GetProcessInformation

Retrieves detailed information about a specified process.

Syntax

                
BOOL GetProcessInformation(
  HANDLE                    hProcess,
  PROCESS_INFORMATION_CLASS ProcessInformationClass,
  LPVOID                    lpProcessInformation,
  DWORD                     cbProcessInformation
);
                
            

Parameters

Parameter	Type	Description
`hProcess`	`HANDLE`	A handle to the process whose information is to be retrieved. The handle must have the `PROCESS_QUERY_INFORMATION` or `PROCESS_QUERY_LIMITED_INFORMATION` access right. For more information, see Process Security and Access Rights.
`ProcessInformationClass`	`PROCESS_INFORMATION_CLASS`	The type of information to retrieve. This member can be one of the values from the `PROCESS_INFORMATION_CLASS` enumeration.
`lpProcessInformation`	`LPVOID`	A pointer to a buffer that receives the information requested. The type of this buffer depends on the value of the `ProcessInformationClass` parameter.
`cbProcessInformation`	`DWORD`	The size of the buffer pointed to by `lpProcessInformation`, in bytes.

Return Value

`BOOL`

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The GetProcessInformation function is a versatile function that allows you to query various aspects of a process's state and configuration. The specific information returned depends on the value passed in the ProcessInformationClass parameter.

Commonly used PROCESS_INFORMATION_CLASS values include:

ProcessBasicInformation: Retrieves basic process information, such as the process ID, parent process ID, and the address of the Process Environment Block (PEB).
ProcessCommandLineInformation: Retrieves the command line used to start the process.
ProcessTimes: Retrieves the kernel mode, user mode, and wall-clock times for the process.
ProcessVmCounters: Retrieves virtual memory counters for the process.

When requesting process information, ensure that the buffer provided (lpProcessInformation) is of the correct size and type corresponding to the requested ProcessInformationClass. It is recommended to zero-initialize the buffer before calling the function.

Example

The following example demonstrates how to retrieve the command line of a process using GetProcessInformation.

                
#include <windows.h>

#include <iostream>

#include <string>


int main() {
    HANDLE hProcess = GetCurrentProcess(); // Example: get info for current process
    if (hProcess == NULL) {
        std::cerr << "Failed to get current process handle. Error: " << GetLastError() << std::endl;
        return 1;
    }

    // Structure to receive process command line information
    typedef struct _PROCESS_BASIC_INFORMATION {
        NTSTATUS ExitStatus;
        PVOID    Reserved1;
        PROCESS_BASIC_INFORMATION_INTERNAL  BasicInformation; // Use the correct struct type
        PVOID    Reserved3;
        ULONG_PTR Reserved4;
    } PROCESS_BASIC_INFORMATION;

    // Temporary structure to get PEB address
    PROCESS_BASIC_INFORMATION pbi;
    ULONG returnLength;

    if (GetProcessInformation(hProcess, ProcessBasicInformation, &pbi, sizeof(pbi)) == 0) {
        std::cerr << "Failed to get process basic information. Error: " << GetLastError() << std::endl;
        CloseHandle(hProcess);
        return 1;
    }

    // Structure to receive command line information
    typedef struct _RTL_PROCESS_INFORMATION {
        ULONG NumberOfBytes;
        ULONG Reserved1[2];
        PVOID Reserved2[3];
        UNICODE_STRING ImagePathName;
        UNICODE_STRING CommandLine;
    } RTL_PROCESS_INFORMATION;

    RTL_PROCESS_INFORMATION procInfo;
    ULONG procInfoSize = sizeof(procInfo);

    // Allocate a larger buffer for command line string
    std::vector buffer(procInfoSize);
    procInfo.CommandLine.Buffer = reinterpret_cast(buffer.data() + offsetof(RTL_PROCESS_INFORMATION, CommandLine) + sizeof(UNICODE_STRING));
    procInfo.CommandLine.MaximumLength = procInfoSize - (offsetof(RTL_PROCESS_INFORMATION, CommandLine) + sizeof(UNICODE_STRING));
    procInfo.CommandLine.Length = 0;

    if (GetProcessInformation(hProcess, ProcessCommandLineInformation, &procInfo, procInfoSize) == 0) {
        std::cerr << "Failed to get process command line information. Error: " << GetLastError() << std::endl;
        CloseHandle(hProcess);
        return 1;
    }

    std::wcout << L"Process Command Line: " << procInfo.CommandLine.Buffer << std::endl;

    CloseHandle(hProcess);
    return 0;
}
                
            

Note: The exact structure definitions for process information may vary slightly across Windows versions. It's always advisable to consult the latest Windows SDK documentation for the precise structures and constants.