<转>得到其它进程的命令行
#include <windows.h>
#include <stdio.h> #define ProcessBasicInformation 0 typedef struct
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING; typedef struct
{
ULONG AllocationSize;
ULONG ActualSize;
ULONG Flags;
ULONG Unknown1;
UNICODE_STRING Unknown2;
HANDLE InputHandle;
HANDLE OutputHandle;
HANDLE ErrorHandle;
UNICODE_STRING CurrentDirectory;
HANDLE CurrentDirectoryHandle;
UNICODE_STRING SearchPaths;
UNICODE_STRING ApplicationName;
UNICODE_STRING CommandLine;
PVOID EnvironmentBlock;
ULONG Unknown[];
UNICODE_STRING Unknown3;
UNICODE_STRING Unknown4;
UNICODE_STRING Unknown5;
UNICODE_STRING Unknown6;
} PROCESS_PARAMETERS, *PPROCESS_PARAMETERS; typedef struct
{
ULONG AllocationSize;
ULONG Unknown1;
HINSTANCE ProcessHinstance;
PVOID ListDlls;
PPROCESS_PARAMETERS ProcessParameters;
ULONG Unknown2;
HANDLE Heap;
} PEB, *PPEB; typedef struct
{
DWORD ExitStatus;
PPEB PebBaseAddress;
DWORD AffinityMask;
DWORD BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION; // ntdll!NtQueryInformationProcess (NT specific!)
//
// The function copies the process information of the
// specified type into a buffer
//
// NTSYSAPI
// NTSTATUS
// NTAPI
// NtQueryInformationProcess(
// IN HANDLE ProcessHandle, // handle to process
// IN PROCESSINFOCLASS InformationClass, // information type
// OUT PVOID ProcessInformation, // pointer to buffer
// IN ULONG ProcessInformationLength, // buffer size in bytes
// OUT PULONG ReturnLength OPTIONAL // pointer to a 32-bit
// // variable that receives
// // the number of bytes
// // written to the buffer
// );
typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG); PROCNTQSIP NtQueryInformationProcess; BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen); void main(int argc, char* argv[])
{
if (argc<)
{
printf("Usage:\n\ncmdline.exe ProcId\n");
return;
} NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(
GetModuleHandleA("ntdll"),
"NtQueryInformationProcess"
); if (!NtQueryInformationProcess)
return; DWORD dwId;
sscanf(argv[],"%lu",&dwId); WCHAR wstr[] = {}; if (GetProcessCmdLine(dwId,wstr,sizeof(wstr)))
wprintf(L"Command line for process %lu is:\n%s\n",dwId,wstr);
else
wprintf(L"Could not get command line!");
system("pause");
} BOOL GetProcessCmdLine(DWORD dwId,LPWSTR wBuf,DWORD dwBufLen)
{
LONG status;
HANDLE hProcess;
PROCESS_BASIC_INFORMATION pbi;
PEB Peb;
PROCESS_PARAMETERS ProcParam;
DWORD dwDummy;
DWORD dwSize;
LPVOID lpAddress;
BOOL bRet = FALSE; // Get process handle
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,dwId);
if (!hProcess)
return FALSE; // Retrieve information
status = NtQueryInformationProcess( hProcess,
ProcessBasicInformation,
(PVOID)&pbi,
sizeof(PROCESS_BASIC_INFORMATION),
NULL
); if (status)
goto cleanup; if (!ReadProcessMemory( hProcess,
pbi.PebBaseAddress,
&Peb,
sizeof(PEB),
&dwDummy
)
)
goto cleanup; if (!ReadProcessMemory( hProcess,
Peb.ProcessParameters,
&ProcParam,
sizeof(PROCESS_PARAMETERS),
&dwDummy
)
)
goto cleanup; lpAddress = ProcParam.CommandLine.Buffer;
dwSize = ProcParam.CommandLine.Length; if (dwBufLen<dwSize)
goto cleanup; if (!ReadProcessMemory( hProcess,
lpAddress,
wBuf,
dwSize,
&dwDummy
)
)
goto cleanup; bRet = TRUE; cleanup: CloseHandle (hProcess); return bRet; }
原文转自:http://blog.donews.com/zwell/archive/2004/09/30/114988.aspx
<转>得到其它进程的命令行的更多相关文章
- C#中如何获取其他进程的命令行参数 ( How to get other processes's command line argument )
Subject: C#中如何获取其他进程的命令行参数 ( How to get other processes's command line argument )From: jian ...
- 获取其他进程的命令行(ReadProcessMemory其它进程的PPROCESS_PARAMETERS和PEB结构体)
type UNICODE_STRING = packed record Length: Word; MaximumLength: Word; Buffer: PWideCh ...
- Docker命令行与守护进程如何交互?
译者按: Docker是典型的C/S架构,其守护进程(daemon)与命令行(CLI)是通过REST API进行交互的. 原文: Understanding how the Docker Daemon ...
- windows上,任务管理器中,进程命令行太长怎么办
一.前言 在windows上,有时候需要查看进程命令行,但是有的进程的命令行太长了,很难看全 此时,可以使用下面的方法解决(红框改为自己要查看的进程即可): C:\Users\Gaoyu>wmi ...
- 2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行
原文:2019-11-29-dotnet-通过-WMI-获取指定进程的输入命令行 title author date CreateTime categories dotnet 通过 WMI 获取指定进 ...
- 2019-11-29-dotnet-获取指定进程的输入命令行
title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-11-29 08:35:11 +0800 2019-0 ...
- 2019-8-31-dotnet-获取指定进程的输入命令行
title author date CreateTime categories dotnet 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:58 +0800 2019-0 ...
- 2019-8-31-dotnet-通过-WMI-获取指定进程的输入命令行
title author date CreateTime categories dotnet 通过 WMI 获取指定进程的输入命令行 lindexi 2019-08-31 16:55:59 +0800 ...
- dotnet 获取指定进程的输入命令行
本文告诉大家如何在 dotnet 获取指定的进程的命令行参数 很多的程序在启动的时候都需要传入参数,那么如何拿到这些程序传入的参数? 我找到两个方法,一个需要引用 C++ 库支持 x86 和 x64 ...
随机推荐
- 【树形dp】Godfather
[POJ3107]Godfather Time Limit: 2000MS Memory Limit: 65536K Total Submissions: 7212 Accepted: 253 ...
- 【线段树】I Hate It
I Hate It Time Limit: 9000/3000 MS (Java/Others) Memory Limit: 32768/32768 K (Java/Others)Total S ...
- [转]XML中元素(Element)与节点(Node)的区别
前言: element是特殊的node 一段纯文本即text-node也是node 但不是element w3c的原话是 A node can be an element node, an attri ...
- Codeforces Round #127 (Div. 1) A. Clear Symmetry 打表
A. Clear Symmetry 题目连接: http://codeforces.com/contest/201/problem/A Description Consider some square ...
- “Warning: Call-time pass-by-reference has been deprecated in”解决方法
刚刚在调试一个PHP木马,显示错误信息为: Warning: Call-time pass-by-reference has been deprecated in E:\New-Hack520org\ ...
- mybatis查询日期时间数据得到long类型数据的问题
使用mybatis查询数据时,如果数据库存储的是timestamp.datetime.date.time等时间类型,而Java bean也使用的是date类型,mybatis会自动将date类型转换为 ...
- 用xib自定义UIView并在代码中使用--iOS
首先新建一个空的xib文件: 将size改为freedom: 然后在xib中自定义视图(添加自己想要的其它视图): 要写好约束, 创建一个继承uiview的类和他关联,然后就可以调用了. - (voi ...
- iOS:基于Socket的第三方框架CocoaAsyncSocket的使用
CocoaAsyncSocket无疑是目前封装得最完善的Socket库了:支持异步TCP/UDP,支持GCD,Objective-C接口封装,同时还有日志跟踪功能,使用此日志跟踪,程序员可以很方便的进 ...
- iconv的安装和使用
一.Linux下iconv的安装包的下载页面http://www.gnu.org/software/libiconv/ $ ./configure --prefix=/usr/local$ make$ ...
- centOS6.5 Hadoop1.0.4安装
前段时间去培训,按照教程装了一遍Hadoop.回来又重新装一次,捋下思路,加深理解. 基本配置如下,三个节点,一个namenode,两个datanode. Namenode 192.168.59.14 ...