XP，win7下拿到完整路径名

记录一下：NTSTATUS GetProcessImageName(PUNICODE_STRING ProcessImageName){  NTSTATUS status;  ULONG returnedLength;  ULONG bufferLength;  PVOID buffer;  PUNICODE_STRING imageName;  PAGED_CODE(); // this eliminates the possibility of the IDLE Thread/Process  if (NULL == ZwQueryInformationProcess) {    UNICODE_STRING routineName;    RtlInitUnicodeString(&routineName, L"ZwQueryInformationProcess");    ZwQueryInformationProcess =       (QUERY_INFO_PROCESS) MmGetSystemRoutineAddress(&routineName);    if (NULL == ZwQueryInformationProcess) {      KdPrint(("Cannot resolve ZwQueryInformationProcess\r\n"));    }  }  //  // Step one - get the size we need  //  status = ZwQueryInformationProcess( NtCurrentProcess(),     ProcessImageFileName,    NULL, // buffer    0, // buffer size    &returnedLength);  if (STATUS_INFO_LENGTH_MISMATCH != status) {    return status;  }  //  // Is the passed-in buffer going to be big enough for us?    // This function returns a single contguous buffer model...  //  bufferLength = returnedLength - sizeof(UNICODE_STRING);  if (ProcessImageName->MaximumLength < bufferLength) {    ProcessImageName->Length = (USHORT) bufferLength;    KdPrint(("ProcessImageName's Buffer Is Toooo small\r\n"));    return STATUS_BUFFER_OVERFLOW;  }  //  // If we get here, the buffer IS going to be big enough for us, so   // let's allocate some storage.  //  buffer = ExAllocatePoolWithTag(NonPagedPool, returnedLength, 'ipgD');  if (NULL == buffer) {    return STATUS_INSUFFICIENT_RESOURCES;  }  //  // Now lets go get the data  //  status = ZwQueryInformationProcess( NtCurrentProcess(),     ProcessImageFileName,    buffer,    returnedLength,    &returnedLength);  if (NT_SUCCESS(status)) {    //    // Ah, we got what we needed    //    imageName = (PUNICODE_STRING) buffer;        RtlCopyUnicodeString(ProcessImageName, imageName);  }  //  // free our buffer  //  ExFreePool(buffer);  //  // And tell the caller what happened.  //      return status;}