I'm trying to find out how to do this, I'm currently using CreateToolHelp32SnapShot to get a list of the running processes and I've got the 开发者_运维百科FilePaths of the executables which are currently running, but I need to be able to find out what command line options were used to start the process.
I know its possible since you can see it on Process Explorer, I tried finding the source code of the old Process Explorer but had no luck :(
Getting the command line of running processes cannot be done in a reliable fashion. It is very possible for the command line of a running process to be changed by changing the memory which stores those commands.
Raymond Chen did a nice article on this subject recently detailing why it's not reliable.
- http://blogs.msdn.com/oldnewthing/archive/2009/11/25/9928372.aspx
check if NtQueryInformationProcess and ReadProcessMemory win API calls will do what you need. There is no simple example for that so check the source code here: Get Process Info with NtQueryInformationProcess
another way for getting this data is throgh WMI, smth like this:
SELECT CommandLine FROM Win32_Process WHERE ProcessId = ???
more info here: Win32_Process Class
One possibility that occurs almost immediately would be to inject a thread into the target process (CreateRemoteThread), and have that call GetCommandLine.
IIRC the command line parameters are stored in the process environment - if you can access it you can read them too.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论