We get the keys for starting the process by its identifier (PID). You can get them only from the process of the corresponding bit capacity. That is, a 32-bit program cannot get this information from a 64-bit process and vice versa. To access processes running on behalf of another user, you need to give your process the SeDebugPrivilege privilege [Set process privileges to perform system operations].
|
1 2 3 4 5 6 7 |
var pid: Integer; cmdLine : array[0..255] of Char; begin pid:= 4708; if getProcessCommandLine(pid, cmdLine, 255) = true then ShowMessage(cmdLine); end; |
Options
pid - process ID
cmdLine - is a variable that will contain a line consisting of the path to the process file and its launch keys. If there are no keys, only the path to the process file.
Result
True if the operation is successful, False if not.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
function getProcessCommandLine (dwProcessID: Cardinal; szBuffer: PChar; cbBuffer: Cardinal): Bool; var hProcess, hThread : DWORD; pGetCommandLine : Pointer; pCommandLine : PChar; dwTID : DWORD; dwRead: SIZE_T; begin Result := FALSE; hProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessID); if (hProcess <> 0) then try pGetCommandLine := GetProcAddress(GetModuleHandle('kernel32.dll'), 'GetCommandLineW'); if (pGetCommandLine <> nil) then begin hThread := CreateRemoteThread(hProcess, NIL, 0, pGetCommandLine, nil, 0, dwTID); if (hThread <> 0) then try if WAIT_OBJECT_0 = WaitForSingleObject(hThread, 10000) then begin if GetExitCodeThread(hThread, PDWord(@pCommandLine)^) then begin if ReadProcessMemory(hProcess, pCommandLine, szBuffer, cbBuffer, dwRead) then begin szBuffer[dwRead] := #0; Result := TRUE end end end finally CloseHandle(hThread) end end finally CloseHandle(hProcess); end end; |
