> this can be done through another way as well.
Well, now you know why I did not mention detours
as a solution ($10K for 64 bit, research etc.)
Note however, that detouring as described in detours
1.5 (previous) and/or 2.0 (current, IIRC) - btw, 1.5 and 2.0
are very different - is not the only way to hook, there are
a couple of open source projects that do the job as well,
so a free detouring solution does exist.
I pointed to Richter’s injection scheme b/c it is a ready-made
piece of code that starts working immediately. As I noted,
it does need polishing, but you know whether it is a fit or not in
one day.
[Why on earth it cannot be done through API, without
standing on your head, beats me. When I needed that
back in 2000, I naively thought that hey, I will OpenProcess
and then some API will give me everything I need about
a process of interest. Turns out the answer is no.
Go ahead and dance this strange dance with PEB or
hooking or code injection. Why??? ]
----- Original Message -----
From: sivakumar thulasimani
To: Windows System Software Devs Interest List
Sent: Wednesday, July 29, 2009 12:48 AM
Subject: Re: Re:[ntdev] Retriving Command-Line
I did not read this article, but based on your suggestion this can be done through another way as well.
the OP can check for Detours API from MS Research, it has some great features exactly for this kind of scenario. It allows you to write a DLL that can “hook” (don’t know if that’s the right word) system or other function and run your code through the target app. This way you can easily get the command line from the thirdparty exe. Just a possible way to try ![:slight_smile: :slight_smile:](/images/emoji/twitter/slight_smile.png?v=12)
-rtshiva
On Wed, Jul 29, 2009 at 1:15 AM, Alex Shvedov wrote:
Can PSAPI.DLL help you?
It does not [to my big surprise, I would add.]
Here is what works, OP, here is the link I had in mind:
http://msdn.microsoft.com/en-us/magazine/bb985842.aspx
The code is not very good, but quite fixable.
Search for GetRemoteCmdLine in the code.
The author’s idea is to inject his DLL a la Jeffrey
Richter and grab the [remote] cmd line from
within the process itself, which is trivial.
Again, Richter’s code from the book is bad, and
that Nasarre guy also has a couple of bugs (leaks,
actually - I notified him, but it was too late), so
pay attention.
Then goes the usual round-about with inverted call,
I assume this part does not require comments.
----- Original Message ----- From: “Maxim S. Shatskih”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Tuesday, July 28, 2009 2:22 PM
Subject: Re:[ntdev] Retriving Command-Line
Yes I want it in ser mode.
Can PSAPI.DLL help you?
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer