您现在的位置：首页 >> 算法基础 >> 信息正文

Delphi获取进程的命令行参数

2009-4-16 15:20:35　来源: 转载　作者:wr960204　访问：909 次　被顶：3 次　字号：【大中 小】

type  UNICODE_STRING = packed record    Length: Word;    MaximumLength: Word;    Buffer: PWideChar;  end;  PUNICODE_STRING = UNICODE_STRING;type  PROCESS_PARAMETERS = packed record    AllocationSize: ULONG;    ActualSize: ULONG;    Flags: ULONG;    Unknown1: ULONG;    Unknown2: UNICODE_STRING;    InputHandle: THandle;    OutputHandle: THandle;    ErrorHandle: THandle;    CurrentDirectory: UNICODE_STRING;    CurrentDirectoryHandle: THandle;    SearchPaths: UNICODE_STRING;    ApplicationName: UNICODE_STRING;    CommandLine: UNICODE_STRING;    EnvironmentBlock: Pointer;    Unknown: array[0..9 - 1] of ULONG;    Unknown3: UNICODE_STRING;    Unknown4: UNICODE_STRING;    Unknown5: UNICODE_STRING;    Unknown6: UNICODE_STRING;  end;  PPROCESS_PARAMETERS = ^PROCESS_PARAMETERS; type  PEB = packed record    AllocationSize: ULONG;    Unknown1: ULONG;    ProcessHinstance: Longword;    ListDlls: Pointer;    ProcessParameters: PPROCESS_PARAMETERS;    Unknown2: ULONG;    Heap: THandle;  end;  PPEB = ^PEB;type  _PROCESS_BASIC_INFORMATION = packed record    Reserved1: Pointer;    PebBaseAddress: PPEB;    Reserved2: array[0..1] of Pointer;    UniqueProcessId: PULONG;    Reserved3: Pointer;  end;  PROCESS_BASIC_INFORMATION = _PROCESS_BASIC_INFORMATION;  PPROCESS_BASIC_INFORMATION = ^PROCESS_BASIC_INFORMATION;  PROCESSINFOCLASS = (    ProcessBasicInformation = 0,    ProcessWow64Information = 26  );  NTSTATUS = DWORD;function NtQueryInformationProcess(  ProcessHandle: THandle;  ProcessInformationClass: PROCESSINFOCLASS;  ProcessInformation: Pointer;  ProcessInformationLength: ULONG;  ReturnLength: PULONG): NTSTATUS; stdcall; external 'ntdll.dll' name 'NtQueryInformationProcess';function Process_CmdLine(  mProcessID: THandle): WideString;var  vProcess: THandle;  vProcessBasicInformation: PROCESS_BASIC_INFORMATION;  vPEB: PEB;  vNumberOfBytesRead: Longword;  vProcessParameters: PROCESS_PARAMETERS;begin  Result := '';  vProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,    False, mProcessID);  if vProcess = 0 then Exit;  try    if NtQueryInformationProcess(      vProcess,      ProcessBasicInformation,      @vProcessBasicInformation,      SizeOf(vProcessBasicInformation),      nil) <> 0 then Exit;    if not ReadProcessMemory(vProcess,      vProcessBasicInformation.PebBaseAddress,      @vPEB,      SizeOf(vPEB),      vNumberOfBytesRead) then Exit;    if not ReadProcessMemory(vProcess,      vPEB.ProcessParameters,      @vProcessParameters,      SizeOf(vProcessParameters),      vNumberOfBytesRead) then Exit;    SetLength(Result, vProcessParameters.CommandLine.Length div 2);    if not ReadProcessMemory(vProcess,      vProcessParameters.CommandLine.Buffer,      @Result[1],      vProcessParameters.CommandLine.Length,      vNumberOfBytesRead) then Exit;  finally    CloseHandle(vProcess);  end;end; { Process_CmdLine }procedure EnableDebug();var    VerInfo:TOSVersionInfo;    hToken:THANDLE;    tkp:TOKEN_PRIVILEGES;    Nothing:Cardinal;begin    VerInfo.dwOSVersionInfoSize:=SizeOf(VerInfo);    GetVersionEx(VerInfo);    if VerInfo.dwPlatformId=VER_PLATFORM_WIN32_NT then    Begin        OpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,hToken);        LookupPrivilegeValue(nil,'SeDebugPrivilege',tkp.Privileges[0].Luid);        tkp.PrivilegeCount:= 1;        tkp.Privileges[0].Attributes:= SE_PRIVILEGE_ENABLED;        AdjustTokenPrivileges(hToken, FALSE, tkp, 0,nil, Nothing);    end;end;

打印本文   加入收藏   返回顶部   关闭窗口Tags：进程|命令行参数  

上一篇：Delphi把转换Byte数组到Integer

下一篇：一个检测Delphi是否正在运行的函数

相关文章列表

• ·Delphi监控指定进程自动守护错误中间件
• ·Delphi中在Ring3下根据PID隐藏进程
• ·Delphi写的等待进程运行结束函数
• ·Delphi中利用WTSEnumerateProcesses枚举进程
• ·Delphi中引用TLHelp32单元结束进程
• ·Delphi中引用TLHelp32单元显示进程列表

参与评论