获取进程命令行参数-白红宇

获取进程命令行参数

阅读量：5787 次

发布时间：2019-06-18

本文共 1482 字，大约阅读时间需要 4 分钟。

#include 
    
     #include 
     
      #include 
      
       //获取进程命令行BOOL GetProcessCommandLine(HANDLE hProcess, LPTSTR pszCmdLine, DWORD cchCmdLine){  BOOL      bRet;  DWORD      dwPos;  LPBYTE      lpAddr;  DWORD_PTR    dwRetLen;  bRet = FALSE;  dwPos = 0;  lpAddr = (LPBYTE)GetCommandLine;Win7:  if(lpAddr[dwPos] == 0xeb && lpAddr[dwPos + 1] == 0x05)  {    dwPos += 2;    dwPos += 5;Win8:    if(lpAddr[dwPos] == 0xff && lpAddr[dwPos + 1] == 0x25)    {      dwPos += 2;      lpAddr = *(LPBYTE*)(lpAddr + dwPos);      dwPos = 0;      lpAddr = *(LPBYTE*)lpAddr;WinXp:      if(lpAddr[dwPos] == 0xa1)      {        dwPos += 1;        lpAddr = *(LPBYTE*)(lpAddr + dwPos);        bRet = ReadProcessMemory(hProcess,          lpAddr,          &lpAddr,          sizeof(LPBYTE),          &dwRetLen);        if(bRet)        {          bRet = ReadProcessMemory(hProcess,            lpAddr,            pszCmdLine,            cchCmdLine,            &dwRetLen);        }      }    }    else    {            goto WinXp;    }  }  else  {    goto Win8;  }  return bRet;}int main(int argc, TCHAR *argv[]){  TCHAR szPath[1024];  HANDLE hProcess;  if(argc != 2)//参数一是进程PID    return 1;  hProcess = OpenProcess(PROCESS_VM_READ, FALSE, _tcstoul(argv[1], NULL, 10));  if(hProcess)  {    if(GetProcessCommandLine(hProcess, szPath, 1024))    {      printf("%s\n", szPath);    }    CloseHandle(hProcess);  }  return 0;}

tcc a.c -o getargv.exe

出处: