擅长:python、mysql、java
<p>最后我用了DuplicateHandle。效果很好!在</p>
<pre><code>source_pid = event.get_process().get_pid()
print 'source pid =', source_pid
source_phandle = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, FALSE, source_pid)
print 'source phandle =', source_phandle
current_phandle = win32process.GetCurrentProcess()
print 'current phandle =', current_phandle
duplicated_handle = win32api.DuplicateHandle(source_phandle, processHandle, current_phandle,
0, FALSE, win32con.DUPLICATE_SAME_ACCESS)
print 'dup h =', duplicated_handle
source_process_name = win32process.GetModuleFileNameEx(source_phandle, 0)
print "source_process_name - ", (source_process_name)
q = VirtualQueryEx(duplicated_handle.handle, BaseAddress)
print "virtualQuery - is_executable() " + str(q.is_executable())
target_process_name = win32process.GetModuleFileNameEx(duplicated_handle.handle, 0)
print "target_process_name - ", (target_process_name)
</code></pre>
<p>VirtualQueryEx很好用!在</p>
<p>现在的问题是GetModulefileNameEx返回给重复的句柄“句柄无效”。在</p>
<p>如何显示目标进程名称?在</p>
<p>谢谢!在</p>