Phrozen Timeline - Phrozen
PowerRunAsSystem 25 Feb 2022

Run application as system with interactive system process support (active Windows session)

This technique doesn't rely on any external tools and doesn't require a Microsoft Service.

It spawns an NT Authority/System process using the Microsoft Windows Task Scheduler then upgrade to Interactive System Process using cool WinApi's (Run in Active Windows Session)



Read more...
Enum Process Method 1 23 Nov 2020

This is one of the most famous method to enumerate running process on Windows.

If AFilterSameArch is set to True, only processes running with same architecture as current process will be listed.

{
    Jean-Pierre LESUEUR (@DarkCoderSc)

    Example:

    ...
    var AProcessName    : String;
        AProcessId      : Cardinal;
        AProcessList    : TDictionary;
    begin
        AProcessList := EnumProcess(True);
        try
            for AProcessId in AProcessList.Keys do begin
                if NOT AProcessList.TryGetValue(AProcessId, AProcessName) then
                    continue;
                ///

                ...
            end;
        finally
            if Assigned(AProcessList) then
            FreeAndNil(AProcessList);
        end;
    end;
}

//...
uses tlhelp32, SysUtils, Windows, Generics.Collections;
//...

function EnumProcess(AFilterSameArch : Boolean = False) : TDictionary;
var ASnap         : THandle;
    AProcessEntry : TProcessEntry32;
    AProcessName  : String;

    procedure AppendEntry();
    begin
      if AFilterSameArch and ((IsProcessX64(GetCurrentProcessId())) <> (IsProcessX64(AProcessEntry.th32ProcessID))) then
        Exit();
      ///

      result.Add(AProcessEntry.th32ProcessID, AProcessEntry.szExeFile);
    end;

begin
  result := TDictionary.Create();
  ///

  ASnap := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  if ASnap = INVALID_HANDLE_VALUE then
    Exit();
  try
    ZeroMemory(@AProcessEntry, SizeOf(TProcessEntry32));
    ///

    AProcessEntry.dwSize := SizeOf(TProcessEntry32);

    if NOT Process32First(ASnap, AProcessEntry) then
      Exit();

    AppendEntry();

    while True do begin
      ZeroMemory(@AProcessEntry, SizeOf(TProcessEntry32));
      ///

      AProcessEntry.dwSize := SizeOf(TProcessEntry32);

      if NOT Process32Next(ASnap, AProcessEntry) then
        break;

      AppendEntry();
    end;
  finally
    CloseHandle(ASnap);
  end;
end;
Read more...