Trapping folder location from where an app was launched by association

Suppose someone launches winzip from Explorer by clicking on a zip file.

I would like to know the name of that folder, so I can pass it to an app that is monitoring running processes.

Is there some way of hooking this "launch by association" event so I can find the folder (or even the file) name?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Check out the documentation for the windows API call, SetWindowsHookEx, what you will discover is that what you are allowed to hook are lots of different kinds of events -- message queue, keystrokes, mouse moves, system messages, etc.

If you run a message monitor (such as winsight32 that comes with delphi), you might be able to find a message that you can use, but it will be a diffiicult task, windows messages do not include think like strings (representing the filename you might want) in them.

This is what most people think of as hooking and you are unlikely to be happy with this approach.

I would recommend you take a look at and look at the MadCodeHook package. With this, you can hook the CreateProcessEX call globally, and this is probably the way you want to go. I'm not sure Windows Explorer uses CreateProcessEx() or CreateProcess, but if this is how it launches documents, this would be the easiest way to trap them. Of course, you would see all such WinAPI calls, but this is likely to be the easiest method.

Madshi is historically a frequent poster on Experts Exchange. (No. 2 on the Delphi list), but he has slacked off this year. His stuff is very good when you need it.

Enumerate the processes, the last in the list will be the most current. Using the PID gained through enumeration you can extract the filepath. Have a look here:


Thanks gwalkeriq!

Mutley, what folder are you talking about exactly? The one in which WinZip.exe is stored? Or the one in which the zip file is stored (which was double clicked)?

In the first case Hypoviax has the right link. In the latter case you could hook the process creation call (as gwalkeriq suggested). But there's an easier solution: Ask the command line of the running processes. See here:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

I was suggested using Madshi hooking over enumerating processes mainly to avoid the overhead of a polling loop. Using MadCodeHook, you only respond to process launch events. When polling, you have to decide how often to poll, go through the  overhead of the polling loop, as well as only respond to the process creation a single time.

Obviously, I should have pointed out RemoteCmdLine too, but since Madshi himself did so, the reference is quite credible.

Madshi, you're welcome.

Mutley2003Author Commented:
Hypoviax, thanks for that excellent link but it is, as Madshi says, the folder for the exe.
 I want the folder which was clicked in explorer ie where the .zip file is.

I gotta say that RemoteCmdLine stuff is brilliant.  I think it will do what I need, but the idea of hooking the process creation call is intriguing.

As usual, I wish I had more points to distribute. Points to gwalkeriq, points to madshi for RemoteCmdLine

thanks everyone

Hook process creation is much more complex. If you can get along with RemoteCmdLine that would be by far the better solution, because it has much less impact on the OS.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.