最初由 ANTI 发布
我想windows内部肯定会有一张表来维护文件名和文件handle之间的对应关系，

顶

追踪一下CloseFile试试..

经典win32代码之从文件句柄获得文件名

#include <windows.h>
#include <stdio.h>
#include <tchar.h>
#include <string.h>
#include <psapi.h>

#define BUFSIZE 512

BOOL GetFileNameFromHandle(HANDLE hFile) 
{
  BOOL bSuccess = FALSE;
  TCHAR pszFilename[MAX_PATH+1];

  // Get the file size.
  DWORD dwFileSizeHi = 0;
  DWORD dwFileSizeLo = GetFileSize(hFile, &dwFileSizeHi); 

  // Create a file mapping object.
  HANDLE hFileMap = CreateFileMapping(hFile, 
                          NULL, 
                          PAGE_READONLY,
                          0, 
                          dwFileSizeLo,
                          NULL);

  if (hFileMap) 
  {
    // Create a file mapping to get the file name.
    void* pMem = MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, 1);

    if (pMem) 
    {
      if (GetMappedFileName (GetCurrentProcess(), 
                             pMem, 
                             pszFilename,
                             MAX_PATH)) 
      {

        // Translate path with device name to drive letters.
        TCHAR szTemp[BUFSIZE];
        szTemp[0] = '\0';

        if (GetLogicalDriveStrings(BUFSIZE-1, szTemp)) 
        {
          TCHAR szName[MAX_PATH];
          TCHAR szDrive[3] = TEXT(" :");
          BOOL bFound = FALSE;
          TCHAR* p = szTemp;

          do 
          {
            // Copy the drive letter to the template string
            *szDrive = *p;

            // Look up each device name
            if (QueryDosDevice(szDrive, szName, BUFSIZE))
            {
              UINT uNameLen = _tcslen(szName);

              if (uNameLen < MAX_PATH) 
              {
                bFound = _tcsnicmp(pszFilename, szName, 
                    uNameLen) == 0;

                if (bFound) 
                {
                  // Reconstruct pszFilename using szTemp
                  // Replace device path with DOS path
                  TCHAR szTempFile[MAX_PATH];
                  _stprintf(szTempFile,
                            TEXT("%s%s"),
                            szDrive,
                            pszFilename+uNameLen);
                  _tcsncpy(pszFilename, szTempFile, MAX_PATH);
                }
              }
            }

            // Go to the next NULL character.
            while (*p++);
          } while (!bFound && *p); // end of string
        }
      }
      bSuccess = TRUE;
      UnmapViewOfFile(pMem);
    } 

    CloseHandle(hFileMap);
  }
  printf("File name is %s\n", pszFilename);
  return(bSuccess);
}

最初由 ANTI 发布
一个进程用CreateFile 创建了一个文件，......另外的进程只是知道这个HANDLE的值，那么另外的这个进程用什么方法可以通过该HANDLE得到该文件的实际文件名呢？

代码的确经典, 不过不能解决楼主的问题, 楼上的请再写一段吧.

楼上的楼上的前辈的代码有问题？楼上前辈能不能分析一下代码中的问题？

代StudentII一下，说错了就当没说哦。

你问的是“另一个进程”，代码中的 hFile 应该是Current Process中的Handle，这大概就是StudentII的意思吧。

确实system有这么一个数据结构,我追过CloseFile,忘了细节

ring0 级 跟踪：CreateFile 与 CloseFile等，，，
时间允许的自己漫漫逆吧

rt
代码是没问题的...

GetModuleFileName

GetModuleFileName
The GetModuleFileName function retrieves the full path and filename for the executable file containing the specified module.

Windows 95: The GetModuleFilename function will return long filenames when an application's version number is greater than or equal to 4.00 and the long filename is available. Otherwise, it returns only 8.3 format filenames.

DWORD GetModuleFileName(
  HMODULE hModule,    // handle to module to find filename for
  LPTSTR lpFilename,  // pointer to buffer to receive module path
  DWORD nSize         // size of buffer, in characters
);

Parameters
hModule
Handle to the module whose executable filename is being requested. If this parameter is NULL, GetModuleFileName returns the path for the file used to create the calling process.
lpFilename
Pointer to a buffer that is filled in with the path and filename of the given module.
nSize
Specifies the length, in characters, of the lpFilename buffer. If the length of the path and filename exceeds this limit, the string is truncated.
Return Values
If the function succeeds, the return value is the length, in characters, of the string copied to the buffer.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks
If a module is loaded in two processes, its module filename in one process may differ in case from its module filename in the other process.

QuickInfo
  Windows NT: Requires version 3.1 or later.
  Windows: Requires Windows 95 or later.
  Windows CE: Unsupported.
  Header: Declared in winbase.h.
  Import Library: Use kernel32.lib.
  Unicode: Implemented as Unicode and ANSI versions on Windows NT.

GetModuleFileNameEx
The GetModuleFileNameEx function retrieves the fully qualified path for the specified module.

DWORD GetModuleFileNameEx(
  HANDLE hProcess,    // handle to the process
  HMODULE hModule,    // handle to the module
  LPTSTR lpFilename,  // buffer that receives the path
  DWORD nSize         // size of the buffer
);

Parameters
hProcess
Handle to the process that contains the module.
hModule
Handle to the module.
lpFilename
Pointer to the buffer that receives the fully qualified path to the module.
nSize
Specifies the size, in bytes, of the lpFilename buffer.
Return Value
If the function succeeds, the return value specifies the length of the string copied to the buffer.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

这儿的hModule和hFile有很大区别的...
这个函数无效..

hModule
Handle to the module whose executable filename is being requested. If this parameter is NULL, GetModuleFileName returns the path for the file used to create the calling process.

对已经存在的executable file应该可以得到全部路径！

兄弟，hFile是内核对象句柄！

我已经实验了4楼 EAsport 前辈的代码，得到经由同一进程内创建的文件名基本上是没有问题的。但我没有测试比较特殊的应用比如：
void main()
{
HANDLE h;

h =
CreateFile("\\\\192.168.60.59\\H$\\boot.ini",GENERIC_READ,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);

GetFileNameFromHandle(h);

CloseHandle(h);

h =
CreateFile("W:\\2120s_2200s_ig.pdf",GENERIC_READ,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);

GetFileNameFromHandle(h);

CloseHandle(h);

h =
CreateFile("\\\\.\\COM1",GENERIC_READ,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);

GetFileNameFromHandle(h);

CloseHandle(h);

h =
CreateFile("\\\\.\\C:",GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);

GetFileNameFromHandle(h);

CloseHandle(h);
}//该测试代码来自微软新闻组lu0前辈

另外问一下当前有没有可以完成从文件句柄得到文件名工具软件？有没有可以单纯通过句柄的值，查出该值对应什么类型的句柄（比如窗口句柄、socket句柄、gdi对象句柄等等）的工具？

最初由 jingulong 发布
代StudentII一下，说错了就当没说哦。

你问的是“另一个进程”，代码中的 hFile 应该是Current Process中的Handle，这大概就是StudentII的意思吧。

正点。你说的，哪有错啊。

最初由 ANTI 发布
另外问一下当前有没有可以完成从文件句柄得到文件名工具软件？有没有可以单纯通过句柄的值，查出该值对应什么类型的句柄（比如窗口句柄、socket句柄、gdi对象句柄等等）的工具？

Sysinternals的ProcessExplorer可以查询所有进程中内核对象的句柄及其信息。
Windows里的句柄种类太多了，不可能单凭值来查类型，而且也没有这个必要。