03.10.2007, 19:11
|
|
Banned
Регистрация: 18.05.2005
Сообщений: 1,981
Провел на форуме:
1941233
Репутация:
2726
|
|
Вообще, по хорошему, надо использовать
ZwQueryInformationProcess(), но т.к. вам это все равно не обьяснишь, придется сделать так:
(наверное для всех WinNT)
Код:
#define PID 1072 // PID of target process
static LPSTR szGetCommandLineA = "GetCommandLineA";
static LPSTR szKernel32 = "kernel32.dll";
static ULONG uRead;
static ULONG uCmdLineAddr;
LPSTR __declspec(naked) __stdcall getCommandLineProcess( ULONG uPid ) {
__asm {
push ebp
mov ebp, esp
call dword ptr [GetProcessHeap]
push MAX_PATH
push HEAP_ZERO_MEMORY
push eax
call dword ptr [HeapAlloc] // allocate heap
mov edi, eax
push dword ptr [uPid]
push 0
push PROCESS_VM_READ
call dword ptr [OpenProcess] // open process
test eax, eax
jz err
mov ebx, eax
push szKernel32
call dword ptr [GetModuleHandle]
push szGetCommandLineA
push eax
call dword ptr [GetProcAddress] // get addr of GetCommandLineA
mov eax, dword ptr [eax+1] // get operand of [GetCommandLineA] first instruction (mov eax, [...])
push offset uRead
push 4
push offset uCmdLineAddr
push eax
push ebx
call dword ptr [ReadProcessMemory] // read address of command line string
push offset uRead
push MAX_PATH
push edi
push dword ptr [uCmdLineAddr]
push ebx
call dword ptr [ReadProcessMemory] // read command line
pop ebp
jmp e
err:
and eax, 0 // error
e:
mov eax, edi // ok
retn 4
}
}
LPSTR szCmdLine = getCommandLineProcess( PID );
MessageBox( 0,
szCmdLine,
"Cmd line of process",
MB_ICONINFORMATION );
HeapFree( GetProcessHeap(), 0, szCmdLine );
|
|
|