Can't get the module name for a process

Jim Seekamp 26 Reputation points
2020-10-13T04:12:00.96+00:00

I can't get any names for the exe files of processes...
Any ideas whats wrong here ?

LONG findprogram()
{
LONG count;
DWORD aProcesses[1024],cbNeeded,cProcesses,processID,CurrentProcessId,lpExitCode;
unsigned int i;
std::wstring szProcessName;
HANDLE hProcess;
HMODULE hMod;
std::string namepath="PROGRAMNAME.EXE";
std::string cmpnamepath;
std::wstring wtxt;

 CurrentProcessId=GetCurrentProcessId();

 if(!EnumProcesses(aProcesses,sizeof(aProcesses),&cbNeeded))
 {
   return 0;
 }

 cProcesses=cbNeeded/sizeof(DWORD);
 count=1;  //number of processes running

 for(i=0;i<cProcesses;i++)
 {
   if(aProcesses[i] != 0)
   {
     processID=aProcesses[i];

     if(processID == CurrentProcessId)  //leave out current program
       continue;  

     hProcess=OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,processID);

     if(hProcess)
     {
       WCHAR Buffer[MAX_PATH];

       if(GetModuleFileNameEx(hProcess,NULL,Buffer,MAX_PATH))
       {
         szProcessName=Buffer;
       }
     }

     showtextmessagew(szProcessName);  //always blank

     wtxt=szProcessName;
     cmpnamepath=wstrtostr(wtxt);

     if(ucase(cmpnamepath) == namepath)
     {  
       count++;
       GetExitCodeProcess(hProcess,&lpExitCode);
       TerminateProcess(hProcess,lpExitCode);
     }  

     CloseHandle(hProcess);
   }
 }

 return count;

}

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,611 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,720 questions
Accepted answer
  1. RLWA32 45,476 Reputation points
    2020-10-13T12:50:53.533+00:00

    GetModuleFileNameEx uses ReadProcessMemory in order to obtain the desired information.

    Use the following code to obtain a process handle with all the access rights needed - 

     hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID);

    In my opinion, a better alternative is to use QueryFullProcessImageName since it requires a process handle that only needs the PROCESS_QUERY_LIMITED_INFORMATION right.

    Additionally, you should read nf-processthreadsapi-getexitcodeprocess

    It says, "Important The GetExitCodeProcess function returns a valid error code defined by the application only after the thread terminates. Therefore, an application should not use STILL_ACTIVE (259) as an error code. If a thread returns STILL_ACTIVE (259) as an error code, applications that test for this value could interpret it to mean that the thread is still running and continue to test for the completion of the thread after the thread has terminated, which could put the application into an infinite loop."

    The posted code makes exactly this mistake by obtaining the exit code of an active process and passing it to TerminateProcess.

    And it is possible for TerminateProcess to return before the target process has been terminated. To ensure that the target process has actually terminated you should call WaitForSingleObject with the process handle. When that function returns WAIT_OBJECT_0 the results of calling GetExitCodeThread will reflect the exit code of the terminated process.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.