怎么获得进程的启动参数啊
本帖最后由 sunkiss 于 2014-1-19 20:57 编辑怎么获得进程的启动参数啊~!
我用Process Explorer可以获得进程的命令行,其中就有参数,比如其中一个svchost.exe的命令行是C:\WINDOWS\system32\svchost -k rpcss,这后面的参数怎么获得的啊?
不好意思,搜索到了,不知道能不能行~!
#Include <WinAPIEx.au3>
_WinAPI_GetProcessCommandLine
_WinAPI_GetProcessCommandLineFromPID ; 生成于 AutoIt Scriptomatic
__wmi_Win32_Process()
Func __wmi_Win32_Process()
Local $wbemFlagReturnImmediately = 0x10
Local $wbemFlagForwardOnly = 0x20
Local $colItems = ""
Local $strComputer = "localhost"
Local $Output=""
$Output &= "Computer: " & $strComputer& @CRLF
$Output &= "==========================================" & @CRLF
Local $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process", "WQL", _
$wbemFlagReturnImmediately + $wbemFlagForwardOnly)
If IsObj($colItems) then
For $objItem In $colItems
$Output &= "Caption: " & $objItem.Caption & @CRLF
$Output &= "CommandLine: " & $objItem.CommandLine & @CRLF
$Output &= "CreationClassName: " & $objItem.CreationClassName & @CRLF
$Output &= "CreationDate: " & WMIDateStringToDate($objItem.CreationDate) & @CRLF
$Output &= "CSCreationClassName: " & $objItem.CSCreationClassName & @CRLF
$Output &= "CSName: " & $objItem.CSName & @CRLF
$Output &= "Description: " & $objItem.Description & @CRLF
$Output &= "ExecutablePath: " & $objItem.ExecutablePath & @CRLF
$Output &= "ExecutionState: " & $objItem.ExecutionState & @CRLF
$Output &= "Handle: " & $objItem.Handle & @CRLF
$Output &= "HandleCount: " & $objItem.HandleCount & @CRLF
$Output &= "InstallDate: " & WMIDateStringToDate($objItem.InstallDate) & @CRLF
$Output &= "KernelModeTime: " & $objItem.KernelModeTime & @CRLF
$Output &= "MaximumWorkingSetSize: " & $objItem.MaximumWorkingSetSize & @CRLF
$Output &= "MinimumWorkingSetSize: " & $objItem.MinimumWorkingSetSize & @CRLF
$Output &= "Name: " & $objItem.Name & @CRLF
$Output &= "OSCreationClassName: " & $objItem.OSCreationClassName & @CRLF
$Output &= "OSName: " & $objItem.OSName & @CRLF
$Output &= "OtherOperationCount: " & $objItem.OtherOperationCount & @CRLF
$Output &= "OtherTransferCount: " & $objItem.OtherTransferCount & @CRLF
$Output &= "PageFaults: " & $objItem.PageFaults & @CRLF
$Output &= "PageFileUsage: " & $objItem.PageFileUsage & @CRLF
$Output &= "ParentProcessId: " & $objItem.ParentProcessId & @CRLF
$Output &= "PeakPageFileUsage: " & $objItem.PeakPageFileUsage & @CRLF
$Output &= "PeakVirtualSize: " & $objItem.PeakVirtualSize & @CRLF
$Output &= "PeakWorkingSetSize: " & $objItem.PeakWorkingSetSize & @CRLF
$Output &= "Priority: " & $objItem.Priority & @CRLF
$Output &= "PrivatePageCount: " & $objItem.PrivatePageCount & @CRLF
$Output &= "ProcessId: " & $objItem.ProcessId & @CRLF
$Output &= "QuotaNonPagedPoolUsage: " & $objItem.QuotaNonPagedPoolUsage & @CRLF
$Output &= "QuotaPagedPoolUsage: " & $objItem.QuotaPagedPoolUsage & @CRLF
$Output &= "QuotaPeakNonPagedPoolUsage: " & $objItem.QuotaPeakNonPagedPoolUsage & @CRLF
$Output &= "QuotaPeakPagedPoolUsage: " & $objItem.QuotaPeakPagedPoolUsage & @CRLF
$Output &= "ReadOperationCount: " & $objItem.ReadOperationCount & @CRLF
$Output &= "ReadTransferCount: " & $objItem.ReadTransferCount & @CRLF
$Output &= "SessionId: " & $objItem.SessionId & @CRLF
$Output &= "Status: " & $objItem.Status & @CRLF
$Output &= "TerminationDate: " & WMIDateStringToDate($objItem.TerminationDate) & @CRLF
$Output &= "ThreadCount: " & $objItem.ThreadCount & @CRLF
$Output &= "UserModeTime: " & $objItem.UserModeTime & @CRLF
$Output &= "VirtualSize: " & $objItem.VirtualSize & @CRLF
$Output &= "WindowsVersion: " & $objItem.WindowsVersion & @CRLF
$Output &= "WorkingSetSize: " & $objItem.WorkingSetSize & @CRLF
$Output &= "WriteOperationCount: " & $objItem.WriteOperationCount & @CRLF
$Output &= "WriteTransferCount: " & $objItem.WriteTransferCount & @CRLF
if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop
$Output=""
Next
Else
Msgbox(0,"WMI 输出","没有在类 " & "Win32_Process" & "中找到WMI对象" )
Endif
EndFunc
Func WMIDateStringToDate($dtmDate)
Return (StringMid($dtmDate, 5, 2) & "/" & _
StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _
& " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2))
EndFunc 学习了,刚好用到,谢谢! 本帖最后由 netegg 于 2014-1-25 15:36 编辑
#Include <WinAPIEx.au3>
_WinAPI_GetProcessCommandLine为什么不能用,示例就是你要的东西 樱桃,你那个用pdh api也行
页:
[1]