function IsProtectedProcess(const dwProcessId: DWORD): BOOL; stdcall; // Determines whether a process is "Protected" or not // Vista introduced this type of process and it offers very few process and thread handle rights // Injection will always fail due to the design of these processes. Protected processes validate any to-be-loaded DLLs by hashing the contents // and checking this hash against an internal catalog of "signed" modules to be loaded. This API simply exists to check for this type of process // OpenProcess() fails in all cases with the exception of SYNCHRONIZE, PROCESS_QUERY_LIMITED_INFORMATION (0x1000) and PROCESS_TERMINATE access by design var hProcess: THandle; bIsProtected: BOOL; lpFileName: Array [0..MAX_PATH] of WChar; sPID: String; dwProcessId: DWORD; begin sPID := InputBox('Enter Process Id', 'Process Id (PID)', ''); Val(sPID, dwProcessId, dwProcessId); hProcess := OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, False, dwProcessId); if (hProcess <> 0) then begin bIsProtected := IsProtectedProcess(dwProcessId); ZeroMemory(@lpFileName, sizeof(lpFileName)); GetProcessFileNameW(hProcess, @lpFileName); ShowMessage(Format('Process Name: %s'#13'Is Protected: %s', [lpFileName, BoolToStr(bIsProtected, True)])); CloseHandle(hProcess); end else ShowMessage('Failed to Open Process'); end;