From many versions of same program.exe name how to determine it's arguments
So it works then! Great!
I do not know what you mean by "starting a program without arguments".
- If I start notepad from the start menu, the command-line output is: "C:\Windows\system32\notepad.exe"
- If I start notepad by typing in "notepad" in cmd, the command-line output is: "notepad".
- If I start notepad by typing in "notepad file.txt" in cmd, the command-line output is: "notepad file.txt"
I do not know what you mean by "starting a program without arguments".
- If I start notepad from the start menu, the command-line output is: "C:\Windows\system32\notepad.exe"
- If I start notepad by typing in "notepad" in cmd, the command-line output is: "notepad".
- If I start notepad by typing in "notepad file.txt" in cmd, the command-line output is: "notepad file.txt"
Last edited on
What I meant was something like this.
1) Starting a program with arguments: abc.exe arg1 arg2
2) Starting a program without arguments: abc.exe
That's all I meant.
So, when I run the program and use the pid for 2, the cmdLine variable is null.
What can I do about that? It seems that cmdLine should contain abc.exe?
1) Starting a program with arguments: abc.exe arg1 arg2
2) Starting a program without arguments: abc.exe
That's all I meant.
So, when I run the program and use the pid for 2, the cmdLine variable is null.
What can I do about that? It seems that cmdLine should contain abc.exe?
Last edited on
Both routines return cmdLine with the complete argument list when the program has arguments.
Both routines return cmdLine as null when the program has arguments.
Both routines return cmdLine as null when the program has arguments.
I can't reproduce the behavior you speak of. Starting "notepad.exe" with no arguments correctly shows the cmdLine variable as "notepad.exe" for me.
| What are the different ways to find the pid of notepad.exe? |
tasklist | findstr "notepad" |
The second token on each line is the pid.
Last edited on
Other than running this routine in a cmd window with administrator mode are there any other requirements to use this routine?
Basically, I have two programs. One which I know little about returns the complete argument list of an external program in a cmdLine variable. The second returns null with a System Code of 5 for "Access is denied" which comes from making the OpenProcess routine call in the CProcessHelper::GetProcessCommandLin routine.
I used the first program to learn how to run the routine. The routine is to reside in the second program.
The first program is a service.
The code in the two programs appears to be identical.
System Error Codes:
https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OpenProcess function (processthreadsapi.h)
To open a handle to another local process and obtain full access rights, you must enable the SeDebugPrivilege privilege. For more information, see Changing Privileges in a Token.
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess
In my first program, I can't find SeDebugPrivilege anywhere.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You can change the privileges in either a primary or an impersonation token in two ways:
• Enable or disable privileges by using the AdjustTokenPrivileges function.
• Restrict or remove privileges by using the CreateRestrictedToken function.
https://docs.microsoft.com/en-us/windows/win32/secbp/changing-privileges-in-a-token
I've found AdjustTokenPrivileges() in my first program.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Here is some information:
https://stackoverflow.com/questions/8898133/how-to-use-openprocesstoken-adjusttokenprivileges-and-getexitcodeprocess-in-vc
I tried both code segments toward the bottom on that page without success. Do you have any ideas?
The initial problem description and it's solution had a "tp" variable which I couldn't get to compile. It's not explicitly defined.
This is information about "tp". It's the third argument to AdjustTokenPrivileges():
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_privileges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
UPDATE: I found out how to set AdjustTokenPrivileges(...) and can now retrieve the argument list of other executables. When I call OpenProcess(), it no longer returns "System Error Code" 5 indicating access is denied.
Thank you
Basically, I have two programs. One which I know little about returns the complete argument list of an external program in a cmdLine variable. The second returns null with a System Code of 5 for "Access is denied" which comes from making the OpenProcess routine call in the CProcessHelper::GetProcessCommandLin routine.
I used the first program to learn how to run the routine. The routine is to reside in the second program.
The first program is a service.
The code in the two programs appears to be identical.
System Error Codes:
https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OpenProcess function (processthreadsapi.h)
To open a handle to another local process and obtain full access rights, you must enable the SeDebugPrivilege privilege. For more information, see Changing Privileges in a Token.
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess
In my first program, I can't find SeDebugPrivilege anywhere.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You can change the privileges in either a primary or an impersonation token in two ways:
• Enable or disable privileges by using the AdjustTokenPrivileges function.
• Restrict or remove privileges by using the CreateRestrictedToken function.
https://docs.microsoft.com/en-us/windows/win32/secbp/changing-privileges-in-a-token
I've found AdjustTokenPrivileges() in my first program.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Here is some information:
https://stackoverflow.com/questions/8898133/how-to-use-openprocesstoken-adjusttokenprivileges-and-getexitcodeprocess-in-vc
I tried both code segments toward the bottom on that page without success. Do you have any ideas?
The initial problem description and it's solution had a "tp" variable which I couldn't get to compile. It's not explicitly defined.
This is information about "tp". It's the third argument to AdjustTokenPrivileges():
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_privileges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
UPDATE: I found out how to set AdjustTokenPrivileges(...) and can now retrieve the argument list of other executables. When I call OpenProcess(), it no longer returns "System Error Code" 5 indicating access is denied.
Thank you
Last edited on
Ganado, based on a remark from the below web page, I have to ask. Do you have a more reliable (and hopefully "simple") example that returns the Command Line arguments to a program when passed a PID or program name?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Remarks:
The NtQueryInformationProcess function and the structures that it returns are internal to the operating system and subject to change from one release of Windows to another. To maintain the compatibility of your application, it is better to use public functions mentioned in the description of the ProcessInformationClass parameter instead.
ProcessSubsystemInformation
Retrieves a SUBSYSTEM_INFORMATION_TYPE value indicating the subsystem type of the process. The buffer pointed to by the ProcessInformation parameter should be large enough to hold a single SUBSYSTEM_INFORMATION_TYPE enumeration.
https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SUBSYSTEM_INFORMATION_TYPE enumeration (ntddk.h):
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/ne-ntddk-_subsystem_information_type
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Remarks:
The NtQueryInformationProcess function and the structures that it returns are internal to the operating system and subject to change from one release of Windows to another. To maintain the compatibility of your application, it is better to use public functions mentioned in the description of the ProcessInformationClass parameter instead.
ProcessSubsystemInformation
Retrieves a SUBSYSTEM_INFORMATION_TYPE value indicating the subsystem type of the process. The buffer pointed to by the ProcessInformation parameter should be large enough to hold a single SUBSYSTEM_INFORMATION_TYPE enumeration.
https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SUBSYSTEM_INFORMATION_TYPE enumeration (ntddk.h):
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/ne-ntddk-_subsystem_information_type
Last edited on
| Michael789 wrote: |
|---|
| Do you have a more reliable (and hopefully "simple") example that returns the Command Line arguments to a program when passed a PID or program name? |
|
|
I'm not sure exactly how to do it, but if you look it up on http://stackoverflow.com or something like that, there's probably something about it there.
Here's a link to a post about it on this site:
https://www.cplusplus.com/forum/beginner/1988/6/#msg21058
That may help, but if it doesn't, I don't have anything else to suggest.
Hope it helps!
max
Edit:
@Ganado pointed out that argc and argv were mentioned earlier in this thread. Sorry!
Last edited on
Oops! Thank you for pointing that out! *scratches head* I know I read through the entire thing, but I guess I missed that. Well, sorry about that.
Topic archived. No new replies allowed.