function EnablePriv: Boolean;
var
hToken: THandle;
tkpNew, tkpOld: TTokenPrivileges;
dwLen: DWORD;
begin
Result := False;
if (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES, &hToken)) then
begin
if not LookupPrivilegeValue(
nil, 'SeDebugPrivilege',&tkpNew.Privileges[0].Luid) then
ShowPrompt(SysErrorMessage(GetLastError));
tkpNew.PrivilegeCount := 1;
tkpNew.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, False, tkpNew, SizeOf(tkpNew),
tkpOld, dwLen);
Result := ((GetLastError = ERROR_SUCCESS));
if not Result then
ShowPrompt(SysErrorMessage(GetLastError));
end;
end;
//枚举进程所有Module
procedure ModuleEnum(processid:Dword);
var
ModuleList :Thandle;
pm :TMODULEENTRY32;
begin
ModuleList:=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,processID);
pm.dwSize:=sizeof(TMODULEENTRY32);
if module32first(ModuleList,pm) then
begin
while module32next(ModuleList,pm) do
begin
if UpperCase(ExtractFileExt(pm.szexepath)) = '.EXE' then
ShowPrompt(pm.szexepath);
end;
end;
CloseHandle(ModuleList);
end;
function FindProcessPath(AFileName: String): string;
var
hSnapshot, hProcess, hModule:THandle;
lppe:TProcessEntry32;
bFound:boolean;
cbNeeded:DWORD;
begin
Result := '';
hSnapshot := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
lppe.dwSize := SizeOf(TProcessEntry32);
bFound := Process32First(hSnapshot,lppe);
while bFound do
begin
if (UpperCase(ExtractFileName(lppe.szExeFile))=UpperCase(AFileName)) then
begin
hProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ ,
False, lppe.th32ProcessID);
if hProcess = 0 then
begin
ShowPrompt(SysErrorMessage(GetLastError));
Exit;
end;
if EnumProcessModules(hProcess,@hModule, sizeof(hModule), cbNeeded) then
begin
SetLength(Result, MAX_PATH);
GetModuleFileNameEx(hProcess, hModule, PChar(Result), MAX_PATH+1);
SetLength(Result, StrLen(PChar(Result)));
end;
break;
end;
bFound := Process32Next(hSnapshot, lppe);
end;
end;
浙公网安备 33010602011771号