通过进程ID得到文件名

#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>BOOL EnablePrivilege(HANDLE hToken,LPCSTR szPrivName);
void DispProcess(void);
void DispPrsFile(void);//=================================================
typedef BOOL (_stdcall *ENUMPROCESSES)(  //注意这里要指明调用约定为-stdcallDWORD* pProcessIds,  //指向进程ID数组链  DWORD cb,    //ID数组的大小，用字节计数DWORD* pBytesReturned);   //返回的字节
//在psapi.dll中的函数EnumProcessModules用来枚举进程模块
typedef BOOL (_stdcall *ENUMPROCESSMODULES)(HANDLE hProcess,   //进程句柄HMODULE* lphModule, //指向模块句柄数组链DWORD cb,    //模块句柄数组大小，字节计数LPDWORD lpcbNeeded);   //存储所有模块句柄所需的字节数
//在psapi.dll中的函数GetModuleFileNameEx获得进程模块名
typedef DWORD (_stdcall *GETMODULEFILENAMEEX)(HANDLE hProcess,   //进程句柄HMODULE hModule,   //进程句柄LPTSTR lpFilename,   //存放模块全路径名DWORD nSize    //lpFilename缓冲区大小，字符计算
);
//=================================================
//=================================================
int main()
{//DispProcess();DispPrsFile();return 0;
}//提升进程权限
BOOL EnablePrivilege(HANDLE hToken,LPCSTR szPrivName)
{TOKEN_PRIVILEGES tkp;LookupPrivilegeValue( NULL,szPrivName,&tkp.Privileges[0].Luid );//修改进程权限tkp.PrivilegeCount=1;tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;AdjustTokenPrivileges( hToken,FALSE,&tkp,sizeof tkp,NULL,NULL );//通知系统修改进程权限return( (GetLastError()==ERROR_SUCCESS) );
}
void DispProcess(void)
{HANDLE hSnapshot;PROCESSENTRY32 pe;BOOL bSucceed;TCHAR * szFileName = NULL;DWORD dwProcessID = 0;HANDLE hToken;if ( OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken) ){if (EnablePrivilege(hToken,SE_DEBUG_NAME)){hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);bSucceed = Process32First(hSnapshot, &pe);while(bSucceed){printf("\n%d\t%s",pe.th32ProcessID,pe.szExeFile);bSucceed = Process32Next(hSnapshot, &pe);}}}CloseHandle(hSnapshot);system("pause");
}
void DispPrsFile(void)
{DWORD processid[1024],needed,processcount,i;HANDLE hProcess;HMODULE hModule;char path[MAX_PATH] = "",temp[256];HMODULE hPsDll = LoadLibrary("PSAPI.DLL");//=======================================================ENUMPROCESSES pEnumProcesses  = (ENUMPROCESSES)GetProcAddress(hPsDll, "EnumProcesses");ENUMPROCESSMODULES pEnumProcessModules  = (ENUMPROCESSMODULES)GetProcAddress(hPsDll, "EnumProcessModules");GETMODULEFILENAMEEX pGetModuleFileNameEx  = (GETMODULEFILENAMEEX)GetProcAddress(hPsDll, "GetModuleFileNameExA");//========================================================HANDLE hToken;if ( OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken) ){if (EnablePrivilege(hToken,SE_DEBUG_NAME)){pEnumProcesses(processid, sizeof(processid), &needed);processcount=needed/sizeof(DWORD);for (i=0;i<processcount;i++){hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,false,processid[i]);if (hProcess){pEnumProcessModules(hProcess, &hModule, sizeof(hModule), &needed);pGetModuleFileNameEx(hProcess, hModule, path, sizeof(path));GetShortPathName(path,path,256);itoa(processid[i],temp,10);printf("%s --\t\t-- %s\n",path,temp);}}}}//CloseHandle(hPsDll);//CloseHandle(hModule);//CloseHandle(hProcess);itoa(processcount,temp,10);printf("\nProcess Count:%s\n\n",temp);system("pause");
}