|
Registriert seit: 10. Mär 2006
34 Beiträge
|
Re: Die Start Parameter eines laufenden Prozesses abfragen
16. Apr 2010, 13:46
Habs rausgefunden 
und möchte euch diesen Code nicht vorenthalten.
Delphi-Quellcode:
type
TUnicodeString = record
Length: ShortInt;
MaxLength: ShortInt;
Buffer: PWideChar;
end;
TProcessBasicInformation = record
ExitStatus: DWord;
PEBBaseAddress: Pointer;
AffinityMask: DWord;
BasePriority: DWord;
UniqueProcessID: Word;
ParentProcessID: DWord;
end;
function NtQueryInformationProcess(ProcessHandle:THandle; ProcessInformationClass:DWord; ProcessInformation:Pointer; ProcessInformationLength:DWord; ReturnLength:Pointer): DWORD; stdcall; external 'ntdll.dll' name 'NtQueryInformationProcess';
function GetProcessParams(ProcHandle:THandle):String;
var ProcBasInfo : TProcessBasicInformation;
PMBAddress : Pointer;
RtlUserProcAddress : Pointer;
RetSize : DWord;
CommandLine : TUnicodeString;
CommandLineCont : WideString;
begin
Result := '';
RetSize := NtQueryInformationProcess(ProcHandle, 0, @ProcBasInfo, SizeOf(ProcBasInfo), NIL);
if RetSize = 0 then
begin
PMBAddress := ProcBasInfo.PEBBaseAddress;
if Assigned(PMBAddress) then
if ReadProcessMemory(ProcHandle, Pointer(Longint(PMBAddress) + $10), @RtlUserProcAddress, sizeof(Pointer), RetSize) then
if ReadProcessMemory(ProcHandle, Pointer(Longint(RtlUserProcAddress) + $40), @CommandLine, sizeof(CommandLine), RetSize) then
begin
SetLength(CommandLineCont, CommandLine.length);
if ReadProcessMemory(ProcHandle, CommandLine.Buffer, @CommandLineCont[1], CommandLine.Length, RetSize) then
Result := WideCharLenToString(PWideChar(CommandLineCont), CommandLine.Length div 2);
end;
end;
end;
[edit=SirThornberry]Code umformatiert für Zeilenumbruch - Mfg, SirThornberry[/edit]
|
|
|
Zitat
|