概述
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
typedef enum { ObjectNameInformation = 1 } OBJECT_INFORMATION_CLASS;
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
typedef struct _OBJECT_NAME_INFORMATION {
UNICODE_STRING ObjectName;
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
typedef NTSTATUS(WINAPI *NTQUERYOBJECT)
(IN HANDLE Handle,
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
OUT PVOID ObjectInformation,
IN ULONG ObjectInformationLength,
OUT PULONG ReturnLength);
typedef enum _PROCESSINFOCLASS {
ProcessBasicInformation = 0,ProcessDebugPort = 7,
ProcessWow64Information = 26,
ProcessImageFileName = 27,
ProcessBreakOnTermination = 29
} PROCESSINFOCLASS;
typedef NTSTATUS(NTAPI *pfnNtQueryInformationProcess)(
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
BOOL GetProcessCmdLine(const DWORD dwPID, std::wstring &strCmdLine)
{
typedef ULONG PPS_POST_PROCESS_INIT_ROUTINE;
// Used in PEB struct
typedef struct _smPEB_LDR_DATA {
BYTE Reserved1[8];
PVOID Reserved2[3];
LIST_ENTRY InMemoryOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;
#define MAX_UNICODE_PATH 32767L
// Used in PEB struct
typedef struct _smRTL_USER_PROCESS_PARAMETERS {
BYTE Reserved1[16];
PVOID Reserved2[10];
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
typedef struct _smPEB {
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[1];
PVOID Reserved3[2];
PPEB_LDR_DATA Ldr;
PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
BYTE Reserved4[104];
PVOID Reserved5[52];
PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
BYTE Reserved6[128];
PVOID Reserved7[1];
ULONG SessionId;
} smPEB, *smPPEB;
typedef struct _PEB {
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[1];
PVOID Reserved3[2];
PPEB_LDR_DATA Ldr;
PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
PVOID Reserved4[3];
PVOID AtlThunkSListPtr;
PVOID Reserved5;
ULONG Reserved6;
PVOID Reserved7;
ULONG Reserved8;
ULONG AtlThunkSListPtr32;
PVOID Reserved9[45];
BYTE Reserved10[96];
PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
BYTE Reserved11[128];
PVOID Reserved12[1];
ULONG SessionId;
} PEB, *PPEB;
typedef struct _smPROCESS_BASIC_INFORMATION {
LONG ExitStatus;
PPEB PebBaseAddress;
ULONG_PTR AffinityMask;
LONG BasePriority;
ULONG_PTR UniqueProcessId;
ULONG_PTR InheritedFromUniqueProcessId;
} smPROCESS_BASIC_INFORMATION, *smPPROCESS_BASIC_INFORMATION;
RTL_USER_PROCESS_PARAMETERS peb_upp = { 0 };
smPEB peb = { 0 };
HANDLE hProcess = NULL;
smPPROCESS_BASIC_INFORMATION pbi = NULL;
BOOL bRet = FALSE;
WCHAR *pwszBuffer = NULL;
TCHAR szCmdLine[MAX_UNICODE_PATH] = { 0 };
HMODULE hNtDll = LoadLibraryW(L"ntdll.dll");
if (!hNtDll)
return FALSE;
pfnNtQueryInformationProcess func = (pfnNtQueryInformationProcess)GetProcAddress(hNtDll, "NtQueryInformationProcess");
if (func == NULL)
return FALSE;
do
{
try
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwPID);
if (hProcess == INVALID_HANDLE_VALUE)
break;
DWORD dwSize = sizeof(smPROCESS_BASIC_INFORMATION);
pbi = (smPPROCESS_BASIC_INFORMATION)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize);
// Did we successfully allocate memory
if (!pbi)
break;
DWORD dwSizeNeeded = 0;
NTSTATUS dwStatus = func(hProcess, ProcessBasicInformation,
pbi, dwSize, &dwSizeNeeded);
if (dwStatus >= 0 && dwSize < dwSizeNeeded)
{
if (pbi)
HeapFree(GetProcessHeap(), 0, pbi);
pbi = (smPPROCESS_BASIC_INFORMATION)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSizeNeeded);
if (!pbi)
break;
dwStatus = func(hProcess, ProcessBasicInformation,
pbi, dwSizeNeeded, &dwSizeNeeded);
}
if (NULL == pbi->PebBaseAddress)
break;
DWORD dwBytesRead = 0;
if (!ReadProcessMemory(hProcess, pbi->PebBaseAddress, &peb, sizeof(peb), (SIZE_T*)&dwBytesRead))
break;
dwBytesRead = 0;
if (!ReadProcessMemory(hProcess, peb.ProcessParameters, &peb_upp,
sizeof(RTL_USER_PROCESS_PARAMETERS), (SIZE_T*)&dwBytesRead))
break;
if (peb_upp.CommandLine.Length <= 0)
break;
pwszBuffer = (WCHAR *)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, peb_upp.CommandLine.Length);
if (NULL == pwszBuffer)
break;
if (!ReadProcessMemory(hProcess,
peb_upp.CommandLine.Buffer,
pwszBuffer,
peb_upp.CommandLine.Length,
(SIZE_T*)&dwBytesRead))
break;
// if commandline is larger than our variable, truncate
DWORD dwBufferSize = 0;
if (peb_upp.CommandLine.Length >= sizeof(szCmdLine))
dwBufferSize = sizeof(szCmdLine) - sizeof(TCHAR);
else
dwBufferSize = peb_upp.CommandLine.Length;
// Copy CommandLine to our structure variable
#if defined(UNICODE) || (_UNICODE)
StringCbCopyN(szCmdLine, sizeof(szCmdLine),
pwszBuffer, dwBufferSize);
#else
WideCharToMultiByte(CP_ACP, 0, pwszBuffer,
(int)(dwBufferSize / sizeof(WCHAR)),
szCmdLine, sizeof(szCmdLine),
NULL, NULL);
#endif
bRet = TRUE;
strCmdLine = szCmdLine;
}
catch (...)
{
}
} while (FALSE);
if (hProcess)
CloseHandle(hProcess);
hProcess = NULL;
if (pbi)
HeapFree(GetProcessHeap(), 0, pbi);
pbi = NULL;
if (pwszBuffer)
HeapFree(GetProcessHeap(), 0, pwszBuffer);
pwszBuffer = NULL;
return bRet;
}
最后
以上就是深情指甲油为你收集整理的根据进程名获取启动参数的全部内容,希望文章能够帮你解决根据进程名获取启动参数所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复