请参阅命令行参数传递给程序 [英] See command line arguments being passed to a program
问题描述
您可以跳过这一部分。
我用的,我有我的拇指驱动器,以一个批处理文件
安装一个真正的墓穴数量。我创建了一个批处理文件的帮助下
此链接。在该批处理文件,我的用户名和密码
我作为参数传递给trueCrypt.exe,以便它是
安装。
I am using a batch file that I have in my thumb drive in order to mount a true crypt volume. I created that batch file with the help of this link. on that batch file I have the username and password that I pass as arguments to trueCrypt.exe in order for it to be mounted.
不管怎么说,所以我的问题是:它有可能看到正在传递给程序的参数来自第三方的过程?换句话说,将有可能看到被传递到这个程序的参数:
Anyways so my question is: will it be possible to see the arguments being passed to a program from a third party process? In other words, will it be possible to see the arguments being passed to this program:
using System;
using System.Reflection;
using System.Diagnostics;
class Program
{
static string password = "";
static void Main(string[] args)
{
if (args.Length > 0)
password = args[0];
// get location where this program resides
var locationOfThisExe = Assembly.GetExecutingAssembly().Location;
Console.Write("Press enter to start a new instance of this program.");
Console.Read();
var randomArgument = new Random().NextDouble().ToString();
Process.Start(locationOfThisExe, randomArgument);
// I am passing a random argument to a new process!
// is it possible to see these arguments from another process?
}
}
修改
我创建一个编辑,因为我认为我正确解释我的自我,但这种修改应该是一个解决方案,而不是一个问题
我认为这个问题还没有得到足够的重视。执行命令显示由<一个href=\"http://stackoverflow.com/users/235660/alois-kraus\">http://stackoverflow.com/users/235660/alois-kraus说明:
I think this question has not received enough attention. Executing the command showed by http://stackoverflow.com/users/235660/alois-kraus shows:
(我贴在记事本+ +输出)
(I pasted the output on notepad++)
在图像上不显示很清楚,但我能看到的说法是传递给进程。 这是相当重要的我,因为我安装我的真实隐窝卷使用以下命令:
on the image it does not show very clearly but I was able to see the argument being pass to that process. That matters a lot to me because I mount my true crypt volumes with the command:
C:\\ Program Files文件\\ TrueCrypt的\\ TrueCrypt.exe/ VA:\\ volume.tc/ LZ / A / P
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /v "a:\volume.tc" /lz /a /p a
这告诉给TrueCrypt的,我想安装位于 A卷:\\ volume.tc 驱动器字母Z,密码为 A
that tells to truecrypt that I want to mount the volume located at a:\volume.tc on drive letter z and the password is a
如果我执行该命令真正墓穴将安装在驱动器Z该卷:
If I execute that command true crypt will mount that volume on drive z:
问题是,如果我再执行命令 WMIC过程注意什么鞋了:
the problem is that If I then execute the command wmic process note what shoes up:
注意密码是在那里!
因此,在总结它是不是安全传递安全的信息作为参数。这可能是安全的,如果你关闭接收参数的过程,但我认为意识到这一点是很重要的......
So in summary it is not safe to pass secure information as an argument. It may be secure if you close the process that received the arguments but I think it is important to be aware of this...
推荐答案
如果其他用户拥有管理权限或使用相同的用户帐户可以执行程序,你可以看到
If other users with administrative rights or with the same user account can execute programs you can see all command lines with
wmic process
从这个单一的命令行中的所有进程。
from all processes with this single command line.
这篇关于请参阅命令行参数传递给程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
