Destructive env var substring

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Message
Author
Queue
Posts: 31
Joined: 16 Feb 2013 14:31

Re: Destructive env var substring

#16 Post by Queue » 19 Feb 2013 10:41

%cmdcmdline% often contains quotation marks, so you'd need to handle them first (such as with :: %cmdcmdline:"=*%), but otherwise, yes, if "%cmdcmdline:~0,-1%" neq "" goto :loop will zero-fill the GetCommandLineW memory location, but I don't think it's affecting GetCommandLineA, and there are still copies of the initial commandline strewn throughout cmd.exe's memory. It wouldn't be bullet-proof, but it would stop the most trivial of snooping.

When cmd.exe is run by Windows (like by running a batch file via shortcut or explorer, or self executed such as from a piped command) %cmdcmdline% seems to consistently end with a quotation mark. Regardless, if at least a single character is known (c, m and d being obvious choices), %cmdcmdline% can consistently be packed down to a single character:

Code: Select all

echo %cmdcmdline%
:: %cmdcmdline:"=*% %cmdcmdline:*c=*% %cmdcmdline:~0,1%
echo %cmdcmdline%

This is similar to what jeb showed earlier, but it strips quotation marks first, then trims down to 1 character after finding the letter c.

Edit - Oh, or how about this:

Code: Select all

echo %cmdcmdline%
set _=5
call(%%cmdcmdline:~1,%_%%%
echo %cmdcmdline%

I haven't tested to make sure it's not hitting the disk for a file search during the butchered call( but it's returning faster than the timing threshold I'm using, so I'm hopeful.

Queue

jeb
Expert
Posts: 884
Joined: 30 Aug 2007 08:05
Location: Germany, Bochum

Re: Destructive env var substring

#17 Post by jeb » 19 Feb 2013 13:27

dbenham wrote:jeb wrote:
Btw.
The cmdcmdline even can survive an EXIT barrier :!:
Surviving batch termination with EXIT /B, yes. But surviving shell termination with EXIT, I don't see how :?:


I thought I saw that it worked, but today I tried to reproduce it, but it seems that you are right :(

Even on pipes it doesn't work, but it's easy to fool yourself :)

Code: Select all

echo Does this work? | echo %cmdcmdline:~-1%
echo %cmdcmdline%


jeb

jeb
Expert
Posts: 884
Joined: 30 Aug 2007 08:05
Location: Germany, Bochum

Re: Destructive env var substring

#18 Post by jeb » 19 Feb 2013 23:04

jeb wrote:Very interesting effect :D, perhaps this can be used for storing data behind the endlocal barrier!
Or for more complex replacements ...

Now I found a useful application for this.

I can test the parser at points which I though are untestable :D

Like

Code: Select all

echo %cmdcmdline:c=X%  %cmdcmdline:X=Y% - percent expansion works from left to right

setlocal EnableDelayedExpansion
:label !cmdcmdline^:~1^,-1! No effect here

echo 111 < nul !cmdcmdline^:~1^,-1!^
333 --- Also here the token isn't evaluated

(
:label1 !cmdcmdline:m=###! dont work
:line2 !cmdcmdline:d=$$$! But here
)


jeb

RaceQuest
Posts: 6
Joined: 02 Feb 2016 22:19

Re: Destructive env var substring

#19 Post by RaceQuest » 12 Nov 2018 12:28

I found cmdcmdline substitution side effect writing code to Today then found this thread. You rigorously dissected this quirk well done Dave, Jeb and Queue still an interesting first time read in 2018. :D

Post Reply