|
Click to See Complete Forum and Search --> : Get a process command line rst February 23rd, 2005, 04:56 AM Hello all I'm interested if it is possible to find the command line used to start a certain process (not the current process). Thx Cristi Mick February 23rd, 2005, 05:18 AM The two common ways are: 1) Use CreateRemoteThread(...) and inject a thread into the process to call GetCommandLine(...) then read/write process memory. [use google you will find sample code]. This is the most intrusive way. 2) The clearner method is to use the Native API and NtQueryInformationProcess(...) getting the process basic information enum so you can get the PEB. The command line is stored in the PROCESS_PARAMETERS (peb) as a unicode string. You can use google again, since I am sure there is probably sample code out there. For things like this you should pick up Gary Nebbets Windows NT/2000 Native API reference. rst February 23rd, 2005, 07:05 AM Your are the perfect programmer man ! Thanks Cristi codeguru.com
Copyright Internet.com Inc., All Rights Reserved. |
|