PROCESS_BASIC_INFORMATION pbi;
ULONG ulReturnLength;
NTSTATUS lNtStatus = NtQueryInformationProcess(hProcess,ProcessBasicInformation,&pbi,sizeof(pbi),&ulReturnLength);
if(lNtStatus == STATUS_SUCCESS && ulReturnLength == sizeof(pbi)) {
char buf[128];
PROCESS_ENVIRONMENT_BLOCK peb;
BOOL bResult = ReadProcessMemory(hProcess,pbi.PebBaseAddress,&peb,sizeof(peb),&ulReturnLength);
PROCESS_PARAMETRS pp;
bResult = ReadProcessMemory(hProcess,peb.pi,&pp,sizeof(pp),ulReturnLength);
WCHAR sz_buf[_MAX_PATH];
bResult = ReadProcessMemory(hProcess,pp.CurrentDirectory.Buffer,sz_buf,sizeof(sz_buf),&ulReturnLength);
bResult = ReadProcessMemory(hProcess,pp.ApplicationName.Buffer,sz_buf,sizeof(sz_buf),&ulReturnLength);
bResult = ReadProcessMemory(hProcess,pp.CommandLine.Buffer,sz_buf,sizeof(sz_buf),&ulReturnLength);
if (bResult == 0) {
ERR
goto exit;
}
---
2 cb: все получилось=)) ошибка была в разыменовании указателя
|