delphi 取得任意程序的命令行  
官方Delphi 学习QQ群: 682628230(三千人)
频道

  1. 人气:
  2. 放大
  3. 缩小
  4. 二维码
  5. 赞赏

delphi 取得任意程序的命令行

program GetCommandLineExDemo;


uses Windows;

const
SystemHandleInformation = 16;
ProcessBasicInformation = 0;
STATUS_SUCCESS = cardinal($00000000);
SE_DEBUG_PRIVILEGE =20;
STATUS_ACCESS_DENIED = cardinal($C0000022);
STATUS_INFO_LENGTH_MISMATCH = cardinal($C0000004);
SEVERITY_ERROR = cardinal($C0000000);
TH32CS_SNAPPROCESS = $00000002; // 模块列表快照
JOB_OBJECT_ALL_ACCESS = $1f001f;

type
TPROCESSENTRY32 = record
dwSize: DWORD;
cntUsage: DWORD;
th32ProcessID: DWORD; // this process
th32DefaultHeapID: DWORD;
th32ModuleID: DWORD; // associated exe
cntThreads: DWORD;
th32ParentProcessID: DWORD; // this process's parent process
pcPriClassBase: Longint; // Base priority of process's threads
dwFlags: DWORD;
szExeFile: array[0..MAX_PATH - 1] of Char;// Path
end;
type
USHORT = Word;
UNICODE_STRING = packed Record
Length : USHORT;
MaximumLength: USHORT;
Buffer : PWideString;
end;

RTL_USER_PROCESS_PARAMETERS = packed record
Reserved1 : array[0..15] of Byte;
Reserved2 : array[0..9] of Pointer;
ImagePathName: UNICODE_STRING;
CommandLine : UNICODE_STRING;
end;
PRTL_USER_PROCESS_PARAMETERS = ^RTL_USER_PROCESS_PARAMETERS;


PEB = packed record
Reserved1 : array[0..1] of Byte;
BeingDebugged: ByteBool;
Reserved2 : Byte;
Reserved3 : array[0..1] of Pointer;
Ldr : Pointer;
ProcessParameters: PRTL_USER_PROCESS_PARAMETERS;
Reserved4 : array[0..103]of Byte;
Reserved5 : array[0..51]of Pointer;

end;
PPEB = ^PEB;

PROCESS_BASIC_INFORMATION = packed record
ExitStatus : DWORD;
PebBaseAddress: PPEB;
AffinityMask : DWORD;
BasePriority : DWORD;
uUniqueProcessId: ULong;
uInheritedFromUniqueProcessId: ULong;
end;
TProcessBasicInformation = PROCESS_BASIC_INFORMATION;

function CreateToolhelp32Snapshot(dwFlags, th32ProcessID: DWORD) : THandle ; stdcall; external 'kernel32.dll' name 'CreateToolhelp32Snapshot';
function Process32First(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL ; stdcall; external 'kernel32.dll' name 'Process32First';
function Process32Next(hSnapshot: THandle; var lpme: TPROCESSENTRY32): BOOL ; stdcall; external 'kernel32.dll' name 'Process32Next';

function NtQueryInformationProcess(ProcessHandle: THandle;ProcessInformationClass: Byte;ProcessInformation: Pointer;
ProcessInformationLength: ULONG;ReturnLength: PULONG): DWORD; stdcall; external 'ntdll.dll';

function EnablePrivilege(const PrivName: string; const Enable: Boolean = true): Boolean;
var
hToken: THandle;
PrivId: Int64;
tkp, PreviousState: TTokenPrivileges;
ReturnLength: DWORD;
begin
Result:=False;
if not LookupPrivilegeValue(nil,PChar(PrivName),PrivId) then exit;
if not OpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,hToken) then exit;
try
ReturnLength:=0;
tkp.PrivilegeCount:=1;
tkp.Privileges[0].Luid:=PrivId;
if Enable then tkp.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED
else tkp.Privileges[0].Attributes:=0;
Result:=AdjustTokenPrivileges(hToken,false,tkp,SizeOf(TTokenPrivileges),PreviousState,ReturnLength);
finally
CloseHandle(hToken);
end;
end;


function GetProcessCmdLine(PID: Cardinal): string;
const
SE_DEBUG_NAME = 'SeDebugPrivilege';
ProcessBasicInformation = 0;
var
h : THandle;
pbi : TProcessBasicInformation;
ret : Cardinal;
r : Cardinal;
ws : WideString;
aPEB : PEB;
str:string;
i:integer;
ProcPar: RTL_USER_PROCESS_PARAMETERS;
begin
Result:='';
str:='';
if PID = 0 then PID:=GetCurrentProcessID;
try
h:=OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,False,PID);
if h=0 then exit;
try
ret:=NtQueryInformationProcess(h,ProcessBasicInformation,@PBI,SizeOf(PBI),@r);
if ret=0 then
repeat
if (not ReadProcessMemory(h,pbi.PebBaseAddress,@aPEB,SizeOf(aPEB),r)) or (r<>SizeOf(aPEB)) then break;
if (not ReadProcessMemory(h,aPEB.ProcessParameters,@ProcPar,SizeOf(ProcPar),r)) or (r<>SizeOf(ProcPar)) then break;
SetLength(ws,ProcPar.CommandLine.Length div 2);
if (not ReadProcessMemory(h,ProcPar.CommandLine.Buffer,PWideChar(ws),
ProcPar.CommandLine.Length,r)) or (r<>ProcPar.CommandLine.Length) then break;
Result:=ws;
until True;
finally
CloseHandle(h);
end;
finally
end;
end;

function Trim(const S: string): string;
var
I, L: Integer;
begin
L := Length(S);
I := 1;
while (I <= L) and (S[I] <= ' ') do
Inc(I);
if I > L then
Result := ''
else
begin
while S[L] <= ' ' do
Dec(L);
Result := Copy(S, I, L - I + 1);
end;
end;

function UpperCase(const S: string): string;
var
Ch: Char;
L: Integer;
Source, Dest: PChar;
begin
L := Length(S);
SetLength(Result, L);
Source := Pointer(S);
Dest := Pointer(Result);
while L <> 0 do
begin
Ch := Source^;
if (Ch >= 'a') and (Ch <= 'z') then
Dec(Ch, 32);
Dest^ := Ch;
Inc(Source);
Inc(Dest);
Dec(L);
end;
end;


Function findprocess(TheProcName:String):DWORD;
var
isOK:Boolean;
ProcessHandle:Thandle;
ProcessStruct:TProcessEntry32;
begin
ProcessHandle:=createtoolhelp32snapshot(Th32cs_snapprocess,0);
processStruct.dwSize:=sizeof(ProcessStruct);
isOK:=process32first(ProcessHandle,ProcessStruct);
Result:=0;
while isOK do
begin
if Trim(UpperCase(TheProcName))=Trim(UpperCase(ProcessStruct.szExeFile)) then
begin
Result:=ProcessStruct.th32ProcessID;
CloseHandle(ProcessHandle);
exit;
end;
isOK:=process32next(ProcessHandle,ProcessStruct);
end;
CloseHandle(ProcessHandle);
end;

begin
messagebox(0, pchar(GetProcessCmdLine(findprocess('nod32.exe'))), 'aa', 0);

end.

推荐分享
最新信息 delphi13 多线程优化 TThreade... delphi 如何 FastMM配置 delphi13 FireDAC增强 并行备份... delphi12 Embarcadero ld... delphi 查看 cpu 核心数
热门信息 delphi 动态数组的使用 delphi多线程TThread详解 delphi try except语句 和 try finally语... delphi中常用字符串处理函数 delphi Inc函数和Dec函数的用法
推荐区 txt文本处理 查询128 说一段 简搜 短笑话 IP查询 正则大全 在线加密解密工具 在线文本筛选工具 1234828网址导航 windows库
图文皆来源于网络,内容仅做公益性分享,版权归原作者所有,如有侵权请告知删除!
  1. 关于我们
  2. 联系我们
 

Copyright © 2014 DelphiW.com 开发 源码 文档 技巧 All Rights Reserved
晋ICP备14006235号-8 晋公网安备 14108102000087号

执行时间: 0.048191070556641 seconds