Image Path

Get Process Name Method 4 GetProcessImageFileName

April 13, 2020
Delphi, Full Path, GetProcessImageFileName, Image Path, Process Name, Windows API

This time we will use a quite well known API to get the full process image path GetProcessImageFileName documented here. Nothing very complex and this technique works from 32bit to 64bit / 64bit to 32bit processes. // Jean-Pierre LESUEUR (@DarkCoderSc) function PhysicalToVirtualPath(APath : String) : String; var i : integer; ADrive : String; ABuffer : array[0..MAX_PATH-1] of Char; ACandidate : String; begin {$I-} for I := 0 to 25 do begin ADrive := Format('%s:', [Chr(Ord('A') + i)]); /// if (QueryDosDevice(PWideChar(ADrive), ABuffer, MAX_PATH) = 0) then continue; ACandidate := String(ABuffer). ...

Get Process Name Method 3 NtQueryInformationProcess

April 13, 2020
Delphi, Full Path, Image Path, Process Name, Windows API, NtQueryInformationProcess

Yet another technique to get the full image path of a target process using the NtQueryInformationProcess API documented Here This technique from 32bit to 64bit / 64bit to 32bit. // Jean-Pierre LESUEUR (@DarkCoderSc) function PhysicalToVirtualPath(APath : String) : String; var i : integer; ADrive : String; ABuffer : array[0..MAX_PATH-1] of Char; ACandidate : String; begin {$I-} for I := 0 to 25 do begin ADrive := Format('%s:', [Chr(Ord('A') + i)]); /// if (QueryDosDevice(PWideChar(ADrive), ABuffer, MAX_PATH) = 0) then continue; ACandidate := String(ABuffer). ...

Get Process Name Method 2 GetMappedFilename

April 13, 2020
Full Path, Image Path, Process Name, API, GetMappedFileName

Bellow code demonstrate our to retrieve both current and target process full image path. This technique is very uncommon but works perfectly. Notice for both techniques you muse translate its physical path to virtual path using this tiny function // Jean-Pierre LESUEUR (@DarkCoderSc) function PhysicalToVirtualPath(APath : String) : String; var i : integer; ADrive : String; ABuffer : array[0..MAX_PATH-1] of Char; ACandidate : String; begin {$I-} for I := 0 to 25 do begin ADrive := Format('%s:', [Chr(Ord('A') + i)]); /// if (QueryDosDevice(PWideChar(ADrive), ABuffer, MAX_PATH) = 0) then continue; ACandidate := String(ABuffer). ...

Get Process Name Method 1

March 12, 2020
Delphi, Full Path, Image Path, Process Name, Process Id

This one possible technique (through QueryFullProcessImageNameW) to get process image path from it id. This example support Windows Vista to latest Windows version (Actually Windows 10) I will cover other example progressively and compatible with Windows XP and below. // Jean-Pierre LESUEUR (@DarkCoderSc) //... uses Windows, SysUtils; //... function GetProcessName(AProcessID : Cardinal) : String; var hProc : THandle; ALength : DWORD; hDLL : THandle; QueryFullProcessImageNameW : function( AProcess: THANDLE; AFlags: DWORD; AFileName: PWideChar; var ASize: DWORD): BOOL; stdcall; const PROCESS_QUERY_LIMITED_INFORMATION = $00001000; begin result := ''; /// if (TOSVersion. ...