How to Query a Running Process for Its Parameters List? (Windows, C++)

How to query a running process for its parameters list? (Windows, C++)

Assuming you know the process ID, use OpenProcess to get a handle to it (this requires elevated privilege as noted in the docs). Then use NtQueryInformationProcess to get detailed process info. Use the ProcessBasicInformation option to get the PEB of the process - this contains another structure pointer, through which you canget the command line.

Getting another process command line in Windows

Duplicate of How to query a running process for it's parameters list? (windows, C++) , so I'll just copy my answer from there over here:

You can't reliably get that information. There are various tricks to try and retrieve it, but there's no guarantee that the target process hasn't already mangled that section of memory. Raymond Chen discussed this awhile back on The Old New Thing.

Can I get command line arguments of other processes from .NET/C#?

This is using all managed objects, but it does dip down into the WMI realm:

private static void Main()
{
    foreach (var process in Process.GetProcesses())
    {
        try
        {
            Console.WriteLine(process.GetCommandLine());
        }
        catch (Win32Exception ex) when ((uint)ex.ErrorCode == 0x80004005)
        {
            // Intentionally empty - no security access to the process.
        }
        catch (InvalidOperationException)
        {
            // Intentionally empty - the process exited before getting details.
        }

    }
}

private static string GetCommandLine(this Process process)
{
    using (ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT CommandLine FROM Win32_Process WHERE ProcessId = " + process.Id))
    using (ManagementObjectCollection objects = searcher.Get())
    {
        return objects.Cast<ManagementBaseObject>().SingleOrDefault()?["CommandLine"]?.ToString();
    }

}

C++ iterate processes and find out command line args of each process

I ended up to use the solution proposed here: http://www.codeproject.com/Articles/19685/Get-Process-Info-with-NtQueryInformationProcess

Reading Command Line Arguments of Another Process (Win32 C code)

To answer my own question, I finally found a CodeProject solution that does exactly what I'm looking for:

http://www.codeproject.com/KB/threads/GetNtProcessInfo.aspx

As @Reuben already pointed out, you can use NtQueryProcessInformation to retrieve this information. Unfortuantely it's not a recommended approach, but given the only other solution seems to be to incur the overhead of a WMI query, I think we'll take this approach for now.

Note that this seems to not work if using code compiled from 32bit Windows on a 64bit Windows OS, but since our modules are compiled from source on the target that should be OK for our purposes. I'd rather use this existing code and should it break in Windows 7 or a later date, we can look again at using WMI. Thanks for the responses!

UPDATE: A more concise and C only (as opposed to C++) version of the same technique is illustrated here:

http://wj32.wordpress.com/2009/01/24/howto-get-the-command-line-of-processes/

Get Process's Command Line and arguments from Process object?

Well you could use WMI, there is a class that could be queryied to retrieve the process list and each object contains also a property for the command line that started the process

string query = "SELECT Name, CommandLine, ProcessId, Caption, ExecutablePath " + 
               "FROM Win32_Process";
string wmiScope = @"\\your_computer_name\root\cimv2";
ManagementObjectSearcher searcher = new ManagementObjectSearcher (wmiScope, query);
foreach (ManagementObject mo in searcher.Get ()) 
{
    Console.WriteLine("Caption={0} CommandLine={1}", 
             mo["Caption"], mo["CommandLine"]);
}

---

Related Topics