flat assembler
Message board for the users of flat assembler.

Index > Windows > GetCommandLineA problem

Author
Thread Post new topic Reply to topic
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 19 Jul 2019, 11:58
I have made the following code to print arguments passed.

Code:
format PE64 console
entry start

include 'D:\fasmw17312\INCLUDE\win64a.inc'

section '.data' data readable writeable

printf.format.string db '%s', 0

arg1 db 'arg1: ', 13, 10, 0
arg2 db 'arg2: ', 13, 10, 0

GetCommandLine.String dq 1 dup 0h
GetCommandLine.String1 dq 1 dup 0h
GetCommandLine.String2 dq 1 dup 0h


section '.text' code readable executable
start:
push rbp
mov rbp, rsp

push rsi                ; before GetCommandLineA
xor rsi, rsi

invoke GetCommandLineA
mov [GetCommandLine.String], rax
mov rsi, rax

walkgetcommandline1:
        cmp byte [rsi], 32d
        je walkgetcommandline2
        inc rsi
        jmp walkgetcommandline1

walkgetcommandline2:
        inc rsi
        mov [GetCommandLine.String1], rsi

walkgetcommandline3:
        cmp byte [rsi], 32d
        je walkgetcommandline4
        inc rsi
        jmp walkgetcommandline3

walkgetcommandline4:
        inc rsi
        mov [GetCommandLine.String2], rsi

xor rsi, rsi
pop rsi                 ; after GetCommandLineA
        
        invoke printf, printf.format.string, arg2

invoke printf, printf.format.string, [GetCommandLine.String2]

mov rsp, rbp
pop rbp
ret    


running it as : example.exe 11111 22222

while running this program under cmd.exe, the output is 11111 22222
while running this program under the debugger, the output is 22222

Why there is a difference?

Edit by revolution: Added code tags
Post 19 Jul 2019, 11:58
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 19 Jul 2019, 12:10
There shouldn't be any difference.

Which debugger are you using? How are you starting the program for debugging?
Post 19 Jul 2019, 12:10
View user's profile Send private message Visit poster's website Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 19 Jul 2019, 12:19
x64dbg.
Post 19 Jul 2019, 12:19
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4353
Location: Now
edfed 19 Jul 2019, 12:24
hum... maybe under the debugger you don't pass all the command line....

in cmd, you will pass the full command, including the executable name.

in the debugger, it's maybe possible this token is not present.

if it's that, the solution would be to ignore the first token only if it's equal the executable name.
Post 19 Jul 2019, 12:24
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 19 Jul 2019, 13:14
You can do a comparison by simply printing the full string returned by GetCommandLineA and look for any differences.
Post 19 Jul 2019, 13:14
View user's profile Send private message Visit poster's website Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 1228
Location: Belarus
DimonSoft 19 Jul 2019, 14:15
Seems to be the case of which parameters CreateProcess ends up being passed by different means of running the program. Since you skip everything until the first space whenever command line parameters get passed through a separate parameter to CreateProcess the first space becomes the one after your 11111 parameter.
Post 19 Jul 2019, 14:15
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4073
Location: vpcmpistri
bitRAKE 19 Jul 2019, 19:23
When I use x64dbg and change the commandline, it will provide the executable name as the first parameter by default - there is no need to leave it unchanged unless one wants the same effect of using the shell. The shell execution interface is a subset of what CreateProcess/x64dbg allows.

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 19 Jul 2019, 19:23
View user's profile Send private message Visit poster's website Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 20 Jul 2019, 03:45
cmd.exe adds extra space between the program name and the first argument. that's the reason my validation failed. The debugger does not do this, hence my validation worked.

Now whenever I run it in cmd.exe, I have to add ' inc esi '. Remark this line whenever I debug it.

thank you all.
Post 20 Jul 2019, 03:45
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 20 Jul 2019, 05:09
If the user types two or more spaces between arguments then it will fail also.
Post 20 Jul 2019, 05:09
View user's profile Send private message Visit poster's website Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 21 Jul 2019, 08:58
revolution, exactly. I am trying to figure out how to solve this problem. I think I have to traverse till i get a character.
Post 21 Jul 2019, 08:58
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 21 Jul 2019, 11:51
int0x50 wrote:
I think I have to traverse till i get a character.
That is the usual solution. Skip all whitespace between arguments.

You can make it a function call to make the code easier to understand.
Post 21 Jul 2019, 11:51
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2565
Furs 22 Jul 2019, 11:49
You also need to handle quotes and stuff if you don't want to confuse the user, the "rules" are not that straightforward. Better use CommandLineToArgvW.
Post 22 Jul 2019, 11:49
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.