ProcessHandleToId() ?

delphi package - getting into other processes

ProcessHandleToId() ?

Postby Edix » Sat Oct 08, 2005 7:04 am

hi, I need ProcessHandleToId function but I don`t want use madRemote,
can anybody give me a hint how to do this?
Edix
 
Posts: 1
Joined: Sat Oct 08, 2005 7:02 am

Postby iconic » Sun Feb 25, 2007 11:20 pm

This thread is old, nonetheless....
I posted this on madCodeHook area some time ago, I wrote it so that u would not need madRemote to do such thing and make light-weight replacement without needing to include remote unit, try using search feature next time. It works identical to Kernel32.GetProcessId() found in XP and greater OS's but also works on NT OS's previous to XP so it's better. There's a Thread Handle to Thread ID function there too.

Code: Select all
type
  PPROCESS_BASIC_INFORMATION = ^PROCESS_BASIC_INFORMATION;
  PROCESS_BASIC_INFORMATION = packed record
  ExitStatus:         DWORD;
  PebBaseAddress:     Pointer;
  AffinityMask:       DWORD;
  BasePriority:       DWORD;
  UniqueProcessId:    DWORD;
  InheritedUniquePID: DWORD;
 end;

 PClientID = ^TClientID;
 TClientID = packed record
 UniqueProcess: DWORD;
 UniqueThread:  DWORD;
end;

  PTHREAD_BASIC_INFORMATION = ^THREAD_BASIC_INFORMATION;
  THREAD_BASIC_INFORMATION = packed record
  ExitStatus:     DWORD;
  TebBaseAddress: Pointer;   
  ClientId:       TClientID;
  AffinityMask:   DWORD;
  Priority:       DWORD;
  BasePriority:   DWORD;
 end;

 TNtQueryInformationProcess = function(hProcess: THandle;
                                       ProcessInformationClass: Integer;
                                       var ProcessInformation;
                                       ProcessInformationLength: Integer;
                                       var ReturnLength: Integer): Integer; stdcall;

  TNtQueryInformationThread = function(hThread: THandle;
                                       ThreadInformationClass: Integer;
                                       var ThreadInformation;
                                       ThreadInformationLength: Integer;
                                       var ReturnLength: Integer): Integer; stdcall;


const
  ProcessBasicInformation   = $00000000;
  ThreadBasicInformation    = ProcessBasicInformation;
  PROCESS_QUERY_INFORMATION = $00000400;
  THREAD_QUERY_INFORMATION  = PROCESS_QUERY_INFORMATION shr 4;
  NTDLL = 'NTDLL.dll';



function PHtoPID(const hProcess: THandle): Integer; stdcall; //ret -1 = fail
var
         status: Integer;
            pbi: PROCESS_BASIC_INFORMATION;
           hDup: THandle;
NtQueryInformationProcess: TNtQueryInformationProcess;
            ret: Integer;
begin
   result :=-1;
    if (not DuplicateHandle(GetCurrentProcess(),
                           hProcess,
                           GetCurrentProcess(),
                           @hDup,
                           PROCESS_QUERY_INFORMATION,
                           False,
                           0)) then Exit;
   @NtQueryInformationProcess := GetProcAddress(GetModuleHandleW(NTDLL), 'NtQueryInformationProcess');
  if @NtQueryInformationProcess = nil then
  Exit;
    ZeroMemory(@pbi, sizeof(pbi));
    status := NtQueryInformationProcess(hDup,
                                       ProcessBasicInformation,
                                       pbi,
                                       sizeof(pbi),
                                       ret);
     CloseHandle(hDup);
      if (status >= 0) then
        result := pbi.UniqueProcessId;
end;


function THtoTID(const hThread: THandle): Integer; stdcall; //ret -1 = fail
var
    status: Integer;
    tbi: THREAD_BASIC_INFORMATION;
    hDup: THandle;
    ret: Integer;
    NtQueryInformationThread: TNtQueryInformationThread;
begin
   result :=-1;
    if (not DuplicateHandle(GetCurrentProcess(),
                           hThread,
                           GetCurrentProcess(),
                           @hDup,
                           THREAD_QUERY_INFORMATION,
                           False,
                           0)) then Exit;
     @NtQueryInformationThread := GetProcAddress(GetModuleHandleW(NTDLL), 'NtQueryInformationThread');
  if @NtQueryInformationThread  = nil then
  Exit;
    ZeroMemory(@tbi, sizeof(tbi));
    Status := NtQueryInformationThread(hDup,
                                      ThreadBasicInformation,
                                      tbi,
                                      sizeof(tbi),
                                      ret);
    CloseHandle(hDup);
     if (status >= 0) then
       result := tbi.ClientId.UniqueThread;
end;

//* test it

initialization
 if ((GetVersion and $80000000)= 0) then
 begin
  Assert((DWORD(GetCurrentThreadId()) = DWORD(THtoTID(GetCurrentThread()))), 'THtoTID() Failure!');
 Assert((DWORD(GetCurrentProcessId()) = DWORD(PHtoPID(GetCurrentProcess()))), 'PHtoPID() Failure!');
 end;


--Iconic
iconic
 
Posts: 807
Joined: Wed Jun 08, 2005 5:08 am


Return to madRemote

Who is online

Users browsing this forum: No registered users and 1 guest

cron