35 #include <boost/algorithm/string.hpp> 36 #include <boost/shared_array.hpp> 37 #include <boost/format.hpp> 38 #include <boost/date_time/posix_time/posix_time.hpp> 39 #include <boost/date_time/filetime_functions.hpp> 47 return GetCurrentProcessId();
61 HANDLE processHandle = OpenProcess(
62 PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
63 if (processHandle == NULL) {
64 throw std::runtime_error(boost::str(boost::format(
"Could not" 65 " open process with PID" 69 TCHAR filename[MAX_PATH];
70 DWORD ret = GetModuleFileNameEx(processHandle, NULL, filename, MAX_PATH);
71 CloseHandle(processHandle);
73 throw std::runtime_error(boost::str(boost::format(
"Could not" 78 return std::string(filename);
82 char buffer[MAX_PATH];
84 if ((length = GetModuleFileName(NULL, buffer, MAX_PATH)) == 0) {
85 throw std::runtime_error(boost::str(boost::format(
"Could not" 89 return std::string(buffer, length);
94 DWORD ProcessInformationClass,
95 PVOID ProcessInformation,
96 DWORD ProcessInformationLength,
118 GetModuleHandleA(
"ntdll.dll"),
"NtQueryInformationProcess");
120 NtQueryInformationProcess(processHandle.get(), 0, &pbi,
sizeof(pbi), NULL);
130 CloseHandle((HANDLE) handle);
146 HANDLE rawProcessHandle = OpenProcess(
147 PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
148 if (rawProcessHandle == 0) {
149 throw std::runtime_error(boost::str(boost::format(
"Could not" 150 " open process with PID" 155 boost::shared_ptr<void> processHandle(rawProcessHandle,
DeleteHandle());
160 PVOID rtlUserProcParamsAddress = 0;
161 if (!ReadProcessMemory(processHandle.get(), (PCHAR) pebAddress + 0x10,
162 &rtlUserProcParamsAddress,
sizeof(PVOID), NULL)) {
163 throw std::runtime_error(
166 "Could not read the address of ProcessParameters: %1%")
172 if (!ReadProcessMemory(processHandle.get(),
173 (PCHAR) rtlUserProcParamsAddress + 0x40, &commandLine,
174 sizeof(commandLine), NULL)) {
175 throw std::runtime_error(
177 boost::format(
"Could not read CommandLine: %1%")
182 boost::shared_array<WCHAR> commandLineContents(
183 new WCHAR[commandLine.
Length]);
186 if (!ReadProcessMemory(processHandle.get(), commandLine.
Buffer,
187 commandLineContents.get(), commandLine.
Length, NULL)) {
188 throw std::runtime_error(
191 "Could not read the command line string: %1%")
195 std::wstring wideCommandLineString = commandLineContents.get();
202 std::string commandLineString(wideCommandLineString.begin(),
203 wideCommandLineString.begin() + commandLine.
Length / 2);
206 std::vector<std::string> arguments;
207 boost::split(arguments, commandLineString, boost::is_any_of(
" "),
208 boost::token_compress_on);
217 if ((arguments = CommandLineToArgvW(GetCommandLineW(), &numArguments))
219 throw std::runtime_error(boost::str(boost::format(
"Could not determine" 225 std::vector<std::string> result;
226 for (
int i = 0; i < numArguments; ++i) {
227 std::wstring arg = arguments[i];
232 result.push_back(std::string(arg.begin(), arg.end()));
234 LocalFree(arguments);
240 FILETIME creationTime;
245 HANDLE processHandle = OpenProcess(
246 PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
247 if (processHandle == NULL) {
248 throw std::runtime_error(boost::str(boost::format(
"Could not" 249 " open process with PID" 253 BOOL ret = GetProcessTimes(processHandle,
254 &creationTime, &exitTime, &kernelTime, &userTime);
255 CloseHandle(processHandle);
257 throw std::runtime_error(boost::str(boost::format(
"Could not" 263 return boost::date_time::time_from_ftime<boost::posix_time::ptime>(creationTime);
271 throw std::runtime_error(
"Could not determine executing user:" 276 TCHAR buffer[UNLEN + 1];
277 DWORD size = UNLEN + 1;
278 if (GetUserName((TCHAR*) buffer, &size)) {
279 std::wstring name((
wchar_t*) buffer, size - 1);
280 return std::string(name.begin(), name.end());
282 throw std::runtime_error(boost::str(boost::format(
"Could not determine" 283 " executing user: %1%")
std::vector< std::string > getCommandlineArguments(PID pid)
Return the list of commandline arguments of the process designated by pid.
struct rsc::os::_PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
boost::posix_time::ptime getProcessStartTime(PID pid)
Return the start time of the process designated by pid.
PID currentProcessId()
Return the id the current process.
boost::posix_time::ptime currentProcessStartTime()
Return the start time of the current process.
std::string getExecutablePath(PID pid)
Return the absolute path of the executable file that is executed in the process designated by pid...
struct rsc::os::_UNICODE_STRING UNICODE_STRING
std::vector< std::string > currentCommandlineArguments()
Return the list of commandline arguments of the current process.
std::string getExecutingUser(PID pid)
Return login- or account-name of the user executing pid.
struct rsc::os::_PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
std::string GetLastErrorString()
std::string currentExecutingUser()
Return the login- or account-name of the user executing the current process.
struct rsc::os::_UNICODE_STRING * PUNICODE_STRING
NTSTATUS(NTAPI * _NtQueryInformationProcess)(HANDLE ProcessHandle, DWORD ProcessInformationClass, PVOID ProcessInformation, DWORD ProcessInformationLength, PDWORD ReturnLength)
std::string getProgramName(PID pid)
Return the name of the program executed in the process designated by pid.
void operator()(void *handle)
std::string currentProgramName()
Return the name of the program executed in the current process.
PVOID GetPebAddress(boost::shared_ptr< void > processHandle)
std::string currentExecutablePath()
Return the absolute path of the executable file that is executed in the current process.