C++获取进程启动参数

#include "stdafx.h"#include <Windows.h>#include <stdio.h>#define ProcessBasicInformation 0typedef struct{USHORT Length;USHORT MaximumLength;PWSTR  Buffer;} UNICODE_STRING, *PUNICODE_STRING;typedef struct{ULONG          AllocationSize;ULONG          ActualSize;ULONG          Flags;ULONG          Unknown1;UNICODE_STRING Unknown2;HANDLE         InputHandle;HANDLE         OutputHandle;HANDLE         ErrorHandle;UNICODE_STRING CurrentDirectory;HANDLE         CurrentDirectoryHandle;UNICODE_STRING SearchPaths;UNICODE_STRING ApplicationName;UNICODE_STRING CommandLine;PVOID          EnvironmentBlock;ULONG          Unknown[9];UNICODE_STRING Unknown3;UNICODE_STRING Unknown4;UNICODE_STRING Unknown5;UNICODE_STRING Unknown6;} PROCESS_PARAMETERS, *PPROCESS_PARAMETERS;typedef struct{ULONG               AllocationSize;ULONG               Unknown1;HINSTANCE           ProcessHinstance;PVOID               ListDlls;PPROCESS_PARAMETERS ProcessParameters;ULONG               Unknown2;HANDLE              Heap;} PEB, *PPEB;typedef struct{DWORD ExitStatus;PPEB  PebBaseAddress;DWORD AffinityMask;DWORD BasePriority;ULONG UniqueProcessId;ULONG InheritedFromUniqueProcessId;}   PROCESS_BASIC_INFORMATION;typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);PROCNTQSIP NtQueryInformationProcess;BOOL GetProcessCmdLine(DWORD dwPId,__out LPTSTR lpString){HANDLE                    hProcess;PROCESS_BASIC_INFORMATION pbi;PEB                       Peb;PROCESS_PARAMETERS        ProcParam;DWORD                     dwDummy;DWORD                     dwSize;LPVOID                    lpAddress;BOOL RetValue = FALSE;//得到进程句柄hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,dwPId);if (!hProcess)goto Ret;//获取信息if (0!=NtQueryInformationProcess(hProcess,0,(PVOID)&pbi,sizeof(PROCESS_BASIC_INFORMATION),NULL))goto Ret;if (!ReadProcessMemory(hProcess,pbi.PebBaseAddress,&Peb,sizeof(PEB),&dwDummy))goto Ret;if (!ReadProcessMemory(hProcess,Peb.ProcessParameters,&ProcParam,sizeof(PROCESS_PARAMETERS),&dwDummy))goto Ret;lpAddress = ProcParam.CommandLine.Buffer;dwSize = ProcParam.CommandLine.Length;RetValue = ReadProcessMemory( hProcess,lpAddress,(LPVOID)lpString,dwSize,&dwDummy );Ret:if(hProcess)CloseHandle (hProcess);return RetValue;}int _tmain(int argc, _TCHAR* argv[]){NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(GetModuleHandle(_T("ntdll")),"NtQueryInformationProcess");if (!NtQueryInformationProcess){//MessageBox(0,"无法定位NtQueryInformationProcess，程序退出","启动错误",MB_ICONERROR);return -1;}TCHAR str[255] = {0};GetProcessCmdLine(2816, str);return 0;}