카테고리 없음
[시스템] 실행중인 모든 프로세스의 Domain, User 구하기
정보모음1
2023. 9. 1. 08:47
반응형
// ListView 에 컬럼 4개를 추가한 후 컴파일 하세요
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, TlHelp32, ComCtrls;
type
TForm1 = class(TForm)
ListView1: TListView;
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
PTOKEN_USER = ^TOKEN_USER;
_TOKEN_USER = record
User: TSidAndAttributes;
end;
TOKEN_USER = _TOKEN_USER;
var
Form1: TForm1;
implementation
{$R *.dfm}
function GetUserAndDomainFromPID(ProcessId: DWORD; var User, Domain: string): Boolean;
var
hToken: THandle;
cbBuf: Cardinal;
ptiUser: PTOKEN_USER;
snu: SID_NAME_USE;
ProcessHandle: THandle;
UserSize, DomainSize: DWORD;
bSuccess: Boolean;
begin
Result := False;
ProcessHandle := OpenProcess(PROCESS_QUERY_INFORMATION, False, ProcessId);
if ProcessHandle <> 0 then
begin
if OpenProcessToken(ProcessHandle, TOKEN_QUERY, hToken) then
begin
bSuccess := GetTokenInformation(hToken, TokenUser, nil, 0, cbBuf);
ptiUser := nil;
while (not bSuccess) and (GetLastError = ERROR_INSUFFICIENT_BUFFER) do
begin
ReallocMem(ptiUser, cbBuf);
bSuccess := GetTokenInformation(hToken, TokenUser, ptiUser, cbBuf, cbBuf);
end;
CloseHandle(hToken);
if not bSuccess then Exit;
UserSize := 0;
DomainSize := 0;
LookupAccountSid(nil, ptiUser.User.Sid, nil, UserSize, nil, DomainSize, snu);
if (UserSize <> 0) and (DomainSize <> 0) then
begin
SetLength(User, UserSize);
SetLength(Domain, DomainSize);
if LookupAccountSid(nil, ptiUser.User.Sid, PChar(User), UserSize, PChar(Domain), DomainSize, snu) then
begin
Result := True;
User := StrPas(PChar(User));
Domain := StrPas(PChar(Domain));
end;
end;
if bSuccess then FreeMem(ptiUser);
end;
CloseHandle(ProcessHandle);
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
var
hProcSnap: THandle;
pe32: TProcessEntry32;
Domain, User: string;
begin
ListView1.Items.BeginUpdate;
hProcSnap := CreateToolHelp32SnapShot(TH32CS_SNAPALL, 0);
if hProcSnap = INVALID_HANDLE_VALUE then Exit;
pe32.dwSize := SizeOf(ProcessEntry32);
if Process32First(hProcSnap, pe32) then
while Process32Next(hProcSnap, pe32) do
begin
if GetUserAndDomainFromPID(pe32.th32ProcessID, User, Domain) then
begin
with Listview1.Items.Add do
begin
Caption := IntToStr(pe32.th32ProcessID);
SubItems.Add(pe32.szExeFile);
SubItems.Add(user);
SubItems.Add(domain);
end;
end else Listview1.Items.Add.SubItems.Add(pe32.szExeFile);
end;
CloseHandle(hProcSnap);
ListView1.Items.EndUpdate;
end;
end.반응형