 |
 |
 |
 |
 |
|
Programmierung allgemein
Win32/Win64 API (native code)
Delphi Startparameter fremder Anwendung auslesen
|
Registriert seit: 30. Jul 2008 125 Beiträge |
#6
Re: Startparameter fremder Anwendung auslesen
1. Mär 2010, 15:33
Also ich mache das etwa so (keine injection, dafür aber debugging-Rechte) ...
Delphi-Quellcode:
Referenz:
function GetProcessCommandLine(pID: Cardinal):string;
var hProcess, hHeap: THandle; dwsize, dwSizeNeeded, dwBytesRead: DWORD; dwStatus: LONG; pbi : smPPROCESS_BASIC_INFORMATION; spi : smPROCESSINFO; peb : smPEB; bpp: smRTL_USER_PROCESS_PARAMETERS; pWideStrBuf: PWideChar; begin if not EnableTokenPrivilege(SE_DEBUG_NAME) then begin // writeln('Debug privileges not available for current user.'); end; result := ''; hProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, // PROCESS_ALL_ACCESS,// false, PID); if hProcess = 0 then begin // writeln('Could not open process #',pID,' with desired privileges. Error ',GetLastError); exit; end; // else writeln('access granted.'); if IsNTDLLLibraryLoaded then begin hHeap := GetProcessHeap; if hHeap <> 0 then begin dwSize := sizeof(smPROCESS_BASIC_INFORMATION); pbi := HeapAlloc(hHeap, HEAP_ZERO_MEMORY, dwSize); if assigned(pbi) then begin dwStatus := NtQueryInformationProcess(hProcess, ProcessBasicInformation, Pointer(pbi), dwSize, @dwSizeNeeded); if dwStatus >= 0 then begin spi.dwPID := DWORD (pbi^.UniqueProcessId); spi.dwParentPID := DWORD (pbi^.InheritedFromUniqueProcessId); spi.dwBasePriority := LONG (pbi^.BasePriority); spi.dwExitStatus := NTSTATUS (pbi^.ExitStatus); spi.dwPEBBaseAddress := DWORD (pbi^.PebBaseAddress); spi.dwAffinityMask := DWORD (pbi^.AffinityMask); if 0 <> spi.dwPEBBaseAddress then begin if ReadProcessMemory ( hProcess, Pointer(spi.dwPEBBaseAddress), @peb, sizeof(peb), dwBytesRead) then begin spi.dwSessionID := DWORD (peb.SessionId); spi.cBeingDebugged := BYTE (peb.BeingDebugged); try if assigned(peb.ProcessParameters) then begin ReadProcessMemory( hProcess,Pointer(peb.ProcessParameters),@bpp,sizeof(bpp),dwBytesRead); if bpp.CommandLine.Length > 0 then begin pWideStrBuf := HeapAlloc(hHeap,HEAP_ZERO_MEMORY,bpp.CommandLine.Length*sizeof(WideChar)); ReadProcessMemory( hProcess, bpp.CommandLine.Buffer, pWideStrBuf, bpp.CommandLine.Length*sizeof(WideChar), dwBytesRead); result := WideCharToString(pWideStrBuf); HeapFree(hHeap,0,pWideStrBuf); end; end; except else result := ' - '; end; end; // else writeln('ReadMemory Failed.'); end; // else writeln('PEB Base Address is NULL.'); end; // else writeln('NtQueryInformationProcess Failed.'); end; // else writeln('HeapAlloc Failed.'); if hHeap <> 0 then windows.HeapFree(hHeap,0,pbi); // 0 : Do not specify this value when accessing the process heap. The system may create additional threads within the application's process, such as a CTRL+C handler, that simultaneously access the process heap. Otherwise, use HEAP_NO_SERIALIZE = 1 end; end; CloseHandle(hProcess); end;  http://www.delphipraxis.net/internal...t.php?t=166858
|
Zitat
|
ForumregelnEs ist dir nicht erlaubt, neue Themen zu verfassen.
Es ist dir nicht erlaubt, auf Beiträge zu antworten.
Es ist dir nicht erlaubt, Anhänge hochzuladen.
Es ist dir nicht erlaubt, deine Beiträge zu bearbeiten.
BB-Code ist an.
Smileys sind an.
[IMG] Code ist an.
HTML-Code ist aus. Trackbacks are an
Pingbacks are an
Refbacks are aus
|
|
Baum-Darstellung
