ExeNameFromWindow – The name of the process that created a window

ExeNameFromWindow – The name of the process that created a window

Const MAX_PATH As Long = 260Private Type PROCESSENTRY32    dwSize As Long    cntUsage As Long    th32ProcessID As Long    th32DefaultHeapID As Long    th32ModuleID As Long    cntThreads As Long    th32ParentProcessID As Long    pcPriClassBase As Long    dwflags As Long    szexeFile As String * MAX_PATHEnd TypePrivate Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As _    Long, lpdwProcessId As Long) As LongPrivate Declare Function CreateToolhelpSnapshot Lib "Kernel32" Alias _    "CreateToolhelp32Snapshot" (ByVal lFlgas As Long, ByVal lProcessID As Long) _    As LongPrivate Declare Function ProcessFirst Lib "Kernel32" Alias "Process32First" _    (ByVal hSnapshot As Long, procEntry As PROCESSENTRY32) As LongPrivate Declare Function ProcessNext Lib "Kernel32" Alias "Process32Next" _    (ByVal hSnapshot As Long, procEntry As PROCESSENTRY32) As LongPrivate Declare Sub CloseHandle Lib "Kernel32" (ByVal hPass As Long)' Get the name of the process that created a window'' Works only on Win9x and 2000 (no Windows NT, sorry)Function ExeNameFromWindow(ByVal hWnd As Long) As String    Dim threadID As Long    Dim processID As Long    Dim hSnapshot As Long    Dim procEntry As PROCESSENTRY32    Dim success As Long    Dim i As Integer        Const TH32CS_SNAPPROCESS As Long = 2&        ' get a snapshot of running processes, exit if error    hSnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0&)    If hSnapshot = -1 Then Exit Function        ' Get ID for window thread, exit if not valid    threadID = GetWindowThreadProcessId(hWnd, processID)    If threadID = 0 Or processID = 0 Then Exit Function    ' we must initialize first DWord of structure with its size    procEntry.dwSize = Len(procEntry)    ' get info on first process    success = ProcessFirst(hSnapshot, procEntry)        Do While success        If procEntry.th32ProcessID = processID Then            ' we found it, read name of executable and bail out of the loop            ExeNameFromWindow = Left$(procEntry.szexeFile, _                InStr(procEntry.szexeFile & vbNullChar, vbNullChar) - 1)            Exit Do        End If        ' otherwise, continue the search        success = ProcessNext(hSnapshot, procEntry)    Loop        ' in all cases, close the shapshot handle    CloseHandle hSnapshot    End Function

Share the Post:
Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes