1

I am invoking an exe to do certain operation on a device, Exe needs password to connect to device to perform the operation.

Problem : password is visible in task manager under command line column.

I tried deleting command line argument detail from PROCESS_BASIC_INFORMATION by following command :

HANDLE hProcess = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
                               FALSE, GetCurrentProcessId());
PROCESS_BASIC_INFORMATION pbi;
ULONG ReturnLength;
PFN_NT_QUERY_INFORMATION_PROCESS pfnNtQueryInformationProcess =
    (PFN_NT_QUERY_INFORMATION_PROCESS) GetProcAddress (
        GetModuleHandle(TEXT("ntdll.dll")), "NtQueryInformationProcess");
NTSTATUS status = pfnNtQueryInformationProcess (
    hProcess, ProcessBasicInformation,
    (PVOID)&pbi, sizeof(pbi), &ReturnLength);
// remove full information about my command line
pbi.PebBaseAddress->ProcessParameters->CommandLine.Buffer = NULL;
pbi.PebBaseAddress->ProcessParameters->CommandLine.Length = 0;

But command line information still appears in task manager.

Could you guys help me to understand how task manager is reading command line argument and how it can be changed?

Thanks, Pooja

Pooja Kuntal
  • 461
  • 1
  • 4
  • 13
  • Possible duplicate of [Launch process and hide command line parameters from Task Manager](http://stackoverflow.com/questions/15716567/launch-process-and-hide-command-line-parameters-from-task-manager) – Palanikumar Apr 13 '16 at 06:29
  • http://stackoverflow.com/a/11745238/1019435 – Palanikumar Apr 13 '16 at 06:32
  • Thanks Palani, Yes, problem set is same but I am trying to understand task manager mechanism to display command line. so that i can find some way out. – Pooja Kuntal Apr 13 '16 at 06:43
  • Interesting, i am also curious to know that. We can read the command line info of running process http://stackoverflow.com/a/2633674/1019435 ,may be the task manager also using the similar mechanism :) – Palanikumar Apr 13 '16 at 07:28
  • It's not entirely clear what you mean, but usually something like `pbi.PebBaseAddress` is a pointer to an address in the context of a different process. You can't just dereference it like that. You'd need to use WriteProcessMemory or something. – Harry Johnston Apr 13 '16 at 08:30
  • Harry, I have added the complete mechanism of resetting command line argument of a process. – Pooja Kuntal Apr 13 '16 at 09:32
  • Hiding the command line from the Task Manager is like hiding your head in the ground when you see trouble. Even if you hide the command line from the Task Manager the data would still be in the command line for other programs to get. It will be better to spend time finding a more secure way to send a password. – Sam Hobbs Apr 14 '16 at 00:08

1 Answers1

1

Not sure if this helps but I had to write an app that interfaces with SQL via command line and needed to hide our Database password, while it is not 100% it does work for what I need. In the command line arguments, I start the arguments with 465 spaces; It was a random number I tried when I first came up with the idea, the command line does not care about space and has a high character limit; the task manager on the other hand does not have a high character limit so all it displays it the exe and a bunch of whitespace and that is it.

Jason Krise
  • 11
  • 1