How to get 64 bit parent process arguments
-
I have used NtQueryInformationProces, struct PROCESS_BASIC_INFORMATION and struct PEB etc to access process info and then retrieve its arguments. It works great in WIN32 but stops working in WIN64 mainly because of the address space problem. Just be clear I am using 64 bit process to access other 64 bit process's info (its parent process). Can any body provide hint! Thanks! Jack Rong
-
I have used NtQueryInformationProces, struct PROCESS_BASIC_INFORMATION and struct PEB etc to access process info and then retrieve its arguments. It works great in WIN32 but stops working in WIN64 mainly because of the address space problem. Just be clear I am using 64 bit process to access other 64 bit process's info (its parent process). Can any body provide hint! Thanks! Jack Rong
Jack Rong wrote:
I have used NtQueryInformationProces, struct PROCESS_BASIC_INFORMATION and struct PEB etc to access process info and then retrieve its arguments.
I'm curious ... why are you using a deprecated function? The docs state "It is best to use the CheckRemoteDebuggerPresent and GetProcessId functions to obtain this information."
Mark Salsbery Microsoft MVP - Visual C++ :java: