g_OSVERSIONINFO = MemoryEx.DefineStruct{
DWORD('OSVersionInfoSize');
DWORD('MajorVersion');
DWORD('MinorVersion');
DWORD('BuildNumber');
DWORD('PlatformId');
STRING('CSDVersion', 2, 128, MEMEX_ASCII);
};
g_PBI = MemoryEx.DefineStruct{
UINT('ExitStatus');
UINT('PebBaseAddress');
UINT('AffinityMask');
UINT('BasePriority');
UINT('UniqueProcessId');
UINT('InheritedFromUniqueProcessId');
};
g_PEB = MemoryEx.DefineStruct{
BYTE('InheritedAddressSpace');BYTE('ReadImageFileExecOptions');BYTE('BeingDebugged');BYTE('Spare');
UINT('Mutant');UINT('ImageBaseAddress');UINT('LoaderData');UINT('ProcessParameters');UINT('SubSystemData');
UINT('ProcessHeap');UINT('FastPebLock');UINT('FastPebLockRoutine');UINT('FastPebUnlockRoutine');UINT('EnvironmentUpdateCount');
UINT('KernelCallbackTable');UINT('EventLogSection');UINT('EventLog');UINT('FreeList');UINT('TlsExpansionCounter');
UINT('TlsBitmap');UINT('TlsBitmapBits', 2);UINT('ReadOnlySharedMemoryBase');UINT('ReadOnlySharedMemoryHeap');
UINT('ReadOnlyStaticServerData');UINT('AnsiCodePageData');UINT('OemCodePageData');UINT('UnicodeCaseTableData');
UINT('NumberOfProcessors');UINT('NtGlobalFlag');BYTE('Spare2', 4);DOUBLE('CriticalSectionTimeout');UINT('HeapSegmentReserve');
UINT('HeapSegmentCommit');UINT('HeapDeCommitTotalFreeThreshold');UINT('HeapDeCommitFreeBlockThreshold');UINT('NumberOfHeaps');
UINT('MaximumNumberOfHeaps');UINT('ProcessHeaps');UINT('GdiSharedHandleTable');UINT('ProcessStarterHelper');
UINT('GdiDCAttributeList');UINT('LoaderLock');UINT('OSMajorVersion');UINT('OSMinorVersion');UINT('OSBuildNumber');
UINT('OSPlatformId');UINT('ImageSubSystem');UINT('ImageSubSystemMajorVersion');UINT('ImageSubSystemMinorVersion');
UINT('GdiHandleBuffer', 34);UINT('PostProcessInitRoutine');UINT('TlsExpansionBitmap');BYTE('TlsExpansionBitmapBits', 128);UINT('SessionId');
};
g_UPP = MemoryEx.DefineStruct{
UINT('AllocationSize');UINT('ActualSize');UINT('Flags');UINT('Unknown1');WORD('LengthUnknown2');WORD('MaxLengthUnknown2');UINT('Unknown2');
UINT('InputHandle');UINT('OutputHandle');UINT('ErrorHandle');WORD('LengthCurrentDirectory');WORD('MaxLengthCurrentDirectory');
UINT('CurrentDirectory');UINT('CurrentDirectoryHandle');WORD('LengthSearchPaths');WORD('MaxLengthSearchPaths');UINT('SearchPaths');
WORD('LengthApplicationName');WORD('MaxLengthApplicationName');UINT('ApplicationName');WORD('LengthCommandLine');WORD('MaxLengthCommandLine');
UINT('CommandLine');UINT('EnvironmentBlock');UINT('Unknown', 9);WORD('LengthUnknown3');WORD('MaxLengthUnknown3');UINT('Unknown3');
WORD('LengthUnknown4');WORD('MaxLengthUnknown4');UINT('Unknown4');WORD('LengthUnknown5');WORD('MaxLengthUnknown5');UINT('Unknown5');
};
System.GetProcessPID = function (sProcessName)
local nPIDProcess = -1;
local tProcesses = System.EnumerateProcesses();
for nPID, sPath in pairs(tProcesses) do
if (String.Find(sPath, sProcessName) ~= -1) then
nPIDProcess = nPID;
break;
end
end
return nPIDProcess;
end
File.GetArgsFromPath = function (sPath)
local shlwapi = Library.Load('shlwapi.dll', false);
local pPath = MemoryEx.Allocate(2 * (#sPath + 1));
MemoryEx.String(pPath, -1, MEMEX_ASCII, sPath);
local pArgs = shlwapi.PathGetArgsA(pPath);
local sArgs = MemoryEx.String(pArgs, -1, MEMEX_ASCII);
MemoryEx.Free(pPath);
shlwapi:Close_();
return sArgs;
end
System.GetProcessCommandLine = function (nPID)
if (type(nPID) ~= 'number') then return ""; end
local sCMD = "";
local Kernel32 = Library.Load('kernel32.dll', false);
local Ntdll = Library.Load('ntdll.dll', false);
local __GetWinVer = function ()
local tOSVERSIONINFO = g_OSVERSIONINFO:New();
tOSVERSIONINFO.OSVersionInfoSize = MemoryEx.StructSize(g_OSVERSIONINFO);
Kernel32.GetVersionExW(tOSVERSIONINFO:GetPointer());
local nRet = Bitwise.Or(Bitwise.ASL(tOSVERSIONINFO.MajorVersion, 8), tOSVERSIONINFO.MinorVersion);
tOSVERSIONINFO:Free();
return nRet;
end
local hProcess = Kernel32.OpenProcess((__GetWinVer() < 0x0600) and 0x00000410 or 0x00001010, 0, nPID);
if (hProcess ~= 0) then
local tPBI = g_PBI:New();
local tPEB = g_PEB:New();
local tUPP = g_UPP:New();
local pReturnLength = MemoryEx.Allocate(4);
local nRet = Ntdll.NtQueryInformationProcess(hProcess, 0, tPBI:GetPointer(), MemoryEx.StructSize(g_PBI), pReturnLength);
if (nRet == 0) then
local pNumberOfBytesRead = MemoryEx.Allocate(4);
nRet = Kernel32.ReadProcessMemory(hProcess, tPBI.PebBaseAddress, tPEB:GetPointer(), MemoryEx.StructSize(g_PEB), pNumberOfBytesRead);
if (nRet ~= 0) and (MemoryEx.UnsignedInteger(pNumberOfBytesRead) ~= 0) then
nRet = Kernel32.ReadProcessMemory(hProcess, tPEB.ProcessParameters, tUPP:GetPointer(), MemoryEx.StructSize(g_UPP), pNumberOfBytesRead);
if (nRet ~= 0) and (MemoryEx.UnsignedInteger(pNumberOfBytesRead) ~= 0) then
local pCMD = MemoryEx.Allocate(tUPP.MaxLengthCommandLine);
nRet = Kernel32.ReadProcessMemory(hProcess, tUPP.CommandLine, pCMD, MemoryEx.Size(pCMD), pNumberOfBytesRead);
if (nRet ~= 0) and (MemoryEx.UnsignedInteger(pNumberOfBytesRead) ~= 0) then
sCMD = MemoryEx.String(pCMD, -1, MEMEX_UNICODE);
end
MemoryEx.Free(pCMD);
end
end
MemoryEx.Free(pNumberOfBytesRead);
end
MemoryEx.Free(pReturnLength);
tUPP:Free(); tPEB:Free(); tPBI:Free();
end
Kernel32.CloseHandle(hProcess);
Kernel32:Close_(); Ntdll:Close_();
return (sCMD ~= "") and File.GetArgsFromPath(sCMD) or "";
end
-- Example ---------------------------------------------------------------------------------------------------------------------------
local nPID = System.GetProcessPID('Skype.exe');
if (nPID ~= -1) then
Dialog.Message("Аргументы запущенного процесса", System.GetProcessCommandLine(nPID), MB_OK, MB_ICONINFORMATION, MB_DEFBUTTON1);
end |
