在网上找了一份代码,能跑,但是结果很迷,我虽然刚刚接触win32编程,但是能看文档,按照文档上的要求,代码逻辑应该是没有问题的,但是结果就很迷,大家能帮我看一下这份代码哪里出问题了吗,或者帮我写一个函数
需求: 输入进程的PID ,获取进程的命令行 CommandLine
typedef NTSTATUS (WINAPI *QT)(HANDLE,PROCESSINFOCLASS,PVOID,ULONG,PULONG);//NtQueryInformationProcess
TCHAR* ProcessInfo::GetProcessCommandLine(HANDLE hProcess)
{
HMODULE hModule = 0;
QT NtQuery = { 0 };
hModule = LoadLibrary("Ntdll.dll"); //加载动态链接
if (hModule)
{
NtQuery = (QT)GetProcAddress(hModule, "NtQueryInformationProcess");
if (NtQuery == NULL){
std::cout<<"NtQuery == NULL"<<std::endl;
return 0;
}
}
else{
std::cout<<"hModule == NULL"<<std::endl;
return 0;
}
PROCESS_BASIC_INFORMATION pi={0} ;
NTSTATUS re = NtQuery(hProcess,
ProcessBasicInformation, &pi, sizeof(pi), NULL);
if (!NT_SUCCESS(re))
{
std::cout<<"!NT_SUCCESS(re)"<<std::endl;
return 0;
}
PEB peb;
RTL_USER_PROCESS_PARAMETERS para;
ReadProcessMemory(hProcess, pi.PebBaseAddress, &peb, sizeof(peb), NULL); //将pi.PebBaseAddress的信息读取到peb中
ReadProcessMemory(hProcess, peb.ProcessParameters,¶ , sizeof(para), NULL);// 读取peb中的ProcessParameters
TCHAR* CommandLine=(TCHAR*)malloc(sizeof(TCHAR)*30);
ReadProcessMemory(hProcess, para.CommandLine.Buffer, CommandLine, 30 * 2, NULL);
CloseHandle(hProcess);
FreeLibrary(hModule);
return CommandLine;
}
代码如上,大家帮我看一下
