-1

I'm writing a program that what it does first, is to retrieve the first command line argument (which should be a process name), and find the corresponding PID of the process.

Here's how I do it:

in main

DWORD PID = FindProcessId(argv[1]);

and here's the function that finds PID:

DWORD FindProcessId(PWCHAR processname)
{
    NTSTATUS status;
    PVOID buffer;
    PSYSTEM_PROCESS_INFORMATION spi;
    DWORD pid = 0;

    buffer = VirtualAlloc(NULL, 1024 * 1024, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
    spi = (PSYSTEM_PROCESS_INFORMATION)buffer;

    status = NtQuerySystemInformation(SystemProcessInformation, spi, 1024 * 1024, NULL);

    while (spi->NextEntryOffset) // Loop over the list until we reach the last entry, or found PID.
    {
        if (wcsncmp(spi->ImageName.Buffer, processname, spi->ImageName.Length) == 0)
        {
            pid = spi->UniqueProcessId;
            break;
        }
        spi = (PSYSTEM_PROCESS_INFORMATION)((LPBYTE)spi + spi->NextEntryOffset); // Calculate the address of the next entry.

    }

    return pid;
}

The thing is, it works perfectly if i simply write

DWORD PID = FindProcessId(L"notepad.exe");,

for example.

But when i use the command line argument and runthe program like so: find_pid.exe notepad.exe the FindProcessId returns 0, meaning it didn't find the process. Even though notepad.exe is running like before.

Any ideas why this doesn't work with the command line argument?

To make the program accept PWCHAR rather than char * (Wide strings rather than ascii ones), I had to use main instead of wmain

Improve this question
8
  • 2
    Use a debugger to see what data you are extracting from the command line args. Or even just print the vakue. You need to learn debugging. Commented May 13, 2023 at 15:26
  • Convert char * to LPWSTR Commented May 13, 2023 at 15:29
  • But i'm passing a PWCHAR to FindProcessId, wouldn't converting the input cmd line argument cause it to misbehave? Commented May 13, 2023 at 15:32
  • 1
    No FindProcessId expects a PWCHAR, but one is passing a char * if one's entry function is named main, it should named wmain. learn.microsoft.com/en-us/cpp/c-language/… Commented May 13, 2023 at 15:35
  • 1
    while (spi->NextEntryOffset) is wrong logic. always last process is lost. need do { } while (spi->NextEntryOffset) Commented May 13, 2023 at 19:49

1 Answer 1

Reset to default
1

To make the program accept PWCHAR rather than char * (Wide strings rather than ascii ones), I had to use wmain instead of main, like so:

int wmain(int argc, PWCHAR argv[])
{
    ....
    return 0;
}

OR

Just convert the char * to a wide string - PWCHAR, like so:

WCHAR victimProcessName[MAX_PATH];
mbstowcs(victimProcessName, argv[1], MAX_PATH); // Plus null
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.