Delphi Source Code
Search engine
HOME Components Tutorials Add Trick Links Contacts
ActiveX Components Database Files Forms Graphic Internet/Lan Math Miscellaneous Multimedia Printing Strings System Information Windows

Delphi source code for System Information >> Get process informations? (Windows NT/2000)

Category: System Information
Title: Get process informations? (Windows NT/2000)
Date added: 15.03.2006
Hits: 16955

  PDebugModule = ^TDebugModule;
  TDebugModule = packed record
    Reserved: array [0..1] of Cardinal;
    Base: Cardinal;
    Size: Cardinal;
    Flags: Cardinal;
    Index: Word;
    Unknown: Word;
    LoadCount: Word;
    ModuleNameOffset: Word;
    ImageName: array [0..$FF] of Char;
  PDebugModuleInformation = ^TDebugModuleInformation;
  TDebugModuleInformation = record
    Count: Cardinal;
    Modules: array [0..0] of TDebugModule;
  PDebugBuffer = ^TDebugBuffer;
  TDebugBuffer = record
    SectionHandle: THandle;
    SectionBase: Pointer;
    RemoteSectionBase: Pointer;
    SectionBaseDelta: Cardinal;
    EventPairHandle: THandle;
    Unknown: array [0..1] of Cardinal;
    RemoteThreadHandle: THandle;
    InfoClassMask: Cardinal;
    SizeOfInfo: Cardinal;
    AllocatedSize: Cardinal;
    SectionSize: Cardinal;
    ModuleInformation: PDebugModuleInformation;
    BackTraceInformation: Pointer;
    HeapInformation: Pointer;
    LockInformation: Pointer;
    Reserved: array [0..7] of Pointer;
  PDI_MODULES = $01;
  ntdll = 'ntdll.dll';
  TFNRtlCreateQueryDebugBuffer = function(Size: Cardinal;
    EventPair: Boolean): PDebugBuffer;
  TFNRtlQueryProcessDebugInformation = function(ProcessId,
    DebugInfoClassMask: Cardinal; var DebugBuffer: TDebugBuffer): Integer;
  TFNRtlDestroyQueryDebugBuffer = function(DebugBuffer: PDebugBuffer): Integer;
  RtlCreateQueryDebugBuffer: TFNRtlCreateQueryDebugBuffer;
  RtlQueryProcessDebugInformation: TFNRtlQueryProcessDebugInformation;
  RtlDestroyQueryDebugBuffer: TFNRtlDestroyQueryDebugBuffer;

function LoadRtlQueryDebug: LongBool;
  if HNtDll = 0 then
    HNtDll := LoadLibrary(ntdll);
    if HNtDll <> 0 then
      RtlCreateQueryDebugBuffer       := GetProcAddress(HNtDll, 'RtlCreateQueryDebugBuffer');
      RtlQueryProcessDebugInformation := GetProcAddress(HNtDll,
      RtlDestroyQueryDebugBuffer      := GetProcAddress(HNtDll,
  Result := Assigned(RtlCreateQueryDebugBuffer) and
    Assigned(RtlQueryProcessDebugInformation) and

procedure TForm1.Button1Click(Sender: TObject);
  DbgBuffer: PDebugBuffer;
  Loop: Integer;
  if not LoadRtlQueryDebug then Exit;
  DbgBuffer := RtlCreateQueryDebugBuffer(0, False);
  if Assigned(DbgBuffer) then
      if RtlQueryProcessDebugInformation(StrToIntDef(Edit1.Text, GetCurrentProcessId),
        PDI_MODULES, DbgBuffer^) >= 0 then
        for Loop := 0 to DbgBuffer.ModuleInformation.Count - 1 do
          with DbgBuffer.ModuleInformation.Modules[Loop], Memo1.Lines do
            Add('ImageName: ' + ImageName);
            Add('  Reserved0: ' + IntToHex(Reserved[0], 8));
            Add('  Reserved1: ' + IntToHex(Reserved[1], 8));
            Add('  Base: ' + IntToHex(Base, 8));
            Add('  Size: ' + IntToHex(Size, 8));
            Add('  Flags: ' + IntToHex(Flags, 8));
            Add('  Index: ' + IntToHex(Index, 4));
            Add('  Unknown: ' + IntToHex(Unknown, 4));
            Add('  LoadCount: ' + IntToHex(LoadCount, 4));
            Add('  ModuleNameOffset: ' + IntToHex(ModuleNameOffset, 4));

Related Delphi Source Code:
Delphi Tricks
Delphi Tricks
For any problems or recommendations about Delphi Tricks site, please

feel free to contact us on that e-mail:
If you want to advertise on the site use that e-mail:

You can freely use or modify these Delphi source codes for non-commercial use. We are not responsible of any damages that can be caused by the utilisation of that source codes.

Copyright © 2006-2010 AVSoftware Company. All rights reserved.
Hide IP tricks