功能描述:在已知目标进程PID的情况下,通过该进程PID获取其PE文件所在的绝对路径。
bool GetProcessPathByPId(const DWORD dwPID, char *pszPath)
{
BOOL bSuccess = FALSE;
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwPID);
if (NULL != hProcess)
{
char szPath[MAX_PATH + 1] = { 0 };
HMODULE hMod = NULL;
DWORD cbNeeded = 0;
if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded))
{
if (GetModuleFileNameExA(hProcess, hMod, szPath, MAX_PATH))
{
memcpy(pszPath,szPath,strlen(szPath));
bSuccess = TRUE;
}
}
CloseHandle(hProcess);
}
return bSuccess;
}
