Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Windows Process Executable Path is Null

by dt667 (Acolyte)
on Oct 28, 2013 at 15:13 UTC ( #1059998=perlquestion: print w/replies, xml ) Need Help??
dt667 has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to get process information for my windows machine, but one of the processes is returning a null value for the ExecutablePath. However, through Process Explorer I can see the Path, but I'm unsure if PE is getting this information another way. The code works for other processes. My code is below:

use Win32::OLE; my $objWMIService; unless ($objWMIService = Win32::OLE->GetObject("winmgmts:{impersonatio +nLevel=impersonate}!\\\\.\\root\\cimv2")) { print("Could not connect to WMI Service on localhost while attempt +ing to collect a remote item. The error returned was: " . Win32::OLE +->LastError() . "."); } my $colItems; unless($colItems= $objWMIService->ExecQuery("SELECT * FROM Win32_Proce +ss", "WQL",0x10 | 0x20)) #unless($colItems= $objWMIService->ExecQuery("SELECT * FROM Win32_Proc +ess")) { print("Could not extract notification query from WMI Service on lo +calhost . The error returned was: " . Win32::OLE->LastError() . "."); } foreach my $objItem (in $colItems) { if(defined($objItem->{CommandLine}) && ($objItem->{CommandLine} = +~ /^.*[Ss][Mm][Ss][Ss]\.[Ee][Xx][Ee]$/)) { print "#################################################\n"; print "CommandLine: '" . $objItem->{CommandLine} . "'.\n"; print "ExecutablePath: '" . $objItem->{ExecutablePath} . "'.\n +"; print "Name: '" . $objItem->{Name} . "'.\n"; print "Caption: '" . $objItem->{Caption} . "'.\n"; print "#################################################\n"; } }

Output:

perl process.pl ################################################# CommandLine: '\SystemRoot\System32\smss.exe'. ExecutablePath: ''. Name: 'smss.exe'. Caption: 'smss.exe'. #################################################

I expect to see 'ExecutablePath: C:\Windows\System32\smss.exe'. Any help would be greatly appreciated.

Replies are listed 'Best First'.
Re: Windows Process Executable Path is Null
by NetWallah (Canon) on Oct 28, 2013 at 15:27 UTC
    I think you want the PathName property.

    From technet's "Retrieving Service Properties"

    PathName

    Fully qualified path to the executable file responsible for implementing the service.

                 When in doubt, mumble; when in trouble, delegate; when in charge, ponder. -- James H. Boren

      Both ExecutablePath and PathName return null for the smss.exe process

        Both ExecutablePath and PathName return null for the smss.exe process

        Need to read more on MSDN -- getting info on some procs requires elevated privileges/permissions/runningasadmin ... you can see with http://live.sysinternals.com/procexp.exe

Re: Windows Process Executable Path is Null
by bulk88 (Priest) on Oct 29, 2013 at 02:39 UTC
    I'll mention this slightly OT thing, the "Command line" and "Current directory" fields in Process Explorer are retrieved by going through the PEB struct of the remote process with ReadProcessMemory.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1059998]
Approved by hdb
help
Chatterbox?
[Discipulus]: uh uh.. scent of gods..
[Discipulus]: finally authors of Python to Perl answers will be borged, banned, fried and eaten .. ;=)

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (11)
As of 2018-06-22 08:41 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?



    Results (122 votes). Check out past polls.

    Notices?