delphi package - easy access to kernel objects etc.
Jay
Posts: 13 Joined: Thu Apr 29, 2004 9:34 am
Post
by Jay » Mon May 03, 2004 1:36 pm
hi!
when i use
Code: Select all
FullPath := Processes.Items[i].ExeFile;
the variable "FullPath" contains normally the full path and the executable file name. but for some processes like "csrss.exe" oder one of the "svchost.exe" files it doesn't work. in those cases "FullPath" contains only the executable file name.
is there a way to get the full path of all processes ?
kind regards,
Jay
madshi
Site Admin
Posts: 10764 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Mon May 03, 2004 2:31 pm
You need admin rights to get the full path of the system processes. It works for me if I'm logged on with admin rights.
Jay
Posts: 13 Joined: Thu Apr 29, 2004 9:34 am
Post
by Jay » Tue May 04, 2004 6:09 am
thanx. i have admin rights and all needed privileges like "SeDebugPrivilege", but for me it doesn't work.
bye!
Jay
madshi
Site Admin
Posts: 10764 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Tue May 04, 2004 7:01 am
Which OS are we talking about? I've tested on XP.
Jay
Posts: 13 Joined: Thu Apr 29, 2004 9:34 am
Post
by Jay » Tue May 04, 2004 12:07 pm
i tested it on 2k and xp. the problem is the same in both os'.
madshi
Site Admin
Posts: 10764 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Tue May 04, 2004 12:12 pm
Try this code:
var i1 : integer;
s1 : string;
initialization
with Processes do
for i1 := 0 to ItemCount - 1 do
s1 := s1 + #$D#$A + Items[i1].ExeFile;
MessageBox(0, pchar(s1), 'info', 0);
Also try to add "madCodeHook" to your uses clause. Does that make a difference?
Here's what the code above gives me on my PC:
[System Process]
System
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programme\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\Programme\Borland\InterBase\bin\ibserver.exe
C:\Programme\Borland\Delphi 7\Bin\delphi32.exe
Jay
Posts: 13 Joined: Thu Apr 29, 2004 9:34 am
Post
by Jay » Tue May 04, 2004 1:25 pm
thank you very much. it works when i add "madCodeHook" to my uses clause. can you tell me why ?
kind regards,
Jay
madshi
Site Admin
Posts: 10764 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Wed May 05, 2004 7:25 am
Your user account seems to have all necessary privileges, but they are seemingly not enabled. madCodeHook does this in its initialization:
Code: Select all
procedure EnableAllPrivileges;
type TTokenPrivileges = record
PrivilegeCount : dword;
Privileges : array [0..maxInt shr 4 - 1] of TLUIDAndAttributes;
end;
var c1, c2 : dword;
ptp : ^TTokenPrivileges;
i1 : integer;
begin
if OpenProcessToken(windows.GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, c1) then
try
c2 := 0;
GetTokenInformation(c1, TokenPrivileges, nil, 0, c2);
if c2 <> 0 then begin
GetMem(ptp, c2 * 2);
if GetTokenInformation(c1, TokenPrivileges, ptp, c2 * 2, c2) then begin
for i1 := 0 to integer(ptp^.PrivilegeCount) - 1 do
ptp^.Privileges[i1].Attributes := ptp^.Privileges[i1].Attributes or SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(c1, false, PTokenPrivileges(ptp)^, c2, PTokenPrivileges(nil)^, cardinal(pointer(nil)^));
end;
FreeMem(ptp);
end;
finally CloseHandle(c1) end;
end;
Jay
Posts: 13 Joined: Thu Apr 29, 2004 9:34 am
Post
by Jay » Wed May 05, 2004 1:02 pm
ok, i understand. thank you very much.
kind regards,
Jay
Shenck
Posts: 15 Joined: Tue Apr 19, 2005 2:59 pm
Post
by Shenck » Wed Jul 06, 2005 7:36 am
I have admin rights and all needed privileges, but don't kill a services process.
if Process(PID).ServiceProcess then
begin
Process(PID).Close;
end;
THX!
madshi
Site Admin
Posts: 10764 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Wed Jul 06, 2005 8:39 am
You can't stop service processes like that. You can try "Terminate" instead of "Close", but I don't think that will work for services. Probably you need to use the service APIs like "StopService". See Microsoft documentation for more details.