在 Windows 中获取另一个进程命令行

Getting another process command line in Windows(在 Windows 中获取另一个进程命令行)

问题描述

我正在尝试获取另一个进程命令行(在 WinXP 32 位上).我执行以下操作:

I am trying to get another process commandline (on WinXP 32bit). I do the following:

  hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE, FALSE, ProcList.proc_id_as_numbers[i]);

  BytesNeeded = sizeof(PROCESS_BASIC_INFORMATION);
  ZwQueryInformationProcess(hProcess, ProcessBasicInformation, UserPool, sizeof(PROCESS_BASIC_INFORMATION), &BytesNeeded);
  pbi = (PPROCESS_BASIC_INFORMATION)UserPool;

  BytesNeeded = sizeof(PEB);
  res = ZwReadVirtualMemory(hProcess, pbi->PebBaseAddress, UserPool, sizeof(PEB), &BytesNeeded);
  /* zero value returned */
  peb = (PPEB)UserPool;

  BytesNeeded = sizeof(RTL_USER_PROCESS_PARAMETERS);
  res = ZwReadVirtualMemory(hProcess, peb->ProcessParameters, UserPool, sizeof(RTL_USER_PROCESS_PARAMETERS), &BytesNeeded);
  ProcParam = (PRTL_USER_PROCESS_PARAMETERS)UserPool;

第一次调用后 pbi.UniqueProcessID 是正确的.但是在调用 ZwReadVirtualMemory 后，我得到了进程的命令行，而不是请求的命令行.

After first call pbi.UniqueProcessID is correct. But after calling ZwReadVirtualMemory I get command line for my process, not requested one.

我还使用了 ReadProcessMemore &NtQueryInformationProcess，但得到相同的结果.

I also used ReadProcessMemore & NtQueryInformationProcess, but get the same result.

有人可以帮忙吗?

这里 http://forum.sysinternals.com/get-commandline-of-running-processes_topic6510_page1.html 据说此代码有效.不幸的是，我无权在此论坛上发帖问自己.

Here http://forum.sysinternals.com/get-commandline-of-running-processes_topic6510_page1.html is being said that this code works. Unfortunately, I do not have access to post on this forum to ask themselves.

推荐答案

重复的 如何查询正在运行的进程的参数列表?(windows, C++) ，所以我会从那里复制我的答案:

Duplicate of How to query a running process for it's parameters list? (windows, C++) , so I'll just copy my answer from there over here:

您无法可靠地获得该信息.有各种技巧可以尝试检索它，但不能保证目标进程尚未损坏该部分内存.Raymond Chen 不久前在旧的新事物.

这篇关于在 Windows 中获取另一个进程命令行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！