Как по PID процесса узнать CMDLINE?, то есть командную строку
Falk0ner, вс, 06/07/2008 - 15:34.
Как по PID процесса узнать CMDLINE?, то есть командную строку
function GetProcessCmdLine(PID:DWORD):string;
{©Drkb v.3(2007): www.drkb.ru}
var
h:THandle;
pbi:TProcessBacicInformation;
ret:NTSTATUS;
r:Cardinal;
ws:WideString;
begin
result:='';
if pid=0 then exit;
h:=OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, FALSE, pid);
if h=0 then exit;
try
ret:=NtQueryInformationProcess(h,ProcessBasicInformation,@pbi,sizeof(pbi),@r);
if ret=STATUS_SUCCESS then
if ReadProcessMemory(h,pbi.PebBaseAddress.ProcessParameters.CommandLine.Buffer,PWideChar(ws),
pbi.PebBaseAddress.ProcessParameters.CommandLine.Length,r) then
result:=string(ws);
finally
closehandle(h)
end
end;
Автор: Krid
Взято из http://forum.sources.ru
{©Drkb v.3(2007): www.drkb.ru}
var
h:THandle;
pbi:TProcessBacicInformation;
ret:NTSTATUS;
r:Cardinal;
ws:WideString;
begin
result:='';
if pid=0 then exit;
h:=OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, FALSE, pid);
if h=0 then exit;
try
ret:=NtQueryInformationProcess(h,ProcessBasicInformation,@pbi,sizeof(pbi),@r);
if ret=STATUS_SUCCESS then
if ReadProcessMemory(h,pbi.PebBaseAddress.ProcessParameters.CommandLine.Buffer,PWideChar(ws),
pbi.PebBaseAddress.ProcessParameters.CommandLine.Length,r) then
result:=string(ws);
finally
closehandle(h)
end
end;
Отправить комментарий