Solved

HWND of window => process file name (.exe) of  that window

Posted on 2007-03-25
6
549 Views
Last Modified: 2008-01-09
Hello,

I have HWND of the window, and I need the process file name (.exe) of
that window.
I know how to get PID from the HWND (GetWindowThreadProcessId), but
what to do next?

There are some limitations:
1) The solution should not use Psapi.dll
2) The solution should not use Process32First and Process32Next
(simply because this solution is already known).

Thanks.
0
Comment
Question by:JiriNovotny
6 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 18789521
With all that restrictions imposed, there are only dirty tricks left: Calling the native API 'NtQueryInformationProcess()' (which I will leave out simply because that requires DDK headers) or reading the command line information directly from the running process:

////////////////////////////////////////////////////////////////////
//
// File:             cmdline.c
// Project:       cmdline
//
// Desc:            this is a sample program that shows how to
//                        get the command line for almost any process
//                        on the system for WinNT 4 and up.
//
// Revisions:       Created 12/02/99
//
// Copyright(C) 1999, Tomas Restrepo. All rights reserved
//
///////////////////////////////////////////////////////////////////
#define UNICODE
#define _UNICODE

#include <windows.h>
#include <stdio.h>
#include <tchar.h>


#pragma comment(lib, "advapi32.lib")

// found by experimentation this is where the some
// process data block is found in an NT machine.
// On an Intel system, 0x00020000 is the 32
// memory page. At offset 0x0498 is the process
// current directory (or startup directory, not sure yet)
// followed by the system's PATH. After that is the  
// process full command command line, followed by
// the exe name and the window
// station it's running on
#define BLOCK_ADDRESS      (LPVOID)0x00020498
// Additional comments:
// From experimentation I've found
// two notable exceptions where this doesn't seem to apply:
// smss.exe : the page is reserved, but not commited
//                  which will get as an invalid memory address
//                  error
// crss.exe : although we can read the memory, it's filled
//                    with 00 comepletely. No trace of command line
//                    information


// simple macro to handle errors
#define SIGNAL_ERROR() { bError = TRUE; __leave; }
// align pointer
#define ALIGN_DWORD(x) ( (x & 0xFFFFFFFC) ? (x & 0xFFFFFFFC) + sizeof(DWORD) : x )

////////////////////////////////////////////////////////////////////
//
// Function: GetProcessCmdLine()
//
// Added: 19/02/99
//
// Description: Gets the command line for the given process
//                        NOTE: hProcess should be opened with
//                        PROCESS_VM_READ , PROCESS_VM_OPERATION
//                        and PROCESS_QUERY_INFORMATION rights
//
///////////////////////////////////////////////////////////////////
BOOL GetProcessCmdLine ( HANDLE hProcess, LPWSTR lpszCmdLine )
{
      LPBYTE                                    lpBuffer = NULL;
      LPBYTE                                    lpPos = NULL; // offset from the start of the buffer
      DWORD                                    dwBytesRead;
      MEMORY_BASIC_INFORMATION      mbi;
      SYSTEM_INFO                              sysinfo;
      BOOL                                    bError = FALSE;

      __try {
            // Get the system page size by using GetSystemInfo()
            GetSystemInfo ( &sysinfo );
            // allocate one on the heap to retrieve a full page
            // of memory
            lpBuffer = (LPBYTE)malloc ( sysinfo.dwPageSize );
            if ( lpBuffer == NULL )
                  SIGNAL_ERROR ();

            // first of all, use VirtualQuery to get the start of the memory
            // block
            if ( VirtualQueryEx ( hProcess, BLOCK_ADDRESS, &mbi, sizeof(mbi) ) == 0 )
                  SIGNAL_ERROR ();
            
            // read memory begining at the start of the page
            // after that, we know that the env strings block
            // will be 0x498 bytes after the start of the page
            if ( !ReadProcessMemory ( hProcess, mbi.BaseAddress, (LPVOID)lpBuffer,
                                                  sysinfo.dwPageSize, &dwBytesRead ) )
                   SIGNAL_ERROR ();

            // now we've got the buffer on our side of the fence.
            // first, lpPos points to a string containing the current directory
            /// plus the path.
            lpPos = lpBuffer + ((DWORD)BLOCK_ADDRESS - (DWORD)mbi.BaseAddress);
            lpPos = lpPos + (wcslen ( (LPWSTR)lpPos ) + 1) * sizeof(WCHAR);
            // now goes full path an filename, aligned on a DWORD boundary
            // skip it
            lpPos = (LPBYTE)ALIGN_DWORD((DWORD)lpPos);
            lpPos = lpPos + (wcslen ( (LPWSTR)lpPos ) + 1) * sizeof(WCHAR);
            // hack: Sometimes, there will be another '\0' at this position
            // if that's so, skip it
            if ( *lpPos == '\0' ) lpPos += sizeof(WCHAR);
            // now we have the actual command line
            // copy it to the buffer
            wcsncpy  ( lpszCmdLine, (LPWSTR)lpPos, MAX_PATH );
            // make sure the path is null-terminted
            lpszCmdLine[MAX_PATH-1] = L'\0';

      }
      __finally  {
            // clean up
            if ( lpBuffer != NULL ) free ( lpBuffer );
            return bError ? FALSE : TRUE;
      }
      
}


////////////////////////////////////////////////////////////////////
//
// Function: EnableTokenPrivilege()
//
// Added: 20/02/99
//
// Description: Enables a specific token privilege
//
///////////////////////////////////////////////////////////////////
BOOL EnableTokenPrivilege ( LPTSTR privilege )
{
      HANDLE            hToken;                        // process token
      TOKEN_PRIVILEGES tp;                  // token provileges
      DWORD            dwSize;                        

      // initialize privilege structure
      ZeroMemory (&tp, sizeof (tp));
      tp.PrivilegeCount = 1;

      // open the process token
      if ( !OpenProcessToken ( GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken ) )
            return FALSE;
      
      // look up the privilege LUID and enable it
      if ( !LookupPrivilegeValue ( NULL, privilege, &tp.Privileges[0].Luid ) )
      {
            CloseHandle ( hToken);
            return FALSE;
      }
      
      tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

      // adjust token privileges
      if ( !AdjustTokenPrivileges ( hToken, FALSE, &tp, 0, NULL, &dwSize ) )
      {
            CloseHandle ( hToken);
            return FALSE;
      }

      // clean up
      CloseHandle ( hToken );
      return TRUE;
}

////////////////////////////////////////////////////////////////////
//
// Function: main()
//
// Added: 19/02/99
//
// Description: entry point
//
///////////////////////////////////////////////////////////////////
int wmain ( int argc, wchar_t *argv[] )
{
      WCHAR      cmdline[MAX_PATH];
      WCHAR      *stop;
      DWORD      pid; // pid to get command line for
      HANDLE      hProcess = NULL;


      if ( argc != 2 )
      {
            puts ( "Usage: cmdline pid" );
            return 0;
      }

      pid = wcstoul ( argv[1], &stop, 10 );

      // before attemting to open the process,
      // enable the SE_DEBUG_NAME privilege
      // in our own token, so we can open any
      // process in the system.
      if ( !EnableTokenPrivilege ( SE_DEBUG_NAME ) )
      {
            printf ( "Failed o get required privileges, error %lu\n", GetLastError () );
            return 0;
      }

      // open process
      hProcess = OpenProcess ( PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_QUERY_INFORMATION,
                                          FALSE, pid );

      if ( hProcess == NULL )
      {
            printf ( "Failed to open process. pid: %lu, error %lu\n", pid, GetLastError () );
            return 0;
      }
      if ( !GetProcessCmdLine ( hProcess, cmdline ) )
      {
            printf ( "Failed to get process command line, error: %lu\n", GetLastError () );
            return 0;
      }
      else
            printf ( "Command line: %S\n", cmdline );

      // close process
      CloseHandle ( hProcess );
      
      return 0;
}
0
 
LVL 86

Expert Comment

by:jkr
ID: 18789531
Oh, just in case that was not clear - you need to pass the PID, and the 1st parameter of the command line will be the executable image.
0
 
LVL 11

Expert Comment

by:DeepuAbrahamK
ID: 18790785
But using psapi is much easier: May I know why not psapi?
http://www.codeproject.com/cpp/ModuleNameFromWindwHandle.asp
Best Regards,
DeepuAbrahamK
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 39

Expert Comment

by:itsmeandnobodyelse
ID: 18792811
What about:

  HINSTANCE hAppInstance = GetWindowWord(hWnd, GWW_HINSTANCE);

   nPathLength = GetModuleFileName(hAppInstance,
                    (LPSTR)szPath, PATH_LENGTH);

Regards, Alex
0
 

Author Comment

by:JiriNovotny
ID: 18988293
jkr: heh, really doen't exists simplier solution?

DeepuAbrahamK: because psapi functions are not supported on windows 9x

itsmeandnobodyelse: Unfortunatelly, doesn't work.
0
 
LVL 86

Expert Comment

by:jkr
ID: 18989605
Nope, not that I would know. That is, except PSAPI. If you need a solution that works on Win9x also, use the Toolhelp APIs - see e.g. http://msdn2.microsoft.com/en-us/library/ms686701.aspx ("Taking a Snapshot and Viewing Processes"). Ref.: http://msdn2.microsoft.com/en-us/library/ms682489.aspx ("CreateToolhelp32Snapshot"):

Requirements

Client Requires Windows Vista, Windows XP, Windows 2000 Professional, Windows Me, Windows 98, or Windows 95.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Unlike C#, C++ doesn't have native support for sealing classes (so they cannot be sub-classed). At the cost of a virtual base class pointer it is possible to implement a pseudo sealing mechanism The trick is to virtually inherit from a base class…
Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now