News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Get executable to which a window belongs

Started by jj2007, July 28, 2012, 05:52:18 AM

Previous topic - Next topic

jj2007

According to this thread at MSDN social, it should be easy to grab the name of the executable that launched window X. But I can't get it to work...

  lea edi, buffer
  invoke lstrcpy, edi, chr$("EMPTY")   ; just for checking if something was written
  invoke GetForegroundWindow
  xchg eax, ebx
  deb 4, "Title", $Win$(ebx)   ; OK
  invoke GetWindowThreadProcessId, ebx, 0
  deb 4, "ID", eax   ; OK
  invoke GetModuleFileName, eax, edi, 1000
  deb 4, "File", $Err$(), $edi   ; operation completed

No errors, but the output shows that nothing is copied into the buffer. Any ideas?

Title   $Win$(ebx)      D:\Masm32\RichMasm\richmasm.exe
ID      eax             2172
File
$Err$()         Operazione completata.
$edi            EMPTY

Ryan

The return value from GetWindowThreadProcessId is the thread ID.  The process ID is returned through the optional output second parameter, which you have passed 0.

I'm not sure if the process ID counts as the module handle.

Ryan

Is the desired result obtained with $Win$?

jj2007

Thanks for the hint :t
Win$(hWnd) returns the caption text. With...
  push eax
  invoke GetWindowThreadProcessId, ebx, esp
  pop edx
  deb 4, "ID thread", eax
  deb 4, "ID process", edx

... I now get:
Title   $Win$(ebx)        Masm32 xHelp
ID thread       eax             1536
ID process      edx             3556

File
$Err$()         Operazione completata.
$edi            EMPTY

Ryan

I found this.  It's in C, but easily converted.

DWORD pID;
GetWindowThreadProcessId(hwnd, &pID);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
GetModuleFileNameEx(hProcess, NULL, buff, MAX_PATH);
CloseHandle(hProcess);

http://forums.codeguru.com/archive/index.php/t-325174.html

jj2007

Yep, that works, thanxalot :t

GetProcessImageFileName works also on XP but it returns a different format:

  invoke GetProcessImageFileName, esi, edi, 1000   ; \Device\HarddiskVolume3\masm32\RichMasm\Misc\searchchm\ChmWindow.exe
  invoke GetModuleFileNameEx, esi, 0, edi, 1000      ; D:\Masm32\RichMasm\Misc\SearchCHM\ChmWindow.exe


sinsi

Quote from: MSDNThe GetProcessImageFileName function returns the path in device form, rather than drive letters.