I'm trying to find out how to do this, I'm currently using CreateToolHelp32SnapShot to get a list of the running processes and I've got the FilePaths of the executables which are currently running, but I need to be able to find out what command line options were used to start the process.
I know its possible since you can see it on Process Explorer, I tried finding the source code of the old Process Explorer but had no luck :(
One possibility that occurs almost immediately would be to inject a thread into the target process (CreateRemoteThread), and have that call GetCommandLine.
Getting the command line of running processes cannot be done in a reliable fashion. It is very possible for the command line of a running process to be changed by changing the memory which stores those commands.
Raymond Chen did a nice article on this subject recently detailing why it's not reliable.
check if NtQueryInformationProcess and ReadProcessMemory win API calls will do what you need. There is no simple example for that so check the source code here: Get Process Info with NtQueryInformationProcess
another way for getting this data is throgh WMI, smth like this:
SELECT CommandLine FROM Win32_Process WHERE ProcessId = ???
more info here: Win32_Process Class
IIRC the command line parameters are stored in the process environment - if you can access it you can read them too.