获取进程的命令行参数

转自我的旧博客

type

UNICODE_STRING = packed record

Length: Word;

MaximumLength: Word;

Buffer: PWideChar;

end;

PUNICODE_STRING = UNICODE_STRING;

type

PROCESS_PARAMETERS = packed record

AllocationSize: ULONG;

ActualSize: ULONG;

Flags: ULONG;

Unknown1: ULONG;

Unknown2: UNICODE_STRING;

InputHandle: THandle;

OutputHandle: THandle;

ErrorHandle: THandle;

CurrentDirectory: UNICODE_STRING;

CurrentDirectoryHandle: THandle;

SearchPaths: UNICODE_STRING;

ApplicationName: UNICODE_STRING;

CommandLine: UNICODE_STRING;

EnvironmentBlock: Pointer;

Unknown: array[0..9 - 1] of ULONG;

Unknown3: UNICODE_STRING;

Unknown4: UNICODE_STRING;

Unknown5: UNICODE_STRING;

Unknown6: UNICODE_STRING;

end;

PPROCESS_PARAMETERS = ^PROCESS_PARAMETERS;

type

PEB = packed record

AllocationSize: ULONG;

Unknown1: ULONG;

ProcessHinstance: Longword;

ListDlls: Pointer;

ProcessParameters: PPROCESS_PARAMETERS;

Unknown2: ULONG;

Heap: THandle;

end;

PPEB = ^PEB;

type

_PROCESS_BASIC_INFORMATION = packed record

Reserved1: Pointer;

PebBaseAddress: PPEB;

Reserved2: array[0..1] of Pointer;

UniqueProcessId: PULONG;

Reserved3: Pointer;

end;

PROCESS_BASIC_INFORMATION = _PROCESS_BASIC_INFORMATION;

PPROCESS_BASIC_INFORMATION = ^PROCESS_BASIC_INFORMATION;

PROCESSINFOCLASS = (

ProcessBasicInformation = 0,

ProcessWow64Information = 26

);

NTSTATUS = DWORD;

function NtQueryInformationProcess(

ProcessHandle: THandle;

ProcessInformationClass: PROCESSINFOCLASS;

ProcessInformation: Pointer;

ProcessInformationLength: ULONG;

ReturnLength: PULONG

): NTSTATUS; stdcall; external ‘ntdll.dll’ name ‘NtQueryInformationProcess';

function Process_CmdLine(

mProcessID: THandle

): WideString;

var

vProcess: THandle;

vProcessBasicInformation: PROCESS_BASIC_INFORMATION;

vPEB: PEB;

vNumberOfBytesRead: Longword;

vProcessParameters: PROCESS_PARAMETERS;

begin

//设计 Zswang 2006-09-09 wjhu111#21cn.com 尊重作者,转贴请注明出处

Result := ”;

vProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,

False, mProcessID);

if vProcess = 0 then Exit;

try

if NtQueryInformationProcess(

vProcess,

ProcessBasicInformation,

@vProcessBasicInformation,

SizeOf(vProcessBasicInformation),

nil) <> 0 then Exit;

if not ReadProcessMemory(vProcess,

vProcessBasicInformation.PebBaseAddress,

@vPEB,

SizeOf(vPEB),

vNumberOfBytesRead) then Exit;

if not ReadProcessMemory(vProcess,

vPEB.ProcessParameters,

@vProcessParameters,

SizeOf(vProcessParameters),

vNumberOfBytesRead) then Exit;

SetLength(Result, vProcessParameters.CommandLine.Length div 2);

if not ReadProcessMemory(vProcess,

vProcessParameters.CommandLine.Buffer,

@Result[1],

vProcessParameters.CommandLine.Length,

vNumberOfBytesRead) then Exit;

finally

CloseHandle(vProcess);

end;

end; { Process_CmdLine }

procedure EnableDebug();
var
VerInfo:TOSVersionInfo;
hToken:THANDLE;
tkp:TOKEN_PRIVILEGES;
Nothing:Cardinal;
begin
VerInfo.dwOSVersionInfoSize:=SizeOf(VerInfo);
GetVersionEx(VerInfo);
if VerInfo.dwPlatformId=VER_PLATFORM_WIN32_NT then
Begin
OpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,hToken);
LookupPrivilegeValue(nil,’SeDebugPrivilege’,tkp.Privileges[0].Luid);
tkp.PrivilegeCount:= 1;
tkp.Privileges[0].Attributes:= SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, tkp, 0,nil, Nothing);

CloseHandle(hToken);
end;
end;

此条目发表在Delphi, 未分类分类目录。将固定链接加入收藏夹。

发表评论

电子邮件地址不会被公开。

您可以使用这些HTML标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

你必须启用JavaScript