vProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,
False, mProcessID);
if vProcess = 0 then Exit;
try
if NtQueryInformationProcess(
vProcess,
ProcessBasicInformation,
@vProcessBasicInformation,
SizeOf(vProcessBasicInformation),
nil) <> 0 then Exit;
if not ReadProcessMemory(vProcess,
vProcessBasicInformation.PebBaseAddress,
@vPEB,
SizeOf(vPEB),
vNumberOfBytesRead) then Exit;
if not ReadProcessMemory(vProcess,
vPEB.ProcessParameters,
@vProcessParameters,
SizeOf(vProcessParameters),
vNumberOfBytesRead) then Exit;
SetLength(Result, vProcessParameters.CommandLine.Length div 2);
if not ReadProcessMemory(vProcess,
vProcessParameters.CommandLine.Buffer,
@Result[1],
vProcessParameters.CommandLine.Length,
vNumberOfBytesRead) then Exit;
finally
CloseHandle(vProcess);
end;
end; { Process_CmdLine }
procedure EnableDebug(); var VerInfo:TOSVersionInfo; hToken:THANDLE; tkp:TOKEN_PRIVILEGES; Nothing:Cardinal; begin VerInfo.dwOSVersionInfoSize:=SizeOf(VerInfo); GetVersionEx(VerInfo); if VerInfo.dwPlatformId=VER_PLATFORM_WIN32_NT then Begin OpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,hToken); LookupPrivilegeValue(nil,'SeDebugPrivilege',tkp.Privileges[0].Luid); tkp.PrivilegeCount:= 1; tkp.Privileges[0].Attributes:= SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, FALSE, tkp, 0,nil, Nothing); end; end;