Windows API

Get Process Name Method 4 GetProcessImageFileName

April 13, 2020
Delphi, Full Path, GetProcessImageFileName, Image Path, Process Name, Windows API

This time we will use a quite well known API to get the full process image path GetProcessImageFileName documented here. Nothing very complex and this technique works from 32bit to 64bit / 64bit to 32bit processes. // Jean-Pierre LESUEUR (@DarkCoderSc) function PhysicalToVirtualPath(APath : String) : String; var i : integer; ADrive : String; ABuffer : array[0..MAX_PATH-1] of Char; ACandidate : String; begin {$I-} for I := 0 to 25 do begin ADrive := Format('%s:', [Chr(Ord('A') + i)]); /// if (QueryDosDevice(PWideChar(ADrive), ABuffer, MAX_PATH) = 0) then continue; ACandidate := String(ABuffer). ...

Get Process Name Method 3 NtQueryInformationProcess

April 13, 2020
Delphi, Full Path, Image Path, Process Name, Windows API, NtQueryInformationProcess

Yet another technique to get the full image path of a target process using the NtQueryInformationProcess API documented Here This technique from 32bit to 64bit / 64bit to 32bit. // Jean-Pierre LESUEUR (@DarkCoderSc) function PhysicalToVirtualPath(APath : String) : String; var i : integer; ADrive : String; ABuffer : array[0..MAX_PATH-1] of Char; ACandidate : String; begin {$I-} for I := 0 to 25 do begin ADrive := Format('%s:', [Chr(Ord('A') + i)]); /// if (QueryDosDevice(PWideChar(ADrive), ABuffer, MAX_PATH) = 0) then continue; ACandidate := String(ABuffer). ...

Get DLL Exported Function Address

March 15, 2020
Windows API, Alternative, DLL, GetProcAddress, Exported Address, Library

This very small snippet is an adaptation of the previously released unit > UntEnumDLLExport.pas with just one goal, retrieve an exported function address by its name from any DLL (both 32 and 64bit). This adaptation is also interesting because it remove the need of having both heavy units Generics.Collections and SysUtils to have a smaller binary. Finally it is also quite interesting for tweaking our GetProcAddress alternative (you will find here) and only have the necesarry code. ...