我正在为Windows图片查看器编写一个"加载项",它需要向它发送命令(如"显示下一个/上一个图像")并获取当前所选图像的文件路径。我设法通过SendMessage实现了发送命令,但我不知道如何从进程中请求信息。这可能吗?到目前为止,我只能从窗口标题中提取文件名,但这限制了只能使用一个文件夹,我需要完整的路径。
[EDIT]我做了一些搜索,发现有(未记录的?)可能使用函数NTQuerySystemInformation找到进程使用的所有句柄的列表(如这里所示,Delphi-获取应用程序打开的文件)。然而,问题是,那里提供的示例根本没有为我显示文件句柄(只有非硬盘驱动器设备句柄),虽然我在这里找到了工作示例http://www.codeguru.com/Cpp/W-P/system/processesmodules/article.php/c2827/,从资源管理器启动时,图片查看器似乎没有任何预览文件的句柄。
您可以获取流程"当前目录"(如Process Explorer中所示)
看看RRUZ使用Delphi获取另一个进程的命令行的两种方法
基于这篇文章,我们可以得到在RTL_USER_PROCESS_PARAMETERS(偏移36)结构中找到的CurrentDirectory:
type
Uint4B = Cardinal;
Uint2B = Word;
UChar = Byte;
Ptr32 = Pointer;
TUNICODE_STRING = UNICODE_STRING;
TCURDIR = packed record
DosPath : TUNICODE_STRING;
Handle : Ptr32;
end;
TRTL_USER_PROCESS_PARAMETERS = packed record
MaximumLength : Uint4B;
Length : Uint4B;
Flags : Uint4B;
DebugFlags : Uint4B;
ConsoleHandle : Ptr32;
ConsoleFlags : Uint4B;
StandardInput : Ptr32;
StandardOutput : Ptr32;
StandardError : Ptr32;
CurrentDirectory : TCURDIR;
DllPath : TUNICODE_STRING;
ImagePathName : TUNICODE_STRING;
CommandLine : TUNICODE_STRING;
Environment : Ptr32;
StartingX : Uint4B;
StartingY : Uint4B;
CountX : Uint4B;
CountY : Uint4B;
CountCharsX : Uint4B;
CountCharsY : Uint4B;
FillAttribute : Uint4B;
WindowFlags : Uint4B;
ShowWindowFlags : Uint4B;
WindowTitle : TUNICODE_STRING;
DesktopInfo : TUNICODE_STRING;
ShellInfo : TUNICODE_STRING;
RuntimeData : TUNICODE_STRING;
// +0x090 CurrentDirectores : [32] _RTL_DRIVE_LETTER_CURDIR
end;
以下是如何获得CurrentDirectory:
function GetCurrentDirectoryFromPid(PID: THandle): string;
const
STATUS_SUCCESS = $00000000;
SE_DEBUG_NAME = 'SeDebugPrivilege';
OffsetProcessParametersx32 = $10; //16
OffsetCurrentDirectoryx32 = $24; //36
var
ProcessHandle : THandle;
rtlUserProcAddress : Pointer;
CurrentDirectory : TCURDIR;
CurrentDirectoryContents : WideString;
ProcessBasicInfo : PROCESS_BASIC_INFORMATION;
ReturnLength : Cardinal;
TokenHandle : THandle;
lpLuid : TOKEN_PRIVILEGES;
OldlpLuid : TOKEN_PRIVILEGES;
begin
Result:='';
if OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, TokenHandle) then
begin
try
if not LookupPrivilegeValue(nil, SE_DEBUG_NAME, lpLuid.Privileges[0].Luid) then
RaiseLastOSError
else
begin
lpLuid.PrivilegeCount := 1;
lpLuid.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
ReturnLength := 0;
OldlpLuid := lpLuid;
//Set the SeDebugPrivilege privilege
if not AdjustTokenPrivileges(TokenHandle, False, lpLuid, SizeOf(OldlpLuid), OldlpLuid, ReturnLength) then RaiseLastOSError;
end;
ProcessHandle := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, false, PID);
if ProcessHandle=0 then RaiseLastOSError
else
try
// get the PROCESS_BASIC_INFORMATION to access to the PEB Address
if (NtQueryInformationProcess(ProcessHandle,0{=>ProcessBasicInformation},@ProcessBasicInfo, sizeof(ProcessBasicInfo), @ReturnLength)=STATUS_SUCCESS) and (ReturnLength=SizeOf(ProcessBasicInfo)) then
begin
//get the address of the RTL_USER_PROCESS_PARAMETERS struture
if not ReadProcessMemory(ProcessHandle, Pointer(Longint(ProcessBasicInfo.PEBBaseAddress) + OffsetProcessParametersx32), @rtlUserProcAddress, sizeof(Pointer), ReturnLength) then
RaiseLastOSError
else
if ReadProcessMemory(ProcessHandle, Pointer(Longint(rtlUserProcAddress) + OffsetCurrentDirectoryx32), @CurrentDirectory, sizeof(CurrentDirectory), ReturnLength) then
begin
SetLength(CurrentDirectoryContents, CurrentDirectory.DosPath.length);
//get the CurrentDirectory field
if ReadProcessMemory(ProcessHandle, CurrentDirectory.DosPath.Buffer, @CurrentDirectoryContents[1], CurrentDirectory.DosPath.Length, ReturnLength) then
Result := WideCharLenToString(PWideChar(CurrentDirectoryContents), CurrentDirectory.DosPath.length div 2)
else
RaiseLastOSError;
end;
end
else
RaiseLastOSError;
finally
CloseHandle(ProcessHandle);
end;
finally
CloseHandle(TokenHandle);
end;
end
else
RaiseLastOSError;
end;
您不能这样做,因为应用程序没有定义COM接口来根据请求提供该信息。正如您所指出的,如果它在窗口标题中显示了路径和文件名,您可以得到它,但因为它没有,所以信息不可用。