-
-
Save tyranid/53245dfcd18bdce2d562fc1dcb9b4703 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" ?> | |
| <Types> | |
| <Type> | |
| <Name>System.Diagnostics.Process</Name> | |
| <Members> | |
| <ScriptProperty> | |
| <Name>CommandLine</Name> | |
| <GetScriptBlock> | |
| $src = @" | |
| using Microsoft.Win32.SafeHandles; | |
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| public class CommandLine | |
| { | |
| const int ProcessCommandLineInformation = 60; | |
| [StructLayout(LayoutKind.Sequential)] | |
| class CommandLineString | |
| { | |
| public ushort Length; | |
| public ushort MaximumLength; | |
| public IntPtr Buffer; | |
| [MarshalAs(UnmanagedType.ByValArray, SizeConst = 32*1024)] | |
| public byte[] Data; | |
| public CommandLineString() | |
| { | |
| Data = new byte[32 * 1024]; | |
| MaximumLength = (ushort) Data.Length; | |
| } | |
| public override string ToString() | |
| { | |
| return Encoding.Unicode.GetString(Data, 0, Length); | |
| } | |
| } | |
| [DllImport("ntdll.dll")] | |
| static extern int NtQueryInformationProcess( | |
| SafeProcessHandle ProcessHandle, | |
| int ProcessInformationClass, | |
| [In, Out] CommandLineString ProcessInformation, | |
| int ProcessInformationLength, | |
| out int ReturnLength | |
| ); | |
| const int QueryLimitedInformation = 0x1000; | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| static extern SafeProcessHandle OpenProcess( | |
| int dwDesiredAccess, | |
| bool bInheritHandle, | |
| int dwProcessId | |
| ); | |
| public static string Get(Process process) | |
| { | |
| using (var handle = OpenProcess(QueryLimitedInformation, false, process.Id)) | |
| { | |
| if (handle.IsInvalid) | |
| { | |
| return string.Empty; | |
| } | |
| int return_length; | |
| CommandLineString str = new CommandLineString(); | |
| int status = NtQueryInformationProcess(handle, ProcessCommandLineInformation, str, Marshal.SizeOf(str), out return_length); | |
| if (status == 0) | |
| { | |
| return str.ToString(); | |
| } | |
| return string.Empty; | |
| } | |
| } | |
| } | |
| "@ | |
| Add-Type -TypeDefinition $src | Out-Null | |
| [CommandLine]::Get($this) | |
| </GetScriptBlock> | |
| </ScriptProperty> | |
| </Members> | |
| </Type> | |
| </Types> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment