#include <windows.h>

#include <stdio.h>

#define ProcessBasicInformation 0

typedef struct

{

    USHORT Length;

    USHORT MaximumLength;

    PWSTR  Buffer;

} UNICODE_STRING, *PUNICODE_STRING;

typedef struct

{

    ULONG          AllocationSize;

    ULONG          ActualSize;

    ULONG          Flags;

    ULONG          Unknown1;

    UNICODE_STRING Unknown2;

    HANDLE         InputHandle;

    HANDLE         OutputHandle;

    HANDLE         ErrorHandle;

    UNICODE_STRING CurrentDirectory;

    HANDLE         CurrentDirectoryHandle;

    UNICODE_STRING SearchPaths;

    UNICODE_STRING ApplicationName;

    UNICODE_STRING CommandLine;

    PVOID          EnvironmentBlock;

    ULONG          Unknown[];

    UNICODE_STRING Unknown3;

    UNICODE_STRING Unknown4;

    UNICODE_STRING Unknown5;

    UNICODE_STRING Unknown6;

} PROCESS_PARAMETERS, *PPROCESS_PARAMETERS;

typedef struct

{

    ULONG               AllocationSize;

    ULONG               Unknown1;

    HINSTANCE           ProcessHinstance;

    PVOID               ListDlls;

    PPROCESS_PARAMETERS ProcessParameters;

    ULONG               Unknown2;

    HANDLE              Heap;

} PEB, *PPEB;

typedef struct

{

    DWORD ExitStatus;

    PPEB  PebBaseAddress;

    DWORD AffinityMask;

    DWORD BasePriority;

    ULONG UniqueProcessId;

    ULONG InheritedFromUniqueProcessId;

}   PROCESS_BASIC_INFORMATION;

// ntdll!NtQueryInformationProcess (NT specific!)

//

// The function copies the process information of the

// specified type into a buffer

//

// NTSYSAPI

// NTSTATUS

// NTAPI

// NtQueryInformationProcess(

//    IN HANDLE ProcessHandle,              // handle to process

//    IN PROCESSINFOCLASS InformationClass, // information type

//    OUT PVOID ProcessInformation,         // pointer to buffer

//    IN ULONG ProcessInformationLength,    // buffer size in bytes

//    OUT PULONG ReturnLength OPTIONAL      // pointer to a 32-bit

//                                          // variable that receives

//                                          // the number of bytes

//                                          // written to the buffer

// );

typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);

PROCNTQSIP NtQueryInformationProcess;

BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen);

void main(int argc, char* argv[])

{

    if (argc<)

    {

        printf("Usage:\n\ncmdline.exe ProcId\n");

        return;

    }

    NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(

        GetModuleHandleA("ntdll"),

        "NtQueryInformationProcess"

        );

    if (!NtQueryInformationProcess)

        return;

    DWORD dwId;

    sscanf(argv[],"%lu",&dwId);

    WCHAR wstr[] = {};

    if (GetProcessCmdLine(dwId,wstr,sizeof(wstr)))

        wprintf(L"Command line for process %lu is:\n%s\n",dwId,wstr);

    else

        wprintf(L"Could not get command line!");

    system("pause");

}

BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen)

{

    LONG                      status;

    HANDLE                    hProcess;

    PROCESS_BASIC_INFORMATION pbi;

    PEB                       Peb;

    PROCESS_PARAMETERS        ProcParam;

    DWORD                     dwDummy;

    DWORD                     dwSize;

    LPVOID                    lpAddress;

    BOOL                      bRet = FALSE;

    // Get process handle

    hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,dwId);

    if (!hProcess)

        return FALSE;

    // Retrieve information

    status = NtQueryInformationProcess( hProcess,

        ProcessBasicInformation,

        (PVOID)&pbi,

        sizeof(PROCESS_BASIC_INFORMATION),

        NULL

        );

    if (status)

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        pbi.PebBaseAddress,

        &Peb,

        sizeof(PEB),

        &dwDummy

        )

        )

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        Peb.ProcessParameters,

        &ProcParam,

        sizeof(PROCESS_PARAMETERS),

        &dwDummy

        )

        )

        goto cleanup;

    lpAddress = ProcParam.CommandLine.Buffer;

    dwSize = ProcParam.CommandLine.Length;

    if (dwBufLen<dwSize)

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        lpAddress,

        wBuf,

        dwSize,

        &dwDummy

        )

        )

        goto cleanup;

    bRet = TRUE;

cleanup:

    CloseHandle (hProcess);

    return bRet;

}

原文转自:http://blog.donews.com/zwell/archive/2004/09/30/114988.aspx

<转>得到其它进程的命令行的更多相关文章

  1. C#中如何获取其他进程的命令行参数 ( How to get other processes's command line argument )

    Subject: C#中如何获取其他进程的命令行参数 ( How to get other processes&apos;s command line argument )From: jian ...

  2. 获取其他进程的命令行(ReadProcessMemory其它进程的PPROCESS_PARAMETERS和PEB结构体)

    type   UNICODE_STRING = packed record     Length: Word;     MaximumLength: Word;     Buffer: PWideCh ...

  3. Docker命令行与守护进程如何交互?

    译者按: Docker是典型的C/S架构,其守护进程(daemon)与命令行(CLI)是通过REST API进行交互的. 原文: Understanding how the Docker Daemon ...

  4. windows上,任务管理器中,进程命令行太长怎么办

    一.前言 在windows上,有时候需要查看进程命令行,但是有的进程的命令行太长了,很难看全 此时,可以使用下面的方法解决(红框改为自己要查看的进程即可): C:\Users\Gaoyu>wmi ...

  5. 2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行

    原文:2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行 title author date CreateTime categories dotnet 通过 WMI 获取指定进 ...

  6. 2019-11-29-dotnet-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-11-29 08:35:11 +0800 2019-0 ...

  7. 2019-8-31-dotnet-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:58 +0800 2019-0 ...

  8. 2019-8-31-dotnet-通过-WMI-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 通过 WMI 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:59 +0800 ...

  9. dotnet 获取指定进程的输入命令行

    本文告诉大家如何在 dotnet 获取指定的进程的命令行参数 很多的程序在启动的时候都需要传入参数,那么如何拿到这些程序传入的参数? 我找到两个方法,一个需要引用 C++ 库支持 x86 和 x64 ...

随机推荐

  1. 【树形dp】Computer

    Computer Time Limit: 1000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others)Total Su ...

  2. 【计算几何】【bitset】Gym - 101412G - Let There Be Light

    三维空间中有一些(<=2000)气球,一些光源(<=15),给定一个目标点,问你在移除不超过K个气球的前提下,目标点所能接受到的最大光照. 枚举每个光源,预处理其若要照射到光源,需要移走哪 ...

  3. 【转载】Java中String类的方法及说明

    转载自:http://www.cnblogs.com/YSO1983/archive/2009/12/07/1618564.html String : 字符串类型 一.      String sc_ ...

  4. 1.2(JavaScript学习笔记)JavaScript HTML DOM

    一.DOM DOM全称为document object model(文档对象模型). 此处的文档指当前HTML文档,对象指HTML标签. 当网页被加载时,浏览器会创建页面的文档对象模型. 下面结合具体 ...

  5. android中自定义checkbox的图片和大小

    其实很简单,分三步: 1.在drawable中创建文件checkbox_selector.xml: <?xml version="1.0" encoding="ut ...

  6. Android关于JSON数据解析

    一.什么是json json(Javascript Object Notation)是一种轻量级的数据交换格式,相比于xml这种数据交换格式来说,因为解析xml比较的复杂,而且需要编写大段的代码,所以 ...

  7. checkbox复选框居中

    选项框居中 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w ...

  8. iOS -- DES算法

    算法步骤: DES算法把64位的明文输入块变为64位的密文输出块,它所使用的密钥也是64位(实际用到了56位,第8.16.24.32.40.48.56.64位是校验位, 使得每个密钥都有奇数个1),其 ...

  9. WebLogic Operator初试

    时隔几个月,重拾WebLogic 为什么是WebLogic 简单说一句就是,因为WebLogic在中间件里面够复杂. Server不同的角色 AdminServer和Managed Server之间的 ...

  10. vc2005(visual studio)使用习惯记录

    来源:http://blog.csdn.net/zdl1016/article/details/6184549 前言:sourceinsight不支持显示utf-8的文件, 实在是一大遗憾!vim现在 ...