#include <windows.h>

#include <stdio.h>

#define ProcessBasicInformation 0

typedef struct

{

    USHORT Length;

    USHORT MaximumLength;

    PWSTR  Buffer;

} UNICODE_STRING, *PUNICODE_STRING;

typedef struct

{

    ULONG          AllocationSize;

    ULONG          ActualSize;

    ULONG          Flags;

    ULONG          Unknown1;

    UNICODE_STRING Unknown2;

    HANDLE         InputHandle;

    HANDLE         OutputHandle;

    HANDLE         ErrorHandle;

    UNICODE_STRING CurrentDirectory;

    HANDLE         CurrentDirectoryHandle;

    UNICODE_STRING SearchPaths;

    UNICODE_STRING ApplicationName;

    UNICODE_STRING CommandLine;

    PVOID          EnvironmentBlock;

    ULONG          Unknown[];

    UNICODE_STRING Unknown3;

    UNICODE_STRING Unknown4;

    UNICODE_STRING Unknown5;

    UNICODE_STRING Unknown6;

} PROCESS_PARAMETERS, *PPROCESS_PARAMETERS;

typedef struct

{

    ULONG               AllocationSize;

    ULONG               Unknown1;

    HINSTANCE           ProcessHinstance;

    PVOID               ListDlls;

    PPROCESS_PARAMETERS ProcessParameters;

    ULONG               Unknown2;

    HANDLE              Heap;

} PEB, *PPEB;

typedef struct

{

    DWORD ExitStatus;

    PPEB  PebBaseAddress;

    DWORD AffinityMask;

    DWORD BasePriority;

    ULONG UniqueProcessId;

    ULONG InheritedFromUniqueProcessId;

}   PROCESS_BASIC_INFORMATION;

// ntdll!NtQueryInformationProcess (NT specific!)

//

// The function copies the process information of the

// specified type into a buffer

//

// NTSYSAPI

// NTSTATUS

// NTAPI

// NtQueryInformationProcess(

//    IN HANDLE ProcessHandle,              // handle to process

//    IN PROCESSINFOCLASS InformationClass, // information type

//    OUT PVOID ProcessInformation,         // pointer to buffer

//    IN ULONG ProcessInformationLength,    // buffer size in bytes

//    OUT PULONG ReturnLength OPTIONAL      // pointer to a 32-bit

//                                          // variable that receives

//                                          // the number of bytes

//                                          // written to the buffer

// );

typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);

PROCNTQSIP NtQueryInformationProcess;

BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen);

void main(int argc, char* argv[])

{

    if (argc<)

    {

        printf("Usage:\n\ncmdline.exe ProcId\n");

        return;

    }

    NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(

        GetModuleHandleA("ntdll"),

        "NtQueryInformationProcess"

        );

    if (!NtQueryInformationProcess)

        return;

    DWORD dwId;

    sscanf(argv[],"%lu",&dwId);

    WCHAR wstr[] = {};

    if (GetProcessCmdLine(dwId,wstr,sizeof(wstr)))

        wprintf(L"Command line for process %lu is:\n%s\n",dwId,wstr);

    else

        wprintf(L"Could not get command line!");

    system("pause");

}

BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen)

{

    LONG                      status;

    HANDLE                    hProcess;

    PROCESS_BASIC_INFORMATION pbi;

    PEB                       Peb;

    PROCESS_PARAMETERS        ProcParam;

    DWORD                     dwDummy;

    DWORD                     dwSize;

    LPVOID                    lpAddress;

    BOOL                      bRet = FALSE;

    // Get process handle

    hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,dwId);

    if (!hProcess)

        return FALSE;

    // Retrieve information

    status = NtQueryInformationProcess( hProcess,

        ProcessBasicInformation,

        (PVOID)&pbi,

        sizeof(PROCESS_BASIC_INFORMATION),

        NULL

        );

    if (status)

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        pbi.PebBaseAddress,

        &Peb,

        sizeof(PEB),

        &dwDummy

        )

        )

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        Peb.ProcessParameters,

        &ProcParam,

        sizeof(PROCESS_PARAMETERS),

        &dwDummy

        )

        )

        goto cleanup;

    lpAddress = ProcParam.CommandLine.Buffer;

    dwSize = ProcParam.CommandLine.Length;

    if (dwBufLen<dwSize)

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        lpAddress,

        wBuf,

        dwSize,

        &dwDummy

        )

        )

        goto cleanup;

    bRet = TRUE;

cleanup:

    CloseHandle (hProcess);

    return bRet;

}

原文转自:http://blog.donews.com/zwell/archive/2004/09/30/114988.aspx

<转>得到其它进程的命令行的更多相关文章

  1. C#中如何获取其他进程的命令行参数 ( How to get other processes's command line argument )

    Subject: C#中如何获取其他进程的命令行参数 ( How to get other processes&apos;s command line argument )From: jian ...

  2. 获取其他进程的命令行(ReadProcessMemory其它进程的PPROCESS_PARAMETERS和PEB结构体)

    type   UNICODE_STRING = packed record     Length: Word;     MaximumLength: Word;     Buffer: PWideCh ...

  3. Docker命令行与守护进程如何交互?

    译者按: Docker是典型的C/S架构,其守护进程(daemon)与命令行(CLI)是通过REST API进行交互的. 原文: Understanding how the Docker Daemon ...

  4. windows上,任务管理器中,进程命令行太长怎么办

    一.前言 在windows上,有时候需要查看进程命令行,但是有的进程的命令行太长了,很难看全 此时,可以使用下面的方法解决(红框改为自己要查看的进程即可): C:\Users\Gaoyu>wmi ...

  5. 2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行

    原文:2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行 title author date CreateTime categories dotnet 通过 WMI 获取指定进 ...

  6. 2019-11-29-dotnet-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-11-29 08:35:11 +0800 2019-0 ...

  7. 2019-8-31-dotnet-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:58 +0800 2019-0 ...

  8. 2019-8-31-dotnet-通过-WMI-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 通过 WMI 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:59 +0800 ...

  9. dotnet 获取指定进程的输入命令行

    本文告诉大家如何在 dotnet 获取指定的进程的命令行参数 很多的程序在启动的时候都需要传入参数,那么如何拿到这些程序传入的参数? 我找到两个方法,一个需要引用 C++ 库支持 x86 和 x64 ...

随机推荐

  1. 「2018山东一轮集训」 Tree

    为什么出题人这么毒瘤啊??!!一个分块还要带log的题非要出成n<=2*1e5....... 为了卡过最后两个点我做了无数常数优化,包括但不限于:把所有线段树改成 存差分的树状数组:把树剖求LC ...

  2. HDU 6035 Colorful Tree(补集思想+树形DP)

    [题目链接] http://acm.hdu.edu.cn/showproblem.php?pid=6035 [题目大意] 给出一颗树,一条路径的价值为其上点权的种类数,求路径总价值 [题解] 单独考虑 ...

  3. Gym 101128F Sheldon Numbers(网络流)

    [题目链接] http://codeforces.com/gym/101128/attachments [题目大意] 给出一张地图,分为高地和低地,高低地的交界线上划有红线, 现在要开小车跨过每条红线 ...

  4. 【找规律】计蒜客17118 2017 ACM-ICPC 亚洲区(西安赛区)网络赛 E. Maximum Flow

    题意:一张有n个点的图,结点被编号为0~n-1,i往所有编号比它大的点j连边,权值为i xor j.给你n,问你最大流. 打个表,别忘了把相邻两项的差打出来,你会发现神奇的规律……你会发现每个答案都是 ...

  5. 【贪心】 Codeforces Round #419 (Div. 1) A. Karen and Game

    容易发现,删除的顺序不影响答案. 所以可以随便删. 如果行数大于列数,就先删列:否则先删行. #include<cstdio> #include<algorithm> usin ...

  6. 【后缀自动机】poj1509 Glass Beads

    字符串最小表示 后缀自动机 O(n) 把串复制一次,链接在后面之后,建立SAM,贪心地在SAM上转移,每次贪心地选择最小的字符,转移的长度为n时停止. 输出时由于要最靠前的,所以要在endpos集合中 ...

  7. 设置Eclipse编码方式

    1.windows->Preferences...打开"首选项"对话框,左侧导航树,导航到 general->Workspace,右侧Text file encodin ...

  8. keytool工具生成自签名证书并且通过浏览器导入证书

    1.生成服务器证书库 keytool -genkey -alias tomcat -keypass changeit -keyalg RSA -keysize 1024 -validity 365 - ...

  9. Codeforces Beta Round #2 B. The least round way dp

    B. The least round way 题目连接: http://www.codeforces.com/contest/2/problem/B Description There is a sq ...

  10. Ubuntu 16.04搭建原始Git服务器

    说明:不要把有限的生命浪费到权限斗争中! 1.安装SSH sudo apt-get install openssh-server sudo service ssh start 2.安装Git sudo ...