Trapping folder location from where an app was launched by association

Posted on 2004-11-18
Last Modified: 2010-04-05
Suppose someone launches winzip from Explorer by clicking on a zip file.

I would like to know the name of that folder, so I can pass it to an app that is monitoring running processes.

Is there some way of hooking this "launch by association" event so I can find the folder (or even the file) name?

Question by:Mutley2003
    LVL 6

    Expert Comment

    Check out the documentation for the windows API call, SetWindowsHookEx, what you will discover is that what you are allowed to hook are lots of different kinds of events -- message queue, keystrokes, mouse moves, system messages, etc.

    If you run a message monitor (such as winsight32 that comes with delphi), you might be able to find a message that you can use, but it will be a diffiicult task, windows messages do not include think like strings (representing the filename you might want) in them.

    This is what most people think of as hooking and you are unlikely to be happy with this approach.

    I would recommend you take a look at and look at the MadCodeHook package. With this, you can hook the CreateProcessEX call globally, and this is probably the way you want to go. I'm not sure Windows Explorer uses CreateProcessEx() or CreateProcess, but if this is how it launches documents, this would be the easiest way to trap them. Of course, you would see all such WinAPI calls, but this is likely to be the easiest method.

    Madshi is historically a frequent poster on Experts Exchange. (No. 2 on the Delphi list), but he has slacked off this year. His stuff is very good when you need it.

    LVL 5

    Expert Comment

    Enumerate the processes, the last in the list will be the most current. Using the PID gained through enumeration you can extract the filepath. Have a look here:


    LVL 20

    Accepted Solution

    Thanks gwalkeriq!

    Mutley, what folder are you talking about exactly? The one in which WinZip.exe is stored? Or the one in which the zip file is stored (which was double clicked)?

    In the first case Hypoviax has the right link. In the latter case you could hook the process creation call (as gwalkeriq suggested). But there's an easier solution: Ask the command line of the running processes. See here:
    LVL 6

    Assisted Solution

    I was suggested using Madshi hooking over enumerating processes mainly to avoid the overhead of a polling loop. Using MadCodeHook, you only respond to process launch events. When polling, you have to decide how often to poll, go through the  overhead of the polling loop, as well as only respond to the process creation a single time.

    Obviously, I should have pointed out RemoteCmdLine too, but since Madshi himself did so, the reference is quite credible.

    Madshi, you're welcome.


    Author Comment

    Hypoviax, thanks for that excellent link but it is, as Madshi says, the folder for the exe.
     I want the folder which was clicked in explorer ie where the .zip file is.

    I gotta say that RemoteCmdLine stuff is brilliant.  I think it will do what I need, but the idea of hooking the process creation call is intriguing.

    As usual, I wish I had more points to distribute. Points to gwalkeriq, points to madshi for RemoteCmdLine

    thanks everyone

    LVL 20

    Expert Comment

    Hook process creation is much more complex. If you can get along with RemoteCmdLine that would be by far the better solution, because it has much less impact on the OS.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    Title # Comments Views Activity
    Create a Restore Point In Windows 10 3 86
    Delphi XE10, MySQL Query 4 86
    Delphi cmd execution 6 34
    Reconfigure Delphi Install? 2 18
    Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
    Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now