type
unicode_string
=packed
record
length
:word
;maximumlength
:word
;buffer
:pwidechar
;end
;punicode_string
=unicode_string
;type
process_parameters
=packed
record
allocationsize
:ulong
;actualsize
:ulong
;flags
:ulong
;unknown1
:ulong
;unknown2
:unicode_string
;inputhandle
:thandle
;outputhandle
:thandle
;errorhandle
:thandle
;currentdirectory
:unicode_string
;currentdirectoryhandle
:thandle
;searchpaths
:unicode_string;:
unicode_string
;commandline
:unicode_string
;environmentblock
:pointer
;unknown
:array[0
..9-1
]of
ulong
;unknown3
:unicode_string
;unknown4
:unicode_string
;unknown5
:unicode_string
;unknown6
:unicode_string
;end
;pprocess_parameters=^
process_parameters
;(*//
type
_peb = packed record
reserved1: array[0..2 - 1] of byte;
beingdebugged: byte;
reserved2: array[0..229 - 1] of byte;
reserved3: array[0..59 - 1] of pointer;
sessionid: ulong;
end;
peb = _peb;
ppeb = ^peb;
//*)
type
peb=
packed
record
allocationsize
:ulong
;unknown1
:ulong
;processhinstance
:longword
;listdlls
:pointer
;processparameters
:pprocess_parameters
;unknown2
:ulong
;heap
:thandle
;end
;ppeb=^
peb;
type
_process_basic_information
=packed
record
reserved1
:pointer
;pebbaseaddress
:ppeb
;reserved2
:array[0
..1]of
pointer
;uniqueprocessid
:pulong
;reserved3
:pointer
;end
;process_basic_information
=_process_basic_information
;pprocess_basic_information=^
process_basic_information
;processinfoclass=(
processbasicinformation=0
,processwow64information=26
);ntstatus
=dword
;function
ntqueryinformationprocess
(processhandle
:thandle
;processinformationclass
:processinfoclass
;processinformation
:pointer
;processinformationlength
:ulong
;returnlength
:pulong
):ntstatus
;stdcall
;external
'ntdll.dll'
name
'ntqueryinformationprocess'
;function
process_cmdline
(mprocessid
:thandle
):widestring
;var
vprocess
:thandle
;vprocessbasicinformation
:process_basic_information
;vpeb
:peb
;vnumberofbytesread
:longword
;vprocessparameters
:process_parameters
;begin
//設計 zswang 2006-09-09 wjhu111#21cn.com 尊重作者,轉貼請註明出處
result
:=''
;vprocess
:=openprocess
(process_query_information
orprocess_vm_read
,false
,mprocessid
);if
vprocess=0
then
exit
;try
ifntqueryinformationprocess
(vprocess
,processbasicinformation,@
vprocessbasicinformation
,sizeof
(vprocessbasicinformation
),nil
)<>
0then
exit;if
notreadproces**emory
(vprocess
,vprocessbasicinformation
.pebbaseaddress,@
vpeb
,sizeof
(vpeb
),vnumberofbytesread
)then
exit;if
notreadproces**emory
(vprocess
,vpeb
.processparameters,@
vprocessparameters
,sizeof
(vprocessparameters
),vnumberofbytesread
)then
exit
;setlength
(result
,vprocessparameters
.commandline
.length
div2
);if
notreadproces**emory
(vprocess
,vprocessparameters
.commandline
.buffer,@
result[1
],vprocessparameters
.commandline
.length
,vnumberofbytesread
)then
exit
;finally
closehandle
(vprocess
);end
;end
;
如何獲取其它程式的命令列引數
我們都知道,在程式裡獲取命令列引數很簡單,winmain函式會以引數的形式傳遞給我們,或者可以呼叫api getcommandline 獲取。但是getcommandline函式不接受引數,獲取的只是自己程式的命令列引數。那麼如果我們想獲取別的應用程式的命令列引數應該怎麼辦呢?有的同學說,既然get...
如何獲取其它程式的命令列引數
如何獲取其它程式的命令列引數 整理 ackarlix 開發環境 vc6 windows xp 測試環境 windowsxp 我們都知道,在程式裡獲取命令列引數很簡單,winmain 函式會以引數的形式傳遞給我們,或者可以呼叫 api getcommandline 獲取。但是 getcommandli...
獲取其他程序中StatusBar的文字
說明 window2000 delphi6除錯通過 設計 zswang 支援 wjhu111 21 日期 2005 02 22 uses mctrl function getstatusbartext mhandle thandle string var vbuffer array 0.1000 o...
獲取程序列表 程序命令列 結束程序
cstring mygetprocess else closehandle mehandle while process32next hsnapshot,pe closehandle hsnapshot return cstemp 就是獲取程序的相關資訊。獲取特定程序命令列 第三個引數為程序id t...
獲取其他程序的fs暫存器
由於fs暫存器裡面有很多資訊可用,so 在不注入的情況下采用暴力搜尋。我不知道有沒有更高階的辦法。nt teb 0x000 nttib nt tib 0x000 exceptionlist ptr32 0x004 stackbase ptr32 0x008 stacklimit ptr32 0x00...