| View previous topic :: View next topic |
| Author |
Message |
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
 Posted: Sun Oct 12, 2008 9:14 am Post subject: Sniffing Command-Line Arguments through arguments? |
 |
|
How would I get the commandline arguements of a application? For example to run neuz.exe you need to call it as neuz.exe sunkist
Is it possible to get this value through a debugger or anything?
|
|
| Back to top |
|
 |
Zerith
Master Cheater
 Reputation: 1
Joined: 07 Oct 2007
Posts: 468
|
| Posted: Sun Oct 12, 2008 9:17 am Post subject: |
|
|
If i got you right, you can do it in C++ like so:
| Code: |
int main(int argc,char* argv[])
{
for(int i = 0;i < argc;i++)
std::cout << argv[i]
}
|
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Oct 12, 2008 9:24 am Post subject: |
|
|
| Given that the file is being checked before executed so that you cannot replace the file with yours to sniff...
|
|
| Back to top |
|
|
HalfPrime
Grandmaster Cheater
![]() Reputation: 0
Joined: 12 Mar 2008
Posts: 532
Location: Right there...On your monitor
|
| Posted: Sun Oct 12, 2008 12:07 pm Post subject: |
|
|
Open the launcher up in olly and search for createprocess/shellexecute and look at the arguments passed when they're called. Or open up the program in olly and search for getstartupinfo.
_________________
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Sun Oct 12, 2008 12:12 pm Post subject: |
|
|
| Put a breakpoint on CreateProcessA/W and ShellExecute when you have the launcher open.
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Sun Oct 12, 2008 12:42 pm Post subject: |
|
|
| Another way is to debug the application (neuz.exe) and setup a breakpoint on GetCommandLine().
|
|
| Back to top |
|
|
pkedpker
Master Cheater
![]() Reputation: 1
Joined: 11 Oct 2006
Posts: 412
|
| Posted: Sun Oct 12, 2008 12:54 pm Post subject: |
|
|
or just use this program you can see command line arguments of every running process and suspend threads to debug.. etc.. you can even stop gameguard from loading (but it wont do any good)
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Oct 12, 2008 1:10 pm Post subject: |
|
|
Thank you for your help but its useless since I forgot to mention the program is protected with themida....................... So I don't have access to the original exe that executes the program:
say the program that requires parameters is called a.exe It is not protected in any way.
The program that executes a.exe is protected with themida so...
|
|
| Back to top |
|
|
HalfPrime
Grandmaster Cheater
![]() Reputation: 0
Joined: 12 Mar 2008
Posts: 532
Location: Right there...On your monitor
|
| Posted: Sun Oct 12, 2008 1:18 pm Post subject: |
|
|
Attach CE or olly to the launcher after it unpacks.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Oct 12, 2008 1:31 pm Post subject: |
|
|
Do you even understand what themida is? If you do then you would not have made that idiotic comment.
EDIT: thank you pkedpker. Your program works perfect.
|
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Sun Oct 12, 2008 1:46 pm Post subject: |
|
|
| dnsi0 wrote: | Do you even understand what themida is? If you do then you would not have made that idiotic comment.
EDIT: thank you pkedpker. Your program works perfect. |
Attaching w/ olly is really easy with themida. YOU are the one who makes idiotic comments.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Oct 12, 2008 1:56 pm Post subject: |
|
|
| how? freezing the program then attaching?
|
|
| Back to top |
|
|
Jani
Grandmaster Cheater
![]() Reputation: 2
Joined: 29 Dec 2006
Posts: 804
|
| Posted: Mon Oct 13, 2008 2:51 pm Post subject: |
|
|
I wrote this one just for you :) Well, out of interest.
| Code: | | Usage: getcommandline.exe PID |
Refresh if the attachment is not seen.
And this is how to find it:
| Code: | PROCESS_BASIC_INFORMATION
->PebBaseAddress
->ProcessParameters
->CommandLine.Buffer |
Will require this (I think): Microsoft Visual C++ 2008 Redistributable Package (x86). So if it's crashing, try installing that one and then blame me if it still crashes :p
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Tue Oct 14, 2008 2:13 am Post subject: |
|
|
PROCESS_BASIC_INFORMATION. You get that structure from ZwQueryInformationProcess right?
The offsets in that structure, how are you sure that they're right? It's an unsupported api, so doesn't the structure change on every OS or service pack?
For the MsVC2008 Redistributable Package: When you go to project options, there's an option somewhere that is default set to 'multi-threaded dll'. If you change that to 'multi-threaded' then you don't need the package anymore.
|
|
| Back to top |
|
|
Jani
Grandmaster Cheater
![]() Reputation: 2
Joined: 29 Dec 2006
Posts: 804
|
| Posted: Tue Oct 14, 2008 5:44 am Post subject: |
|
|
| tombana wrote: | PROCESS_BASIC_INFORMATION. You get that structure from ZwQueryInformationProcess right?
The offsets in that structure, how are you sure that they're right? It's an unsupported api, so doesn't the structure change on every OS or service pack? |
I do check if the pointer to the function is OK, if it isn't I just throw an error. It does work on anything newer that W2k. And besides is anyone here running 9x? Less than 1% I'd guess.
| tombana wrote: | | For the MsVC2008 Redistributable Package: When you go to project options, there's an option somewhere that is default set to 'multi-threaded dll'. If you change that to 'multi-threaded' then you don't need the package anymore. |
That's true, but then your executable grows like hell. Compare my 9KB with your >1MB or something. Myself, I prefer dynamically linking, because almost everyone has the redist package installed nowdays, since many games, etc, require it. So, if you've the package, you don't need to DL it anymore in a static linked executable -> saves B/W and HDD space (not that much, but anyway, a bit :) ). I suggest you to change your "multithreaded" back to "multithreaded dll." :)
</Offtopic>
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
