vsprocess.pas

delphi process unit to convert and get handle,pid,write process,read,...

  Result:=Result+1;
  ContinueLoop := Process32Next(FSnapshotHandle,FProcessEntry32);
  end;
  CloseHandle(FSnapshotHandle);
end;

function IsModuleFound(ProcessID: DWord;Module:string): Boolean; stdcall;
var sFoundModules  : String;
    FSnapshotHandle: THandle;
    FModuleEntry32 : TModuleEntry32;
    ContinueLoop   : Boolean;
begin
SetTokenPrivileges;
  sFoundModules := '';
  if (ProcessID <> 0) then
  begin
    FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,ProcessID);
    FModuleEntry32.dwSize := Sizeof(FModuleEntry32);
    ContinueLoop := Module32First(FSnapshotHandle,FModuleEntry32);
    while ContinueLoop do
    begin
   Result:=  (FModuleEntry32.szModule = Module);
      ContinueLoop := Module32Next(FSnapshotHandle,FModuleEntry32);
    end;
    CloseHandle(FSnapshotHandle);
  end;
end;


function NameToPid(ExeNames: PChar): DWord;
  function DeleteExe(sProcessNames: string): string;
  var i: DWord;
      j: DWord;
  begin
    SetLength(Result,Length(sProcessNames));
    result := '';
    j := 0;
    for i := 1 to length(sProcessNames) do
    begin
      if (Copy(sProcessNames,i,6) = ('.EXE'#13#10)) then
        j := 4;
      if (j > 0) then
        Dec(j) else
        Result := Result+sProcessNames[i];
    end;
  end;
var
  FSnapshotHandle: THandle;
  FProcessEntry32: TProcessEntry32;
  ContinueLoop   : Boolean;
  sExeSearch     : String;
  sExeProcess    : String;
  i              : integer;
begin
  Result := 0;
  sExeSearch := DeleteExe(uppercase(#13#10+exenames+#13#10));
  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
  FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
  ContinueLoop := Process32First(FSnapshotHandle,FProcessEntry32);
  while ContinueLoop do
  begin
    sExeProcess := uppercase(extractfilename(FProcessEntry32.szExeFile));
    i := pos(sExeProcess,sExeSearch);
    if (i > 0) and
       (sExeSearch[i-1] = #10) and
       (sExeSearch[i+length(sExeProcess)] = #13)  then
      result := FProcessEntry32.th32ProcessID;
    ContinueLoop := Process32Next(FSnapshotHandle,FProcessEntry32);
  end;
  CloseHandle(FSnapshotHandle);
end;

function GetModulesByName(ExeName: PChar): string; stdcall;
begin
  Result := GetModulesByPid(NameToPid(ExeName));
end;

function GetAllProcess: string; stdcall;
var
  FSnapshotHandle: THandle;
  FProcessEntry32: TProcessEntry32;
  ContinueLoop   : Boolean;
  sFoundProcesses: String;
begin
  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
  FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
  ContinueLoop := Process32First(FSnapshotHandle,FProcessEntry32);
  sFoundProcesses := '';
  while ContinueLoop do
  begin
    sFoundProcesses := sFoundProcesses+ExtractFilename(FProcessEntry32.szExeFile)+#13#10;
    ContinueLoop := Process32Next(FSnapshotHandle,FProcessEntry32);
  end;
  if (Length(sFoundProcesses) > 0) then
    Result := Copy(sFoundProcesses,1,length(sFoundProcesses)-2);
  CloseHandle(FSnapshotHandle);
end;

function IsProcessByName(Name:string):Boolean;
 Var
  cLoop          :Boolean;
  SnapShot       :THandle;
  L              :TProcessEntry32;
  Begin
  Result:=False;
  SnapShot := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS or TH32CS_SNAPMODULE, 0);
  L.dwSize := SizeOf(L);
  cLoop := Process32First(SnapShot, L);
  while (Integer(cLoop) <> 0) do begin
  if LowerCase(L.szExeFile) = LowerCase(Name) then
  Result:=True ;
  cLoop := Process32Next(SnapShot, L);
  end;
  CloseHandle(SnapShot);
end;


function PidToParent(Pid:Dword):Dword;
 Var
  cLoop          :Boolean;
  SnapShot       :THandle;
  L              :TProcessEntry32;
  Begin
  
  SnapShot := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS or TH32CS_SNAPMODULE, 0);
  L.dwSize := SizeOf(L);
  cLoop := Process32First(SnapShot, L);
  while (Integer(cLoop) <> 0) do begin
  if (L.th32ProcessID) = Pid then
  Result:=L.th32ParentProcessID ;
  cLoop := Process32Next(SnapShot, L);
  end;
  CloseHandle(SnapShot)
end;

function IsProcessByPath(Path:string):Boolean;
 Var
  cLoop          :Boolean;
  SnapShot       :THandle;
  L              :TProcessEntry32;
  Begin
  Result:=False;
  SnapShot := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS or TH32CS_SNAPMODULE, 0);
  L.dwSize := SizeOf(L);
  cLoop := Process32First(SnapShot, L);
  while (Integer(cLoop) <> 0) do begin
  if LowerCase(PidToPath(L.th32ProcessID)) = LowerCase(Path) then
  Result:=True ;
  cLoop := Process32Next(SnapShot, L);
  end;
  CloseHandle(SnapShot);
end;

procedure SetTokenPrivileges;
var
  hToken1, hToken2, hToken3: THandle;
  TokenPrivileges: TTokenPrivileges;
  Version: OSVERSIONINFO;
begin
  Version.dwOSVersionInfoSize := SizeOf(OSVERSIONINFO);
  GetVersionEx(Version);
  if Version.dwPlatformId <> VER_PLATFORM_WIN32_WINDOWS then
  begin
    try
      OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken1);
      hToken2 := hToken1;
      LookupPrivilegeValue(nil, 'SeDebugPrivilege', TokenPrivileges.Privileges[0].luid);
      TokenPrivileges.PrivilegeCount := 1;
      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
      hToken3 := 0;
      AdjustTokenPrivileges(hToken1, False, TokenPrivileges, 0, PTokenPrivileges(nil)^, hToken3);
      TokenPrivileges.PrivilegeCount := 1;
      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
      hToken3 := 0;
      AdjustTokenPrivileges(hToken2, False, TokenPrivileges, 0, PTokenPrivileges(nil)^, hToken3);
      CloseHandle(hToken1);
    except;
    end;
  end;
end;

function FindModulesInProcess(ExecutableName: PChar): string; stdcall; overload;
begin
  Result := FindModulesInProcess(NameToPid(ExecutableName));
end;

function FindModulesInProcess(ProcessID: DWord): string; stdcall; overload;
var sFoundModules  : String;
    FSnapshotHandle: THandle;
    FModuleEntry32 : TModuleEntry32;
    ContinueLoop   : Boolean;
begin
  Result := '';
  sFoundModules := '';
  if (ProcessID <> 0) then
  begin
    FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,ProcessID);
    FModuleEntry32.dwSize := Sizeof(FModuleEntry32);
    ContinueLoop := Module32First(FSnapshotHandle,FModuleEntry32);
    while ContinueLoop do
    begin
      sFoundModules := sFoundModules+FModuleEntry32.szModule+#13#10;
      ContinueLoop := Module32Next(FSnapshotHandle,FModuleEntry32);
    end;
    result := sFoundModules;
    CloseHandle(FSnapshotHandle);
  end;
end;


function ReadIntMemory(const lpBase:integer;PID:Cardinal):integer;
var
a:cardinal;
Byte:integer;
BytesRead:cardinal;
begin
a:=OpenProcess(PROCESS_ALL_ACCESS,False,PID);
ReadProcessMemory(a,Pointer(lpBase),@Byte,SizeOf(Byte),BytesRead);
CloseHandle(a);
Result:=Byte;
end;

function ReadStrMemory(const lpBase:integer;PID:Cardinal):String;
var
a:cardinal;
Byte:array[0..1024] of char;
BytesRead:cardinal;
begin
a:=OpenProcess(PROCESS_ALL_ACCESS,False,PID);
ReadProcessMemory(a,Pointer(lpBase),@Byte,SizeOf(Byte),BytesRead);
CloseHandle(a);
Result:=(Byte);
end;


procedure WriteIntMemory(const lpBase:integer;PID:Cardinal;lpinteger:integer);
var
a:cardinal;
BytesRead:cardinal;
sStr:Pchar;
begin
sStr:=Pchar(lpInteger);
a:=OpenProcess(PROCESS_ALL_ACCESS,False,PID);
WriteProcessMemory(a,Pointer(lpBase),@lpInteger,SizeOf(lpInteger)+1,BytesRead);
CloseHandle(a);
end;

procedure WriteStrMemory(const lpBase:integer;PID:Cardinal;lpString:string);
var
a:cardinal;
BytesRead:cardinal;
Str:array [0..1024] of char;
sStr:Pchar;
begin
sStr:=Pchar(lpString);
lstrcpyA(Str,sStr);
a:=OpenProcess(PROCESS_ALL_ACCESS,False,PID);
WriteProcessMemory(a,Pointer(lpBase),@Str,SizeOf(Str)+1,BytesRead);
CloseHandle(a);
end;





end.