Delphi获取进程的命令行参数

本文整理自网络，侵删。

 
type
  UNICODE_STRING = packed record
    Length: Word;
    MaximumLength: Word;
    Buffer: PWideChar;
  end;
  PUNICODE_STRING = UNICODE_STRING;
type
  PROCESS_PARAMETERS = packed record
    AllocationSize: ULONG;
    ActualSize: ULONG;
    Flags: ULONG;
    Unknown1: ULONG;
    Unknown2: UNICODE_STRING;
    InputHandle: THandle;
    OutputHandle: THandle;
    ErrorHandle: THandle;
    CurrentDirectory: UNICODE_STRING;
    CurrentDirectoryHandle: THandle;
    SearchPaths: UNICODE_STRING;
    ApplicationName: UNICODE_STRING;
    CommandLine: UNICODE_STRING;
    EnvironmentBlock: Pointer;
    Unknown: array[0..9 - 1] of ULONG;
    Unknown3: UNICODE_STRING;
    Unknown4: UNICODE_STRING;
    Unknown5: UNICODE_STRING;
    Unknown6: UNICODE_STRING;
  end;
  PPROCESS_PARAMETERS = ^PROCESS_PARAMETERS;
 
type
  PEB = packed record
    AllocationSize: ULONG;
    Unknown1: ULONG;
    ProcessHinstance: Longword;
    ListDlls: Pointer;
    ProcessParameters: PPROCESS_PARAMETERS;
    Unknown2: ULONG;
    Heap: THandle;
  end;
  PPEB = ^PEB;
type
  _PROCESS_BASIC_INFORMATION = packed record
    Reserved1: Pointer;
    PebBaseAddress: PPEB;
    Reserved2: array[0..1] of Pointer;
    UniqueProcessId: PULONG;
    Reserved3: Pointer;
  end;
  PROCESS_BASIC_INFORMATION = _PROCESS_BASIC_INFORMATION;
  PPROCESS_BASIC_INFORMATION = ^PROCESS_BASIC_INFORMATION;
  PROCESSINFOCLASS = (
    ProcessBasicInformation = 0,
    ProcessWow64Information = 26
  );
  NTSTATUS = DWORD;
function NtQueryInformationProcess(
  ProcessHandle: THandle;
  ProcessInformationClass: PROCESSINFOCLASS;
  ProcessInformation: Pointer;
  ProcessInformationLength: ULONG;
  ReturnLength: PULONG
): NTSTATUS; stdcall; external 'ntdll.dll' name 'NtQueryInformationProcess';
function Process_CmdLine(
  mProcessID: THandle
): WideString;
var
  vProcess: THandle;
  vProcessBasicInformation: PROCESS_BASIC_INFORMATION;
  vPEB: PEB;
  vNumberOfBytesRead: Longword;
  vProcessParameters: PROCESS_PARAMETERS;
begin
  Result := '';
  vProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,
    False, mProcessID);
  if vProcess = 0 then Exit;
  try
    if NtQueryInformationProcess(
      vProcess,
      ProcessBasicInformation,
      @vProcessBasicInformation,
      SizeOf(vProcessBasicInformation),
      nil) <> 0 then Exit;
    if not ReadProcessMemory(vProcess,
      vProcessBasicInformation.PebBaseAddress,
      @vPEB,
      SizeOf(vPEB),
      vNumberOfBytesRead) then Exit;
    if not ReadProcessMemory(vProcess,
      vPEB.ProcessParameters,
      @vProcessParameters,
      SizeOf(vProcessParameters),
      vNumberOfBytesRead) then Exit;
    SetLength(Result, vProcessParameters.CommandLine.Length div 2);
    if not ReadProcessMemory(vProcess,
      vProcessParameters.CommandLine.Buffer,
      @Result[1],
      vProcessParameters.CommandLine.Length,
      vNumberOfBytesRead) then Exit;
  finally
    CloseHandle(vProcess);
  end;
end; { Process_CmdLine }
procedure EnableDebug();
var
    VerInfo:TOSVersionInfo;
    hToken:THANDLE;
    tkp:TOKEN_PRIVILEGES;
    Nothing:Cardinal;
begin
    VerInfo.dwOSVersionInfoSize:=SizeOf(VerInfo);
    GetVersionEx(VerInfo);
    if VerInfo.dwPlatformId=VER_PLATFORM_WIN32_NT then
    Begin
        OpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,hToken);
        LookupPrivilegeValue(nil,'SeDebugPrivilege',tkp.Privileges[0].Luid);
        tkp.PrivilegeCount:= 1;
        tkp.Privileges[0].Attributes:= SE_PRIVILEGE_ENABLED;
        AdjustTokenPrivileges(hToken, FALSE, tkp, 0,nil, Nothing);
    end;
end;

 

相关阅读 >>

Delphi idhttp1post上传图片

Delphi 关于使用access中带参数的查询的用法

Delphi通过进程id获取主窗句柄

Delphi ip地址转换str字符

Delphi模拟点击网页中的按钮

Delphi xe2获取文件的 md5、crc、sha-1、sha-256、sha-512

Delphi监视进程并结束进程

Delphi tdirectory

Delphi格式化wmi中的datetime

Delphi 如何通过代码控制打开键盘数字锁定numlock

更多相关阅读请进入《Delphi》频道 >>

转载请注明出处：木庄网络博客 » Delphi获取进程的命令行参数