hello, i have an application which call another console application and pass to it some parameters (console app is a video/audio coverter app) ... is there a way to programmatically "spy" or catch the passed paramters other than hooking/monitoring shellexecute/CreateThread etc ?
+4
A:
Create an executable yourself that just calls the original and passes all parameters on to it. Then move the original somewhere else and replace it with your exe. Your program can then log all calls to it, including all parameters.
dummzeuch
2009-05-01 08:03:47
well, that is really nice trick ;) im gonna try it. but , i'v just tried proceess explorer from sysinternals, there is a tab in process properties that can tell bounc of process environment information, which includes parameters passed to called application. i started process explorer after the target application has been launched, so process explorer read these infromation from somewhere (processes memory? ) w'out hooking some apis, i want to know how to do this also.thanks again.
avar
2009-05-01 09:04:23
+2
A:
Yes, there is - as you write Process Explorer is able to do it, and you could employ the same technique. But AFAIK there's no Delphi translation of the winternl.h file from the Platform SDK, so it is even more tedious and difficult. Also this is extremely version-specific, and there are chances it will break with the next Windows version. It's also not quite clear whether this works for 64 bit processes (from a 32 bit process).
If you really want to do it you will find the necessary information in this blog posting by Matt Pietrek, and in the CodeProject article "Read Environment Strings of Remote process".
If you do not plan to use it for closed source commercial programs then a look into the (GPL licensed) annotated version of the winternl.h file from the ReactOS project would probably also help.
mghie
2009-05-01 13:50:24
A:
It's a Win32 FAQ since 1992 : just read the PEB.
See on Win32 experts group http://tinyurl.com/cmhb5g