Delphi 获取进程路径及命令行参数, 但有的进程获取时会报错,不知为啥

type

  PVOID64 = UINT64;

  _UNICODE_STRING = packed record

    Length : USHORT;

    MaximumLength : USHORT;

    Buffer : PWideChar;

  end;

  UNICODE_STRING = _UNICODE_STRING;

  PUNICODE_STRING =^_UNICODE_STRING;

  _UNICODE_STRING64 = packed record

    Length : USHORT;

    MaximumLength : USHORT;

    Fill : DWORD;

    Buffer : PVOID64;

  end;

  UNICODE_STRING64 = _UNICODE_STRING64;

  PUNICODE_STRING64 =^_UNICODE_STRING64;

  __PEB = packed record

    Filler : array [..] of DWORD;

    ProcessParameters : DWORD;

  end;

  __PEB64 = packed record

    Filler : array [..] of PVOID64;

    ProcessParameters : PVOID64;

  end;

  _CURDIR = packed record

    DosPath : UNICODE_STRING;

    Handle : THANDLE;

  end;

  _CURDIR64 = packed record

    DosPath : UNICODE_STRING64;

    Handle : PVOID64;

  end;

  _RTL_USER_PROCESS_PARAMETERS = packed record

    MaximumLength   :DWORD;

    Length          :DWORD;

    Flags           :DWORD;

    DebugFlags      :DWORD;

    ConsoleHandle   :THandle;

    ConsoleFlags    :DWORD;

    StandardInput   :THandle;

    StandardOutput  :THandle;

    StandardError   :THandle;

    //////////////////////////

    DosPath         :UNICODE_STRING;    //CurrentDirectory

    Handle          :THANDLE;

    //////////////////////////

    DllPath         :UNICODE_STRING;

    ImagePathName   :UNICODE_STRING;

    CmdLine         :UNICODE_STRING;

  end;

  _RTL_USER_PROCESS_PARAMETERS64 = record

    MaximumLength   :DWORD;

    Length          :DWORD;

    Flags           :DWORD;

    DebugFlags      :DWORD;

    ConsoleHandle   :PVOID64;

    ConsoleFlags    :DWORD;

    StandardInput   :PVOID64;

    StandardOutput  :PVOID64;

    StandardError   :PVOID64;

    //////////////////////////

    CurrentDirectory:_CURDIR64;

    //////////////////////////

    DllPath         :UNICODE_STRING64;

    ImagePathName   :UNICODE_STRING64;

    CmdLine         :UNICODE_STRING64;

  end;

  _PROCESS_BASIC_INFORMATION = packed record

    Reserved1       :PVOID;

    PebBaseAddress  :PVOID;

    Reserved2       :Array [..] of PVOID;

    UniqueProcessId :PVOID;

    Reserved3       :PVOID;

  end;

  PROCESS_BASIC_INFORMATION  =_PROCESS_BASIC_INFORMATION;

  PPROCESS_BASIC_INFORMATION =^_PROCESS_BASIC_INFORMATION;

  _PROCESS_BASIC_INFORMATION64 = packed record

    Reserved1       :PVOID64;

    PebBaseAddress  :PVOID64;

    Reserved2       :Array [..] of PVOID64;

    UniqueProcessId :PVOID64;

    Reserved3       :PVOID64;

  end;

  PROCESS_BASIC_INFORMATION64  =_PROCESS_BASIC_INFORMATION64;

  PPROCESS_BASIC_INFORMATION64 =^_PROCESS_BASIC_INFORMATION64;

  TNtQueryInformationProcess = function(a:THANDLE;b:UINT;c:PVOID;d:ULONG;e:PULONG):LONG; stdcall;

  TNtReadVirtualMemory = function(ProcessHandle:THANDLE; BaseAddress:PVOID; Buffer:PVOID; NumberOfBytesToRead:ULONG; NumberOfBytesReaded:PULONG):LONG; stdcall;

  TNtReadVirtualMemory64 = function(ProcessHandle:THANDLE; BaseAddress:PVOID64; Buffer:PVOID; NumberOfBytesToRead:UINT64; NumberOfBytesReaded:PUINT64):LONG; stdcall;

  TISWOW64PROCESS = function(hProcess:THANDLE; var Wow64Process:BOOL):BOOL; stdcall;

  function GetProcessImagePathAndCmdLine(hProcess:THandle; var ImagePath:string; var CmdLine:string):Boolean;

implementation

function GetProcessImagePathAndCmdLine32(hProcess:THandle; var ImagePath:string; var CmdLine:string):Boolean;

var

  pbi : PROCESS_BASIC_INFORMATION;

  pfnNtQueryInformationProcess : TNtQueryInformationProcess;

  pfnNtReadVirtualMemory : TNtReadVirtualMemory;

  dwSize:DWORD;

  size:SIZE_T;

  iReturn:Integer;

  pAddrPEB:PVOID;

  PEB:__PEB;

  stBlock:_RTL_USER_PROCESS_PARAMETERS;

  PathBuffer : PByte;

begin

  Result := False;

  @pfnNtQueryInformationProcess := GetProcAddress(GetModuleHandle('ntdll.dll'),'NtQueryInformationProcess');

  @pfnNtReadVirtualMemory := GetProcAddress(GetModuleHandle('ntdll.dll'),'NtReadVirtualMemory');

  if ( Assigned(pfnNtQueryInformationProcess) ) then

  begin

    pAddrPEB := nil;

    iReturn := pfnNtQueryInformationProcess(hProcess,,@pbi,sizeof(pbi),@dwSize);

    pAddrPEB := pbi.PebBaseAddress;

    // NtQueryInformationProcess returns a negative value if it fails

    if (iReturn >= ) then

    begin

      // . Find the Process Environment Block

      size := dwSize;

      if ( ERROR_SUCCESS <> pfnNtReadVirtualMemory(hProcess, pAddrPEB, @PEB, sizeof(PEB), PULONG(@size)) ) then

      begin

        // Call GetLastError() if you need to know why

        Exit;

      end;

      // . From this PEB, get the address of the block containing

      // a pointer to the CmdLine

      if ( ERROR_SUCCESS <> pfnNtReadVirtualMemory(hProcess, PVOID(PEB.ProcessParameters), @stBlock, sizeof(stBlock), PULONG(@size))) then

      begin

        // Call GetLastError() if you need to know why

        Exit;

      end;

      // . Get the ImagePathName

      if (stBlock.ImagePathName.MaximumLength <= ) then

      begin

        PathBuffer := GetMemory(stBlock.ImagePathName.MaximumLength);

        FillChar(PathBuffer^,stBlock.ImagePathName.MaximumLength,);

        if (stBlock.ImagePathName.MaximumLength <= ) and ( ERROR_SUCCESS = pfnNtReadVirtualMemory(hProcess, PVOID(stBlock.ImagePathName.Buffer), PVOID(PathBuffer), stBlock.ImagePathName.Length*sizeof(Char), PULONG(@size))) then

        begin    // Call GetLastError() if you need to know why

          SetString(ImagePath,PChar(PathBuffer),stBlock.ImagePathName.Length div );

          Result := True;

        end;

        FreeMemory(PathBuffer);

      end;

        // . Get the CmdLine

      if (stBlock.CmdLine.MaximumLength <= ) then

      begin

        PathBuffer := GetMemory(stBlock.CmdLine.MaximumLength);

        FillChar(PathBuffer^,stBlock.CmdLine.MaximumLength,);

        if ( ERROR_SUCCESS = pfnNtReadVirtualMemory(hProcess, PVOID(stBlock.CmdLine.Buffer), PVOID(PathBuffer), stBlock.CmdLine.Length*sizeof(Char), PULONG(@size))) then

        begin    // Call GetLastError() if you need to know why

          SetString(CmdLine,PChar(PathBuffer),stBlock.CmdLine.Length div );

          Result := True;

        end;

        FreeMemory(PathBuffer);

      end;

    end;

  end;

end;

function GetProcessImagePathAndCmdLine64(hProcess:THandle; var ImagePath:string; var CmdLine:string):Boolean;

var

  pbi : PROCESS_BASIC_INFORMATION64;

  pfnNtQueryInformationProcess : TNtQueryInformationProcess;

  pfnNtReadVirtualMemory : TNtReadVirtualMemory64;

  dwSize:DWORD;

  size:UINT64;

  iReturn:Integer;

  pAddrPEB:PVOID64;

  PEB:__PEB64;

  stBlock:_RTL_USER_PROCESS_PARAMETERS64;

  PathBuffer : PByte;

begin

  Result := False;

  @pfnNtQueryInformationProcess := GetProcAddress(GetModuleHandle('ntdll.dll'),'NtWow64QueryInformationProcess64');

  @pfnNtReadVirtualMemory := GetProcAddress(GetModuleHandle('ntdll.dll'),'NtWow64ReadVirtualMemory64');

  if ( Assigned(pfnNtQueryInformationProcess) ) then

  begin

    pAddrPEB := ;

    iReturn := pfnNtQueryInformationProcess(hProcess,,@pbi,sizeof(pbi),PULONG(@dwSize));

    pAddrPEB := pbi.PebBaseAddress;

    // NtQueryInformationProcess returns a negative value if it fails

    if (iReturn >= ) then

    begin

      // . Find the Process Environment Block

      size := dwSize;

      if ( ERROR_SUCCESS <> pfnNtReadVirtualMemory(hProcess, pAddrPEB, @PEB, sizeof(PEB), PUINT64(@size)) ) then

      begin

        // Call GetLastError() if you need to know why

        Exit;

      end;

      // . From this PEB, get the address of the block containing

      // a pointer to the CmdLine

      if ( ERROR_SUCCESS <> pfnNtReadVirtualMemory(hProcess, PEB.ProcessParameters, @stBlock, sizeof(stBlock), PUINT64(@size))) then

      begin

        // Call GetLastError() if you need to know why

        Exit;

      end;

      // . Get the ImagePathName

      PathBuffer := GetMemory(stBlock.ImagePathName.MaximumLength);

      FillChar(PathBuffer^,stBlock.ImagePathName.MaximumLength,);

      if ( ERROR_SUCCESS = pfnNtReadVirtualMemory(hProcess, stBlock.ImagePathName.Buffer, PVOID(PathBuffer), stBlock.ImagePathName.Length*sizeof(Char), PUINT64(@size))) then

      begin    // Call GetLastError() if you need to know why

        SetString(ImagePath,PChar(PathBuffer),stBlock.ImagePathName.Length div );

        Result := True;

      end;

      // . Get the CmdLine

      FreeMemory(PathBuffer);

      PathBuffer := GetMemory(stBlock.CmdLine.MaximumLength);

      FillChar(PathBuffer^,stBlock.CmdLine.MaximumLength,);

      if ( ERROR_SUCCESS = pfnNtReadVirtualMemory(hProcess, stBlock.CmdLine.Buffer, PVOID(PathBuffer), stBlock.CmdLine.Length*sizeof(Char), PUINT64(@size))) then

      begin    // Call GetLastError() if you need to know why

        SetString(CmdLine,PChar(PathBuffer),stBlock.CmdLine.Length div );

        Result := True;

      end;

      FreeMemory(PathBuffer);

    end;

  end;

end;

function GetProcessImagePathAndCmdLine(hProcess:THandle; var ImagePath:string; var CmdLine:string):Boolean;

var

  fn:TISWOW64PROCESS;

begin

  Result := False;

  try

    fn := GetProcAddress(GetModuleHandle('kernel32'),'IsWow64Process');

    if Assigned(fn) then

    begin

      Result := GetProcessImagePathAndCmdLine64(hProcess,ImagePath,CmdLine);

    end else

    begin

      Result := GetProcessImagePathAndCmdLine32(hProcess,ImagePath,CmdLine);

    end;

  Except

  end;

end;

Delphi 获取进程路径及命令行参数的更多相关文章

  1. PED结构获取进程路径和命令行地址

    1.FS寄存器 2.进入FS寄存器地址,7FFDD000 3.偏移30为PED结构 4.偏移地址10 3C,44偏移:路径地址,命令行地址 // 通过PEB结构去查找所有进程模块 void *PEB ...

  2. Shell特殊变量:Shell $0, $#, $*, $@, $?, $$和命令行参数

    特殊变量列表 变量 含义 $0 当前脚本的文件名 $n 传递给脚本或函数的参数.n 是一个数字,表示第几个参数.例如,第一个参数是$1,第二个参数是$2. $# 传递给脚本或函数的参数个数. $* 传 ...

  3. 【Shell脚本学习8】Shell特殊变量:Shell $0, $#, $*, $@, $?, $$和命令行参数

    前面已经讲到,变量名只能包含数字.字母和下划线,因为某些包含其他字符的变量有特殊含义,这样的变量被称为特殊变量. 例如,$ 表示当前Shell进程的ID,即pid,看下面的代码: $echo $$ 运 ...

  4. 【转】shell 教程——07 Shell特殊变量:Shell $0, $#, $*, $@, $?, $$和命令行参数

    前面已经讲到,变量名只能包含数字.字母和下划线,因为某些包含其他字符的变量有特殊含义,这样的变量被称为特殊变量. 例如,$ 表示当前Shell进程的ID,即pid,看下面的代码: $echo $$ 运 ...

  5. linux bash Shell特殊变量:Shell $0, $#, $*, $@, $?, $$和命令行参数

    在linux下配置shell参数说明 前面已经讲到,变量名只能包含数字.字母和下划线,因为某些包含其他字符的变量有特殊含义,这样的变量被称为特殊变量. 例如,$ 表示当前Shell进程的ID,即pid ...

  6. UE4命令行参数解析

    转自:https://blog.csdn.net/u012999985/article/details/53544389 一 .命令行参数简述命令行参数是一连串的关键字字符串,当运行可执行文件时可以通 ...

  7. C#中如何获取其他进程的命令行参数 ( How to get other processes's command line argument )

    Subject: C#中如何获取其他进程的命令行参数 ( How to get other processes&apos;s command line argument )From: jian ...

  8. Linux进程-命令行参数和环境列表

    命令行参数 在C中,main函数有很多的变种,比如 main(), int main(), int main(int argc, char *argv[]), int main(int argc, c ...

  9. .NET 命令行参数包含应用程序路径吗?

    如果你关注过命令行参数,也许发现有时你会在命令行参数的第一个参数中中看到应用程序的路径,有时又不会.那么什么情况下有路径呢? 其实是否有路径只是取决于获取命令行参数的时候用的是什么方法.而这是 Win ...

随机推荐

  1. iOS-default.png启动图片

    我在xcode5下写的代码,我下载了iOS6的模拟器,我用iOS6和iOS7的模拟器切换运行,有的时候可以运行有的时候不可以运行,报错: 2013-11-17 16:49:04.049 sim[474 ...

  2. 通过yum安装Nagios

    通过yum安装Nagios 2012年04月05日 ⁄ Nagios ⁄ 暂无评论   QQ空间新浪微博腾讯微博人人网更多3   前提先自行安装好Apache+php 测试环境主监控机:CentOS ...

  3. strutx.xml中配置文件的讲解

    Struts2框架的核心就是struts.xml文件了,该文件主要负责管理Struts的2的业务控制组件的核心内容.为了避免struts.xml的文件国 语庞大和臃肿,我们可以通过把一个struts. ...

  4. DevExpress - cxGrid 使用方法

    如何设置多选,并对多个选中行进行数据处理. 1.首先需要将需要获取的字段的列添加到 Grid 中,例如 grdDemoColumn1. 2.将 Grid 的 OptionsSelection 中的 C ...

  5. BZOJ 2456: mode 水题

    2456: mode Time Limit: 1 Sec Memory Limit: 256 MB 题目连接 http://www.lydsy.com/JudgeOnline/problem.php? ...

  6. android 动态改变屏幕方向

    LANDSCAPE与PORTRAIT 范例说明 要如何通过程序控制Activity的显示方向?在Android中,若要通过程序改变屏幕显示的方向,必须要覆盖 setRequestedOrientati ...

  7. 解决Mac下SublimeLinter的Unsafe Characters警告

    Mac下编辑JS文件, 如果是中文字符的行会警告: This character may get silently deleted by one or more browsers. SublimeLi ...

  8. The method load(Class, Serializable) in the type HibernateTemplate is not applicable for the arguments (Class, int)

    引入别人的项目发现利用HibernateTemplate的load的方法报错了.错误提示为: The method load(Class, Serializable) in the type Hibe ...

  9. 8张图带你理解Java整个只是网络(转载)

    8张图带你理解Java整个只是网络 一图胜千言,下面图解均来自Program Creek 网站的Java教程,目前它们拥有最多的票选.如果图解没有阐明问题,那么你可以借助它的标题来一窥究竟. 1.字符 ...

  10. CentOS 6.0下面安装JDK7

    下载地址:http://www.oracle.com/technetwork/java/javase/downloads/java-se-jdk-7-download-432154.html 1. 安 ...