2. NSIS Discussion
  3. determine comandline call of task

Archive: determine comandline call of task


Brummelchen
17th October 2011 22:26 UTC

determine comandline call of task
with process explorer (sysinternals) i can see it, but how to with nsis?

eg task/name "explorer.exe" commandline: "explorer.exe /e c:\" started from: blah

WMIC from windows can list all processes but cannot handle wildcards.

cheers.

LoRd_MuldeR
18th October 2011 01:31 UTC

Why does your NSIS installer need to obtain the command-line of another process?

Brummelchen
18th October 2011 21:27 UTC

i dont write installers, i code some other stuff for me.

with WMIC i need to use an array and filtering - not smart.

Anders
18th October 2011 22:41 UTC

Why is there no supported way to get the command line of another process?

Brummelchen
18th October 2011 23:03 UTC

ofc - or not ► http://www.autoitscript.com/forum/to...nning-process/

LoRd_MuldeR
18th October 2011 23:45 UTC

For 32-bit processes running on x86 systems, the PEB is "generally" located at 0x7ffd6000. At an offset of 0x10 bytes from the start of the PEB, you will find the pointer to the RTL_USER_PROCESS_PARAMETERS structure. The pointer to the unicode string containing the command line is located at an offset of 0x040 from the start of the RTL_USER_PROCESS_PARAMETERS structure.
Having to dig in another process's memory to dump a data structure whose exact location is not officially documented and may be subject to change in future operating system versions sounds a bit "dubious" to me. The WMI method feels more credible to me...

Fork me on GitHub