jonman364 · November 4, 2014 15:07
diff --git a/GetCommandLine.cpp b/GetCommandLine.cpp
 #include <windows.h>
 #include <iostream>
 using namespace std;

 #define ERR_CMD 1
 #define ERR_NOTPID 2
 #define ERR_NOTVALID 3

 typedef  LPSTR (WINAPI *gc)( void );

 struct Fs{
 	gc p;				// Pointer to GetCommandLine
 	char cl[1024];		// String to store command line
 };


 static DWORD WINAPI getCmdline(LPVOID n){		//Remotely executed function.  Must load each function used
 	Fs *fs = (Fs*)n;
 	char *str = fs->p();
 	int idx = 0;
 	for(; idx < 1024 && str[idx]; idx++)
 		fs->cl[idx] = str[idx];
 	
 	fs->cl[idx < 1024 ? idx : 1023] = '\0';
 	return idx;
 }

 static void endCmd(){					// Used to measure the size of getCmdline endCmd - getCmdline
 }

 int main(int argc, char **argv){
 	int pid;
 	if(argc < 2){
 		cout << "Useage: " << argv[0] << " PID" << endl;
 		return ERR_CMD;
 	}
 	
 	pid = atoi(argv[1]);
 	if(pid){
 		HANDLE h, td;
 		DWORD ret;
 		Fs fs;
 		SIZE_T sz = ((LPBYTE)endCmd - (LPBYTE)getCmdline);  // Size of getCmdline function
 		HMODULE hk32 = 0;
 		
 		h = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | 
 				PROCESS_VM_WRITE | PROCESS_VM_READ, false, pid);
 		
 		
 		//Get address of function used in pushed function
 		hk32 = LoadLibrary("kernel32.dll");
 		fs.p = (gc)GetProcAddress(hk32, "GetCommandLineA");
 		FreeLibrary(hk32);
 		
 		if(h){
 			// Allocate memory for fuction and copy over
 			void *pfun = VirtualAllocEx(h, NULL, sz, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
 			WriteProcessMemory(h, pfun, &getCmdline, sz, NULL);
 			
 			// Allocate memory for data and copy over
 			void *pfs = VirtualAllocEx(h, NULL, sizeof(fs), MEM_COMMIT, PAGE_READWRITE);
 			WriteProcessMemory(h, pfs, &fs, sizeof(fs), NULL);
 			
 			// Create retmote thread (and start, 2nd to last arg)
 			td = CreateRemoteThread(h, NULL,0, (LPTHREAD_START_ROUTINE)pfun, pfs, 0, NULL);
 			
 			
 			if(WaitForSingleObject(td, 10000) == WAIT_OBJECT_0){
 				GetExitCodeThread(td, &ret);
 				ReadProcessMemory(h, pfs, &fs, sizeof(fs), NULL);
 				cout << "Success? " << ret << endl << fs.cl << endl;;
 				//printret(fs.cl, ret);
 			}
 				
 			VirtualFreeEx(h, pfun, 0, MEM_RELEASE);
 			VirtualFreeEx(h, pfs, 0, MEM_RELEASE);
 		}
 		else return ERR_NOTVALID;
 		
 		CloseHandle(td);
 		CloseHandle(h);
 	}
 	else
 		return ERR_NOTPID;
 	
 	return 0;
 }
	#include <windows.h>
	#include <iostream>
	using namespace std;

	#define ERR_CMD 1
	#define ERR_NOTPID 2
	#define ERR_NOTVALID 3

	typedef LPSTR (WINAPI *gc)( void );

	struct Fs{
	gc p; // Pointer to GetCommandLine
	char cl[1024]; // String to store command line
	};


	static DWORD WINAPI getCmdline(LPVOID n){ //Remotely executed function. Must load each function used
	Fs fs = (Fs)n;
	char *str = fs->p();
	int idx = 0;
	for(; idx < 1024 && str[idx]; idx++)
	fs->cl[idx] = str[idx];

	fs->cl[idx < 1024 ? idx : 1023] = '\0';
	return idx;
	}

	static void endCmd(){ // Used to measure the size of getCmdline endCmd - getCmdline
	}

	int main(int argc, char **argv){
	int pid;
	if(argc < 2){
	cout << "Useage: " << argv[0] << " PID" << endl;
	return ERR_CMD;
	}

	pid = atoi(argv[1]);
	if(pid){
	HANDLE h, td;
	DWORD ret;
	Fs fs;
	SIZE_T sz = ((LPBYTE)endCmd - (LPBYTE)getCmdline); // Size of getCmdline function
	HMODULE hk32 = 0;

	h = OpenProcess(PROCESS_CREATE_THREAD \| PROCESS_QUERY_INFORMATION \| PROCESS_VM_OPERATION \|
	PROCESS_VM_WRITE \| PROCESS_VM_READ, false, pid);


	//Get address of function used in pushed function
	hk32 = LoadLibrary("kernel32.dll");
	fs.p = (gc)GetProcAddress(hk32, "GetCommandLineA");
	FreeLibrary(hk32);

	if(h){
	// Allocate memory for fuction and copy over
	void *pfun = VirtualAllocEx(h, NULL, sz, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
	WriteProcessMemory(h, pfun, &getCmdline, sz, NULL);

	// Allocate memory for data and copy over
	void *pfs = VirtualAllocEx(h, NULL, sizeof(fs), MEM_COMMIT, PAGE_READWRITE);
	WriteProcessMemory(h, pfs, &fs, sizeof(fs), NULL);

	// Create retmote thread (and start, 2nd to last arg)
	td = CreateRemoteThread(h, NULL,0, (LPTHREAD_START_ROUTINE)pfun, pfs, 0, NULL);


	if(WaitForSingleObject(td, 10000) == WAIT_OBJECT_0){
	GetExitCodeThread(td, &ret);
	ReadProcessMemory(h, pfs, &fs, sizeof(fs), NULL);
	cout << "Success? " << ret << endl << fs.cl << endl;;
	//printret(fs.cl, ret);
	}

	VirtualFreeEx(h, pfun, 0, MEM_RELEASE);
	VirtualFreeEx(h, pfs, 0, MEM_RELEASE);
	}
	else return ERR_NOTVALID;

	CloseHandle(td);
	CloseHandle(h);
	}
	else
	return ERR_NOTPID;

	return 0;
	}
No results found