Jump to content

_WinAPI_GetProcessCommandLine no longer works with MSEdge?


Go to solution Solved by KaFu,

Recommended Posts

Hi all,

I'm attempting to use _WinAPI_GetProcessCommandLine() on msedge.exe and it seems to no longer work. 

The code is as follows

#RequireAdmin 
#include <Array.au3>
#include <WinAPIProc.au3>

Local $aArray 
Local $aAdjust
Local $iSIHost = ProcessExists("msedge.exe")
Local $sCommandline

; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
_WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

While True
    $aArray = _WinAPI_EnumChildProcess($iSIHost)
    If @error Then ContinueLoop
    For $iLoop = 0 To $aArray[0][0]
        $sCommandline = _WinAPI_GetProcessCommandLine($aArray[$iLoop][0])
        MsgBox(0, $aArray[$iLoop][0], $sCommandline)
    Next
    _ArrayDisplay($aArray)
    ;MsgBox(0, "CMD", $sCommandline)
    _WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
    _WinAPI_CloseHandle($hToken)
    Exit 0
WEnd

 

How to reproduce:

  1. Have Microsoft Edge Open
  2. Run the code


Expected Results:

Obtains Process Commandline

Actual Results:

Empty Variables


Additional Information:

I know for a fact that these processes do have a command line as tracked by Process Explorer. It just seems as if _WinAPI_GetProcessCommandLine is unable to obtain them. Oddly enough, the code works fine for other processes (e.g. Discord.exe).
 

image.png.09abfee96b5295655ad958c141d33a32.png

My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

My Projects

WhyNotWin11
Cisco FinesseGithubIRC UDFWindowEx UDF

 

Link to comment
Share on other sites

  • rcmaehl changed the title to _WinAPI_GetProcessCommandLine no longer works with MSEdge?
  • Solution

Most likely related to x64, try #AutoIt3Wrapper_UseX64=y.

Edit:

RequireAdmin and Token stuff only required for system processes, normal non-Admin process and be accessed without it (as msedge.exe).

#RequireAdmin
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseX64=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#include <Array.au3>
#include <WinAPIHObj.au3>
#include <WinAPIProc.au3>

Local $aAdjust, $aList = 0

; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
_WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

; Retrieve command-line arguments for all processes the system
Local $iEnum = 0
If Not (@error Or @extended) Then
    $aList = ProcessList()
    Local $aList_CMD[$aList[0][0] + 1][3]
    $aList_CMD[0][0] = $aList[0][0]
    For $i = 1 To $aList[0][0]

        $aList_CMD[$i][0] = $aList[$i][0]
        $aList_CMD[$i][1] = $aList[$i][1]
        $aList_CMD[$i][2] = _WinAPI_GetProcessCommandLine($aList[$i][1])

        If $aList_CMD[$i][2] Then $iEnum += 1

    Next
EndIf

; Enable SeDebugPrivilege privilege by default
_WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
_WinAPI_CloseHandle($hToken)

_ArrayDisplay($aList_CMD, '_WinAPI_GetProcessCommandLine - ' & $iEnum)

vs.

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseX64=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#include <Array.au3>
#include <WinAPIProc.au3>

Local $iEnum = 0
Local $aList = ProcessList("msedge.exe")
Local $aList_CMD[$aList[0][0] + 1][3]
$aList_CMD[0][0] = $aList[0][0]
For $i = 1 To $aList[0][0]
    $aList_CMD[$i][0] = $aList[$i][0]
    $aList_CMD[$i][1] = $aList[$i][1]
    $aList_CMD[$i][2] = _WinAPI_GetProcessCommandLine($aList[$i][1])
    If $aList_CMD[$i][2] Then $iEnum += 1
Next

_ArrayDisplay($aList_CMD, '_WinAPI_GetProcessCommandLine - ' & $iEnum)

 

Edited by KaFu
Link to comment
Share on other sites

6 hours ago, KaFu said:

Most likely related to x64, try #AutoIt3Wrapper_UseX64=y.

You're probably right. I'm not in front of my code currently to check but I remember that being an issue elsewhere.

My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

My Projects

WhyNotWin11
Cisco FinesseGithubIRC UDFWindowEx UDF

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...