Questions:The 32-bit program calls the Getmodulefilenameex () traversal on a 64-bit system to get the full path of the 64-bit process to fail with the resulting path empty.
According to the official statement:
The results use of the following table to convert paths.
Windows $ = Getmodulefilenameex ()
Windows XP x32 = Getprocessimagefilename ()
Windows XP x64 = Getprocessimagefilename ()
Windows Vista = Queryfullprocessimagename ()
Windows 7 = Queryfullprocessimagename ()
Note:if You is not aware the API Getprocessimagefilename () returns a kernel DOS device path. You can use the following API to map the device paths to a Win32 format.
However, it is important to note that getmodulefilename in 64bit is not correct, with 32 to fill 64 result is empty.
I can be accurately obtained under the Win7 of 32bit, 64bit Win7 can't get what they want. As shown in the following:
Recommended with Vista NEW: Queryfullprocessimagename (), results into:
Another search all over the network did not search the function of the sample, and then lazy also had to write their own ~ ~
DWORD size = MAX_PATH;
Char Sexename[max_path] = {0};
Queryfullprocessimagename (hprocess, 0, Sexename, &size);
Of course with Getprocessimagefilename get better, just code a bit long, lazy write.
Getmodulefilenameex traversal a workaround to get 64bit program path failure (win7-64-bit)
