full path with IProcess.ExeFile !?!

Jay · Post by **Jay** » Mon May 03, 2004 1:36 pm

hi!

when i use

FullPath := Processes.Items[i].ExeFile;

the variable "FullPath" contains normally the full path and the executable file name. but for some processes like "csrss.exe" oder one of the "svchost.exe" files it doesn't work. in those cases "FullPath" contains only the executable file name.

is there a way to get the full path of all processes ?

kind regards,

Jay

Post by **madshi** » Mon May 03, 2004 2:31 pm

You need admin rights to get the full path of the system processes. It works for me if I'm logged on with admin rights.

Jay · Post by **Jay** » Tue May 04, 2004 6:09 am

thanx. i have admin rights and all needed privileges like "SeDebugPrivilege", but for me it doesn't work.

bye!

Jay

Post by **madshi** » Tue May 04, 2004 7:01 am

Which OS are we talking about? I've tested on XP.

Jay · Post by **Jay** » Tue May 04, 2004 12:07 pm

i tested it on 2k and xp. the problem is the same in both os'.

Post by **madshi** » Tue May 04, 2004 12:12 pm

Try this code:

var i1 : integer;
s1 : string;
initialization
with Processes do
for i1 := 0 to ItemCount - 1 do
s1 := s1 + #$D#$A + Items[i1].ExeFile;
MessageBox(0, pchar(s1), 'info', 0);

Also try to add "madCodeHook" to your uses clause. Does that make a difference?

Here's what the code above gives me on my PC:

[System Process]
System
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programme\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\Programme\Borland\InterBase\bin\ibserver.exe
C:\Programme\Borland\Delphi 7\Bin\delphi32.exe

Jay · Post by **Jay** » Tue May 04, 2004 1:25 pm

thank you very much. it works when i add "madCodeHook" to my uses clause. can you tell me why ?

kind regards,

Jay

Post by **madshi** » Wed May 05, 2004 7:25 am

Your user account seems to have all necessary privileges, but they are seemingly not enabled. madCodeHook does this in its initialization:

Code: Select all

procedure EnableAllPrivileges;
type TTokenPrivileges = record
       PrivilegeCount : dword;
       Privileges     : array [0..maxInt shr 4 - 1] of TLUIDAndAttributes;
     end;
var c1, c2 : dword;
    ptp    : ^TTokenPrivileges;
    i1     : integer;
begin
  if OpenProcessToken(windows.GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, c1) then
    try
      c2 := 0;
      GetTokenInformation(c1, TokenPrivileges, nil, 0, c2);
      if c2 <> 0 then begin
        GetMem(ptp, c2 * 2);
        if GetTokenInformation(c1, TokenPrivileges, ptp, c2 * 2, c2) then begin
          for i1 := 0 to integer(ptp^.PrivilegeCount) - 1 do
            ptp^.Privileges[i1].Attributes := ptp^.Privileges[i1].Attributes or SE_PRIVILEGE_ENABLED;
          AdjustTokenPrivileges(c1, false, PTokenPrivileges(ptp)^, c2, PTokenPrivileges(nil)^, cardinal(pointer(nil)^));
        end;
        FreeMem(ptp);
      end;
    finally CloseHandle(c1) end;
end;

Jay · Post by **Jay** » Wed May 05, 2004 1:02 pm

ok, i understand. thank you very much.

kind regards,

Jay

Shenck · Post by **Shenck** » Wed Jul 06, 2005 7:36 am

I have admin rights and all needed privileges, but don't kill a services process.

if Process(PID).ServiceProcess then
begin
Process(PID).Close;
end;

THX!

Post by **madshi** » Wed Jul 06, 2005 8:39 am

You can't stop service processes like that. You can try "Terminate" instead of "Close", but I don't think that will work for services. Probably you need to use the service APIs like "StopService". See Microsoft documentation for more details.