g_OSVERSIONINFO = MemoryEx.DefineStruct{ DWORD('OSVersionInfoSize'); DWORD('MajorVersion'); DWORD('MinorVersion'); DWORD('BuildNumber'); DWORD('PlatformId'); STRING('CSDVersion', 2, 128, MEMEX_ASCII); }; g_PBI = MemoryEx.DefineStruct{ UINT('ExitStatus'); UINT('PebBaseAddress'); UINT('AffinityMask'); UINT('BasePriority'); UINT('UniqueProcessId'); UINT('InheritedFromUniqueProcessId'); }; g_PEB = MemoryEx.DefineStruct{ BYTE('InheritedAddressSpace');BYTE('ReadImageFileExecOptions');BYTE('BeingDebugged');BYTE('Spare'); UINT('Mutant');UINT('ImageBaseAddress');UINT('LoaderData');UINT('ProcessParameters');UINT('SubSystemData'); UINT('ProcessHeap');UINT('FastPebLock');UINT('FastPebLockRoutine');UINT('FastPebUnlockRoutine');UINT('EnvironmentUpdateCount'); UINT('KernelCallbackTable');UINT('EventLogSection');UINT('EventLog');UINT('FreeList');UINT('TlsExpansionCounter'); UINT('TlsBitmap');UINT('TlsBitmapBits', 2);UINT('ReadOnlySharedMemoryBase');UINT('ReadOnlySharedMemoryHeap'); UINT('ReadOnlyStaticServerData');UINT('AnsiCodePageData');UINT('OemCodePageData');UINT('UnicodeCaseTableData'); UINT('NumberOfProcessors');UINT('NtGlobalFlag');BYTE('Spare2', 4);DOUBLE('CriticalSectionTimeout');UINT('HeapSegmentReserve'); UINT('HeapSegmentCommit');UINT('HeapDeCommitTotalFreeThreshold');UINT('HeapDeCommitFreeBlockThreshold');UINT('NumberOfHeaps'); UINT('MaximumNumberOfHeaps');UINT('ProcessHeaps');UINT('GdiSharedHandleTable');UINT('ProcessStarterHelper'); UINT('GdiDCAttributeList');UINT('LoaderLock');UINT('OSMajorVersion');UINT('OSMinorVersion');UINT('OSBuildNumber'); UINT('OSPlatformId');UINT('ImageSubSystem');UINT('ImageSubSystemMajorVersion');UINT('ImageSubSystemMinorVersion'); UINT('GdiHandleBuffer', 34);UINT('PostProcessInitRoutine');UINT('TlsExpansionBitmap');BYTE('TlsExpansionBitmapBits', 128);UINT('SessionId'); }; g_UPP = MemoryEx.DefineStruct{ UINT('AllocationSize');UINT('ActualSize');UINT('Flags');UINT('Unknown1');WORD('LengthUnknown2');WORD('MaxLengthUnknown2');UINT('Unknown2'); UINT('InputHandle');UINT('OutputHandle');UINT('ErrorHandle');WORD('LengthCurrentDirectory');WORD('MaxLengthCurrentDirectory'); UINT('CurrentDirectory');UINT('CurrentDirectoryHandle');WORD('LengthSearchPaths');WORD('MaxLengthSearchPaths');UINT('SearchPaths'); WORD('LengthApplicationName');WORD('MaxLengthApplicationName');UINT('ApplicationName');WORD('LengthCommandLine');WORD('MaxLengthCommandLine'); UINT('CommandLine');UINT('EnvironmentBlock');UINT('Unknown', 9);WORD('LengthUnknown3');WORD('MaxLengthUnknown3');UINT('Unknown3'); WORD('LengthUnknown4');WORD('MaxLengthUnknown4');UINT('Unknown4');WORD('LengthUnknown5');WORD('MaxLengthUnknown5');UINT('Unknown5'); }; System.GetProcessPID = function (sProcessName) local nPIDProcess = -1; local tProcesses = System.EnumerateProcesses(); for nPID, sPath in pairs(tProcesses) do if (String.Find(sPath, sProcessName) ~= -1) then nPIDProcess = nPID; break; end end return nPIDProcess; end File.GetArgsFromPath = function (sPath) local shlwapi = Library.Load('shlwapi.dll', false); local pPath = MemoryEx.Allocate(2 * (#sPath + 1)); MemoryEx.String(pPath, -1, MEMEX_ASCII, sPath); local pArgs = shlwapi.PathGetArgsA(pPath); local sArgs = MemoryEx.String(pArgs, -1, MEMEX_ASCII); MemoryEx.Free(pPath); shlwapi:Close_(); return sArgs; end System.GetProcessCommandLine = function (nPID) if (type(nPID) ~= 'number') then return ""; end local sCMD = ""; local Kernel32 = Library.Load('kernel32.dll', false); local Ntdll = Library.Load('ntdll.dll', false); local __GetWinVer = function () local tOSVERSIONINFO = g_OSVERSIONINFO:New(); tOSVERSIONINFO.OSVersionInfoSize = MemoryEx.StructSize(g_OSVERSIONINFO); Kernel32.GetVersionExW(tOSVERSIONINFO:GetPointer()); local nRet = Bitwise.Or(Bitwise.ASL(tOSVERSIONINFO.MajorVersion, 8), tOSVERSIONINFO.MinorVersion); tOSVERSIONINFO:Free(); return nRet; end local hProcess = Kernel32.OpenProcess((__GetWinVer() < 0x0600) and 0x00000410 or 0x00001010, 0, nPID); if (hProcess ~= 0) then local tPBI = g_PBI:New(); local tPEB = g_PEB:New(); local tUPP = g_UPP:New(); local pReturnLength = MemoryEx.Allocate(4); local nRet = Ntdll.NtQueryInformationProcess(hProcess, 0, tPBI:GetPointer(), MemoryEx.StructSize(g_PBI), pReturnLength); if (nRet == 0) then local pNumberOfBytesRead = MemoryEx.Allocate(4); nRet = Kernel32.ReadProcessMemory(hProcess, tPBI.PebBaseAddress, tPEB:GetPointer(), MemoryEx.StructSize(g_PEB), pNumberOfBytesRead); if (nRet ~= 0) and (MemoryEx.UnsignedInteger(pNumberOfBytesRead) ~= 0) then nRet = Kernel32.ReadProcessMemory(hProcess, tPEB.ProcessParameters, tUPP:GetPointer(), MemoryEx.StructSize(g_UPP), pNumberOfBytesRead); if (nRet ~= 0) and (MemoryEx.UnsignedInteger(pNumberOfBytesRead) ~= 0) then local pCMD = MemoryEx.Allocate(tUPP.MaxLengthCommandLine); nRet = Kernel32.ReadProcessMemory(hProcess, tUPP.CommandLine, pCMD, MemoryEx.Size(pCMD), pNumberOfBytesRead); if (nRet ~= 0) and (MemoryEx.UnsignedInteger(pNumberOfBytesRead) ~= 0) then sCMD = MemoryEx.String(pCMD, -1, MEMEX_UNICODE); end MemoryEx.Free(pCMD); end end MemoryEx.Free(pNumberOfBytesRead); end MemoryEx.Free(pReturnLength); tUPP:Free(); tPEB:Free(); tPBI:Free(); end Kernel32.CloseHandle(hProcess); Kernel32:Close_(); Ntdll:Close_(); return (sCMD ~= "") and File.GetArgsFromPath(sCMD) or ""; end -- Example --------------------------------------------------------------------------------------------------------------------------- local nPID = System.GetProcessPID('Skype.exe'); if (nPID ~= -1) then Dialog.Message("Аргументы запущенного процесса", System.GetProcessCommandLine(nPID), MB_OK, MB_ICONINFORMATION, MB_DEFBUTTON1); end |