首页 诗词 字典 板报 句子 名言 友答 励志 学校 网站地图
当前位置: 首页 > 教程频道 > 开发语言 > VB >

怎么获取进程的执行参数

2012-01-23 
如何获取进程的执行参数?如何获取其他进程的执行参数?比如a.exe-c[解决办法]GetCommandLine可以得到调用进

如何获取进程的执行参数?
如何获取其他进程的执行参数?  
比如     a.exe   -c

[解决办法]
GetCommandLine可以得到调用进程的命令行参数.

你只需要在目标进程里执行这个函数,并取回返回值就行了

不过这需要远程线程技术及一定的汇编知识.....
[解决办法]
可以把自己注入到别得进程中就实现,我看到过这样的程序
把EXE文件自己注入
[解决办法]
研究了一下,可以用WMI实现:
'一个listbox 一个按钮
Private Sub Command1_Click()
Dim WMI
Dim objs, obj, SQuery As String
Set WMI = GetObject( "WinMgmts: ")
SQuery = "SELECT * FROM Win32_Process "
Set objs = WMI.ExecQuery(SQuery)
For Each obj In objs
If obj.commandline = Null Then
List1.AddItem obj.processid & " "
Else
List1.AddItem obj.processid & " " & obj.commandline
End If
Next
Set objs = Nothing
Set WMI = Nothing
End Sub


[解决办法]
模块中
Private Declare Function NtQueryInformationProcess Lib "ntdll " (ByVal ProcessHandle As Long, ByVal ProcessInformationClass As Long, ByRef ProcessInformation As Any, ByVal lProcessInformationLength As Long, ByRef lReturnLength As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32 " (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function OpenProcess Lib "kernel32 " (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function CloseHandle Lib "kernel32 " (ByVal hObject As Long) As Long
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Const PROCESS_TERMINATE = &H1
Public Const PROCESS_VM_READ = 16
Public Const PROCESS_QUERY_INFORMATION = 1024
Public Const PROCESS_SET_INFORMATION = 612
Private Type PROCESS_BASIC_INFORMATION
ExitStatus As Long
PebBaseAddress As Long
AffinityMask As Long
BasePriority As Long
UniqueProcessId As Long
InheritedFromUniqueProcessId As Long
End Type

Public Function GetCmdLine(ByVal plngPID As Long) As String
Dim strBuffer As String
Dim hProcess As Long
Dim offset1 As Long
Dim offset2 As Long
Dim Dummy As Long
Dim Info As PROCESS_BASIC_INFORMATION
Const STATUS_SUCCESS As Long = 0

offset1 = 1
offset2 = 0

hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, plngPID)
If (hProcess = 0) Then
Exit Function
End If
If (NtQueryInformationProcess(hProcess, 0, Info, Len(Info), ByVal 0&) <> STATUS_SUCCESS) Then
CloseHandle hProcess
Exit Function
End If
If (ReadProcessMemory(hProcess, (Info.PebBaseAddress + &H10), offset1, 4, Dummy) = STATUS_SUCCESS) Then
CloseHandle hProcess
Exit Function
End If

If (ReadProcessMemory(hProcess, (offset1 + &H44), offset2, 4, Dummy) = STATUS_SUCCESS) Then
CloseHandle hProcess
Exit Function
End If
strBuffer = String(256, " ")
If (ReadProcessMemory(hProcess, offset2, ByVal strBuffer, 256, Dummy) = STATUS_SUCCESS) Then
CloseHandle hProcess
Exit Function
End If


CloseHandle hProcess
strBuffer = Left$(strBuffer, InStr(strBuffer, Chr(0) & Chr(0)))
GetCmdLine = StrConv(strBuffer, vbFromUnicode)
End Function


使用
msgbox getcmdline(进程PID)

热点排行