<转>得到其它进程的命令行

#include <windows.h>
#include <stdio.h>
 
#define ProcessBasicInformation 0
 
typedef struct
{
    USHORT Length;
    USHORT MaximumLength;
    PWSTR  Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
 
typedef struct
{
    ULONG          AllocationSize;
    ULONG          ActualSize;
    ULONG          Flags;
    ULONG          Unknown1;
    UNICODE_STRING Unknown2;
    HANDLE         InputHandle;
    HANDLE         OutputHandle;
    HANDLE         ErrorHandle;
    UNICODE_STRING CurrentDirectory;
    HANDLE         CurrentDirectoryHandle;
    UNICODE_STRING SearchPaths;
    UNICODE_STRING ApplicationName;
    UNICODE_STRING CommandLine;
    PVOID          EnvironmentBlock;
    ULONG          Unknown[];
    UNICODE_STRING Unknown3;
    UNICODE_STRING Unknown4;
    UNICODE_STRING Unknown5;
    UNICODE_STRING Unknown6;
} PROCESS_PARAMETERS, *PPROCESS_PARAMETERS;
 
typedef struct
{
    ULONG               AllocationSize;
    ULONG               Unknown1;
    HINSTANCE           ProcessHinstance;
    PVOID               ListDlls;
    PPROCESS_PARAMETERS ProcessParameters;
    ULONG               Unknown2;
    HANDLE              Heap;
} PEB, *PPEB;
 
typedef struct
{
    DWORD ExitStatus;
    PPEB  PebBaseAddress;
    DWORD AffinityMask;
    DWORD BasePriority;
    ULONG UniqueProcessId;
    ULONG InheritedFromUniqueProcessId;
}   PROCESS_BASIC_INFORMATION;
 
// ntdll!NtQueryInformationProcess (NT specific!)
//
// The function copies the process information of the
// specified type into a buffer
//
// NTSYSAPI
// NTSTATUS
// NTAPI
// NtQueryInformationProcess(
//    IN HANDLE ProcessHandle,              // handle to process
//    IN PROCESSINFOCLASS InformationClass, // information type
//    OUT PVOID ProcessInformation,         // pointer to buffer
//    IN ULONG ProcessInformationLength,    // buffer size in bytes
//    OUT PULONG ReturnLength OPTIONAL      // pointer to a 32-bit
//                                          // variable that receives
//                                          // the number of bytes
//                                          // written to the buffer
// );
typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);
 
PROCNTQSIP NtQueryInformationProcess;
 
BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen);
 
void main(int argc, char* argv[])
{
    if (argc<)
    {
        printf("Usage:\n\ncmdline.exe ProcId\n");
        return;
    }
 
    NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(
        GetModuleHandleA("ntdll"),
        "NtQueryInformationProcess"
        );
 
    if (!NtQueryInformationProcess)
        return;
 
    DWORD dwId;
    sscanf(argv[],"%lu",&dwId);
 
    WCHAR wstr[] = {};
 
    if (GetProcessCmdLine(dwId,wstr,sizeof(wstr)))
        wprintf(L"Command line for process %lu is:\n%s\n",dwId,wstr);
    else
        wprintf(L"Could not get command line!");
    system("pause");
}
 
BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen)
{
    LONG                      status;
    HANDLE                    hProcess;
    PROCESS_BASIC_INFORMATION pbi;
    PEB                       Peb;
    PROCESS_PARAMETERS        ProcParam;
    DWORD                     dwDummy;
    DWORD                     dwSize;
    LPVOID                    lpAddress;
    BOOL                      bRet = FALSE;
 
    // Get process handle
    hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,dwId);
    if (!hProcess)
        return FALSE;
 
    // Retrieve information
    status = NtQueryInformationProcess( hProcess,
        ProcessBasicInformation,
        (PVOID)&pbi,
        sizeof(PROCESS_BASIC_INFORMATION),
        NULL
        );
 
    if (status)
        goto cleanup;
 
    if (!ReadProcessMemory( hProcess,
        pbi.PebBaseAddress,
        &Peb,
        sizeof(PEB),
        &dwDummy
        )
        )
        goto cleanup;
 
    if (!ReadProcessMemory( hProcess,
        Peb.ProcessParameters,
        &ProcParam,
        sizeof(PROCESS_PARAMETERS),
        &dwDummy
        )
        )
        goto cleanup;
 
    lpAddress = ProcParam.CommandLine.Buffer;
    dwSize = ProcParam.CommandLine.Length;
 
    if (dwBufLen<dwSize)
        goto cleanup;
 
    if (!ReadProcessMemory( hProcess,
        lpAddress,
        wBuf,
        dwSize,
        &dwDummy
        )
        )
        goto cleanup;
 
    bRet = TRUE;
 
cleanup:
 
    CloseHandle (hProcess);
 
    return bRet;
 
}

原文转自：http://blog.donews.com/zwell/archive/2004/09/30/114988.aspx

<转>得到其它进程的命令行的更多相关文章

C#中如何获取其他进程的命令行参数（ How to get other processes's command line argument )
Subject: C#中如何获取其他进程的命令行参数 ( How to get other processes's command line argument )From: jian ...
获取其他进程的命令行（ReadProcessMemory其它进程的PPROCESS_PARAMETERS和PEB结构体）
type UNICODE_STRING = packed record Length: Word; MaximumLength: Word; Buffer: PWideCh ...
Docker命令行与守护进程如何交互？
译者按: Docker是典型的C/S架构,其守护进程(daemon)与命令行(CLI)是通过REST API进行交互的. 原文: Understanding how the Docker Daemon ...
windows上，任务管理器中，进程命令行太长怎么办
一.前言在windows上,有时候需要查看进程命令行,但是有的进程的命令行太长了,很难看全此时,可以使用下面的方法解决(红框改为自己要查看的进程即可): C:\Users\Gaoyu>wmi ...
2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行
原文:2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行 title author date CreateTime categories dotnet 通过 WMI 获取指定进 ...
2019-11-29-dotnet-获取指定进程的输入命令行
title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-11-29 08:35:11 +0800 2019-0 ...
2019-8-31-dotnet-获取指定进程的输入命令行
title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:58 +0800 2019-0 ...
2019-8-31-dotnet-通过-WMI-获取指定进程的输入命令行
title author date CreateTime categories dotnet 通过 WMI 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:59 +0800 ...
dotnet 获取指定进程的输入命令行
本文告诉大家如何在 dotnet 获取指定的进程的命令行参数很多的程序在启动的时候都需要传入参数,那么如何拿到这些程序传入的参数? 我找到两个方法,一个需要引用 C++ 库支持 x86 和 x64 ...

随机推荐

[BZOJ4836]二元运算(分治FFT)
4836: [Lydsy1704月赛]二元运算 Time Limit: 8 Sec Memory Limit: 128 MBSubmit: 578 Solved: 202[Submit][Stat ...
[TCO2009]NumberGraph
题意:给你一些带权的节点和一个正整数集合$S$,$S$中每一个数的二进制后缀$0$个数相同,节点$x$的权值为$v_x$,如果对于$x,y$存在$t\in S$使得$|v_x-v_y|=t$,那么连边 ...
修改request的parameter的几种方式(转载)
转载地址:https://blog.csdn.net/xieyuooo/article/details/8447301
动态扩展php组件（mbstring为例）
1.进入源码包中的mbstring目录 cd ~/php-/ext/mbstring/ 2.启动phpize /usr/local/php/bin/phpize 3.配置configure ./con ...
fedora19/opensuse13.1 配置svn client
Date: 20140208Auth: Jin 一.install zypper install subversion yum install subversion 二.操作 1.将文件check ...
hdu3401 Trade 单调队列优化dp
Trade Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 32768/32768 K (Java/Others) Total Subm ...
DEBUG : Eclipse Debug 时出现 Cannot connect to VM select failed错误
Eclipse在执行Debug操作时, 出现“Eclipse Debug 时出现 "Cannot connect to VM select failed"”错误, 在网上查找该错误 ...
翻译：Spring-Framework-Reference Document:15.2-DispatcherServlet
写在前面的话: 最近被项目的代码折腾的死去活来的,其实框架也没有那么难理解,只是自己的Web基础太差,被Request和Response这一对神雕侠侣坑到泪流满面!今天捣腾了一下Spring We ...
Hive:用Java代码通过JDBC连接Hiveserver
参考https://www.iteblog.com/archives/846.html 1.hive依赖hadoop,将hdfs当作文件存储介质,那是否意味着hive需要知道namenode的地址? ...
[Todo]各种语言包管理工具
看到一篇文章不错: http://harttle.com/2015/05/29/pkg-manager.html 包管理和构建系统是现代的软件开发团队中必不可少的工具,也是Linux软件系统的常见组织 ...

<转>得到其它进程的命令行

<转>得到其它进程的命令行的更多相关文章

随机推荐

热门专题