leachim
December 11th, 2006, 12:49 PM
Hi,
I have a function which delivers the starting parameters of other processes.
It works correctly on 32bit Windows, but not on 64bit Windows.
Is there any person who can help me?
#define BLOCK_ADDRESS (LPVOID)0x00020498
void ExtProcInfo::GetProcessCmdLine(DWORD pid,char* sCmdLine,int sizeCmdLine)
{
LPBYTE lpPos=NULL;
DWORD dwBytesRead;
MEMORY_BASIC_INFORMATION mbi;
HANDLE hProcess=NULL;
try {
if(sizeCmdLine<=0)
throw BASEException("size of command line buffer is 0");
InitBuffer();
EnableTokenPrivilege(SE_DEBUG_NAME);
if(pid==0) {
strncpy(sCmdLine,"System Idle Process",sizeCmdLine);
sCmdLine[sizeCmdLine-1]='\0';
return;
}
sCmdLine[0]='\0';
if((hProcess=OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_QUERY_INFORMATION,FALSE,pid))==NULL) {
char sError[100];
sError[sizeof(sError)-1]='\0';
snprintf(sError,sizeof(sError),"failed to open process - pid: %lu",pid);
throw BASEException(sError);
}
if(VirtualQueryEx(hProcess,BLOCK_ADDRESS,&mbi,sizeof(mbi))==0)
throw BASEException("virtual query ex failed");
if(IsBadReadPtr(mbi.BaseAddress,1))
throw BASEException("bad read pointer 1");
if(!ReadProcessMemory(hProcess,mbi.BaseAddress,(LPVOID)m_lpBuffer,m_sysinfo.dwPageSize,&dwBytesRead))
throw BASEException("reading process memory failed");
lpPos=m_lpBuffer+((DWORD)BLOCK_ADDRESS-(DWORD)mbi.BaseAddress);
if(IsBadReadPtr(lpPos,1))
throw BASEException("bad read pointer 2");
lpPos=lpPos+(wcslen((LPWSTR)lpPos)+1)*sizeof(WCHAR);
lpPos=(LPBYTE)ALIGN_DWORD((DWORD)lpPos);
if(IsBadReadPtr(lpPos,1))
throw BASEException("bad read pointer 3");
lpPos=lpPos+(wcslen((LPWSTR)lpPos)+1)*sizeof(WCHAR);
if(*lpPos=='\0')
lpPos+=sizeof(WCHAR);
if(IsBadReadPtr(lpPos,1))
throw BASEException("bad read pointer 4");
sCmdLine[sizeCmdLine-1]='\0';
if(WideCharToMultiByte(CP_ACP,0,(LPWSTR)lpPos,-1,sCmdLine,sizeCmdLine-1,NULL,NULL)<=0)
sCmdLine[0]='\0';
if(sCmdLine[0]=='\0')
throw BASEException("command line is empty");
}
catch(BASEException &e) {
if(hProcess!=NULL)
CloseHandle(hProcess);
char sError[100];
snprintf(sError,sizeof(sError),"failed to get process command line: %s,error %lu",e.GetMsg(),GetLastError());
sError[sizeof(sError)-1]='\0';
BASEException ee(sError,"ExtProcInfo::GetProcessCmdLine");
if(strlen(e.GetFkt())>0)
ee.SetFkt(e.GetFkt());
throw ee;
}
CloseHandle(hProcess);
}
I have a function which delivers the starting parameters of other processes.
It works correctly on 32bit Windows, but not on 64bit Windows.
Is there any person who can help me?
#define BLOCK_ADDRESS (LPVOID)0x00020498
void ExtProcInfo::GetProcessCmdLine(DWORD pid,char* sCmdLine,int sizeCmdLine)
{
LPBYTE lpPos=NULL;
DWORD dwBytesRead;
MEMORY_BASIC_INFORMATION mbi;
HANDLE hProcess=NULL;
try {
if(sizeCmdLine<=0)
throw BASEException("size of command line buffer is 0");
InitBuffer();
EnableTokenPrivilege(SE_DEBUG_NAME);
if(pid==0) {
strncpy(sCmdLine,"System Idle Process",sizeCmdLine);
sCmdLine[sizeCmdLine-1]='\0';
return;
}
sCmdLine[0]='\0';
if((hProcess=OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_QUERY_INFORMATION,FALSE,pid))==NULL) {
char sError[100];
sError[sizeof(sError)-1]='\0';
snprintf(sError,sizeof(sError),"failed to open process - pid: %lu",pid);
throw BASEException(sError);
}
if(VirtualQueryEx(hProcess,BLOCK_ADDRESS,&mbi,sizeof(mbi))==0)
throw BASEException("virtual query ex failed");
if(IsBadReadPtr(mbi.BaseAddress,1))
throw BASEException("bad read pointer 1");
if(!ReadProcessMemory(hProcess,mbi.BaseAddress,(LPVOID)m_lpBuffer,m_sysinfo.dwPageSize,&dwBytesRead))
throw BASEException("reading process memory failed");
lpPos=m_lpBuffer+((DWORD)BLOCK_ADDRESS-(DWORD)mbi.BaseAddress);
if(IsBadReadPtr(lpPos,1))
throw BASEException("bad read pointer 2");
lpPos=lpPos+(wcslen((LPWSTR)lpPos)+1)*sizeof(WCHAR);
lpPos=(LPBYTE)ALIGN_DWORD((DWORD)lpPos);
if(IsBadReadPtr(lpPos,1))
throw BASEException("bad read pointer 3");
lpPos=lpPos+(wcslen((LPWSTR)lpPos)+1)*sizeof(WCHAR);
if(*lpPos=='\0')
lpPos+=sizeof(WCHAR);
if(IsBadReadPtr(lpPos,1))
throw BASEException("bad read pointer 4");
sCmdLine[sizeCmdLine-1]='\0';
if(WideCharToMultiByte(CP_ACP,0,(LPWSTR)lpPos,-1,sCmdLine,sizeCmdLine-1,NULL,NULL)<=0)
sCmdLine[0]='\0';
if(sCmdLine[0]=='\0')
throw BASEException("command line is empty");
}
catch(BASEException &e) {
if(hProcess!=NULL)
CloseHandle(hProcess);
char sError[100];
snprintf(sError,sizeof(sError),"failed to get process command line: %s,error %lu",e.GetMsg(),GetLastError());
sError[sizeof(sError)-1]='\0';
BASEException ee(sError,"ExtProcInfo::GetProcessCmdLine");
if(strlen(e.GetFkt())>0)
ee.SetFkt(e.GetFkt());
throw ee;
}
CloseHandle(hProcess);
}