私は実際にアプリをプログラミングして、どのファイルが開かれているかを確認しています。
彼は私が作成したものではないコードの一部です。使用しようとしていますが、理解できません...プロセスによって開かれたファイル名を取得しようとしていますが、関数は常に結果ですのように: /Default または /Sessions/1/Windows ... そのようなもの.私を助けてください、私の悪い英語でごめんなさい
const
SystemHandleInformation = $10;
STATUS_SUCCESS = $00000000;
STATUS_BUFFER_OVERFLOW = $80000005;
STATUS_INFO_LENGTH_MISMATCH = $C0000004;
DefaulBUFFERSIZE = $100000;
type
OBJECT_INFORMATION_CLASS = (ObjectBasicInformation, ObjectNameInformation,
ObjectTypeInformation, ObjectAllTypesInformation, ObjectHandleInformation);
SYSTEM_HANDLE = packed record
uIdProcess: ULONG;
ObjectType: UCHAR;
Flags: UCHAR;
Handle: Word;
pObject: Pointer;
GrantedAccess: ACCESS_MASK;
end;
PSYSTEM_HANDLE = ^SYSTEM_HANDLE;
SYSTEM_HANDLE_ARRAY = Array [0 .. 0] of SYSTEM_HANDLE;
PSYSTEM_HANDLE_ARRAY = ^SYSTEM_HANDLE_ARRAY;
SYSTEM_HANDLE_INFORMATION = packed record
uCount: ULONG;
Handles: SYSTEM_HANDLE_ARRAY;
end;
PSYSTEM_HANDLE_INFORMATION = ^SYSTEM_HANDLE_INFORMATION;
TNtQuerySystemInformation = function(SystemInformationClass: DWORD;
SystemInformation: Pointer; SystemInformationLength: DWORD;
ReturnLength: PDWORD): THandle; stdcall;
TNtQueryObject = function(ObjectHandle: cardinal;
ObjectInformationClass: OBJECT_INFORMATION_CLASS;
ObjectInformation: Pointer; Length: ULONG; ResultLength: PDWORD)
: THandle; stdcall;
UNICODE_STRING = packed record
Length: Word;
MaximumLength: Word;
Buffer: PWideChar;
end;
OBJECT_NAME_INFORMATION = UNICODE_STRING;
POBJECT_NAME_INFORMATION = ^OBJECT_NAME_INFORMATION;
Var
NTQueryObject: TNtQueryObject;
NTQuerySystemInformation: TNtQuerySystemInformation;
Procedure EnumerateOpenFiles();
var
sDummy: string;
hProcess: THandle;
hObject: THandle;
ResultLength: DWORD;
aBufferSize: DWORD;
aIndex: Integer;
pHandleInfo: PSYSTEM_HANDLE_INFORMATION;
HDummy: THandle;
lpwsName: PWideChar;
lpwsType: PWideChar;
lpszProcess: pchar;
begin
aBufferSize := DefaulBUFFERSIZE;
pHandleInfo := AllocMem(aBufferSize);
HDummy := NTQuerySystemInformation(DWORD(SystemHandleInformation),
pHandleInfo, aBufferSize, @ResultLength); // Get the list of handles
if (HDummy = STATUS_SUCCESS) then // If no error continue
begin
for aIndex := 0 to pHandleInfo^.uCount - 1 do // iterate the list
begin
hProcess := OpenProcess(PROCESS_DUP_HANDLE or PROCESS_QUERY_INFORMATION or
PROCESS_VM_READ, False, pHandleInfo.Handles[aIndex].uIdProcess);
// open the process to get aditional info
if (hProcess <> INVALID_HANDLE_VALUE) then // Check valid handle
begin
hObject := 0;
if DuplicateHandle(hProcess, pHandleInfo.Handles[aIndex].Handle,
GetCurrentProcess, @hObject, STANDARD_RIGHTS_REQUIRED, False, 0) then
// Get a copy of the original handle
begin
lpwsName := GetObjectInfo(hObject, ObjectTypeInformation);
// Get the filename linked to the handle
if (lpwsName <> nil) then
begin
lpwsType := GetObjectInfo(hObject, ObjectNameInformation);
lpszProcess := AllocMem(MAX_PATH);
if GetModuleFileNameEx(hProcess, 0, lpszProcess, MAX_PATH) <> 0 then
// get the name of the process
sDummy := ExtractFileName(lpszProcess)
else
sDummy := 'System Process';
with MainForm.UsedFilesListView.Items.add do
begin
// Ajout
Caption := sDummy;
ImageIndex := -1;
SubItems.add(lpwsName);
end;
// Writeln('PID ', pHandleInfo.Handles[aIndex].uIdProcess);
// Writeln('Handle ', pHandleInfo.Handles[aIndex].Handle);
// Writeln('Process ', sDummy);
// Writeln('FileName ', string(lpwsName));
// Writeln;
FreeMem(lpwsName);
FreeMem(lpwsType);
FreeMem(lpszProcess);
end;
CloseHandle(hObject);
end;
CloseHandle(hProcess);
end;
end;
end;
FreeMem(pHandleInfo);
end;