elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Sigue las noticias más importantes de seguridad informática en el Twitter! de elhacker.NET


+  Foro de elhacker.net
|-+  Programación
| |-+  Programación General
| | |-+  .NET (C#, VB.NET, ASP)
| | | |-+  Programación Visual Basic (Moderadores: LeandroA, seba123neo)
| | | | |-+  mostrar ruta de proceso
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: mostrar ruta de proceso  (Leído 2,316 veces)
Hans el Topo


Desconectado Desconectado

Mensajes: 1.754


"Estoy cansado de no hacer nada"


Ver Perfil WWW
mostrar ruta de proceso
« en: 17 Septiembre 2008, 22:12 pm »

saludos,

estoy intentando sacar la ruta de un proceso, se que en el foro se ha hablado del tema y pese a que he buscado no he encontrado la manera de sacar la ruta sabiendo el nombre del proceso


En línea

aaronduran2


Desconectado Desconectado

Mensajes: 790



Ver Perfil WWW
Re: mostrar ruta de proceso
« Respuesta #1 en: 17 Septiembre 2008, 22:21 pm »

Hola. Este código permite sacar la ruta del proceso a partir de su hWnd, así que solo tienes que obtener el PID del proceso y luego obtener su hWnd:

Código
  1. Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
  2. Private Declare Function EnumProcessModules Lib "psapi" (ByVal hProcess As Long, lphModule As Any, cb As Long, lpcbNeeded As Long) As Long
  3. Private Declare Function GetModuleFileNameEx Lib "psapi" Alias "GetModuleFileNameExA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, nSize As Long) As Long
  4. Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
  5. Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
  6.  
  7. Public Function ExeFileName(ByVal hWnd As Long) As String
  8.  
  9. Const PROCESS_QUERY_INFORMATION As Long = &H400&
  10. Const PROCESS_VM_READ           As Long = &H10&
  11.  
  12. Const opFlags       As Long = PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ
  13. Const nMaxMods      As Long = 256
  14. Const nBaseModule   As Long = 1
  15. Const nBytesPerLong As Long = 4
  16. Const MAX_PATH      As Long = 260
  17.  
  18.  Dim hModules()    As Long
  19.  Dim hProcess      As Long
  20.  Dim nProcessID    As Long
  21.  Dim nBufferSize   As Long
  22.  Dim nBytesNeeded  As Long
  23.  Dim nRet          As Long
  24.  Dim sBuffer       As String
  25.  
  26.  'Get the process ID from the window handle
  27.  Call GetWindowThreadProcessId(hWnd, nProcessID)
  28.  
  29.  'Open the process so we can read some module info.
  30.  hProcess = OpenProcess(opFlags, False, nProcessID)
  31.  
  32.  If hProcess Then
  33.    'Get list of process modules.
  34.    ReDim hModules(1 To nMaxMods) As Long
  35.    nBufferSize = UBound(hModules) * nBytesPerLong
  36.    nRet = EnumProcessModules(hProcess, hModules(nBaseModule), nBufferSize, nBytesNeeded)
  37.  
  38.    If nRet = False Then
  39.      'Check to see if we need to allocate more space for results.
  40.      If nBytesNeeded > nBufferSize Then
  41.        ReDim hModules(nBaseModule To nBytesNeeded \ nBytesPerLong) As Long
  42.        nBufferSize = nBytesNeeded
  43.        nRet = EnumProcessModules(hProcess, hModules(nBaseModule), nBufferSize, nBytesNeeded)
  44.      End If
  45.    End If
  46.  
  47.    'Get the module name.
  48.    sBuffer = Space$(MAX_PATH)
  49.    nRet = GetModuleFileNameEx(hProcess, hModules(nBaseModule), sBuffer, MAX_PATH)
  50.  
  51.    If nRet Then
  52.      ExeFileName = Left$(sBuffer, nRet)
  53.    End If
  54.  
  55.    'Clean up
  56.    Call CloseHandle(hProcess)
  57.  End If
  58. End Function
  59.  

Saludos.


En línea

cobein


Desconectado Desconectado

Mensajes: 759



Ver Perfil WWW
Re: mostrar ruta de proceso
« Respuesta #2 en: 17 Septiembre 2008, 22:40 pm »

Ops, lei mal, bueno dejo el code por si alguien lo necesita.

Lo que podes hacer es usar CreateToolhelp32Snapshot


 
Devuelve ruta o nombre

Código:
'---------------------------------------------------------------------------------------
' Module      : mPathFromPid
' DateTime    : 12/09/2008 08:52
' Author      : Cobein
' Mail        : cobein27@hotmail.com
' WebPage     : http://www.advancevb.com.ar
' Purpose     : Return path to the executable from PID
' Usage       : At your own risk
' Requirements: None
' Distribution: You can freely use this code in your own
'               applications, but you may not reproduce
'               or publish this code on any web site,
'               online service, or distribute as source
'               on any media without express permission.
'
' Reference   : http://support.microsoft.com/default.aspx?scid=kb;en-us;187913
'
' History     : 12/09/2008 First Cut....................................................
'---------------------------------------------------------------------------------------
Option Explicit

Private Const PROCESS_QUERY_INFORMATION     As Long = 1024
Private Const PROCESS_VM_READ               As Long = 16
Private Const MAX_PATH                      As Long = 260

Private Declare Function CloseHandle Lib "Kernel32.dll" (ByVal Handle As Long) As Long
Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Declare Function EnumProcessModules Lib "psapi.dll" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Function GetModuleFileNameExA Lib "psapi.dll" (ByVal lProc As Long, ByVal hModule As Long, ByVal sName As String, ByVal lSize As Long) As Long
Private Declare Function GetModuleBaseNameA Lib "psapi.dll" (ByVal lProc As Long, ByVal hModule As Long, ByVal lpBaseName As String, ByVal lSize As Long) As Long

Public Function ProcessPathByPID(ByVal lPID As Long, Optional ByVal bBase As Boolean) As String
    Dim lNeed               As Long
    Dim lvMods(1 To 200)    As Long
    Dim lRet                As Long
    Dim sName               As String * MAX_PATH
    Dim lSize               As Long
    Dim lProc               As Long

    lProc = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, lPID)
           
    If Not lProc = 0 Then
               
        If EnumProcessModules(lProc, lvMods(1), 200, lNeed) Then
            If bBase Then
                lRet = GetModuleBaseNameA(lProc, lvMods(1), sName, MAX_PATH)
            Else
                lRet = GetModuleFileNameExA(lProc, lvMods(1), sName, MAX_PATH)
            End If
            If lRet = 0 Then
                ProcessPathByPID = "SYSTEM"
            Else
                ProcessPathByPID = Left$(sName, lRet)
            End If
        End If
        Call CloseHandle(lProc)
       
    Else
        ProcessPathByPID = "UNKNOWN"
    End If
   
End Function
« Última modificación: 17 Septiembre 2008, 23:23 pm por cobein » En línea

http://www.advancevb.com.ar
Más Argentino que el morcipan
Aguante el Uvita tinto, Tigre, Ford y seba123neo
Karcrack es un capo.
cobein


Desconectado Desconectado

Mensajes: 759



Ver Perfil WWW
Re: mostrar ruta de proceso
« Respuesta #3 en: 17 Septiembre 2008, 23:37 pm »

Algo asi

Código:
Option Explicit

Private Const PROCESS_QUERY_INFORMATION     As Long = 1024
Private Const PROCESS_VM_READ               As Long = 16
Private Const MAX_PATH                      As Long = 260
Private Const TH32CS_SNAPPROCESS            As Long = &H2

Private Declare Function CloseHandle Lib "Kernel32.dll" (ByVal Handle As Long) As Long
Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Declare Function EnumProcessModules Lib "psapi.dll" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Function GetModuleFileNameExA Lib "psapi.dll" (ByVal lProc As Long, ByVal hModule As Long, ByVal sName As String, ByVal lSize As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As String) As Long
Private Declare Function GetModuleBaseNameA Lib "psapi.dll" (ByVal lProc As Long, ByVal hModule As Long, ByVal lpBaseName As String, ByVal lSize As Long) As Long

Private Type PROCESSENTRY32
    dwSize              As Long
    cntUsage            As Long
    th32ProcessID       As Long
    th32DefaultHeapID   As Long
    th32ModuleID        As Long
    cntThreads          As Long
    th32ParentProcessID As Long
    pcPriClassBase      As Long
    dwFlags             As Long
    szExeFile           As String * MAX_PATH
End Type

Private Function GetPathFromProcName(ByVal sName As String, Optional ByVal bCaseSensitive As Boolean = False) As String

    Dim hSnapShot   As Long
    Dim uProcess    As PROCESSENTRY32
    Dim lRet        As Long
    Dim sExe        As String

    If Not bCaseSensitive Then
        sName = UCase(sName)
    End If

    hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
    uProcess.dwSize = Len(uProcess)
   
    lRet = Process32First(hSnapShot, uProcess)

    Do While lRet
        sExe = Left$(uProcess.szExeFile, lstrlen(uProcess.szExeFile))
        If Not bCaseSensitive Then sExe = UCase(sExe)
        If sExe = sName Then
            GetPathFromProcName = ProcessPathByPID(uProcess.th32ProcessID)
            Exit Do
        End If
        lRet = Process32Next(hSnapShot, uProcess)
    Loop

    CloseHandle hSnapShot

End Function

Public Function ProcessPathByPID(ByVal lPID As Long, Optional ByVal bBase As Boolean) As String
    Dim lNeed               As Long
    Dim lvMods(1 To 200)    As Long
    Dim lRet                As Long
    Dim sName               As String * MAX_PATH
    Dim lSize               As Long
    Dim lProc               As Long

    lProc = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, lPID)
           
    If Not lProc = 0 Then
               
        If EnumProcessModules(lProc, lvMods(1), 200, lNeed) Then
            If bBase Then
                lRet = GetModuleBaseNameA(lProc, lvMods(1), sName, MAX_PATH)
            Else
                lRet = GetModuleFileNameExA(lProc, lvMods(1), sName, MAX_PATH)
            End If
            If lRet = 0 Then
                ProcessPathByPID = "SYSTEM"
            Else
                ProcessPathByPID = Left$(sName, lRet)
            End If
        End If
        Call CloseHandle(lProc)
       
    Else
        ProcessPathByPID = "UNKNOWN"
    End If
   
End Function
En línea

http://www.advancevb.com.ar
Más Argentino que el morcipan
Aguante el Uvita tinto, Tigre, Ford y seba123neo
Karcrack es un capo.
Hans el Topo


Desconectado Desconectado

Mensajes: 1.754


"Estoy cansado de no hacer nada"


Ver Perfil WWW
Re: mostrar ruta de proceso
« Respuesta #4 en: 18 Septiembre 2008, 12:47 pm »

muchas gracias a ambos y especialmente a cobein  :-*

me había confundido de api  :-X
En línea

Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines