KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Get The Process Command Line In Kernel

https://www.kernelmode.info/forum/viewtopic.php?f=10&t=2889

Page 1 of 1

Get The Process Command Line In Kernel

PostPosted:Mon Aug 05, 2013 11:27 am
by FileSystem_Driver
I want to get the process CommandLine in the kernel

Re: Get The Process Command Line In Kernel

PostPosted:Mon Aug 05, 2013 1:19 pm
by TETYYSs
Good for you. My eyes doesn't see any question mark here.

Re: Get The Process Command Line In Kernel

PostPosted:Mon Aug 05, 2013 3:47 pm
by EP_X0FF
Seriously OP, are you banned in google? This is one of the most trivial and popular questions with tons of solutions.

EPROCESS = PsLookupProcessByProcessId
KeAttachProcess(EPROCESS)
Peb = PsGetProcessPeb(EPROCESS)
cmdLine = Peb->ProcessParameters->CommandLine;
Do whatever you want
KeDetachProcess(EPROCESS)
ObDereferenceObject(EPROCESS)

Next time use google before asking anything. Both - search and translate services.

Closed.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/