_WinAPI_GetProcessCommandLine no longer works with MSEdge?

[rcmaehl]

Hi all,

I'm attempting to use _WinAPI_GetProcessCommandLine() on msedge.exe and it seems to no longer work. 

The code is as follows

#RequireAdmin 
#include <Array.au3>
#include <WinAPIProc.au3>

Local $aArray 
Local $aAdjust
Local $iSIHost = ProcessExists("msedge.exe")
Local $sCommandline

; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
_WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

While True
    $aArray = _WinAPI_EnumChildProcess($iSIHost)
    If @error Then ContinueLoop
    For $iLoop = 0 To $aArray[0][0]
        $sCommandline = _WinAPI_GetProcessCommandLine($aArray[$iLoop][0])
        MsgBox(0, $aArray[$iLoop][0], $sCommandline)
    Next
    _ArrayDisplay($aArray)
    ;MsgBox(0, "CMD", $sCommandline)
    _WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
    _WinAPI_CloseHandle($hToken)
    Exit 0
WEnd

 

How to reproduce:

1. Have Microsoft Edge Open
2. Run the code

Expected Results:

Obtains Process Commandline

Actual Results:

Empty Variables

Additional Information:

I know for a fact that these processes do have a command line as tracked by Process Explorer. It just seems as if _WinAPI_GetProcessCommandLine is unable to obtain them. Oddly enough, the code works fine for other processes (e.g. Discord.exe).
 

[KaFu]

Most likely related to x64, try #AutoIt3Wrapper_UseX64=y.

Edit:

RequireAdmin and Token stuff only required for system processes, normal non-Admin process and be accessed without it (as msedge.exe).

expandcollapse popup

#RequireAdmin
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseX64=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#include <Array.au3>
#include <WinAPIHObj.au3>
#include <WinAPIProc.au3>

Local $aAdjust, $aList = 0

; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
_WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

; Retrieve command-line arguments for all processes the system
Local $iEnum = 0
If Not (@error Or @extended) Then
    $aList = ProcessList()
    Local $aList_CMD[$aList[0][0] + 1][3]
    $aList_CMD[0][0] = $aList[0][0]
    For $i = 1 To $aList[0][0]

        $aList_CMD[$i][0] = $aList[$i][0]
        $aList_CMD[$i][1] = $aList[$i][1]
        $aList_CMD[$i][2] = _WinAPI_GetProcessCommandLine($aList[$i][1])

        If $aList_CMD[$i][2] Then $iEnum += 1

    Next
EndIf

; Enable SeDebugPrivilege privilege by default
_WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
_WinAPI_CloseHandle($hToken)

_ArrayDisplay($aList_CMD, '_WinAPI_GetProcessCommandLine - ' & $iEnum)

vs.

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseX64=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#include <Array.au3>
#include <WinAPIProc.au3>

Local $iEnum = 0
Local $aList = ProcessList("msedge.exe")
Local $aList_CMD[$aList[0][0] + 1][3]
$aList_CMD[0][0] = $aList[0][0]
For $i = 1 To $aList[0][0]
    $aList_CMD[$i][0] = $aList[$i][0]
    $aList_CMD[$i][1] = $aList[$i][1]
    $aList_CMD[$i][2] = _WinAPI_GetProcessCommandLine($aList[$i][1])
    If $aList_CMD[$i][2] Then $iEnum += 1
Next

_ArrayDisplay($aList_CMD, '_WinAPI_GetProcessCommandLine - ' & $iEnum)

 

Edited June 20, 2023 by KaFu

[rcmaehl]

6 hours ago, KaFu said:

Most likely related to x64, try #AutoIt3Wrapper_UseX64=y.

You're probably right. I'm not in front of my code currently to check but I remember that being an issue elsewhere.