for a given windows process I want to know with what command line parameters it was started. The windows task manager is able to show that for example.
Thank you in advance!
Assuming you know the process ID, use OpenProcess to get a handle to it (this requires elevated privilege as noted in the docs). Then use NtQueryInformationProcess to get detailed process info. Use the ProcessBasicInformation option to get the PEB of the process - this contains another structure pointer, through which you canget the command line.
ProcessBasicInformation
1.4m articles
1.4m replys
5 comments
57.0k users