?),
.WriteOperationCount = CType(item.Properties("WriteOperationCount").Value, UInt64?),
.WriteTransferCount = CType(item.Properties("WriteTransferCount").Value, UInt64?)
}
).ToArray()
End Using
End Function
End Class
Friend Class ManagementUtils
Friend Shared Function ToDateTime(value As Object) As DateTime?
If (value Is Nothing) Then
Return CType(Nothing, DateTime?)
End If
Return ManagementDateTimeConverter.ToDateTime(CType(value, String))
End Function
End Class
测试
Dim watch As New Stopwatch()
watch.[Start]()
Dim result As New Dictionary(Of Process, Win32Process)
Dim processes As Win32Process() = Win32Process.GetProcesses()
Process.GetProcesses().AsParallel().ForAll(
Sub(p As Process)
SyncLock result
result.Add(p, (From item In processes.AsEnumerable() Where (item.ProcessId.HasValue AndAlso (CUInt(p.Id) = item.ProcessId.Value)) Select item).FirstOrDefault())
End SyncLock
End Sub)
watch.[Stop]()
Debug.WriteLine("Time: {0} ms, Win32ProcessCount={1}, ProcessCount={1}", watch.Elapsed.TotalMilliseconds, processes.Length, result.Count)
Debug.WriteLine("**************")
Debug.WriteLine(String.Join(Environment.NewLine, (From pair As KeyValuePair(Of Process, Win32Process) In result Select String.Format("Id={0}, Matched={1}", pair.Key.Id.ToString("X8"), (Not pair.Value Is Nothing)))))
结果
时间:165.53毫秒,Win32ProcessCount = 96,ProcessCount = 96
n = 00001B1C,匹配=真
n = 000019FC,匹配=真
n = 000006EC,匹配=真
n = 000007B0,匹配=真
n = 00001CC0,匹配=真
n = 00001024,匹配=真
n = 00000AC0,匹配=真
n = 0000078C,匹配=真
n = 00001BA8,匹配=真
n = 00000B7C,匹配=真
n = 00000304 ,匹配=真
n = 0000079C,匹配=真
n = 00000238,匹配=真
n = 00000F80,匹配=真
n = 000003C0,匹配=真
n = 00000170,匹配=真
n = 00000234,匹配=真
n = 00001634,匹配=真
n = 00000230,匹配=真
n = 00001B94,匹配=真
n = 00000540,匹配=真
n = 00001254,匹配=真
n = 00001A04,匹配=真
n = 000002EC,匹配=真
n = 00000474,匹配=真
n = 00000910,匹配=真
n = 000005B8,匹配=真
n = 000004F0,匹配=真
n = 00000114,匹配= TRUE
n = 000015D8,匹配=真
n = 00000738,匹配=真
n = 0000144C,匹配=真
n = 0000133C,匹配=真
ID = 00001384,匹配=真
n = 000007F8,匹配=真
n = 00000294,匹配=真
n = 000012BC,匹配=真
n = 00000D58,匹配=真
n = 00000B08,匹配=真
n = 00001F08,匹配=真
n = 00000AFC,匹配=真
n = 00000B04,匹配=真
标识= 00001750,匹配=真
n = 000008B0,匹配=真
n = 0000199C,匹配=真
n = 000001C0,匹配=真
n = 00000970,匹配=真
n = 00000720,匹配=真
n = 0000136C,匹配=真
n = 000001B8,匹配=真
n = 000001B4,匹配=真
n = 000012A0,匹配=真
n = 00000D3C,匹配=真
n = 0000093C,匹配=真
n = 00001890,匹配=真
n = 000012D0,匹配=真
n = 000003F8,匹配=真
n = 00000330,匹配=真
n = 00000AE0,匹配=真
n = 00000954,匹配=真
n = 000002B4 ,匹配=真
n = 00000C64,匹配=真
n = 00000574,匹配=真
n = 00001FD4,匹配=真
n = 000018BC,匹配=真
n = 00001A44,匹配=真
n = 00000B94,匹配=真
n = 00000630,匹配=真
n = 000003E0,匹配=真
n = 00000004,匹配=真
n = 0000102C,匹配=真
n = 000005C0,匹配=真
n = 00000000,匹配=真
n = 000009D0,匹配=真
n = 00000C1C,匹配=真
n = 00000218,匹配=真
n = 00000A88,匹配=真
n = 00000B70,匹配=真
n = 000002D4,匹配= TRUE
n = 00000398,匹配=真
n = 0000020C,匹配=真
n = 000009B8,匹配=真
n = 0000082C,匹配=真
ID = 00001298,匹配=真
n = 000009B0,匹配=真
n = 00000760,匹配=真
n = 00000F40,匹配=真
n = 00000758,匹配=真
n = 00001128,匹配=真
n = 000005C8,匹配=真
n = 00000C24,匹配=真
n = 00001900,匹配=真
标识= 0000124C,匹配=真
n = 00001148,匹配=真
n = 0000120C,匹配=真
n = 00000CA8,匹配=真
Time: 165.53 ms, Win32ProcessCount=96, ProcessCount=96
**************
Id=00001B1C, Matched=True
Id=000019FC, Matched=True
Id=000006EC, Matched=True
Id=000007B0, Matched=True
Id=00001CC0, Matched=True
Id=00001024, Matched=True
Id=00000AC0, Matched=True
Id=0000078C, Matched=True
Id=00001BA8, Matched=True
Id=00000B7C, Matched=True
Id=00000304, Matched=True
Id=0000079C, Matched=True
Id=00000238, Matched=True
Id=00000F80, Matched=True
Id=000003C0, Matched=True
Id=00000170, Matched=True
Id=00000234, Matched=True
Id=00001634, Matched=True
Id=00000230, Matched=True
Id=00001B94, Matched=True
Id=00000540, Matched=True
Id=00001254, Matched=True
Id=00001A04, Matched=True
Id=000002EC, Matched=True
Id=00000474, Matched=True
Id=00000910, Matched=True
Id=000005B8, Matched=True
Id=000004F0, Matched=True
Id=00000114, Matched=True
Id=000015D8, Matched=True
Id=00000738, Matched=True
Id=0000144C, Matched=True
Id=0000133C, Matched=True
Id=00001384, Matched=True
Id=000007F8, Matched=True
Id=00000294, Matched=True
Id=000012BC, Matched=True
Id=00000D58, Matched=True
Id=00000B08, Matched=True
Id=00001F08, Matched=True
Id=00000AFC, Matched=True
Id=00000B04, Matched=True
Id=00001750, Matched=True
Id=000008B0, Matched=True
Id=0000199C, Matched=True
Id=000001C0, Matched=True
Id=00000970, Matched=True
Id=00000720, Matched=True
Id=0000136C, Matched=True
Id=000001B8, Matched=True
Id=000001B4, Matched=True
Id=000012A0, Matched=True
Id=00000D3C, Matched=True
Id=0000093C, Matched=True
Id=00001890, Matched=True
Id=000012D0, Matched=True
Id=000003F8, Matched=True
Id=00000330, Matched=True
Id=00000AE0, Matched=True
Id=00000954, Matched=True
Id=000002B4, Matched=True
Id=00000C64, Matched=True
Id=00000574, Matched=True
Id=00001FD4, Matched=True
Id=000018BC, Matched=True
Id=00001A44, Matched=True
Id=00000B94, Matched=True
Id=00000630, Matched=True
Id=000003E0, Matched=True
Id=00000004, Matched=True
Id=0000102C, Matched=True
Id=000005C0, Matched=True
Id=00000000, Matched=True
Id=000009D0, Matched=True
Id=00000C1C, Matched=True
Id=00000218, Matched=True
Id=00000A88, Matched=True
Id=00000B70, Matched=True
Id=000002D4, Matched=True
Id=00000398, Matched=True
Id=0000020C, Matched=True
Id=000009B8, Matched=True
Id=0000082C, Matched=True
Id=00001298, Matched=True
Id=000009B0, Matched=True
Id=00000760, Matched=True
Id=00000F40, Matched=True
Id=00000758, Matched=True
Id=00001128, Matched=True
Id=000005C8, Matched=True
Id=00000C24, Matched=True
Id=00001900, Matched=True
Id=0000124C, Matched=True
Id=00001148, Matched=True
Id=0000120C, Matched=True
Id=00000CA8, Matched=True
这篇关于从一个x86应用程序获取x64的过程mainmodule位置?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
