获取其他进程命令行

很简单，我们想获取直接取读就好。原理不详细叙述，看代码就一清二楚了，XP及VISTA下测试通过，2K、03下未测试，应该能通过，98下不能通过。
 
软件下载地址：
http://download.csdn.net/user/zcsor
http://download.csdn.net/source/312771

 
完整源码：

 
Public Class frmMain

 

    'API声明部分

    Private Declare Function OpenProcess Lib "kernel32" (ByVal Access As Int32, ByVal InheritHandle As Boolean, ByVal ProcessId As Int32) As Int32

    Private Declare Function CloseHandle Lib "kernel32" (ByVal Handle As Int32) As Boolean

    Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByVal lpBuffer() As Byte, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer

    Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Integer

    Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Integer, ByVal lpProcName As String) As Integer

 

    Private Sub GetProInfo_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles GetProInfo.Click

        lstView.Items.Clear()

        '获取启动参数指针

        Dim lpAddress As Integer = GetProcAddress(GetModuleHandle("kernel32"), "GetCommandLineA") + 1

        Dim lpBuffer(511) As Byte, tmpBuffer(3) As Byte

        ReadProcessMemory(OpenProcess(&H1F0FFF, True, Process.GetCurrentProcess.Id), lpAddress, tmpBuffer, 4, 0)

        Dim baseaddr As Integer = System.BitConverter.ToInt32(tmpBuffer, 0)

        '遍历进程，取其启动参数

        Dim pros As Process() = Process.GetProcesses

        For i As Integer = 0 To pros.Length - 1

            Dim hProcess As Integer = OpenProcess(&H1F0FFF, True, pros(i).Id)

            lstView.Items.Add(pros(i).ProcessName)

            lstView.Items(i).SubItems.Add(Hex(pros(i).Id).PadLeft(8, "0") & "[" & pros(i).Id.ToString.PadLeft(4, "0") & "]")

            ReadProcessMemory(hProcess, baseaddr, tmpBuffer, 4, 0)

            Dim readaddr As Integer = System.BitConverter.ToInt32(tmpBuffer, 0)

            ReadProcessMemory(hProcess, readaddr, lpBuffer, 512, 0)

            lstView.Items(i).SubItems.Add(System.Text.Encoding.GetEncoding("GB2312").GetString(lpBuffer))

        Next

    End Sub

    '以下为非关键代码，仅实现点击表头时的增减序排列

    Private Rise As Boolean

    Private Sub lstView_ColumnClick(ByVal sender As Object, ByVal e As System.Windows.Forms.ColumnClickEventArgs) Handles lstView.ColumnClick

        lstView.ListViewItemSorter = New ListViewItemComparer(e.Column, Rise)

        lstView.ListViewItemSorter = Nothing

        Rise = Not Rise

    End Sub

End Class

'以下非关键类，仅实现IComparer接口

Class ListViewItemComparer

    Implements IComparer

    Private col As Integer

    Private Rs As Boolean

    Public Sub New(ByVal column As Integer, ByVal rise As Boolean)

        col = column

        Rs = rise

    End Sub

    Public Function Compare(ByVal x As Object, ByVal y As Object) As Integer Implements IComparer.Compare

        Try

            If Rs Then

                Return [String].Compare(CType(x, ListViewItem).SubItems(col).Text, CType(y, ListViewItem).SubItems(col).Text)

            Else

                Return [String].Compare(CType(y, ListViewItem).SubItems(col).Text, CType(x, ListViewItem).SubItems(col).Text)

            End If

        Catch ex As Exception

            MsgBox(ex.ToString)

        End Try

    End Function

End Class

效果如下：