| Subject: how to get process command line by process id |
| Group: microsoft.public.winternals |
| Date: 5/9/2007 1:15:55 AM |
| From: "xuyibo" [Email Address Protection] |
Is there any undocumented interfaces? -- XuYibo QQ: 85521028 beyond5776@163.com http://www.xuyibo.org OS kernel, Compiler |
| Back |
| Subject: Re: how to get process command line by process id |
| Group: microsoft.public.winternals |
| Date: 5/9/2007 8:43:55 AM |
| From: "Kerem Gmrkc" [Email Address Protection] |
Hi, this can be done that way (with api calls): 1. EnumProcesses 2. OpenProcess(only with the permissions you need!) 3. CreateRemoteThread and run GetCommandLine inside that thread and return the pointer to the command line as return value for the thread. You must have the appropriate rigths to do this! 4. GetExitCodeThread to see what we have there, valid or not 5. ReadProcessMemory (memory must be accessible!) 6. Do whatever you want to do with the command line string 7. Cleanup any allocated memory and close all remaining handles Best regards Kerem Gmrkc "xuyibo" <beyond5776@163.com> schrieb im Newsbeitrag news:uRhpFJhkHHA.3452@TK2MSFTNGP04.phx.gbl... > Is there any undocumented interfaces? > > -- > XuYibo > QQ: 85521028 > beyond5776@163.com > http://www.xuyibo.org > OS kernel, Compiler > > |
| Back |