{"id":19063,"date":"2009-02-23T10:00:00","date_gmt":"2009-02-23T10:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2009\/02\/23\/why-is-there-no-supported-way-to-get-the-command-line-of-another-process\/"},"modified":"2009-02-23T10:00:00","modified_gmt":"2009-02-23T10:00:00","slug":"why-is-there-no-supported-way-to-get-the-command-line-of-another-process","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20090223-00\/?p=19063","title":{"rendered":"Why is there no supported way to get the command line of another process?"},"content":{"rendered":"<p>Commenter Francisco Moraes wonders <a href=\"http:\/\/blogs.msdn.com\/oldnewthing\/pages\/407234.aspx#540069\"> whether there is a supported way of getting the command line of another process<\/a>. Although there are certainly <a href=\"http:\/\/blogs.msdn.com\/mithuns\/archive\/2006\/02\/18\/534893.aspx\"> unsupported ways of doing it<\/a> or <a href=\"http:\/\/blogs.msdn.com\/danielvl\/archive\/2007\/04\/30\/how-to-find-a-process-command-line-using-kernel-debugger.aspx\"> ways that work with the assistance of a debugger<\/a>, there&#8217;s nothing that is supported for programmatic access to another process&#8217;s command line, at least nothing provided by the kernel. (The WMI folks have come up with <a href=\"http:\/\/msdn2.microsoft.com\/en-us\/library\/aa394372.aspx\"> Win32_Process.CommandLine<\/a>. I have no idea how they get that. You&#8217;ll have to ask them yourself.)<\/p>\n<p> That there isn&#8217;t is a consequence of the principle of <a href=\"http:\/\/blogs.msdn.com\/oldnewthing\/archive\/2009\/02\/16\/9425124.aspx\"> not keeping track of information which you don&#8217;t need<\/a>. The kernel has no need to obtain the command line of another process. It takes <a href=\"http:\/\/blogs.msdn.com\/oldnewthing\/archive\/2003\/12\/10\/56028.aspx\"> the command line passed to the <code>CreateProcess<\/code> function<\/a> and copies it into the address space of the process being launched, in a location where the <code>GetCommandLine<\/code> function can retrieve it. Once the process can access its own command line, the kernel&#8217;s responsibilities are done. <\/p>\n<p> Since the command line is copied into the process&#8217;s address space, the process might even write to the memory that holds the command line and modify it. If that happens, then the original command line is lost forever; the only known copy got overwritten. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Commenter Francisco Moraes wonders whether there is a supported way of getting the command line of another process. Although there are certainly unsupported ways of doing it or ways that work with the assistance of a debugger, there&#8217;s nothing that is supported for programmatic access to another process&#8217;s command line, at least nothing provided by [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-19063","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"<p>Commenter Francisco Moraes wonders whether there is a supported way of getting the command line of another process. Although there are certainly unsupported ways of doing it or ways that work with the assistance of a debugger, there&#8217;s nothing that is supported for programmatic access to another process&#8217;s command line, at least nothing provided by [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/19063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=19063"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/19063\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=19063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=19063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=19063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}