Hi All,
Under Windows XP, How will I get “Command Line Arguments” of any process
from some other process (either by passing Handle/PID of the process, or
some other info) ?
GetCommandLine( ) just gives the values of CURRENT PROCESS only.
Basically, I am running many Batch files. But, all run as “Cmd.exe”.
From some other process how to get the command line of these processes ?
Thanks,
Sathya
Disasseble GetCommandLineW. It just takes some data from the fixed
address in NTDLL data section.
Then use ReadProcessMemory from the same address in other process.
Max
----- Original Message -----
From: “Sathyanarayanan Srinivasan”
To: “NT Developers Interest List”
Sent: Wednesday, December 04, 2002 1:47 PM
Subject: [ntdev] Getting Cmd Line Args of a Process
Hi All,
Under Windows XP, How will I get “Command Line Arguments” of any
process
from some other process (either by passing Handle/PID of the process,
or
some other info) ?
GetCommandLine( ) just gives the values of CURRENT PROCESS only.
Basically, I am running many Batch files. But, all run as “Cmd.exe”.
From some other process how to get the command line of these processes
?
Thanks,
Sathya
—
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to %%email.unsub%%
That is a dame smart solution!
Gurus in this forum can never fail to amaze me.
Bi
-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Wednesday, December 04, 2002 6:35 AM
To: NT Developers Interest List
Subject: [ntdev] Re: Getting Cmd Line Args of a Process
Disasseble GetCommandLineW. It just takes some data from the fixed
address in NTDLL data section.
Then use ReadProcessMemory from the same address in other process.
Max
----- Original Message -----
From: “Sathyanarayanan Srinivasan”
To: “NT Developers Interest List”
Sent: Wednesday, December 04, 2002 1:47 PM
Subject: [ntdev] Getting Cmd Line Args of a Process
Hi All,
Under Windows XP, How will I get “Command Line Arguments” of any
process
from some other process (either by passing Handle/PID of the process,
or
some other info) ?
GetCommandLine( ) just gives the values of CURRENT PROCESS only.
Basically, I am running many Batch files. But, all run as “Cmd.exe”.
From some other process how to get the command line of these processes
?
Thanks,
Sathya
—
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to ntdev as: xxxxx@appstream.com
To unsubscribe send a blank email to %%email.unsub%%
HIGHLY hacky, non-portable, and potentially not forward compatible, mind
you. Not recommended for production code.
Chuck
----- Original Message -----
From: “Bi Chen”
To: “NT Developers Interest List”
Sent: Thursday, December 05, 2002 2:03 AM
Subject: [ntdev] Re: Getting Cmd Line Args of a Process
> That is a dame smart solution!
>
> Gurus in this forum can never fail to amaze me.
>
> Bi
>
> -----Original Message-----
> From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
> Sent: Wednesday, December 04, 2002 6:35 AM
> To: NT Developers Interest List
> Subject: [ntdev] Re: Getting Cmd Line Args of a Process
>
>
> Disasseble GetCommandLineW. It just takes some data from the fixed
> address in NTDLL data section.
> Then use ReadProcessMemory from the same address in other process.
>
> Max
>
> ----- Original Message -----
> From: “Sathyanarayanan Srinivasan”
>
> To: “NT Developers Interest List”
> Sent: Wednesday, December 04, 2002 1:47 PM
> Subject: [ntdev] Getting Cmd Line Args of a Process
>
>
> Hi All,
>
> Under Windows XP, How will I get “Command Line Arguments” of any
> process
> from some other process (either by passing Handle/PID of the process,
> or
> some other info) ?
>
> GetCommandLine( ) just gives the values of CURRENT PROCESS only.
>
> Basically, I am running many Batch files. But, all run as “Cmd.exe”.
> >From some other process how to get the command line of these
processes
> ?
>
> Thanks,
> Sathya
Another solution. The command line is pointed at by the PEB, which can
be found at fs:0x18.
Somebody here even know the PEB structure details I think.
Max
----- Original Message -----
From: “Chuck Batson”
To: “NT Developers Interest List”
Sent: Wednesday, December 04, 2002 10:43 PM
Subject: [ntdev] Re: Getting Cmd Line Args of a Process
> HIGHLY hacky, non-portable, and potentially not forward compatible,
mind
> you. Not recommended for production code.
>
> Chuck
>
> ----- Original Message -----
> From: “Bi Chen”
> To: “NT Developers Interest List”
> Sent: Thursday, December 05, 2002 2:03 AM
> Subject: [ntdev] Re: Getting Cmd Line Args of a Process
>
>
> > That is a dame smart solution!
> >
> > Gurus in this forum can never fail to amaze me.
> >
> > Bi
> >
> > -----Original Message-----
> > From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
> > Sent: Wednesday, December 04, 2002 6:35 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] Re: Getting Cmd Line Args of a Process
> >
> >
> > Disasseble GetCommandLineW. It just takes some data from the fixed
> > address in NTDLL data section.
> > Then use ReadProcessMemory from the same address in other process.
> >
> > Max
> >
> > ----- Original Message -----
> > From: “Sathyanarayanan Srinivasan”
> >
> > To: “NT Developers Interest List”
> > Sent: Wednesday, December 04, 2002 1:47 PM
> > Subject: [ntdev] Getting Cmd Line Args of a Process
> >
> >
> > Hi All,
> >
> > Under Windows XP, How will I get “Command Line Arguments” of any
> > process
> > from some other process (either by passing Handle/PID of the
process,
> > or
> > some other info) ?
> >
> > GetCommandLine( ) just gives the values of CURRENT PROCESS only.
> >
> > Basically, I am running many Batch files. But, all run as
“Cmd.exe”.
> > >From some other process how to get the command line of these
> processes
> > ?
> >
> > Thanks,
> > Sathya
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>
A better solution would be to create a remote thread
in the other process and get the output of
GetCommandLine() through it. Not relying on the undoc
stuff!!
— “Maxim S. Shatskih”
wrote: > Another solution. The command line is pointed
at by
> the PEB, which can
> be found at fs:0x18.
> Somebody here even know the PEB structure details I
> think.
>
> Max
>
> ----- Original Message -----
> From: “Chuck Batson”
> To: “NT Developers Interest List”
>
> Sent: Wednesday, December 04, 2002 10:43 PM
> Subject: [ntdev] Re: Getting Cmd Line Args of a
> Process
>
>
> > HIGHLY hacky, non-portable, and potentially not
> forward compatible,
> mind
> > you. Not recommended for production code.
> >
> > Chuck
> >
> > ----- Original Message -----
> > From: “Bi Chen”
> > To: “NT Developers Interest List”
>
> > Sent: Thursday, December 05, 2002 2:03 AM
> > Subject: [ntdev] Re: Getting Cmd Line Args of a
> Process
> >
> >
> > > That is a dame smart solution!
> > >
> > > Gurus in this forum can never fail to amaze me.
> > >
> > > Bi
> > >
> > > -----Original Message-----
> > > From: Maxim S. Shatskih
> [mailto:xxxxx@storagecraft.com]
> > > Sent: Wednesday, December 04, 2002 6:35 AM
> > > To: NT Developers Interest List
> > > Subject: [ntdev] Re: Getting Cmd Line Args of a
> Process
> > >
> > >
> > > Disasseble GetCommandLineW. It just takes some
> data from the fixed
> > > address in NTDLL data section.
> > > Then use ReadProcessMemory from the same address
> in other process.
> > >
> > > Max
> > >
> > > ----- Original Message -----
> > > From: “Sathyanarayanan Srinivasan”
> > >
> > > To: “NT Developers Interest List”
>
> > > Sent: Wednesday, December 04, 2002 1:47 PM
> > > Subject: [ntdev] Getting Cmd Line Args of a
> Process
> > >
> > >
> > > Hi All,
> > >
> > > Under Windows XP, How will I get “Command Line
> Arguments” of any
> > > process
> > > from some other process (either by passing
> Handle/PID of the
> process,
> > > or
> > > some other info) ?
> > >
> > > GetCommandLine( ) just gives the values of
> CURRENT PROCESS only.
> > >
> > > Basically, I am running many Batch files. But,
> all run as
> “Cmd.exe”.
> > > >From some other process how to get the command
> line of these
> > processes
> > > ?
> > >
> > > Thanks,
> > > Sathya
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as:
> xxxxx@storagecraft.com
> > To unsubscribe send a blank email to
> %%email.unsub%%
> >
>
>
>
> —
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
%%email.unsub%%
________________________________________________________________________
Missed your favourite TV serial last night? Try the new, Yahoo! TV.
visit http://in.tv.yahoo.com
Check out
Although, I have not tried it on XP, I believe, it
will work as is on XP.
-Prasad
— Sathyanarayanan Srinivasan
wrote:
> Hi All,
>
> Under Windows XP, How will I get “Command Line
> Arguments” of any process
> from some other process (either by passing
> Handle/PID of the process, or
> some other info) ?
>
> GetCommandLine( ) just gives the values of CURRENT
> PROCESS only.
>
> Basically, I am running many Batch files. But, all
> run as “Cmd.exe”.
> From some other process how to get the command line
> of these processes ?
>
> Thanks,
> Sathya
>
>
> —
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
%%email.unsub%%
=====
Prasad S. Dabak
Chief Software Architect
Ensim India Private Limited
http://www.ensim.com
Co-author of the book “Undocumented Windows NT”
ISBN 0764545698
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Here is working sample ( This will take Process ID as paramater ) :
#include “stdafx.h”
#include <windows.h>
#include <stdlib.h>
#include <conio.h>
int main(int argc, char* argv)
{
WCHAR wBuffer [510] ;
char CmdLineBuffer [510] ;
HANDLE hProcess ;
DWORD Offset1= 0 , Offset2 = 0 ;
DWORD Dummy = 0 ;
ZeroMemory ( &CmdLineBuffer, sizeof ( CmdLineBuffer ) ) ;
hProcess = OpenProcess ( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, atoi ( argv[1] ) );
if ( !hProcess )
return(FALSE);
// 0x10 is offset of PROCESS_PARAMETERS
if ( !ReadProcessMemory ( hProcess, (LPCVOID)(0x7ffdf000+0x10), &Offset1,
sizeof(Offset1), &Dummy ) )
return(FALSE);
Offset1 += 0x44; // Command line offset
if ( !ReadProcessMemory ( hProcess, (LPCVOID)Offset1, &Offset2,
sizeof(Offset2), &Dummy ) )
return(FALSE);
if ( !ReadProcessMemory ( hProcess, (LPCVOID)Offset2, &wBuffer, 500,
&Dummy ) )
return(FALSE);
WideCharToMultiByte( CP_ACP, 0, wBuffer, -1, CmdLineBuffer, 500, NULL,
NULL );
printf ( “Command line = %s”, CmdLineBuffer );
getch();
return 0;
}
Hope this helps.
Regards,
Satish K.S
----- Original Message -----
From: “Sathyanarayanan Srinivasan”
To: “NT Developers Interest List”
Sent: Wednesday, December 04, 2002 4:17 PM
Subject: [ntdev] Getting Cmd Line Args of a Process
Hi All,
Under Windows XP, How will I get “Command Line Arguments” of any process
from some other process (either by passing Handle/PID of the process, or
some other info) ?
GetCommandLine( ) just gives the values of CURRENT PROCESS only.
Basically, I am running many Batch files. But, all run as “Cmd.exe”.
From some other process how to get the command line of these processes ?
Thanks,
Sathya
—
You are currently subscribed to ntdev as: xxxxx@aalayance.com
To unsubscribe send a blank email to %%email.unsub%%</conio.h></stdlib.h></windows.h>