获取进程文件路径方法留档

Process,Exist,Explorer.EXE
MsgBox,% "1：" GetProcessFullPath(ErrorLevel)
	. "`n2：" GetProcessFullPath2(ErrorLevel)
	. "`n3：" GetProcessFullPath("Explorer.EXE")
	. "`n" GetProcessCreationTime(ErrorLevel)

;获取进程创建时间
GetProcessCreationTime(PID) { 
	hPr := DllCall( "OpenProcess", UInt,1040, Int,0, Int,PID )
	DllCall( "GetProcessTimes", UInt,hPr, Int64P,UTC, Int,0, Int,0, Int,0 )
	DllCall( "CloseHandle", Int,hPr)
	DllCall( "FileTimeToLocalFileTime", Int64P,UTC, Int64P,Local ), AT := 1601
	AT += % Local//10000000, S
	FormatTime, AT, % AT, yyyy-MM-dd HH:mm:ss
	Return AT
}
;获取进程文件路径，比ComObjGet可靠
GetProcessFullPath(ProcessNameOrPid) {
	Process,Exist,%ProcessNameOrPid%
	if ProcessId :=ErrorLevel {
		hProcess := DllCall("Kernel32.dll\OpenProcess", "UInt", 0x0400|0x0010, "UInt", 0, "UInt", ProcessId)
		FileNameSize := VarSetCapacity(ModuleFileName, (260 + 1) * 2, 0) / 2
		if !(DllCall("Psapi.dll\GetModuleFileNameExW", "Ptr", hProcess, "Ptr", 0, "Str", ModuleFileName, "UInt", FileNameSize))
			if !(DllCall("Kernel32.dll\K32GetModuleFileNameExW", "Ptr", hProcess, "Ptr", 0, "Str", ModuleFileName, "UInt", FileNameSize))
				DllCall("Kernel32.dll\QueryFullProcessImageNameW", "Ptr", hProcess, "UInt", 1, "Str", ModuleFileName, "UIntP", FileNameSize)
		return ModuleFileName, DllCall("Kernel32.dll\CloseHandle", "Ptr", hProcess)
	}
}
;获取进程文件路径
GetProcessFullPath2(p_id) {
	Try {
		for process in ComObjGet("winmgmts:").ExecQuery("Select * from Win32_Process where ProcessId=" p_id)
			return process.ExecutablePath
	}
}