没有通过GetModuleFileNameEx（）获取各种系统进程的路径 [英] Not getting path of various system processes by GetModuleFileNameEx()

问题描述

我创建了此函数来获取各种网络进程的路径，例如svchost，Firefox等。这是代码：

I have created this function to get the path of various network processes, like svchost, Firefox, etc. Here is the code:

function GetProcessPath(var pId:Integer):String;
var
    Handle: THandle;

begin
    Result := '';
    try
        Handle := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, pID);
        if Handle <> 0 then
        begin
            try
               SetLength(Result, MAX_PATH);
               if GetModuleFileNameEx(Handle, 0, PChar(Result), MAX_PATH) > 0 then
                   SetLength(Result, StrLen(PChar(Result)))
               else
                  Result := '';
            finally
                CloseHandle(Handle);
        end;
    end;

    except
       on E:Exception do
           ShowMessage(E.ClassName + ':' + E.Message);
    end;
end;

我的问题是我没有获得所有过程的路径。它对于获取Firefox和其他类似用户级别进程的路径非常有效。但是对于像alg，Svchost这样的进程，我无法通过此方法获取路径。我的猜测是我必须使用一些其他API。如何解决此问题？

My problem is that I do not get the path of all the processes. It works fine for getting the path of Firefox, and other similar user level processes. But for processes like alg, Svchost, I cannot get the path by this method. My guess is I must use some different API. How can I fix this problem?

我正在使用Windows XP（32位）。

I am using Windows XP, 32 bits.

推荐答案

您需要设置调试权限。操作方法如下：

You need to set debug privileges. Here is how it is done:

function NTSetPrivilege(sPrivilege: string; bEnabled: Boolean): Boolean;
var
  hToken: THandle;
  TokenPriv: TOKEN_PRIVILEGES;
  PrevTokenPriv: TOKEN_PRIVILEGES;
  ReturnLength: Cardinal;
begin
  Result := True;

  // Only for Windows NT/2000/XP and later.
  if not (Win32Platform = VER_PLATFORM_WIN32_NT) then Exit;

  Result := False;

  // Obtain the processes token
  if OpenProcessToken(GetCurrentProcess(),
    TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then
  begin
    try
      // Get the locally unique identifier (LUID) .
      if LookupPrivilegeValue(nil, PChar(sPrivilege),
        TokenPriv.Privileges[0].Luid) then
      begin
        TokenPriv.PrivilegeCount := 1; // One privilege to set

        case bEnabled of
          True: TokenPriv.Privileges[0].Attributes  := SE_PRIVILEGE_ENABLED;
          False: TokenPriv.Privileges[0].Attributes := 0;
        end;

        ReturnLength := 0; // Replaces a var parameter
        PrevTokenPriv := TokenPriv;

        // Enable or disable the privilege

        AdjustTokenPrivileges(hToken, False, TokenPriv, SizeOf(PrevTokenPriv),
          PrevTokenPriv, ReturnLength);
      end;
    finally
      CloseHandle(hToken);
    end;
  end;
end;

NtSetPrivilege('SeDebugPrivilege', TRUE); // Call this on form create

这篇关于没有通过GetModuleFileNameEx（）获取各种系统进程的路径的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！