public static bool GetProcessFileName(Process process, out string result)
{
System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder(1024);
result = null;
System.IntPtr intPtr = Process32.OpenProcess(1040u, 0, (uint)process.Id);
Process32.GetModuleFileNameEx(intPtr, System.IntPtr.Zero, stringBuilder, 1024);
Process32.CloseHandle(intPtr);
result = stringBuilder.ToString();
return(!string.IsNullOrEmpty(result) && System.IO.File.Exists(result));
}
public static string GetProcess32File(ProcessEntry32 lpProcess)
{
int nSize = 1024;
StringBuilder stringBuilder = new StringBuilder(1024);
IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_QUERY_INFORMATION | Process32.PROCESS_VM_READ, 0, lpProcess.th32ProcessID);
Process32.GetModuleFileNameEx(intPtr, IntPtr.Zero, stringBuilder, 1024);
if (stringBuilder.Length == 0)
{
Process32.GetProcessImageFileName(intPtr, stringBuilder, nSize);
}
Process32.CloseHandle(intPtr);
return(stringBuilder.ToString());
}
public static string GetProcess32File(ProcessEntry32 lpProcess)
{
System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder(260);
System.IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_QUERY_INFORMATION | Process32.PROCESS_VM_READ, 0, lpProcess.th32ProcessID);
Process32.GetModuleFileNameEx(intPtr, System.IntPtr.Zero, stringBuilder, 260);
if (stringBuilder.Length == 0)
{
Process32.GetProcessImageFileName(intPtr, stringBuilder, 260);
}
Process32.CloseHandle(intPtr);
string text = stringBuilder.ToString();
if (text.Contains("\\Device\\HardDiskVolume", true))
{
string[] logicalDrives = System.IO.Directory.GetLogicalDrives();
for (int i = 0; i < logicalDrives.Length; i++)
{
text = text.Replace("\\Device\\HarddiskVolume" + (i + 1) + "\\", logicalDrives[i]);
}
}
return(text);
}
public static bool GetProcessModules(Process process, out string[] modules)
{
System.Collections.Generic.List <string> list = new System.Collections.Generic.List <string>();
System.IntPtr hProcess = Process32.OpenProcess(1040u, 0, (uint)process.Id);
System.IntPtr[] array = new System.IntPtr[1024];
uint num = 0u;
uint cb = (uint)(System.Runtime.InteropServices.Marshal.SizeOf(typeof(System.IntPtr)) * array.Length);
System.Runtime.InteropServices.GCHandle gCHandle = System.Runtime.InteropServices.GCHandle.Alloc(array, System.Runtime.InteropServices.GCHandleType.Pinned);
System.IntPtr lphModule = gCHandle.AddrOfPinnedObject();
if (Process32.EnumProcessModules(hProcess, lphModule, cb, out num) == 1)
{
int num2 = (int)((ulong)num / (ulong)((long)System.Runtime.InteropServices.Marshal.SizeOf(typeof(System.IntPtr))));
for (int i = 0; i < num2; i++)
{
System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder(1024);
Process32.GetModuleFileNameEx(hProcess, array[i], stringBuilder, stringBuilder.Capacity);
list.Add(stringBuilder.ToString());
}
}
gCHandle.Free();
modules = list.ToArray();
return(true);
}
