* @return the process
*/
public static Process getProcess(int pid)
{
WindowsXPProcess result = new WindowsXPProcess();
HANDLE hProcess = MyKernel32.INSTANCE.OpenProcess(MyKernel32.PROCESS_ALL_ACCESS, false, pid);
if (hProcess == null)
hProcess = MyKernel32.INSTANCE.OpenProcess(MyKernel32.PROCESS_QUERY_INFORMATION, false, pid);
if (hProcess == null)
return null;
result._pid = pid;
result._processInformation = new PROCESS_INFORMATION();
result._processInformation.dwProcessId = pid;
result._processInformation.hProcess = hProcess;
result._cmd = result.getCommandLineInternal();
// this does not always work (why ??), if so try again, then this
// normally does
// on win64 PEB of 64 bit cannot be accessed from wow -> use wmi
if (result._cmd.equals("?"))
result._cmd = result.getCommandLineInternalWMI();
if ("?".equals(result._cmd))
{
System.err.println("Could not get commandline");
}
else
System.out.println("Command line of " + pid + ": " + result._cmd);
PointerByReference hToken = new PointerByReference();
HANDLE hp = new HANDLE();
hp.setPointer(hProcess.getPointer());
if (MyAdvapi.INSTANCE.OpenProcessToken(hp, MyAdvapi.TOKEN_READ, hToken))
{
IntByReference dwSize = new IntByReference();
MyAdvapi.INSTANCE.GetTokenInformation(hToken.getValue(), MyAdvapi.TokenUser, null, 0, dwSize);
{