#include <WinAPI.au3>
#include <array.au3>
Global Const $PROCESS_VM_READ=0x10
Global Const $PROCESS_QUERY_INFORMATION = 0x400
_GetPrivilege_SEDEBUG()
$list=ProcessList()
Redim $list[ubound($list,1)][3]
Local $sSch = InputBox("请输入完整的路径", @CRLF & '例如:c:\windows\explorer.exe','c:\windows\explorer.exe')
Local $sPIDS = ''
Local $sPath
For $i=1 to ubound($list,1)-1
$sPath = _WinAPI_GetCommandLineFromPID($list[$i][1])
If $sPath = $sSch Then $sPIDS &= $list[$i][1]
Next
MsgBox(0, $sSch, $sSch & @CRLF & 'PID:' & $sPIDS)
Func _WinAPI_GetCommandLineFromPID($PID)
$ret1=DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $PROCESS_VM_READ+$PROCESS_QUERY_INFORMATION, 'int', False, 'int', $PID)
$tag_PROCESS_BASIC_INFORMATION = "int ExitStatus;" & _
"ptr PebBaseAddress;" & _
"ptr AffinityMask;" & _
"ptr BasePriority;" & _
"ulong UniqueProcessId;" & _
"ulong InheritedFromUniqueProcessId;"
$PBI=DllStructCreate($tag_PROCESS_BASIC_INFORMATION)
DllCall("ntdll.dll", "int", "ZwQueryInformationProcess", "hwnd", $ret1[0], "int", 0, "ptr", DllStructGetPtr($PBI), "int", _
DllStructGetSize($PBI), "int",0)
$dw=DllStructCreate("ptr")
DllCall("kernel32.dll", "int", "ReadProcessMemory", "hwnd", $ret1[0], _
"ptr", DllStructGetData($PBI,2)+0x10, _
"ptr", DllStructGetPtr($dw), "int", 4, "ptr", 0)
$unicode_string = DllStructCreate("ushort Length;ushort MaxLength;ptr String")
DllCall("kernel32.dll", "int", "ReadProcessMemory", "hwnd", $ret1[0], _
"ptr", DllStructGetData($dw, 1)+0x40, _
"ptr", DllStructGetPtr($unicode_string), "int", DllStructGetSize($unicode_string), "ptr", 0)
$ret=DllCall("kernel32.dll", "int", "ReadProcessMemory", "hwnd", $ret1[0], _
"ptr", DllStructGetData($unicode_string, "String"), _
"wstr", 0, "int", DllStructGetData($unicode_string, "Length") + 2, "int*", 0)
DllCall("kernel32.dll", 'int', 'CloseHandle', "hwnd", $ret1[0])
If $ret[5] Then Return $ret[3]
Return ""
EndFunc
Func _GetPrivilege_SEDEBUG()
Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes"
Local $count = 1
Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]"
Local $TOKEN_ADJUST_PRIVILEGES = 0x20
Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", _WinAPI_GetCurrentProcess(), "dword", $TOKEN_ADJUST_PRIVILEGES, "ptr*", "")
Local $hToken = $call[3]
$call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", Chr(0), "str", "SeDebugPrivilege", "int64*", "")
Local $iLuid = $call[3]
Local $TP = DllStructCreate($tagTOKENPRIVILEGES)
Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB"))
DllStructSetData($TP, "PrivilegeCount", $count)
DllStructSetData($LUID, "Luid", $iLuid)
DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED)
$call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "ptr", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", Chr(0), "ptr", Chr(0))
Return ($call[0] <> 0)
EndFunc