XP,win7下拿到完整路径名

记录一下:

NTSTATUS GetProcessImageName(PUNICODE_STRING ProcessImageName)
{
  NTSTATUS status;
  ULONG returnedLength;
  ULONG bufferLength;
  PVOID buffer;
  PUNICODE_STRING imageName;

  PAGED_CODE(); // this eliminates the possibility of the IDLE Thread/Process
  if (NULL == ZwQueryInformationProcess) {
    UNICODE_STRING routineName;
    RtlInitUnicodeString(&routineName, L"ZwQueryInformationProcess");
    ZwQueryInformationProcess = 
      (QUERY_INFO_PROCESS) MmGetSystemRoutineAddress(&routineName);
    if (NULL == ZwQueryInformationProcess) {
      KdPrint(("Cannot resolve ZwQueryInformationProcess\r\n"));
    }
  }
  //
  // Step one - get the size we need
  //
  status = ZwQueryInformationProcess( NtCurrentProcess(), 
    ProcessImageFileName,
    NULL, // buffer
    0, // buffer size
    &returnedLength);
  if (STATUS_INFO_LENGTH_MISMATCH != status) {
    return status;
  }
  //
  // Is the passed-in buffer going to be big enough for us?  
  // This function returns a single contguous buffer model...
  //
  bufferLength = returnedLength - sizeof(UNICODE_STRING);

  if (ProcessImageName->MaximumLength < bufferLength) {
    ProcessImageName->Length = (USHORT) bufferLength;
    KdPrint(("ProcessImageName's Buffer Is Toooo small\r\n"));
    return STATUS_BUFFER_OVERFLOW;

  }
  //
  // If we get here, the buffer IS going to be big enough for us, so 
  // let's allocate some storage.
  //
  buffer = ExAllocatePoolWithTag(NonPagedPool, returnedLength, 'ipgD');
  if (NULL == buffer) {
    return STATUS_INSUFFICIENT_RESOURCES;

  }
  //
  // Now lets go get the data
  //
  status = ZwQueryInformationProcess( NtCurrentProcess(), 
    ProcessImageFileName,
    buffer,
    returnedLength,
    &returnedLength);
  if (NT_SUCCESS(status)) {
    //
    // Ah, we got what we needed
    //
    imageName = (PUNICODE_STRING) buffer;
    
    RtlCopyUnicodeString(ProcessImageName, imageName);

  }
  //
  // free our buffer
  //
  ExFreePool(buffer);
  //
  // And tell the caller what happened.
  //    
  return status;

}





  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值