// this function returns the path to the executable file 
// file of a running process 
// It may be used for local or remote host. When used for local host 
// TargetHost, UserName, Password parameters must be empty. 
// For remote computer the parameters must be: 
// TargetHost: name or IP address of the remote host, like '10.8.36.54' 
// UserName: name of the user, may include domain, like 'MOON\Administrator'; 
// Password: the user's password. 
// AProcess: either a name (as returned by process_enumerate_query.exe example) 
//           or a handle of a process (integer value); 
// It returns a full path to the executable as the destination host sees it. 
function ProcessFindPath(TargetHost, UserName, Password, AProcess: string): string;
var
  ProcessControl: TWmiProcessControl;
  i: integer;
  vProcessHandle: cardinal;
  vProcess: TWmiProcess;
  vUserName, vDomain: widestring;
begin
  ProcessControl := TWmiProcessControl.Create(nil);
  try
    ProcessControl.MachineName := TargetHost;
    ProcessControl.Credentials.UserName := UserName;
    ProcessControl.Credentials.Password := Password;

    // exception may happen on Win9x, WinNT if WMI core is not installed; 
    // The provided credentials may also be invalid. 
    ProcessControl.Active := true;
    vProcessHandle := StrToIntDef(AProcess, -1);
    for i := 0 to ProcessControl.Processes.Count - 1 do
    begin
      vProcess := ProcessControl.Processes[i];
      if (vProcessHandle = vProcess.Handle) or
         (AProcess = vProcess.Name) then
        begin
          // this method may return empty values 
          // if current user does not have enough permissions. 
          Result := vProcess.ExecutablePath;
          Exit;
        end;
    end;

    raise Exception.Create('Specified process not found.');
  finally
    ProcessControl.Free;
  end;
end;