1

我想将设备路径转换为文件路径。

我想通过进程ID获取进程名称,所以我正在使用这段代码

PsLookupProcessByProcessId(processId,&pEProcess);
ObOpenObjectByPointer(pEProcess,
                      OBJ_KERNEL_HANDLE,
                      NULL,
                      0,
                      NULL,
                      KernelMode,
                      &hProcess);
ObDereferenceObject (pEProcess);

nts = ZwQueryInformationProcess (hProcess,27,0,0,&ulSize);

但它给出了路径\Device\hardDiskVolume1\windows\system32\taskmgr.exe

但我希望这是一个普通的文件名C:\windows\system32\taskmgr.exe

4

2 回答 2

1

Dobb 博士的文章( Jim Conyngham 的NT Handle-to-Path Conversion)描述了一种从句柄到 DOS 路径名的方法:参见.GetFileNameFromHandleNT()

在您的情况下,由于您已经拥有设备路径,因此您不需要执行句柄到内存映射到获取设备路径工作的代码的初始部分。

于 2011-06-21T09:44:39.660 回答
1 
// From device file name to DOS filename
BOOL GetFsFileName( LPCTSTR lpDeviceFileName, CString& fsFileName )
{
    BOOL rc = FALSE;

    TCHAR lpDeviceName[0x1000];
    TCHAR lpDrive[3] = _T("A:");

    // Iterating through the drive letters
    for ( TCHAR actDrive = _T('A'); actDrive <= _T('Z'); actDrive++ )
    {
        lpDrive[0] = actDrive;

        // Query the device for the drive letter
        if ( QueryDosDevice( lpDrive, lpDeviceName, 0x1000 ) != 0 )
        {
            // Network drive?
            if ( _tcsnicmp( _T("\\Device\\LanmanRedirector\\"), lpDeviceName, 25 ) == 0 )
            {
                //Mapped network drive 

                char cDriveLetter;
                DWORD dwParam;

                TCHAR lpSharedName[0x1000];

                if ( _stscanf(  lpDeviceName, 
                                _T("\\Device\\LanmanRedirector\\;%c:%d\\%s"), 
                                &cDriveLetter, 
                                &dwParam, 
                                lpSharedName ) != 3 )
                        continue;

                _tcscpy( lpDeviceName, _T("\\Device\\LanmanRedirector\\") );
                _tcscat( lpDeviceName, lpSharedName );
            }

            // Is this the drive letter we are looking for?
            if ( _tcsnicmp( lpDeviceName, lpDeviceFileName, _tcslen( lpDeviceName ) ) == 0 )
            {
                fsFileName = lpDrive;
                fsFileName += (LPCTSTR)( lpDeviceFileName + _tcslen( lpDeviceName ) );

                rc = TRUE;

                break;
            }
        }
    }

    return rc;
}
于 2013-09-08T05:56:49.640 回答