این کد میتونه به شما کمک منه
const
SE_CREATE_TOKEN_NAME = 'SeCreateTokenPrivilege';
SE_ASSIGNPRIMARYTOKEN_NAME = 'SeAssignPrimaryTokenPrivilege';
SE_LOCK_MEMORY_NAME = 'SeLockMemoryPrivilege';
SE_INCREASE_QUOTA_NAME = 'SeIncreaseQuotaPrivilege';
SE_UNSOLICITED_INPUT_NAME = 'SeUnsolicitedInputPrivilege';
SE_MACHINE_ACCOUNT_NAME = 'SeMachineAccountPrivilege';
SE_TCB_NAME = 'SeTcbPrivilege';
SE_SECURITY_NAME = 'SeSecurityPrivilege';
SE_TAKE_OWNERSHIP_NAME = 'SeTakeOwnershipPrivilege';
SE_LOAD_DRIVER_NAME = 'SeLoadDriverPrivilege';
SE_SYSTEM_PROFILE_NAME = 'SeSystemProfilePrivilege';
SE_SYSTEMTIME_NAME = 'SeSystemtimePrivilege';
SE_PROF_SINGLE_PROCESS_NAME = 'SeProfileSingleProcessPrivilege';
SE_INC_BASE_PRIORITY_NAME = 'SeIncreaseBasePriorityPrivilege';
SE_CREATE_PAGEFILE_NAME = 'SeCreatePagefilePrivilege';
SE_CREATE_PERMANENT_NAME = 'SeCreatePermanentPrivilege';
SE_BACKUP_NAME = 'SeBackupPrivilege';
SE_RESTORE_NAME = 'SeRestorePrivilege';
SE_SHUTDOWN_NAME = 'SeShutdownPrivilege';
SE_DEBUG_NAME = 'SeDebugPrivilege';
SE_AUDIT_NAME = 'SeAuditPrivilege';
SE_SYSTEM_ENVIRONMENT_NAME = 'SeSystemEnvironmentPrivilege';
SE_CHANGE_NOTIFY_NAME = 'SeChangeNotifyPrivilege';
SE_REMOTE_SHUTDOWN_NAME = 'SeRemoteShutdownPrivilege';
SE_UNDOCK_NAME = 'SeUndockPrivilege';
SE_SYNC_AGENT_NAME = 'SeSyncAgentPrivilege';
SE_ENABLE_DELEGATION_NAME = 'SeEnableDelegationPrivilege';
SE_MANAGE_VOLUME_NAME = 'SeManageVolumePrivilege';
// Enables or disables privileges debending on the bEnabled
// Aktiviert oder deaktiviert Privilegien, abhängig von bEnabled
function NTSetPrivilege(sPrivilege: string; bEnabled: Boolean): Boolean;
var
hToken: THandle;
TokenPriv: TOKEN_PRIVILEGES;
PrevTokenPriv: TOKEN_PRIVILEGES;
ReturnLength: Cardinal;
begin
Result := True;
// Only for Windows NT/2000/XP and later.
if not (Win32Platform = VER_PLATFORM_WIN32_NT) then Exit;
Result := False;
// obtain the processes token
if OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then
begin
try
// Get the locally unique identifier (LUID) .
if LookupPrivilegeValue(nil, PChar(sPrivilege),
TokenPriv.Privileges[0].Luid) then
begin
TokenPriv.PrivilegeCount := 1; // one privilege to set
case bEnabled of
True: TokenPriv.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
False: TokenPriv.Privileges[0].Attributes := 0;
end;
ReturnLength := 0; // replaces a var parameter
PrevTokenPriv := TokenPriv;
// enable or disable the privilege
AdjustTokenPrivileges(hToken, False, TokenPriv, SizeOf(PrevTokenPriv),
PrevTokenPriv, ReturnLength);
end;
finally
CloseHandle(hToken);
end;
end;
// test the return value of AdjustTokenPrivileges.
Result := GetLastError = ERROR_SUCCESS;
if not Result then
raise Exception.Create(SysErrorMessage(GetLastError));
end;
const
STATUS_INFO_LENGTH_MISMATCH = $C0000004;
SystemHandleInformation = 16;
ObjectBasicInformation = 0;
ObjectNameInformation = 1;
ObjectTypeInformation = 2;
ObjectAllTypesInformation = 3;
ObjectHandleInformation = 4;
type
SYSTEM_HANDLE_TABLE_ENTRY_INFO = packed record
UniqueProcessId: Word;
CreatorBackTraceIndex: Word;
ObjectTypeIndex: Byte;
HandleAttributes: Byte;
HandleValue: Word;
Object_: THandle;
GrantedAccess: Cardinal;
end;
SYSTEM_HANDLE_INFORMATION = packed record
NumberOfHandles: Integer;
Handles: array[0..10] of SYSTEM_HANDLE_TABLE_ENTRY_INFO;
end;
PSYSTEM_HANDLE_INFORMATION = ^SYSTEM_HANDLE_INFORMATION;
OBJECT_BASIC_INFORMATION = packed record
Attributes:ULONG;
GrantedAccess:ACCESS_MASK;
HandleCount:ULONG;
PointerCount:ULONG;
PagedPoolUsage:ULONG;
NonPagedPoolUsage:ULONG;
Reserved:Array[1..3] of ULONG;
NameInformationLength:ULONG;
TypeInformationLength:ULONG;
SecurityDescriptorLength:ULONG;
CreateTime:LARGE_INTEGER;
end;
UNICODE_STRING = packed record
Length: Word;
MaximumLength: Word;
Buffer: PWideChar;
end;
OBJECT_TYPE_INFORMATION = record
Name: UNICODE_STRING;
ObjectCount:ULONG;
HandleCount:ULONG;
Reserved1:Array[1..4] of ULONG;
PeakObjectCount:ULONG;
PeakHandleCount:ULONG;
Reserved2:Array[1..4] of ULONG;
InvalidAttributes:ULONG;
GenericMapping:GENERIC_MAPPING;
ValidAccess:ULONG;
Unknown:UCHAR;
MaintainHandleDatabase:BOOLEAN;
PoolType:ULONG;
PagedPoolUsage:ULONG;
NonPagedPoolUsage:ULONG;
end;
POBJECT_TYPE_INFORMATION = ^OBJECT_TYPE_INFORMATION;
OBJECT_NAME_INFORMATION = record
Name: UNICODE_STRING;
end;
POBJECT_NAME_INFORMATION = ^OBJECT_NAME_INFORMATION;
function NtQuerySystemInformation(dwInfoType: Integer; lpStructure: Pointer; dwSize: Integer; var dwReserved: Integer): ULONG; stdcall; external 'ntdll.dll';
function NtDuplicateObject(hSourceProcessHandle, hSourceHandle, hTargetProcessHandle: THandle; lpTargetHandle: PHandle; dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwOptions: DWORD): Integer; stdcall; external 'ntdll.dll';
function NtQueryObject(ObjectHandle, ObjectInformationClass: Integer; ObjectInformation: Pointer; Length: Integer; var ResultLength: Integer): Integer; stdcall; external 'ntdll.dll';
function NtSuccess(Test: Integer): LongBool; stdcall; external 'ntdll.dll';
function QHandle(Proc, H: DWORD):String;
var
hProcess, hObject: THandle;
n: Integer;
p: PSYSTEM_HANDLE_INFORMATION;
i, byt: Integer;
dummy: Integer;
Status: ULONG;
obi: OBJECT_BASIC_INFORMATION;
oti: POBJECT_TYPE_INFORMATION;
s: string;
oni: POBJECT_NAME_INFORMATION;
begin
NTSetPrivilege(SE_DEBUG_NAME, True);
hProcess := OpenProcess(PROCESS_DUP_HANDLE, False, Proc);
try
n := $1000;
GetMem(p, n * SizeOf(Integer));
Status := NtQuerySystemInformation(SystemHandleInformation, p, n * SizeOf(Integer), dummy);
while Status = STATUS_INFO_LENGTH_MISMATCH do
begin
n := n * 2;
ReAllocMem(p, n * SizeOf(Integer));
Status := NtQuerySystemInformation(SystemHandleInformation, p, n * SizeOf(Integer), dummy);
end;
try
for i := 0 to p^.NumberOfHandles-1 do
begin
if p^.Handles[i].UniqueProcessId = Proc then
begin
Status := NtDuplicateObject(hProcess, p^.Handles[i].HandleValue, GetCurrentProcess, @hObject, 0, False, DUPLICATE_SAME_ACCESS);
if Status <> 0 then
begin
Form1.Memo1.Lines.Add('error: ' + SysErrorMessage(GetLastError));
Continue;
end;
// do basic info
Status := NtQueryObject(hObject, ObjectBasicInformation, @obi, SizeOf(OBJECT_BASIC_INFORMATION), dummy);
if Status <> 0 then
raise Exception.Create(SysErrorMessage(GetLastError));
// do name 1
GetMem(oti, obi.TypeInformationLength + 2);
try
NtQueryObject(hObject, ObjectTypeInformation, oti, obi.TypeInformationLength + 2, dummy);
Form1.Memo1.Lines.Add('1: ' + oti^.Name.Buffer);
finally
FreeMem(oti);
end;
// do name 2
if obi.NameInformationLength = 0 then
n:= MAX_PATH * SizeOf(WCHAR)
else
n:= obi.NameInformationLength;
GetMem(oni, n);
try
FillChar(oni^, n, #0);
NtQueryObject(hObject, ObjectNameInformation, oni, n, dummy);
Form1.Memo1.Lines.Add('2: ' + oni^.Name.Buffer);
finally
FreeMem(oni);
end;
CloseHandle(hObject);
end;
end;
finally
FreeMem(p);
end;
finally
CloseHandle(hProcess);
end;
end;
function QHandle2(Mem:TListBox; Stat:TStatusBar):String;
var
hProcess, hObject: THandle;
n: Integer;
p: PSYSTEM_HANDLE_INFORMATION;
i, Tmp: Integer;
dummy: Integer;
Status: ULONG;
obi: OBJECT_BASIC_INFORMATION;
oti: POBJECT_TYPE_INFORMATION;
oni: POBJECT_NAME_INFORMATION;
begin
Result:= '';
NTSetPrivilege(SE_DEBUG_NAME, True);
n := $1000;
GetMem(p, n * SizeOf(Integer));
Status := NtQuerySystemInformation(SystemHandleInformation, p, n * SizeOf(Integer), dummy);
while Status = STATUS_INFO_LENGTH_MISMATCH do begin
n := n * 2;
ReAllocMem(p, n * SizeOf(Integer));
Status := NtQuerySystemInformation(SystemHandleInformation, p, n * SizeOf(Integer), dummy);
end;
Tmp:= 0;
for i := 0 to p^.NumberOfHandles-1 do begin
hProcess := OpenProcess(PROCESS_DUP_HANDLE, False, P^.Handles[i].UniqueProcessId);
Status:= NtDuplicateObject(hProcess, p^.Handles[i].HandleValue, GetCurrentProcess, @hObject, 0, False, DUPLICATE_SAME_ACCESS);
if Status = 0 then begin
if NtQueryObject(hObject, ObjectBasicInformation, @obi, SizeOf(OBJECT_BASIC_INFORMATION), dummy) = 0 then begin
GetMem(oti, obi.TypeInformationLength + 2);
FillChar(oti^, obi.TypeInformationLength + 2, #0);
if NtQueryObject(hObject, ObjectTypeInformation, oti, obi.TypeInformationLength + 2, dummy) = 0 then begin
if oti^.Name.Buffer = 'File' then begin
if obi.NameInformationLength = 0 then
n:= MAX_PATH * SizeOf(WCHAR)
else
n:= obi.NameInformationLength;
GetMem(oni, n);
FillChar(oni^, n, #0);
if NtQueryObject(hObject, ObjectNameInformation, oni, n, dummy) = 0 then begin
if oni^.Name.Length <> 22 then begin
// if Copy(oni^.Name.Buffer, 0, 22) = '\Device\HarddiskVolume' then begin
Mem.Items.Add(oni^.Name.Buffer);
Inc(Tmp);
// end;
end;
end;
FreeMem(oni);
end;
end;
FreeMem(oti);
end;
end;
Stat.Panels[0].Text:= IntToStr(I)+' '+IntToStr(Tmp);
Application.ProcessMessages;
CloseHandle(hObject);
CloseHandle(hProcess);
end;
FreeMem(p);
end;