获取其他进程的命令行
2006-09-12 22:26
423 查看
[code]type UNICODE_STRING = packed record Length: Word; MaximumLength: Word; Buffer: PWideChar; end; PUNICODE_STRING = UNICODE_STRING; type PROCESS_PARAMETERS = packed record AllocationSize: ULONG; ActualSize: ULONG; Flags: ULONG; Unknown1: ULONG; Unknown2: UNICODE_STRING; InputHandle: THandle; OutputHandle: THandle; ErrorHandle: THandle; CurrentDirectory: UNICODE_STRING; CurrentDirectoryHandle: THandle; SearchPaths: UNICODE_STRING; ApplicationName: UNICODE_STRING; CommandLine: UNICODE_STRING; EnvironmentBlock: Pointer; Unknown: array[0..9 - 1] of ULONG; Unknown3: UNICODE_STRING; Unknown4: UNICODE_STRING; Unknown5: UNICODE_STRING; Unknown6: UNICODE_STRING; end; PPROCESS_PARAMETERS = ^PROCESS_PARAMETERS; (*// type _PEB = packed record Reserved1: array[0..2 - 1] of Byte; BeingDebugged: Byte; Reserved2: array[0..229 - 1] of Byte; Reserved3: array[0..59 - 1] of Pointer; SessionId: ULONG; end; PEB = _PEB; PPEB = ^PEB; //*) type PEB = packed record AllocationSize: ULONG; Unknown1: ULONG; ProcessHinstance: Longword; ListDlls: Pointer; ProcessParameters: PPROCESS_PARAMETERS; Unknown2: ULONG; Heap: THandle; end; PPEB = ^PEB; type _PROCESS_BASIC_INFORMATION = packed record Reserved1: Pointer; PebBaseAddress: PPEB; Reserved2: array[0..1] of Pointer; UniqueProcessId: PULONG; Reserved3: Pointer; end; PROCESS_BASIC_INFORMATION = _PROCESS_BASIC_INFORMATION; PPROCESS_BASIC_INFORMATION = ^PROCESS_BASIC_INFORMATION; PROCESSINFOCLASS = ( ProcessBasicInformation = 0, ProcessWow64Information = 26 ); NTSTATUS = DWORD; function NtQueryInformationProcess( ProcessHandle: THandle; ProcessInformationClass: PROCESSINFOCLASS; ProcessInformation: Pointer; ProcessInformationLength: ULONG; ReturnLength: PULONG ): NTSTATUS; stdcall; external 'ntdll.dll' name 'NtQueryInformationProcess'; function Process_CmdLine( mProcessID: THandle ): WideString; var vProcess: THandle; vProcessBasicInformation: PROCESS_BASIC_INFORMATION; vPEB: PEB; vNumberOfBytesRead: Longword; vProcessParameters: PROCESS_PARAMETERS; begin //设计 Zswang 2006-09-09 wjhu111#21cn.com 尊重作者,转贴请注明出处 Result := ''; vProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, mProcessID); if vProcess = 0 then Exit; try if NtQueryInformationProcess( vProcess, ProcessBasicInformation, @vProcessBasicInformation, SizeOf(vProcessBasicInformation), nil) <> 0 then Exit; if not ReadProcessMemory(vProcess, vProcessBasicInformation.PebBaseAddress, @vPEB, SizeOf(vPEB), vNumberOfBytesRead) then Exit; if not ReadProcessMemory(vProcess, vPEB.ProcessParameters, @vProcessParameters, SizeOf(vProcessParameters), vNumberOfBytesRead) then Exit; SetLength(Result, vProcessParameters.CommandLine.Length div 2); if not ReadProcessMemory(vProcess, vProcessParameters.CommandLine.Buffer, @Result[1], vProcessParameters.CommandLine.Length, vNumberOfBytesRead) then Exit; finally CloseHandle(vProcess); end; end; { Process_CmdLine }
[/code]
相关文章推荐
- 获取其他进程命令行
- 获取其他进程的命令行(ReadProcessMemory其它进程的PPROCESS_PARAMETERS和PEB结构体)
- delphi 获取其他进程句柄的几种方法
- 获取其他进程中“Internet Explorer_TridentCmboBx”的内容
- GetCommandLine 获取当前进程的命令行字符串 对字符串进行分割
- 获取其他进程中ListBox和ComboBox的内容
- 摆脱DLL"地狱"的困扰之获取进程的命令行
- 获取其他进程中StatusBar的文本
- 获取进程命令行之三
- VC获取其他进程ListCtrl内容
- 获取其他进程listctrl的内容
- 提升权限获取其他系统进程的路径(转)
- Cmd 获取进程命令行
- 获取其他进程的状态
- 获取其他进程中ListBox和ComboBox的内容
- 怎么来获取其他进程中DBGrid的文本内容啊
- Hook或者API高手请进-跨进程获取其他程序的DBGrid内容(其它人做的程序)
- C++ 获取其它进程命令行
- 跨进程获取其他程序的DBGrid内容
- 【Demo 0030】获取其他进程窗体信息(防SPY++)