Я самый любопытный
Участник клуба
Регистрация: 24.07.2012
Сообщений: 1,949
|
То, что Аватар посоветовал, работает не полностью: несколько процессов показывает полные пути. Я проверял не только на Windows 7, но и на Windows XP - там и там не все процессы. А я хочу узнать командную строку для любого процесса!
На всякий случай выложу проект, может кто-нибудь подскажет верно!
Код:
uses TLHelp32;
type
USHORT = WORD;
NTSTATUS = Longint;
PVOID = Pointer;
KSPIN_LOCK = ULONG;
KAFFINITY = ULONG;
KPRIORITY = Integer;
_UNICODE_STRING = record
Length: WORD;
MaximumLength: WORD;
Buffer:PWideChar;
end;
UNICODE_STRING = _UNICODE_STRING;
_CURDIR = record
DosPath: UNICODE_STRING;
Handle: THandle;
end;
CURDIR = _CURDIR;
PLIST_ENTRY = ^_LIST_ENTRY;
_LIST_ENTRY = record
Flink: PLIST_ENTRY;
Blink: PLIST_ENTRY;
end;
LIST_ENTRY = _LIST_ENTRY;
_PEB_LDR_DATA = record
Length: ULONG;
Initialized: BOOLEAN;
SsHandle: PVOID;
InLoadOrderModuleList: LIST_ENTRY;
InMemoryOrderModuleList: LIST_ENTRY;
InInitializationOrderModuleList: LIST_ENTRY;
end;
PPEB_LDR_DATA = ^_PEB_LDR_DATA;
_RTL_DRIVE_LETTER_CURDIR = record
Flags: WORD;
Length: WORD;
TimeStamp: DWORD;
DosPath: UNICODE_STRING;
end;
RTL_DRIVE_LETTER_CURDIR = _RTL_DRIVE_LETTER_CURDIR;
_PROCESS_PARAMETERS = record
MaximumLength: ULONG;
Length: ULONG;
Flags: ULONG;
DebugFlags: ULONG;
ConsoleHandle: THANDLE;
ConsoleFlags: ULONG;
StandardInput: THANDLE;
StandardOutput: THANDLE;
StandardError: THANDLE;
CurrentDirectory: CURDIR;
DllPath: UNICODE_STRING;
ImagePathName: UNICODE_STRING;
CommandLine: UNICODE_STRING;
Environment: PWideChar;
StartingX: ULONG;
StartingY: ULONG;
CountX: ULONG;
CountY: ULONG;
CountCharsX: ULONG;
CountCharsY: ULONG;
FillAttribute: ULONG;
WindowFlags: ULONG;
ShowWindowFlags: ULONG;
WindowTitle: UNICODE_STRING;
Desktop: UNICODE_STRING;
ShellInfo: UNICODE_STRING;
RuntimeInfo: UNICODE_STRING;
CurrentDirectores: array[0..31] of RTL_DRIVE_LETTER_CURDIR;
end;
PROCESS_PARAMETERS = _PROCESS_PARAMETERS;
PPROCESS_PARAMETERS = ^_PROCESS_PARAMETERS;
PPEBLOCKROUTINE = procedure; stdcall;
PPEB_FREE_BLOCK = ^_PEB_FREE_BLOCK;
_PEB_FREE_BLOCK = record
Next: PPEB_FREE_BLOCK;
Size: ULONG;
end;
_RTL_BITMAP = record
SizeOfBitMap: DWORD;
Buffer: PDWORD;
end;
PRTL_BITMAP = ^_RTL_BITMAP;
_SYSTEM_STRINGS = record
SystemRoot: UNICODE_STRING;
System32Root: UNICODE_STRING;
BaseNamedObjects: UNICODE_STRING;
end;
PSYSTEM_STRINGS = ^_SYSTEM_STRINGS;
_TEXT_INFO = record
Reserved: PVOID;
SystemStrings: PSYSTEM_STRINGS;
end;
PTEXT_INFO = ^_TEXT_INFO;
_PEB = record
InheritedAddressSpace: UCHAR;
ReadImageFileExecOptions: UCHAR;
BeingDebugged: UCHAR;
SpareBool: BYTE;
Mutant: PVOID;
ImageBaseAddress: PVOID;
Ldr: PPEB_LDR_DATA;
ProcessParameters: PPROCESS_PARAMETERS;
SubSystemData: PVOID;
ProcessHeap: PVOID;
FastPebLock: KSPIN_LOCK;
FastPebLockRoutine: PPEBLOCKROUTINE;
FastPebUnlockRoutine: PPEBLOCKROUTINE;
EnvironmentUpdateCount: ULONG;
KernelCallbackTable: PPOINTER;
EventLogSection: PVOID;
EventLog: PVOID;
FreeList: PPEB_FREE_BLOCK;
TlsExpansionCounter: ULONG;
TlsBitmap: PRTL_BITMAP;
TlsBitmapData: array[0..1] of ULONG;
ReadOnlySharedMemoryBase: PVOID;
ReadOnlySharedMemoryHeap: PVOID;
ReadOnlyStaticServerData: PTEXT_INFO;
InitAnsiCodePageData: PVOID;
InitOemCodePageData: PVOID;
InitUnicodeCaseTableData: PVOID;
KeNumberProcessors: ULONG;
NtGlobalFlag: ULONG;
d6C: DWORD;
MmCriticalSectionTimeout: Int64;
MmHeapSegmentReserve: ULONG;
MmHeapSegmentCommit: ULONG;
MmHeapDeCommitTotalFreeThreshold: ULONG;
MmHeapDeCommitFreeBlockThreshold: ULONG;
NumberOfHeaps: ULONG;
AvailableHeaps: ULONG;
ProcessHeapsListBuffer: PHANDLE;
GdiSharedHandleTable: PVOID;
ProcessStarterHelper: PVOID;
GdiDCAttributeList: PVOID;
LoaderLock: KSPIN_LOCK;
NtMajorVersion: ULONG;
NtMinorVersion: ULONG;
NtBuildNumber: USHORT;
NtCSDVersion: USHORT;
PlatformId: ULONG;
Subsystem: ULONG;
MajorSubsystemVersion: ULONG;
MinorSubsystemVersion: ULONG;
AffinityMask: KAFFINITY;
GdiHandleBuffer: array[0..33] of ULONG;
PostProcessInitRoutine: ULONG;
TlsExpansionBitmap: ULONG;
TlsExpansionBitmapBits: array[0..127] of UCHAR;
SessionId: ULONG;
AppCompatFlags: Int64;
CSDVersion: PWORD;
end;
PEB = _PEB;
PPEB = ^_PEB;
_PROCESS_BASIC_INFORMATION = record
ExitStatus: NTSTATUS;
PebBaseAddress: PPEB;
AffinityMask: KAFFINITY;
BasePriority: KPRIORITY;
UniqueProcessId: ULONG;
InheritedFromUniqueProcessId: ULONG;
end;
PROCESS_BASIC_INFORMATION = _PROCESS_BASIC_INFORMATION;
PROCESSINFOCLASS = (
ProcessBasicInformation,
ProcessQuotaLimits,
ProcessIoCounters,
ProcessVmCounters,
ProcessTimes,
ProcessBasePriority,
ProcessRaisePriority,
ProcessDebugPort,
ProcessExceptionPort,
ProcessAccessToken,
ProcessLdtInformation,
ProcessLdtSize,
ProcessDefaultHardErrorMode,
ProcessIoPortHandlers,
ProcessPooledUsageAndLimits,
ProcessWorkingSetWatch,
ProcessUserModeIOPL,
ProcessEnableAlignmentFaultFixup,
ProcessPriorityClass,
ProcessWx86Information,
ProcessHandleCount,
ProcessAffinityMask,
ProcessPriorityBoost,
ProcessDeviceMap,
ProcessSessionInformation,
ProcessForegroundInformation,
ProcessWow64Information,
ProcessImageFileName,
ProcessLUIDDeviceMapsEnabled,
ProcessBreakOnTermination,
ProcessDebugObjectHandle,
ProcessDebugFlags,
ProcessHandleTracing,
ProcessIoPriority,
ProcessExecuteFlags,
ProcessResourceManagement,
ProcessCookie,
ProcessImageInformation,
MaxProcessInfoClass);
function NtQueryInformationProcess(ProcessHandle: THANDLE;
ProcessInformationClass: PROCESSINFOCLASS; ProcessInformation: pointer;
ProcessInformationLength: ULONG; ReturnLength: PDWORD): DWORD; stdcall;
external 'NTDLL.DLL';
function GetProcessCmdLine(PID:DWORD):string;
var
hProcess:THandle;
pProcBasicInfo:PROCESS_BASIC_INFORMATION;
ReturnLength:DWORD;
prb:PEB;
ProcessParameters:PROCESS_PARAMETERS;
cb:cardinal;
ws:WideString;
begin
Result:='';
hProcess:=OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,false,PID);
If hProcess<>0 then
try
If NtQueryInformationProcess(hProcess,ProcessBasicInformation,
@pProcBasicInfo,sizeof(PROCESS_BASIC_INFORMATION),@ReturnLength)=0 then
begin
If ReadProcessMemory(hProcess,pProcBasicInfo.PebBaseAddress,@prb,
sizeof(PEB),cb) then
If ReadProcessMemory(hProcess,prb.ProcessParameters,
@ProcessParameters,sizeof(PROCESS_PARAMETERS),cb) then
begin
SetLength(ws,(ProcessParameters.CommandLine.Length div 2));
If ReadProcessMemory(hProcess,ProcessParameters.CommandLine.Buffer,
PWideChar(ws),ProcessParameters.CommandLine.Length,cb) then
Result:=string(ws);
end;
end;
finally
CloseHandle(hProcess);
end;
end;
|