對于給定的 Windows 進程,我想知道它是用什么命令行參數(shù)啟動的.例如,Windows 任務(wù)管理器能夠顯示這一點.
for a given windows process I want to know with what command line parameters it was started. The windows task manager is able to show that for example.
Assuming you know the process ID, use OpenProcess to get a handle to it (this requires elevated privilege as noted in the docs). Then use NtQueryInformationProcess to get detailed process info. Use the ProcessBasicInformation option to get the PEB of the process - this contains another structure pointer, through which you canget the command line.
