#include <windows.h>

#include <stdio.h>

#define ProcessBasicInformation 0

typedef struct

{

    USHORT Length;

    USHORT MaximumLength;

    PWSTR  Buffer;

} UNICODE_STRING, *PUNICODE_STRING;

typedef struct

{

    ULONG          AllocationSize;

    ULONG          ActualSize;

    ULONG          Flags;

    ULONG          Unknown1;

    UNICODE_STRING Unknown2;

    HANDLE         InputHandle;

    HANDLE         OutputHandle;

    HANDLE         ErrorHandle;

    UNICODE_STRING CurrentDirectory;

    HANDLE         CurrentDirectoryHandle;

    UNICODE_STRING SearchPaths;

    UNICODE_STRING ApplicationName;

    UNICODE_STRING CommandLine;

    PVOID          EnvironmentBlock;

    ULONG          Unknown[];

    UNICODE_STRING Unknown3;

    UNICODE_STRING Unknown4;

    UNICODE_STRING Unknown5;

    UNICODE_STRING Unknown6;

} PROCESS_PARAMETERS, *PPROCESS_PARAMETERS;

typedef struct

{

    ULONG               AllocationSize;

    ULONG               Unknown1;

    HINSTANCE           ProcessHinstance;

    PVOID               ListDlls;

    PPROCESS_PARAMETERS ProcessParameters;

    ULONG               Unknown2;

    HANDLE              Heap;

} PEB, *PPEB;

typedef struct

{

    DWORD ExitStatus;

    PPEB  PebBaseAddress;

    DWORD AffinityMask;

    DWORD BasePriority;

    ULONG UniqueProcessId;

    ULONG InheritedFromUniqueProcessId;

}   PROCESS_BASIC_INFORMATION;

// ntdll!NtQueryInformationProcess (NT specific!)

//

// The function copies the process information of the

// specified type into a buffer

//

// NTSYSAPI

// NTSTATUS

// NTAPI

// NtQueryInformationProcess(

//    IN HANDLE ProcessHandle,              // handle to process

//    IN PROCESSINFOCLASS InformationClass, // information type

//    OUT PVOID ProcessInformation,         // pointer to buffer

//    IN ULONG ProcessInformationLength,    // buffer size in bytes

//    OUT PULONG ReturnLength OPTIONAL      // pointer to a 32-bit

//                                          // variable that receives

//                                          // the number of bytes

//                                          // written to the buffer

// );

typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);

PROCNTQSIP NtQueryInformationProcess;

BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen);

void main(int argc, char* argv[])

{

    if (argc<)

    {

        printf("Usage:\n\ncmdline.exe ProcId\n");

        return;

    }

    NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(

        GetModuleHandleA("ntdll"),

        "NtQueryInformationProcess"

        );

    if (!NtQueryInformationProcess)

        return;

    DWORD dwId;

    sscanf(argv[],"%lu",&dwId);

    WCHAR wstr[] = {};

    if (GetProcessCmdLine(dwId,wstr,sizeof(wstr)))

        wprintf(L"Command line for process %lu is:\n%s\n",dwId,wstr);

    else

        wprintf(L"Could not get command line!");

    system("pause");

}

BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen)

{

    LONG                      status;

    HANDLE                    hProcess;

    PROCESS_BASIC_INFORMATION pbi;

    PEB                       Peb;

    PROCESS_PARAMETERS        ProcParam;

    DWORD                     dwDummy;

    DWORD                     dwSize;

    LPVOID                    lpAddress;

    BOOL                      bRet = FALSE;

    // Get process handle

    hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,dwId);

    if (!hProcess)

        return FALSE;

    // Retrieve information

    status = NtQueryInformationProcess( hProcess,

        ProcessBasicInformation,

        (PVOID)&pbi,

        sizeof(PROCESS_BASIC_INFORMATION),

        NULL

        );

    if (status)

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        pbi.PebBaseAddress,

        &Peb,

        sizeof(PEB),

        &dwDummy

        )

        )

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        Peb.ProcessParameters,

        &ProcParam,

        sizeof(PROCESS_PARAMETERS),

        &dwDummy

        )

        )

        goto cleanup;

    lpAddress = ProcParam.CommandLine.Buffer;

    dwSize = ProcParam.CommandLine.Length;

    if (dwBufLen<dwSize)

        goto cleanup;

    if (!ReadProcessMemory( hProcess,

        lpAddress,

        wBuf,

        dwSize,

        &dwDummy

        )

        )

        goto cleanup;

    bRet = TRUE;

cleanup:

    CloseHandle (hProcess);

    return bRet;

}

原文转自:http://blog.donews.com/zwell/archive/2004/09/30/114988.aspx

<转>得到其它进程的命令行的更多相关文章

  1. C#中如何获取其他进程的命令行参数 ( How to get other processes's command line argument )

    Subject: C#中如何获取其他进程的命令行参数 ( How to get other processes&apos;s command line argument )From: jian ...

  2. 获取其他进程的命令行(ReadProcessMemory其它进程的PPROCESS_PARAMETERS和PEB结构体)

    type   UNICODE_STRING = packed record     Length: Word;     MaximumLength: Word;     Buffer: PWideCh ...

  3. Docker命令行与守护进程如何交互?

    译者按: Docker是典型的C/S架构,其守护进程(daemon)与命令行(CLI)是通过REST API进行交互的. 原文: Understanding how the Docker Daemon ...

  4. windows上,任务管理器中,进程命令行太长怎么办

    一.前言 在windows上,有时候需要查看进程命令行,但是有的进程的命令行太长了,很难看全 此时,可以使用下面的方法解决(红框改为自己要查看的进程即可): C:\Users\Gaoyu>wmi ...

  5. 2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行

    原文:2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行 title author date CreateTime categories dotnet 通过 WMI 获取指定进 ...

  6. 2019-11-29-dotnet-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-11-29 08:35:11 +0800 2019-0 ...

  7. 2019-8-31-dotnet-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:58 +0800 2019-0 ...

  8. 2019-8-31-dotnet-通过-WMI-获取指定进程的输入命令行

    title author date CreateTime categories dotnet 通过 WMI 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:59 +0800 ...

  9. dotnet 获取指定进程的输入命令行

    本文告诉大家如何在 dotnet 获取指定的进程的命令行参数 很多的程序在启动的时候都需要传入参数,那么如何拿到这些程序传入的参数? 我找到两个方法,一个需要引用 C++ 库支持 x86 和 x64 ...

随机推荐

  1. [BZOJ2006][NOI2010]超级钢琴(ST表+堆)

    2006: [NOI2010]超级钢琴 Time Limit: 20 Sec  Memory Limit: 512 MBSubmit: 3679  Solved: 1828[Submit][Statu ...

  2. 【数据结构(高效)/暴力】Parencodings

    [poj1068] Parencodings Time Limit: 1000MS   Memory Limit: 10000K Total Submissions: 26686   Accepted ...

  3. [CODECHEF]LUCASTH

    题意:设$f(n,k)=\sum\limits_{\substack{S\subseteq\{1,\cdots,n\}\\|S|=k}}\prod\limits_{x\in S}x$,问$f(n,0\ ...

  4. 【预处理】【分类讨论】Playrix Codescapes Cup (Codeforces Round #413, rated, Div. 1 + Div. 2) C. Fountains

    分几种情况讨论: (1)仅用C或D买两个 ①买两个代价相同的(实际不同)(排个序) ②买两个代价不同的(因为买两个代价相同的情况已经考虑过了,所以此时对于同一个代价,只需要保存美丽度最高的喷泉即可)( ...

  5. 【数论】【Polya定理】【枚举约数】【欧拉函数】【Java】poj2154 Color

    你随便写一下出来,发现polya原理的式子里面好多gcd是相同的,gcd(n,i)=k可以改写成gcd(n/k,i/k)=1,也就是说指数为k的项的个数为phi(n/k),就很好求了,最后除的那个n直 ...

  6. 【二分图匹配】BZOJ1562-[NOI2009] 变换序列

    [题目大意] 对于0,1,…,N-1的N个整数,给定一个距离序列D0,D1,…,DN-1,定义一个变换序列T0,T1,…,TN-1使得每个i,Ti的环上距离等于Di.一个合法的变换序列应是0,1,…, ...

  7. ES6 标签模板

    标签模板其实不是模板,而是函数调用的一种特殊形式."标签"指的是函数,紧跟在后面的模板字符串就是它的参数. var a = 5; var b = 10; tag `Hello ${ ...

  8. 原生js操作HTML DOM

    先上图 1.一些常用的方法 obj.getElementById() 返回带有指定 ID 的元素. obj.getElementsByTagName() 返回包含带有指定标签名称的所有元素的节点列表( ...

  9. AndroidのActivity启动模式

    Activity启动模式      .概念      Activity启动模式定义了Activity启动的规则,它决定着Activity的实例创建与重用与否    .属性     Activity的启 ...

  10. Linux /sbin/service脚本一个基本无影响的bug

    CentOS提供了一个启动服务的功能:service [service name] (start|stop|restart|...),此功能的执行脚本为/sbin/service. 今天看了下此脚本, ...