Windows >= 8.1 : get commandline through NtQueryInformationProcess + ProcessCommandLineInformation #1384
Labels
Comments
|
Interesting. I suppose that means less AccessDenied exceptions. Thanks for digging into this. I'm not sure when I'll have time to look into this (definitively not this year) so if you're interested in working on a PR be my guest. =) |
|
Closing out as fixed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Starting from windows 8.1 and protected processes, it' impossible to get
PROCESS_QUERY_INFORMATION | PROCESS_VM_READon certain processes (protected processes for instance)psutil retrieves the command line of processes by reading the PEB of those processes (thus needing
PROCESS_VM_READ)Starting from windows 8.1, it's possible to get the commandline of a process using
NtQueryInformationProcesswithProcessCommandLineInformationclassTo use this, only
PROCESS_QUERY_LIMITED_INFORMATIONrights are needed on the processdiscussion about this here :
https://wj32.org/processhacker/forums/viewtopic.php?t=2760
implementation by process hacker here:
https://github.com/processhacker/processhacker/blob/master/phlib/native.c#L721
The text was updated successfully, but these errors were encountered: