RTL_USER_PROCESS_PARAMETERS.CommandLine is only for current process?
-
I used NtQueryInformationProcess to get PROCESS_BASIC_INFORMATION and PEB and then RTL_USER_PROCESS_PARAMETERS. But CommandLine of RTL_USER_PROCESS_PARAMETERS is always associated with the currect process although I passed in different PID into NtQueryInformationProcess() call. By the way, I am using XP64. Can you help. Thanks Jack Rong
-
I used NtQueryInformationProcess to get PROCESS_BASIC_INFORMATION and PEB and then RTL_USER_PROCESS_PARAMETERS. But CommandLine of RTL_USER_PROCESS_PARAMETERS is always associated with the currect process although I passed in different PID into NtQueryInformationProcess() call. By the way, I am using XP64. Can you help. Thanks Jack Rong
Have you read the following notice in documentation [^]: [NtQueryInformationProcess may be altered or unavailable in future versions of Windows. Applications should use the alternate functions listed in this topic.] ?
Jack Rong wrote:
although I passed in different PID into NtQueryInformationProcess() call.
You should pass the process handle, shouldn't you? :)
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles] -
Have you read the following notice in documentation [^]: [NtQueryInformationProcess may be altered or unavailable in future versions of Windows. Applications should use the alternate functions listed in this topic.] ?
Jack Rong wrote:
although I passed in different PID into NtQueryInformationProcess() call.
You should pass the process handle, shouldn't you? :)
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles]Thanks for your response. Yes, I do pass the process handle, here is the example, hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, mypid ); NtQueryInformationProcess (hProcess, ProcessBasicInformation, &pbi, sizeof(pbi), &dwSize); Where "mypid" is what I want and is not current PID. But the CommandLine I got is the Current Process's CommandLine. So strange! Yes, I realize that. But I am not sure which new function can be used in order to replace the "NtQueryInformationProcess()" though. Jack
-
Thanks for your response. Yes, I do pass the process handle, here is the example, hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, mypid ); NtQueryInformationProcess (hProcess, ProcessBasicInformation, &pbi, sizeof(pbi), &dwSize); Where "mypid" is what I want and is not current PID. But the CommandLine I got is the Current Process's CommandLine. So strange! Yes, I realize that. But I am not sure which new function can be used in order to replace the "NtQueryInformationProcess()" though. Jack
How do you get the command line? I don't see such a option in the documentation. :)
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles]