Jump to content

_WinAPI_GetProcessCommandLine no longer works with MSEdge?

rcmaehl
 Share
Go to solution Solved by KaFu,

Recommended Posts

rcmaehl Universalist

rcmaehl

Posted
Posted

Hi all,

I'm attempting to use _WinAPI_GetProcessCommandLine() on msedge.exe and it seems to no longer work. 

The code is as follows 

#RequireAdmin 
#include <Array.au3>
#include <WinAPIProc.au3>

Local $aArray 
Local $aAdjust
Local $iSIHost = ProcessExists("msedge.exe")
Local $sCommandline

; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
_WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

While True
    $aArray = _WinAPI_EnumChildProcess($iSIHost)
    If @error Then ContinueLoop
    For $iLoop = 0 To $aArray[0][0]
        $sCommandline = _WinAPI_GetProcessCommandLine($aArray[$iLoop][0])
        MsgBox(0, $aArray[$iLoop][0], $sCommandline)
    Next
    _ArrayDisplay($aArray)
    ;MsgBox(0, "CMD", $sCommandline)
    _WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
    _WinAPI_CloseHandle($hToken)
    Exit 0
WEnd

 

How to reproduce:

  1. Have Microsoft Edge Open
  2. Run the code


Expected Results:

Obtains Process Commandline

Actual Results:

Empty Variables


Additional Information:

I know for a fact that these processes do have a command line as tracked by Process Explorer. It just seems as if _WinAPI_GetProcessCommandLine is unable to obtain them. Oddly enough, the code works fine for other processes (e.g. Discord.exe).
 

image.png.09abfee96b5295655ad958c141d33a32.png

My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

My Projects

WhyNotWin11
Cisco FinesseGithubIRC UDFWindowEx UDF

 

Link to comment
Share on other sites
  • rcmaehl changed the title to _WinAPI_GetProcessCommandLine no longer works with MSEdge?
  • Solution
KaFu Universalist

KaFu

Posted
  • Solution
Posted (edited)

Most likely related to x64, try #AutoIt3Wrapper_UseX64=y.

Edit:

RequireAdmin and Token stuff only required for system processes, normal non-Admin process and be accessed without it (as msedge.exe). 

#RequireAdmin
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseX64=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#include <Array.au3>
#include <WinAPIHObj.au3>
#include <WinAPIProc.au3>

Local $aAdjust, $aList = 0

; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
_WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

; Retrieve command-line arguments for all processes the system
Local $iEnum = 0
If Not (@error Or @extended) Then
    $aList = ProcessList()
    Local $aList_CMD[$aList[0][0] + 1][3]
    $aList_CMD[0][0] = $aList[0][0]
    For $i = 1 To $aList[0][0]

        $aList_CMD[$i][0] = $aList[$i][0]
        $aList_CMD[$i][1] = $aList[$i][1]
        $aList_CMD[$i][2] = _WinAPI_GetProcessCommandLine($aList[$i][1])

        If $aList_CMD[$i][2] Then $iEnum += 1

    Next
EndIf

; Enable SeDebugPrivilege privilege by default
_WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
_WinAPI_CloseHandle($hToken)

_ArrayDisplay($aList_CMD, '_WinAPI_GetProcessCommandLine - ' & $iEnum)

vs. 

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseX64=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#include <Array.au3>
#include <WinAPIProc.au3>

Local $iEnum = 0
Local $aList = ProcessList("msedge.exe")
Local $aList_CMD[$aList[0][0] + 1][3]
$aList_CMD[0][0] = $aList[0][0]
For $i = 1 To $aList[0][0]
    $aList_CMD[$i][0] = $aList[$i][0]
    $aList_CMD[$i][1] = $aList[$i][1]
    $aList_CMD[$i][2] = _WinAPI_GetProcessCommandLine($aList[$i][1])
    If $aList_CMD[$i][2] Then $iEnum += 1
Next

_ArrayDisplay($aList_CMD, '_WinAPI_GetProcessCommandLine - ' & $iEnum)

 

Edited by KaFu

de.png OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu
prog_icon_amt.png AMT - Auto-Movie-Thumbnailer (2022-Nov-26) prog_icon_bic.png BIC - Batch-Image-Cropper (2023-Apr-01) prog_icon_cop.png COP - Color Picker (2009-May-21)
prog_icon_dcs.png DCS - Dynamic Cursor Selector (2024-Feb-16) prog_icon_hmw.png HMW - Hide my Windows (2018-Sep-16) prog_icon_hrc.png HRC - HotKey Resolution Changer (2012-May-16) 
prog_icon_icu.png ICU - Icon Configuration Utility (2018-Sep-16) prog_icon_smf.png SMF - Search my Files (2023-Jun-03) - THE file info and duplicates search tool prog_icon_ssd.png SSD - Set Sound Device (2017-Sep-16)

Link to comment
Share on other sites
rcmaehl Universalist

rcmaehl

Posted
  • Author
Posted
6 hours ago, KaFu said:

Most likely related to x64, try #AutoIt3Wrapper_UseX64=y.

You're probably right. I'm not in front of my code currently to check but I remember that being an issue elsewhere.

My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

My Projects

WhyNotWin11
Cisco FinesseGithubIRC UDFWindowEx UDF

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...