How to extract filename information from running processes ?

[adimangla]

Hi
I am creating a software that will save the present state of all the
applications running on the desktop (WinXP).

Can anyone point out the method to extract the filenames from the
handles (or otherwise) of the files that are being accessed by
processes and programs ?

For example : If I have opened xyz.docx in MS Word 2007 then I want to
find out the name of the file ("xyz.docx") and its complete path
through some mean which could be either :

1. Reading or extracting information from the Word 2007 process
handle.
2. Through another non- handle based general method.

Kindly help !

Regards,

Aditya

 

[Michael Nemtsev]

Hello adimangla,

Everything you need to do is enumerate all processes and find the process
to which your handle belongs to.
..NET doesn't provide the AFI for this, you need to dive deeper, more deep
then WINAPI - to the nt.dll level, where you can find undocumented ZwQueryObject().

Using this methods is not a simple task, because it returns name and info
about handle belonging to the YOUR process.
So, you need to perform additional task - use DuplicateHandle() to bring
external handle to your process.

I recomend you to study this sample http://www.codeguru.com/Cpp/W-P/system/processesmodules/article.php/c2827

which provide all functional u requre.

---
WBR, Michael Nemtsev [.NET/C# MVP].
My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

a> Hi
a> I am creating a software that will save the present state of all the
a> applications running on the desktop (WinXP).
a> Can anyone point out the method to extract the filenames from the
a> handles (or otherwise) of the files that are being accessed by
a> processes and programs ?
a>
a> For example : If I have opened xyz.docx in MS Word 2007 then I want
a> to find out the name of the file ("xyz.docx") and its complete path
a> through some mean which could be either :
a>
a> 1. Reading or extracting information from the Word 2007 process
a> handle.
a> 2. Through another non- handle based general method.
a> Kindly help !
a>
a> Regards,
a>
a> Aditya
a>

 

[Ignacio Machin \( .NET/ C# MVP \)]

Hi,

Hi
I am creating a software that will save the present state of all the
applications running on the desktop (WinXP).

So in other words, you are trying to create a "hibernation" features

Can anyone point out the method to extract the filenames from the
handles (or otherwise) of the files that are being accessed by
processes and programs ?

Can be done, it's a PITA to make it, be ready to P/invoke as crazy as well
as creating some unmanaged code (and not a trivial one)

For example : If I have opened xyz.docx in MS Word 2007 then I want to
find out the name of the file ("xyz.docx") and its complete path
through some mean which could be either :

1. Reading or extracting information from the Word 2007 process
handle.
2. Through another non- handle based general method.

What you want to do is not easyly done, as a matter of fact is a SUPER
complex process that maybe only the OS can do succesfuly.

I suggest you to look another project.

 

[Peter Duniho]

Hi
I am creating a software that will save the present state of all the
applications running on the desktop (WinXP).

Can anyone point out the method to extract the filenames from the
handles (or otherwise) of the files that are being accessed by
processes and programs ?

As a very basic example of where this is going to fail:

What are you planning to do about applications that behave like Notepad?
That is, they open a file and read the data, and then just close it again,
working solely from a copy of the data in memory. Without very specific
information about the internal data structures for the application *and*
complete access to that process's virtual address space, it is impossible
to determine where the file came from. And if the application doesn't
save the original file location anywhere (Notepad does, but there's no
requirement that it should), you're out of luck. The information is
simply not there to be retrieved.

And in any application, what do you plan to do when the user hasn't saved
the document yet?

Now, all that said, you certainly can achieve with at least some limited
success what you're trying to do. But your success *will* be limited, and
you definitely cannot literally "save the present state of all the
applications running on the desktop". There is a LOT more to the "present
state" than just the filenames of the files a given application has open
at the moment. Even if you could reliably get all of the filenames of all
the original source data for which there *are* filenames, that doesn't
give you anywhere close to all of the information about the application's
"present state", and that doesn't even consider situations in which the
user hasn't saved the application's documents yet, or applications that
don't even have a document-oriented user-interface.

In any case, whatever it is you plan to do, I'm pretty confident that
managed code isn't going to be the right place to do it. You can't get
access to what you apparently want access to from managed code.

Pete