How to find base address to read cmd line argument from the proces

[Vijay]

Hi,

Our product is use to retrive command line arguments in 2000/2003 using base
address of Parent process. But in Vista Base address of each process is
different so how I can get command line argument of the process using windows
API in Vista.

Thanks,
Vijay

 

[Andrew McLaren]

Namaste, Vijay

> Our product is use to retrive command line arguments in 2000/2003 using
> base
> address of Parent process. But in Vista Base address of each process is
> different so how I can get command line argument of the process using
> windows

I guess you're referring to Vista's Address Space Layout Randomization
feature (ASRL)? Are you sure your process is actually getting random base
addresses? If you link your EXE in VS2005 using the /dynamicbase flag, the
PE Header will have a special bit set, in the DLLCHARACTERISTICS field. When
Vista loads the file and sees this bit set, it will randomise the base
address. Most or all of the Microsoft-supplied binaries in Vista are
compiled with this /dynamicbase hence, they load at random addresses.

But when you create a project in Visual Studio 2005, the /dynamicbase is
*not* added by default - you need to go in to Project Properties and add it.
So most 3rd party EXEs won't be taking part in ASLR - they'll be loading at
the same address as always.

Likewise, apps compiled and linked using VS2003 or earlier don't know
anything about ALSR, so they are not taking part either.

Having said that ... jumping to a memory address and reading bytes, sounds
like a very fragile and vulnerable way to get command line parameters! While
you are undoubtedly doing it for honourable reasons, a similar approach
could be potentially used by many malicious exploits. I'd be scared it will
stop working after the next security hotfix from Microsoft. Whereas a call
to GetCommandLine() should continue to work across all platforms and
versions.

Hope it helps,

--
Andrew McLaren
amclar (at) optusnet dot com dot au