您现在的位置:首页 >> 基础算法 >> window基础 >> 内容

Delphi获取进程的命令行参数

时间:2011/9/3 15:34:05 点击:

  核心提示:type UNICODE_STRING = packed record Length: Word; MaximumLength: Word; Buffer: PWideChar; end; PUNIC...

type

  UNICODE_STRING = packed record

    Length: Word;

    MaximumLength: Word;

    Buffer: PWideChar;

  end;

  PUNICODE_STRING = UNICODE_STRING;

type

  PROCESS_PARAMETERS = packed record

    AllocationSize: ULONG;

    ActualSize: ULONG;

    Flags: ULONG;

    Unknown1: ULONG;

    Unknown2: UNICODE_STRING;

    InputHandle: THandle;

    OutputHandle: THandle;

    ErrorHandle: THandle;

    CurrentDirectory: UNICODE_STRING;

    CurrentDirectoryHandle: THandle;

    SearchPaths: UNICODE_STRING;

    ApplicationName: UNICODE_STRING;

    CommandLine: UNICODE_STRING;

    EnvironmentBlock: Pointer;

    Unknown: array[0..9 - 1] of ULONG;

    Unknown3: UNICODE_STRING;

    Unknown4: UNICODE_STRING;

    Unknown5: UNICODE_STRING;

    Unknown6: UNICODE_STRING;

  end;

  PPROCESS_PARAMETERS = ^PROCESS_PARAMETERS;

 

type

  PEB = packed record

    AllocationSize: ULONG;

    Unknown1: ULONG;

    ProcessHinstance: Longword;

    ListDlls: Pointer;

    ProcessParameters: PPROCESS_PARAMETERS;

    Unknown2: ULONG;

    Heap: THandle;

  end;

  PPEB = ^PEB;

type

  _PROCESS_BASIC_INFORMATION = packed record

    Reserved1: Pointer;

    PebBaseAddress: PPEB;

    Reserved2: array[0..1] of Pointer;

    UniqueProcessId: PULONG;

    Reserved3: Pointer;

  end;

  PROCESS_BASIC_INFORMATION = _PROCESS_BASIC_INFORMATION;

  PPROCESS_BASIC_INFORMATION = ^PROCESS_BASIC_INFORMATION;

  PROCESSINFOCLASS = (

    ProcessBasicInformation = 0,

    ProcessWow64Information = 26

  );

  NTSTATUS = DWORD;

function NtQueryInformationProcess(

  ProcessHandle: THandle;

  ProcessInformationClass: PROCESSINFOCLASS;

  ProcessInformation: Pointer;

  ProcessInformationLength: ULONG;

  ReturnLength: PULONG

): NTSTATUS; stdcall; external 'ntdll.dll' name 'NtQueryInformationProcess';

function Process_CmdLine(

  mProcessID: THandle

): WideString;

var

  vProcess: THandle;

  vProcessBasicInformation: PROCESS_BASIC_INFORMATION;

  vPEB: PEB;

  vNumberOfBytesRead: Longword;

  vProcessParameters: PROCESS_PARAMETERS;

begin

  Result := '';

  vProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,

    False, mProcessID);

  if vProcess = 0 then Exit;

  try

    if NtQueryInformationProcess(

      vProcess,

      ProcessBasicInformation,

      @vProcessBasicInformation,

      SizeOf(vProcessBasicInformation),

      nil) <> 0 then Exit;

    if not ReadProcessMemory(vProcess,

      vProcessBasicInformation.PebBaseAddress,

      @vPEB,

      SizeOf(vPEB),

      vNumberOfBytesRead) then Exit;

    if not ReadProcessMemory(vProcess,

      vPEB.ProcessParameters,

      @vProcessParameters,

      SizeOf(vProcessParameters),

      vNumberOfBytesRead) then Exit;

    SetLength(Result, vProcessParameters.CommandLine.Length div 2);

    if not ReadProcessMemory(vProcess,

      vProcessParameters.CommandLine.Buffer,

      @Result[1],

      vProcessParameters.CommandLine.Length,

      vNumberOfBytesRead) then Exit;

  finally

    CloseHandle(vProcess);

  end;

end; { Process_CmdLine }

procedure EnableDebug();
var
    VerInfo:TOSVersionInfo;
    hToken:THANDLE;
    tkp:TOKEN_PRIVILEGES;
    Nothing:Cardinal;
begin
    VerInfo.dwOSVersionInfoSize:=SizeOf(VerInfo);
    GetVersionEx(VerInfo);
    if VerInfo.dwPlatformId=VER_PLATFORM_WIN32_NT then
    Begin
        OpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,hToken);
        LookupPrivilegeValue(nil,'SeDebugPrivilege',tkp.Privileges[0].Luid);
        tkp.PrivilegeCount:= 1;
        tkp.Privileges[0].Attributes:= SE_PRIVILEGE_ENABLED;
        AdjustTokenPrivileges(hToken, FALSE, tkp, 0,nil, Nothing);
    end;
end;

作者:wr960204 来源:转载
共有评论 0相关评论
发表我的评论
  • 大名:
  • 内容:
  • 盒子文章(www.2ccc.com) © 2019 版权所有 All Rights Reserved.
  • 沪ICP备05001939号