function GetProcessCommandLine(pID: Cardinal):string;
var
  hProcess, hHeap: THandle;
  dwsize, dwSizeNeeded, dwBytesRead: DWORD;
  dwStatus: LONG;
  pbi : smPPROCESS_BASIC_INFORMATION;
  spi : smPROCESSINFO;
  peb : smPEB;
  bpp: smRTL_USER_PROCESS_PARAMETERS;
  pWideStrBuf: PWideChar;
begin
  if not EnableTokenPrivilege(SE_DEBUG_NAME) then
  begin
     // writeln('Debug privileges not available for current user.');
  end;

  result := '';
  hProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, // PROCESS_ALL_ACCESS,//
              false, PID);
  if hProcess = 0 then
  begin
    // writeln('Could not open process #',pID,' with desired privileges. Error ',GetLastError);
    exit;
  end;
  // else writeln('access granted.');

  if IsNTDLLLibraryLoaded then
  begin
    hHeap := GetProcessHeap;
    if hHeap <> 0 then
    begin
      dwSize := sizeof(smPROCESS_BASIC_INFORMATION);
      pbi := HeapAlloc(hHeap, HEAP_ZERO_MEMORY, dwSize);
      if assigned(pbi) then
      begin
        dwStatus := NtQueryInformationProcess(hProcess, ProcessBasicInformation, Pointer(pbi), dwSize, @dwSizeNeeded);
        if dwStatus >= 0 then
        begin
          spi.dwPID := DWORD (pbi^.UniqueProcessId);
          spi.dwParentPID := DWORD (pbi^.InheritedFromUniqueProcessId);
          spi.dwBasePriority := LONG (pbi^.BasePriority);
          spi.dwExitStatus := NTSTATUS (pbi^.ExitStatus);
          spi.dwPEBBaseAddress := DWORD (pbi^.PebBaseAddress);
          spi.dwAffinityMask := DWORD (pbi^.AffinityMask);

          if 0 <> spi.dwPEBBaseAddress then
          begin
            if ReadProcessMemory ( hProcess, Pointer(spi.dwPEBBaseAddress), @peb, sizeof(peb), dwBytesRead) then
            begin
              spi.dwSessionID := DWORD (peb.SessionId);
              spi.cBeingDebugged := BYTE (peb.BeingDebugged);
              try
                if assigned(peb.ProcessParameters) then
                begin
                  ReadProcessMemory( hProcess,Pointer(peb.ProcessParameters),@bpp,sizeof(bpp),dwBytesRead);
                  if bpp.CommandLine.Length > 0 then
                  begin
                    pWideStrBuf := HeapAlloc(hHeap,HEAP_ZERO_MEMORY,bpp.CommandLine.Length*sizeof(WideChar));
                    ReadProcessMemory( hProcess,
                            bpp.CommandLine.Buffer,
                            pWideStrBuf,
                            bpp.CommandLine.Length*sizeof(WideChar),
                            dwBytesRead);
                    result := WideCharToString(pWideStrBuf);
                    HeapFree(hHeap,0,pWideStrBuf);
                  end;
                end;
              except
              else
                result := ' - ';
              end;
            end; // else writeln('ReadMemory Failed.');
          end; // else writeln('PEB Base Address is NULL.');
        end; // else writeln('NtQueryInformationProcess Failed.');
      end; // else writeln('HeapAlloc Failed.');
      if hHeap <> 0 then windows.HeapFree(hHeap,0,pbi); // 0 : Do not specify this value when accessing the process heap. The system may create additional threads within the application's process, such as a CTRL+C handler, that simultaneously access the process heap. Otherwise, use HEAP_NO_SERIALIZE = 1
    end;
  end;

  CloseHandle(hProcess);
end;