Find the module name of a 64 bits process from a 32 bits app

Go To StackoverFlow.com

1

I am using the Win Api function GetModuleBaseName to retrieve the process name from the current window (my application is 32 bits running on Win7 64 bits):

HWND Handle = GetForegroundWindow();
DWORD lpdwProcessId;
HANDLE PID; 

WCHAR ProcessName[1024];
GetWindowThreadProcessId(Handle,&lpdwProcessId);
PID=OpenProcess(PROCESS_ALL_ACCESS,false,lpdwProcessId);
if (PID)
{
    if(GetModuleBaseName(PID,NULL,ProcessName,sizeof ProcessName) == 0) {
        wcscpy(ProcessName,  L"??");
        DWORD er = GetLastError();
        printf("error code: %i\n", GetLastError());
    }
}
else
{
    wcscpy(ProcessName,  L"??");
} 

This code is working fine all 32 bits programs but not with 64 bits programs such as MSPaint where the last error returned is

error 299 : ERROR_PARTIAL_COPY : "Only part of a ReadProcessMemory or
WriteProcessMemory request was completed."

MSDN doesn't document why this particular error may happen. I read somewhere that this error can happen for the EnumProcessModulesEx due to problem between 32 and 64 bits programs, but no such thing is mentionned for GetModuleBaseName. Is there a way to know where this is comming from and how to fix it?

thanks

2012-04-05 19:33
by lezebulon
Take some moments to remove your extra indentation next time - sidyll 2012-04-05 19:54
I don't know the answer for sure, but I suspect it will simply be necessary to use a 64-bit application for this. If you google for "error 299 64-bit process 32-bit app", you will find that a number of APIs return that error in this type of situation (32-bit app querying info from 64-bit processes). Perhaps GetModuleBaseName uses one of those other APIs that does get that error - Mark Wilkins 2012-04-05 21:33


3

Documentation for GetModuleBaseName suggests that calling GetProcessImageFileName or QueryFullProcessImageName will be more reliable than calling GetModuleBaseName with a NULL module handle.

2012-04-05 22:04
by Jim Mischel
Ads