如何获取某一个程序的启动参数? 有不少程序启动是带有参数的.如果取得其他程序的参数呢?就是目标程序已经启动了,要如何取得它的启动参数,知道进程ip 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 一种办法是读peb,不过过于复杂简单一点就用shell hook或者api hook,不过只能实时监控 目标程序已经启动只能利用读环境变量的方式就是peb来实现。 本来想的楼上都说了,刚才突然想到一种很流氓的方法,就是给目标程序运行自己的DLL,然后由DLL读取之后返回给主程序。上面这句话是我半个多小时前写的,写完之后想想感觉太多余,直接写代码到目标程序调用GetCommandLineA然后读取返回值也可以的,刚才试验了一下发现可以,楼主加点分我贴代码上来哈哈~~~ [System Process] Line: 鑸,亅?System Line: 鑸,E|?SMSS.EXE Line: 鑸,+|?CSRSS.EXE Line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16WINLOGON.EXE Line: winlogon.exeSERVICES.EXE Line: C:\WINDOWS\system32\services.exeLSASS.EXE Line: C:\WINDOWS\system32\lsass.exeSVCHOST.EXE Line: C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXE Line: C:\WINDOWS\system32\svchost -k rpcssSVCHOST.EXE Line: C:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXE Line: C:\WINDOWS\system32\svchost.exe -k NetworkServiceSVCHOST.EXE Line: C:\WINDOWS\system32\svchost.exe -k LocalServiceEXPLORER.EXE Line: C:\WINDOWS\Explorer.EXESPOOLSV.EXE Line: C:\WINDOWS\system32\spoolsv.exeSCHED.EXE Line: FYFireWall.exe Line: "H:\Program Files\FengYun\FYFireWall.exe" AVGNT.EXE Line: vmware-tray.exe Line: "F:\Program Files\VMware\VMware Workstation\vmware-tray.exe" hqtray.exe Line: "F:\Program Files\VMware\VMware Workstation\hqtray.exe" AVGUARD.EXE Line: HDDGMon.exe Line: "C:\Program Files\GoldenSoft\Recovery Genius\WinNT\HDDGMon.exe" VMOUNT2.EXE Line: "C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"CTFMON.EXE Line: "C:\WINDOWS\system32\ctfmon.exe" VMNAT.EXE Line: C:\WINDOWS\system32\vmnat.exevmnetdhcp.exe Line: C:\WINDOWS\system32\vmnetdhcp.exeiexplore.exe Line: "C:\Program Files\Internet Explorer\iexplore.exe" wscntfy.exe Line: C:\WINDOWS\system32\wscntfy.exealg.exe Line: C:\WINDOWS\System32\alg.exeiexplore.exe Line: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" delphi32.exe Line: "F:\Program Files\Borland\Delphi7\Bin\delphi32.exe" /npUpdate.exe Line: "H:\Program Files\FengYun\Update.exe" /HIDEProject1.exe Line: "H:\CUserData\jinma\桌面\新建文件夹\Project1.exe" 打开cmdwmic process 如何实时监控进程的创建和销毁? 怎么用Delphi控制硬件设备 关于数据更新的疑问! 在98下可以使用,但在XP的98虚拟机下无法使用,请问为什么? 有关数据库恢复的问题? 工资管理里的公式里带if怎么实现? Timage控件问题! DELPHI应用WORD,WORD没有通过DELPHI关闭,DELPHI出错。 高手请进,请高手帮忙啊,急!!!! 专家分可以干什么 求大虾们帮忙将这条语句简化掉.. delphi DBChart 问题有人懂没
简单一点就用shell hook或者api hook,不过只能实时监控
System Line: 鑸,E|?
SMSS.EXE Line: 鑸,+|?
CSRSS.EXE Line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
WINLOGON.EXE Line: winlogon.exe
SERVICES.EXE Line: C:\WINDOWS\system32\services.exe
LSASS.EXE Line: C:\WINDOWS\system32\lsass.exe
SVCHOST.EXE Line: C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE Line: C:\WINDOWS\system32\svchost -k rpcss
SVCHOST.EXE Line: C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE Line: C:\WINDOWS\system32\svchost.exe -k NetworkService
SVCHOST.EXE Line: C:\WINDOWS\system32\svchost.exe -k LocalService
EXPLORER.EXE Line: C:\WINDOWS\Explorer.EXE
SPOOLSV.EXE Line: C:\WINDOWS\system32\spoolsv.exe
SCHED.EXE Line:
FYFireWall.exe Line: "H:\Program Files\FengYun\FYFireWall.exe"
AVGNT.EXE Line:
vmware-tray.exe Line: "F:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
hqtray.exe Line: "F:\Program Files\VMware\VMware Workstation\hqtray.exe"
AVGUARD.EXE Line:
HDDGMon.exe Line: "C:\Program Files\GoldenSoft\Recovery Genius\WinNT\HDDGMon.exe"
VMOUNT2.EXE Line: "C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"
CTFMON.EXE Line: "C:\WINDOWS\system32\ctfmon.exe"
VMNAT.EXE Line: C:\WINDOWS\system32\vmnat.exe
vmnetdhcp.exe Line: C:\WINDOWS\system32\vmnetdhcp.exe
iexplore.exe Line: "C:\Program Files\Internet Explorer\iexplore.exe"
wscntfy.exe Line: C:\WINDOWS\system32\wscntfy.exe
alg.exe Line: C:\WINDOWS\System32\alg.exe
iexplore.exe Line: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
delphi32.exe Line: "F:\Program Files\Borland\Delphi7\Bin\delphi32.exe" /np
Update.exe Line: "H:\Program Files\FengYun\Update.exe" /HIDE
Project1.exe Line: "H:\CUserData\jinma\桌面\新建文件夹\Project1.exe"
wmic process