sunkiss 发表于 2014-1-19 20:54:40

怎么获得进程的启动参数啊

本帖最后由 sunkiss 于 2014-1-19 20:57 编辑

怎么获得进程的启动参数啊~!
我用Process Explorer可以获得进程的命令行,其中就有参数,比如其中一个svchost.exe的命令行是C:\WINDOWS\system32\svchost -k rpcss,这后面的参数怎么获得的啊?
不好意思,搜索到了,不知道能不能行~!
#Include <WinAPIEx.au3>
_WinAPI_GetProcessCommandLine
_WinAPI_GetProcessCommandLineFromPID

虫子樱桃 发表于 2014-1-20 09:01:32

; 生成于 AutoIt Scriptomatic

__wmi_Win32_Process()
Func __wmi_Win32_Process()
        Local $wbemFlagReturnImmediately = 0x10
        Local $wbemFlagForwardOnly = 0x20
        Local $colItems = ""
        Local $strComputer = "localhost"

        Local $Output=""
        $Output &= "Computer: " & $strComputer& @CRLF
        $Output &= "==========================================" & @CRLF
        Local $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
        $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process", "WQL", _
                                          $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

        If IsObj($colItems) then
           For $objItem In $colItems
              $Output &= "Caption: " & $objItem.Caption & @CRLF
              $Output &= "CommandLine: " & $objItem.CommandLine & @CRLF
              $Output &= "CreationClassName: " & $objItem.CreationClassName & @CRLF
              $Output &= "CreationDate: " & WMIDateStringToDate($objItem.CreationDate) & @CRLF
              $Output &= "CSCreationClassName: " & $objItem.CSCreationClassName & @CRLF
              $Output &= "CSName: " & $objItem.CSName & @CRLF
              $Output &= "Description: " & $objItem.Description & @CRLF
              $Output &= "ExecutablePath: " & $objItem.ExecutablePath & @CRLF
              $Output &= "ExecutionState: " & $objItem.ExecutionState & @CRLF
              $Output &= "Handle: " & $objItem.Handle & @CRLF
              $Output &= "HandleCount: " & $objItem.HandleCount & @CRLF
              $Output &= "InstallDate: " & WMIDateStringToDate($objItem.InstallDate) & @CRLF
              $Output &= "KernelModeTime: " & $objItem.KernelModeTime & @CRLF
              $Output &= "MaximumWorkingSetSize: " & $objItem.MaximumWorkingSetSize & @CRLF
              $Output &= "MinimumWorkingSetSize: " & $objItem.MinimumWorkingSetSize & @CRLF
              $Output &= "Name: " & $objItem.Name & @CRLF
              $Output &= "OSCreationClassName: " & $objItem.OSCreationClassName & @CRLF
              $Output &= "OSName: " & $objItem.OSName & @CRLF
              $Output &= "OtherOperationCount: " & $objItem.OtherOperationCount & @CRLF
              $Output &= "OtherTransferCount: " & $objItem.OtherTransferCount & @CRLF
              $Output &= "PageFaults: " & $objItem.PageFaults & @CRLF
              $Output &= "PageFileUsage: " & $objItem.PageFileUsage & @CRLF
              $Output &= "ParentProcessId: " & $objItem.ParentProcessId & @CRLF
              $Output &= "PeakPageFileUsage: " & $objItem.PeakPageFileUsage & @CRLF
              $Output &= "PeakVirtualSize: " & $objItem.PeakVirtualSize & @CRLF
              $Output &= "PeakWorkingSetSize: " & $objItem.PeakWorkingSetSize & @CRLF
              $Output &= "Priority: " & $objItem.Priority & @CRLF
              $Output &= "PrivatePageCount: " & $objItem.PrivatePageCount & @CRLF
              $Output &= "ProcessId: " & $objItem.ProcessId & @CRLF
              $Output &= "QuotaNonPagedPoolUsage: " & $objItem.QuotaNonPagedPoolUsage & @CRLF
              $Output &= "QuotaPagedPoolUsage: " & $objItem.QuotaPagedPoolUsage & @CRLF
              $Output &= "QuotaPeakNonPagedPoolUsage: " & $objItem.QuotaPeakNonPagedPoolUsage & @CRLF
              $Output &= "QuotaPeakPagedPoolUsage: " & $objItem.QuotaPeakPagedPoolUsage & @CRLF
              $Output &= "ReadOperationCount: " & $objItem.ReadOperationCount & @CRLF
              $Output &= "ReadTransferCount: " & $objItem.ReadTransferCount & @CRLF
              $Output &= "SessionId: " & $objItem.SessionId & @CRLF
              $Output &= "Status: " & $objItem.Status & @CRLF
              $Output &= "TerminationDate: " & WMIDateStringToDate($objItem.TerminationDate) & @CRLF
              $Output &= "ThreadCount: " & $objItem.ThreadCount & @CRLF
              $Output &= "UserModeTime: " & $objItem.UserModeTime & @CRLF
              $Output &= "VirtualSize: " & $objItem.VirtualSize & @CRLF
              $Output &= "WindowsVersion: " & $objItem.WindowsVersion & @CRLF
              $Output &= "WorkingSetSize: " & $objItem.WorkingSetSize & @CRLF
              $Output &= "WriteOperationCount: " & $objItem.WriteOperationCount & @CRLF
              $Output &= "WriteTransferCount: " & $objItem.WriteTransferCount & @CRLF
              if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop
              $Output=""
           Next
        Else
           Msgbox(0,"WMI 输出","没有在类 " & "Win32_Process" & "中找到WMI对象" )
        Endif
EndFunc


Func WMIDateStringToDate($dtmDate)

        Return (StringMid($dtmDate, 5, 2) & "/" & _
        StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _
        & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2))
EndFunc

chishingchan 发表于 2014-1-23 01:08:42

学习了,刚好用到,谢谢!

netegg 发表于 2014-1-25 15:34:38

本帖最后由 netegg 于 2014-1-25 15:36 编辑

#Include <WinAPIEx.au3>
_WinAPI_GetProcessCommandLine为什么不能用,示例就是你要的东西

netegg 发表于 2014-1-25 16:39:46

樱桃,你那个用pdh api也行
页: [1]
查看完整版本: 怎么获得进程的启动参数啊