/// <summary>
/// Method to get the process path
/// </summary>
/// <param name="processid"></param>
/// <returns>string</returns>
public static string GetProcessPath(int processid)
{
var pathBuffer = new StringBuilder(512);
// Try the GetModuleFileName method first since it's the fastest.
// May return ACCESS_DENIED (due to VM_READ flag) if the process is not owned by the current user.
// Will fail if we are compiled as x86 and we're trying to open a 64 bit process...not allowed.
var hprocess = OpenProcess(ProcessAccessRights.QueryInformation | ProcessAccessRights.VirtualMemoryRead, false, processid);
if (hprocess != IntPtr.Zero)
{
try
{
if (PsApi.GetModuleFileNameEx(hprocess, IntPtr.Zero, pathBuffer, (uint)pathBuffer.Capacity) > 0)
{
return(pathBuffer.ToString());
}
}
finally
{
CloseHandle(hprocess);
}
}
hprocess = OpenProcess(ProcessAccessRights.QueryInformation, false, processid);
if (hprocess != IntPtr.Zero)
{
try
{
// Try this method for Vista or higher operating systems
var size = (uint)pathBuffer.Capacity;
if (Environment.OSVersion.Version.Major >= 6 && QueryFullProcessImageName(hprocess, 0, pathBuffer, ref size) && size > 0)
{
return(pathBuffer.ToString());
}
// Try the GetProcessImageFileName method
if (PsApi.GetProcessImageFileName(hprocess, pathBuffer, (uint)pathBuffer.Capacity) > 0)
{
var dospath = pathBuffer.ToString();
foreach (var drive in Environment.GetLogicalDrives())
{
if (QueryDosDevice(drive.TrimEnd('\\'), pathBuffer, (uint)pathBuffer.Capacity) > 0 && dospath.StartsWith(pathBuffer.ToString()))
{
return(drive + dospath.Remove(0, pathBuffer.Length));
}
}
}
}
finally
{
CloseHandle(hprocess);
}
}
return(null);
}
/// <summary>
/// Method to get the process path
/// </summary>
/// <param name="processId">int with the process ID</param>
/// <returns>string</returns>
public static string GetProcessPath(int processId)
{
// Try the GetModuleFileName method first since it's the fastest.
// May return ACCESS_DENIED (due to VM_READ flag) if the process is not owned by the current user.
// Will fail if we are compiled as x86 and we're trying to open a 64 bit process...not allowed.
var hProcess = OpenProcess(ProcessAccessRights.QueryInformation | ProcessAccessRights.VirtualMemoryRead, false, processId);
if (hProcess != IntPtr.Zero)
{
try
{
var path = PsApi.GetModuleFilename(hProcess, IntPtr.Zero);
if (path != null)
{
return(path);
}
}
finally
{
CloseHandle(hProcess);
}
}
hProcess = OpenProcess(ProcessAccessRights.QueryInformation, false, processId);
if (hProcess == IntPtr.Zero)
{
return(null);
}
unsafe
{
const int capacity = 512;
var pathBuffer = stackalloc char[capacity];
try
{
// Try this method for Vista or higher operating systems
int bufferSize = capacity;
if (Environment.OSVersion.Version.Major >= 6 && QueryFullProcessImageName(hProcess, 0, pathBuffer, ref bufferSize) && bufferSize > 0)
{
return(new string(pathBuffer, 0, bufferSize));
}
// Try the GetProcessImageFileName method
var dosPath = PsApi.GetProcessImageFileName(hProcess);
if (dosPath != null)
{
foreach (var drive in Environment.GetLogicalDrives())
{
var nrChars = QueryDosDevice(drive.TrimEnd(DirectorySeparator), pathBuffer, capacity);
if (nrChars == 0)
{
continue;
}
var dosDevice = new string(pathBuffer, 0, nrChars);
if (dosPath.StartsWith(dosDevice))
{
return(drive + dosPath.Remove(0, nrChars));
}
}
}
}
finally
{
CloseHandle(hProcess);
}
}
return(null);
}
