不通过getModuleFileNameEx获取各种系统进程的路径 [英] Not getting path of various System Processes by getModuleFileNameEx

问题描述

我已经创建了这个函数来获取各种网络进程的路径，如svchost，firefox等。这里是代码：

I have created this function to get the path of various network processes , like svchost, firefox etc. Here is the code:

    function GetProcessPath(var pId:Integer):String;
    var
       Handle: THandle;

   begin
   Result := '';
    try
       Handle := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, pID);
       if Handle <> 0 then
      begin
      try
          SetLength(Result, MAX_PATH);
          if GetModuleFileNameEx(Handle, 0, PChar(Result), MAX_PATH) > 0 then
              SetLength(Result, StrLen(PChar(Result)))
          else
             Result := '';
     finally
        CloseHandle(Handle);
     end;
     end;
   except
      on E:Exception do
     ShowMessage(E.ClassName+':'+E.Message);
    end;
    end;

我的问题是我没有获得所有进程的路径。它适用于获取Firefox的路径和其他类似的用户级进程。但是对于像alg，Svchost这样的进程，我无法通过这种方法获得路径。我的猜测是我必须使用一些差异。 API。请帮助我在这方面。

My problem is that i do not get path of all the processes. It works fine for Getting path of firefox, and other similiar user level processes. But for processes like alg, Svchost, i cannot get the Path by this method. My guess is i must use some diff. API. Please help me in this regard.

感谢提前

推荐答案

你需要设置调试权限这里是如何完成

You need to set debug privileges here is how is done

function NTSetPrivilege(sPrivilege: string; bEnabled: Boolean): Boolean;
var
  hToken: THandle;
  TokenPriv: TOKEN_PRIVILEGES;
  PrevTokenPriv: TOKEN_PRIVILEGES;
  ReturnLength: Cardinal;
begin
  Result := True;
  // Only for Windows NT/2000/XP and later.
  if not (Win32Platform = VER_PLATFORM_WIN32_NT) then Exit;
  Result := False;

  // obtain the processes token
  if OpenProcessToken(GetCurrentProcess(),
    TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then
  begin
    try
      // Get the locally unique identifier (LUID) .
      if LookupPrivilegeValue(nil, PChar(sPrivilege),
        TokenPriv.Privileges[0].Luid) then
      begin
        TokenPriv.PrivilegeCount := 1; // one privilege to set

        case bEnabled of
          True: TokenPriv.Privileges[0].Attributes  := SE_PRIVILEGE_ENABLED;
          False: TokenPriv.Privileges[0].Attributes := 0;
        end;

        ReturnLength := 0; // replaces a var parameter
        PrevTokenPriv := TokenPriv;

        // enable or disable the privilege

        AdjustTokenPrivileges(hToken, False, TokenPriv, SizeOf(PrevTokenPriv),
          PrevTokenPriv, ReturnLength);
      end;
    finally
      CloseHandle(hToken);
    end;
  end;
  end;




NtSetPrivilege('SeDebugPrivilege',TRUE);//call this on form create

这篇关于不通过getModuleFileNameEx获取各种系统进程的路径的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！