I am working with PEB. I have managed to get inside _RTL_USER_PROCESS_PARAMETERS. My Aim-> To know the memory address of argc and argv .( and if possible their values too ) only by using a binary file (.exe file) My current approach-> To access commandline string(which resides inside the struct _RTL_USER_PROCESS_PARAMETERS.
i managed to get inside it by embedding asm inside a c program
mov eax:fs[0x30]
mov [PEBaddress] , eax
mov ebx, [eax+0x10]
mov [ProcessParameters] , ebx
i got the offsets 0x30 and 0x10 by studying the binary under windows debugger
now at the offset of 0x40 from Processparameters address lies the string commandline, which i believe is a buffer,which i further believe is holding the value of argc and argv.
Problem: I want to read that buffer , and get the address values of argc and argv (command line arguments passed to a process) can anyone make this possible by providing me with a code for reading the buffer (as it is Unicode string) and get the required address.
Is there anyother way of doing this job ?(you can suggest me that also ,dont give me the option of printing the address of argc and argv inside main) i want static answers.
Windows does not pass
argcandargvinto a program. It passes the full literal command line, as a string. If the program in question even is a C program, then this parsing is done by the C runtime libraries embedded in that program.