Hi, I use this code, it works just fine on my laptop that uses windows 7 32 bit, but on my main setup which uses windows 7 64 bit, it does not return anything, it is like there is no process there to read from.
Anyone able to test it to see if it returns anything for you, if you are using a 64 OS ofcourse. here it does not get anything, be it a 32 bit process or a 64 bit compiled process. Nada :(
Anyone able to test it to see if it returns anything for you, if you are using a 64 OS ofcourse. here it does not get anything, be it a 32 bit process or a 64 bit compiled process. Nada :(
Code:
Option Explicit
Private Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory As Long
ObjectName As Long
Attributes As Long
SecurityDescriptor As Long
SecurityQualityOfService As Long
End Type
Private Type CLIENT_ID
UniqueProcess As Long
UniqueThread As Long
End Type
Private Declare Function NtOpenProcess Lib "NTDLL.DLL" (ByRef ProcessHandle As Long, _
ByVal AccessMask As Long, _
ByRef ObjectAttributes As OBJECT_ATTRIBUTES, _
ByRef ClientID As CLIENT_ID) As Long
Private Declare Function NtClose Lib "NTDLL.DLL" (ByVal ObjectHandle As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Sub CopyMemory Lib "kernel32.dll" Alias "RtlMoveMemory" (ByRef Destination As Any, ByRef Source As Any, ByVal Length As Long)
Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Private Function GetProcessCommandLine(ByVal dwProcessId As Long) As String
Dim objCid As CLIENT_ID
Dim objOa As OBJECT_ATTRIBUTES
Dim ntStatus As Long, hKernel As Long, strName As String
Dim hProcess As Long, dwAddr As Long, dwRead As Long
objOa.Length = Len(objOa)
objCid.UniqueProcess = dwProcessId
ntStatus = NtOpenProcess(hProcess, &H10, objOa, objCid)
If hProcess = 0 Then
GetProcessCommandLine = "[Not Available]"
Exit Function
End If
hKernel = GetModuleHandle("kernel32")
dwAddr = GetProcAddress(hKernel, "GetCommandLineA")
CopyMemory dwAddr, ByVal dwAddr + 1, 4
If ReadProcessMemory(hProcess, ByVal dwAddr, dwAddr, 4, dwRead) Then
strName = String(260, Chr(0))
If ReadProcessMemory(hProcess, ByVal dwAddr, ByVal strName, 260, dwRead) Then
strName = Left(strName, InStr(strName, Chr(0)) - 1)
GetProcessCommandLine = strName
End If
End If
NtClose hProcess
End Function
Private Sub Form_Load()
Text1.Text = GetProcessCommandLine(GetCurrentProcessId())
End Sub