问题描述
我需要从 Windows 中的进程 id 获取进程名称,以查找与记录事件关联的进程名称.它只能从记录的事件中获取执行进程 ID.进程句柄是使用 GetProcessImageFileName()
方法所需的输入.它无法从记录的事件中获取进程句柄.
I need to get process name from process id in windows to find process names associated with a logged event. It is able to get Execution process id only from the logged event. Process handle is the required input to use GetProcessImageFileName()
method. It's not able to get process handle from logged event.
在重复问题中,它讨论了当前正在运行的进程.但是我不需要当前正在运行的进程,因为它讨论了记录的事件.&我怀疑 processID 与 processName 组合在 Windows 中是否唯一.所以也需要考虑..
In the duplicate question, it talks about currently running process. But I need not currently running process since it talks about logged event. & I have a doubt of whether processID vs processName combination is unique or not in Windows. So need to consider that also..
我希望必须有某种结构来将进程 ID 映射到进程名称.有这样的结构吗?或任何其他方法从进程 id 中获取进程映像名称?
I expect that there must be some structure to map process id to process name. Are there any structure so? or any other methods to get process image name from process id?
推荐答案
如果您从日志中获取进程 ID,则只有在原始进程仍在运行时它才有效.否则,该 ID 对于该进程名称不再有效.如果在您阅读日志之前进程已经退出,则所有赌注都将关闭.
If you are getting the Process ID from a log, it will only be valid if the original process is still running. Otherwise, the ID is no longer valid for that process name. If the process has already exited before you read the log, all bets are off.
我不需要当前正在运行的进程,因为它会讨论记录的事件.
如果未记录原始进程名称,那么您就不走运了.
Then you are out of luck, if the original process name was not logged.
我怀疑 processID 与 processName 组合在 Windows 中是否唯一.
进程 ID 仅在用于正在运行的进程时才是唯一的.进程结束后,其进程 ID 将不再有效,并可重新用于后续的新进程.
A Process ID is unique only while being used for a running process. Once a process ends, its Process ID is no longer valid, and can be re-used for a subsequent new process.
我希望必须有某种结构来将进程 ID 映射到进程名称.
是的,但仅适用于正在运行的进程.您可以将进程 ID 传递给 OpenProcess()代码>
.如果成功,它将返回一个 HANDLE
给正在运行的进程.然后,您可以将该 HANDLE
传递给 GetModuleFileName(), GetProcessImageFileName(),或QueryFullProcessImageName()
,取决于您可以从 OpenProcess()
获得的操作系统版本和权限.
Yes, but only for a running process. You can pass the Process ID to OpenProcess()
. If successful, it will return a HANDLE
to the running process. You can then pass that HANDLE
to GetModuleFileName()
, GetProcessImageFileName()
, or QueryFullProcessImageName()
, depending on OS version and permissions you are able to gain from OpenProcess()
.
这篇关于如何在不枚举进程的情况下通过 C++ 从 Windows 中的进程 id 获取进程名称?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!