#include <windows.h>

#include <stdio.h>

#define ProcessBasicInformation 0

typedef struct

{

    USHORT Length;

    USHORT MaximumLength;

    PWSTR  Buffer;

} UNICODE_STRING, *PUNICODE_STRING;

typedef struct

{

    ULONG          AllocationSize;

    ULONG          ActualSize;

    ULONG          Flags;

    ULONG          Unknown1;

    UNICODE_STRING Unknown2;

    HANDLE         InputHandle;

    HANDLE         OutputHandle;

    HANDLE         ErrorHandle;

    UNICODE_STRING CurrentDirectory;

    HANDLE         CurrentDirectoryHandle;

    UNICODE_STRING SearchPaths;

    UNICODE_STRING ApplicationName;

    UNICODE_STRING CommandLine;

    PVOID          EnvironmentBlock;

    ULONG          Unknown[];

    UNICODE_STRING Unknown3;

    UNICODE_STRING Unknown4;

    UNICODE_STRING Unknown5;

    UNICODE_STRING Unknown6;

} PROCESS_PARAMETERS, *PPROCESS_PARAMETERS;

typedef struct

{

    ULONG               AllocationSize;

    ULONG               Unknown1;

    HINSTANCE           ProcessHinstance;

    PVOID               ListDlls;

    PPROCESS_PARAMETERS ProcessParameters;

    ULONG               Unknown2;

    HANDLE              Heap;

} PEB, *PPEB;

typedef struct

{

    DWORD ExitStatus;

    PPEB  PebBaseAddress;

    DWORD AffinityMask;

    DWORD BasePriority;

    ULONG UniqueProcessId;

    ULONG InheritedFromUniqueProcessId;

}   PROCESS_BASIC_INFORMATION;

// ntdll!NtQueryInformationProcess (NT specific!)

//

// The function copies the process information of the

// specified type into a buffer

//

// NTSYSAPI

// NTSTATUS

// NTAPI

// NtQueryInformationProcess(

//    IN HANDLE ProcessHandle,              // handle to process

//    IN PROCESSINFOCLASS InformationClass, // information type

//    OUT PVOID ProcessInformation,         // pointer to buffer

//    IN ULONG ProcessInformationLength,    // buffer size in bytes

//    OUT PULONG ReturnLength OPTIONAL      // pointer to a 32-bit

//                                          // variable that receives

//                                          // the number of bytes

//                                          // written to the buffer

// );

typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);

PROCNTQSIP NtQueryInformationProcess;

BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen);

void main(int argc, char* argv[])

{

    if (argc<)

    {

        printf("Usage:\n\ncmdline.exe ProcId\n");

        return;

    }

    NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(

        GetModuleHandleA("ntdll"),

        "NtQueryInformationProcess"

        );

    if (!NtQueryInformationProcess)

        return;

    DWORD dwId;

    sscanf(argv[],"%lu",&dwId);

    WCHAR wstr[] = {};

    if (GetProcessCmdLine(dwId,wstr,sizeof(wstr)))

        wprintf(L"Command line for process %lu is:\n%s\n",dwId,wstr);

    else

        wprintf(L"Could not get command line!");

    system("pause");

}

BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen)

{

    LONG                      status;

    HANDLE                    hProcess;

    PROCESS_BASIC_INFORMATION pbi;

    PEB                       Peb;

    PROCESS_PARAMETERS        ProcParam;

    DWORD                     dwDummy;

    DWORD                     dwSize;

    LPVOID                    lpAddress;

    BOOL                      bRet = FALSE;

    // Get process handle

    hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,dwId);

    if (!hProcess)

        return FALSE;

    // Retrieve information

    status = NtQueryInformationProcess( hProcess,

        ProcessBasicInformation,

        (PVOID)&pbi,

        sizeof(PROCESS_BASIC_INFORMATION),

        NULL

        );

    if (status)

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        pbi.PebBaseAddress,

        &Peb,

        sizeof(PEB),

        &dwDummy

        )

        )

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        Peb.ProcessParameters,

        &ProcParam,

        sizeof(PROCESS_PARAMETERS),

        &dwDummy

        )

        )

        goto cleanup;

    lpAddress = ProcParam.CommandLine.Buffer;

    dwSize = ProcParam.CommandLine.Length;

    if (dwBufLen<dwSize)

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        lpAddress,

        wBuf,

        dwSize,

        &dwDummy

        )

        )

        goto cleanup;

    bRet = TRUE;

cleanup:

    CloseHandle (hProcess);

    return bRet;

}

原文转自:http://blog.donews.com/zwell/archive/2004/09/30/114988.aspx

<转>得到其它进程的命令行的更多相关文章

  1. C#中如何获取其他进程的命令行参数 ( How to get other processes's command line argument )

    Subject: C#中如何获取其他进程的命令行参数 ( How to get other processes&apos;s command line argument )From: jian ...

  2. 获取其他进程的命令行(ReadProcessMemory其它进程的PPROCESS_PARAMETERS和PEB结构体)

    type   UNICODE_STRING = packed record     Length: Word;     MaximumLength: Word;     Buffer: PWideCh ...

  3. Docker命令行与守护进程如何交互?

    译者按: Docker是典型的C/S架构,其守护进程(daemon)与命令行(CLI)是通过REST API进行交互的. 原文: Understanding how the Docker Daemon ...

  4. windows上,任务管理器中,进程命令行太长怎么办

    一.前言 在windows上,有时候需要查看进程命令行,但是有的进程的命令行太长了,很难看全 此时,可以使用下面的方法解决(红框改为自己要查看的进程即可): C:\Users\Gaoyu>wmi ...

  5. 2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行

    原文:2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行 title author date CreateTime categories dotnet 通过 WMI 获取指定进 ...

  6. 2019-11-29-dotnet-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-11-29 08:35:11 +0800 2019-0 ...

  7. 2019-8-31-dotnet-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:58 +0800 2019-0 ...

  8. 2019-8-31-dotnet-通过-WMI-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 通过 WMI 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:59 +0800 ...

  9. dotnet 获取指定进程的输入命令行

    本文告诉大家如何在 dotnet 获取指定的进程的命令行参数 很多的程序在启动的时候都需要传入参数,那么如何拿到这些程序传入的参数? 我找到两个方法,一个需要引用 C++ 库支持 x86 和 x64 ...

随机推荐

  1. [USACO 2018 Open Gold] Tutorial

    Link: 传送门 A: 对于每一条分割线,设本不应在其左侧的个数为$x$ 重点要发现每次一来一回的操作恰好会将一对分别应在左/右侧的一个数从右/左移过去 这样就转直接用树状数组求出最大的$x$即可 ...

  2. 概率dp学习记录

    论文参考 汤可因<浅谈一类数学期望问题的解决方法> 反正是很神奇的东西吧..我脑子不好不是很能想得到. bzoj 1415 1415: [Noi2005]聪聪和可可 Time Limit: ...

  3. hdu 4055 Number String (基础dp)

    Number String Time Limit: 10000/5000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others)To ...

  4. hdu 5755(Gauss 消元) &poj 2947

    Gambler Bo Time Limit: 8000/4000 MS (Java/Others)    Memory Limit: 131072/131072 K (Java/Others)Tota ...

  5. [CODECHEF]RIN

    题意:一个人要在$m$个学期上$n$节课,在第$j$学期上$i$课有$X_{i,j}$的收益,有些课$B_i$有前置课程$A_i$,问最大得分 这个题我都做不出来还去看题解...我退役吧== 考虑每种 ...

  6. 【二分】Urozero Autumn Training Camp 2016 Day 5: NWERC-2016 Problem C. Careful Ascent

    二分Vx即可. #include<cstdio> #include<algorithm> using namespace std; #define EPS 0.00000000 ...

  7. maven项目修改项目名

    修改pom文件下面三处

  8. Ubantu配置protoc2.5.0

    首先得到 protobuf 相应的包文件 ,在终端上输入如下 wget http://protobuf.googlecode.com/files/protobuf-2.5.0.tar.gz 下载完毕后 ...

  9. CentOS 6.9下配置安装KVM

    注意:KVM一切安装和运行都是在root用户下完成的,并且只有root才能支持某些软件. 一.准备工作: 1.查看系统版本.内核版本 ##查看系统版本 # cat /etc/redhat-releas ...

  10. CSS -- 绝对相对定位

    relative相对于自己原来的位置进行相对定位absolute相对于最近的父级元素进行定位fixed始终相对于浏览器窗口进行对位 顺便说一下,fixed就是特殊的absolute.