Hi,

 

Our product is use to retrive command line arguments in 2000/2003 using base

address of Parent process. But in Vista Base address of each process is

different so how I can get command line argument of the process using windows

API in Vista.

 

Thanks,

Vijay

Namaste, Vijay

> Our product is use to retrive command line arguments in 2000/2003 using

> base

> address of Parent process. But in Vista Base address of each process is

> different so how I can get command line argument of the process using

> windows

 

I guess you're referring to Vista's Address Space Layout Randomization

feature (ASRL)? Are you sure your process is actually getting random base

addresses? If you link your EXE in VS2005 using the /dynamicbase flag, the

PE Header will have a special bit set, in the DLLCHARACTERISTICS field. When

Vista loads the file and sees this bit set, it will randomise the base

address. Most or all of the Microsoft-supplied binaries in Vista are

compiled with this /dynamicbase hence, they load at random addresses.

 

But when you create a project in Visual Studio 2005, the /dynamicbase is

*not* added by default - you need to go in to Project Properties and add it.

So most 3rd party EXEs won't be taking part in ASLR - they'll be loading at

the same address as always.

 

Likewise, apps compiled and linked using VS2003 or earlier don't know

anything about ALSR, so they are not taking part either.

 

Having said that ... jumping to a memory address and reading bytes, sounds

like a very fragile and vulnerable way to get command line parameters! While

you are undoubtedly doing it for honourable reasons, a similar approach

could be potentially used by many malicious exploits. I'd be scared it will

stop working after the next security hotfix from Microsoft. Whereas a call

to GetCommandLine() should continue to work across all platforms and

versions.

 

Hope it helps,

 

--

Andrew McLaren

amclar (at) optusnet dot com dot au