R3；在32位进程中得到64位进程映像路径

32位进程中，所有已知的API函数都无法获得正确的64位进程映像路径。见zyhfut高论：http://bbs.pediy.com/showthread.php?t=129136；只能靠NtQueryInformationProcess和2B；

贴代码以励共勉；

typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR  Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

_Check_return_ BOOL QueryProcessImageFileName( __in HANDLE hProcess,
__out_ecount( cchSize ) LPTSTR lpImageFileName,
_In_ DWORD cchSize )
{
ASSERT( hProcess != NULL );
ASSERT( lpImageFileName != NULL );
ASSERT( cchSize != 0 );

NTSTATUS( WINAPI *NtQueryInformationProcess )(HANDLE, DWORD, LPVOID/* UNICODE_STRING* */, ULONG, PULONG) = NULL;
if( NtQueryInformationProcess == NULL )
{
HMODULE hNtDll = GetModuleHandle( _T( "ntdll.dll" ) );
VERIFY( hNtDll != NULL );
NtQueryInformationProcess =
(PFN_NtQueryInformationProcess)GetProcAddress( hNtDll,
"NtQueryInformationProcess" );
VERIFY( NtQueryInformationProcess != NULL );
}

__pragma(push_macro( "ProcessImageFileNameWin32" ));
#undef ProcessImageFileNameWin32
#define ProcessImageFileNameWin32		(0x2B)
#define UNICODE_STRING_LENGTH		(sizeof( USHORT ) + sizeof( USHORT ) + sizeof( PWSTR ))
WCHAR achImageFileName[MAX_PATH + UNICODE_STRING_LENGTH + 1 ] = { 0 };
if( NtQueryInformationProcess( hProcess,
ProcessImageFileNameWin32,
achImageFileName,
sizeof( achImageFileName ),
NULL ) != ERROR_SUCCESS ){
return FALSE;
}

LPCWSTR lpImageFileNamePtrW = (LPCWSTR)((CHAR*)achImageFileName + UNICODE_STRING_LENGTH);

#if defined( _UNICODE )
return SUCCEEDED( StringCbCopyW( lpImageFileName,
(size_t)((USHORT)*((CHAR*)achImageFileName+sizeof(USHORT))),
lpImageFileNamePtrW ) );
#else
USES_CONVERSION;
LPCSTR lpImageFileNamePtrA = W2A( lpImageFileNamePtrW );
SIZE_T cchImageFileNameALength = 0;
if( FAILED( StringCchLength( lpImageFileNamePtrA,
STRSAFE_MAX_LENGTH,
(size_t*)&cchImageFileNameALength ) ) ){
return FALSE;
}
return SUCCEEDED( StringCchCopyN( lpImageFileName,
cchSize,
lpImageFileNamePtrA,
cchImageFileNameALength ) );
#endif
__pragma(pop_macro( "ProcessImageFileNameWin32" ));
}