Re: Destructive env var substring
Posted: 19 Feb 2013 10:41
%cmdcmdline% often contains quotation marks, so you'd need to handle them first (such as with :: %cmdcmdline:"=*%), but otherwise, yes, if "%cmdcmdline:~0,-1%" neq "" goto :loop will zero-fill the GetCommandLineW memory location, but I don't think it's affecting GetCommandLineA, and there are still copies of the initial commandline strewn throughout cmd.exe's memory. It wouldn't be bullet-proof, but it would stop the most trivial of snooping.
When cmd.exe is run by Windows (like by running a batch file via shortcut or explorer, or self executed such as from a piped command) %cmdcmdline% seems to consistently end with a quotation mark. Regardless, if at least a single character is known (c, m and d being obvious choices), %cmdcmdline% can consistently be packed down to a single character:
This is similar to what jeb showed earlier, but it strips quotation marks first, then trims down to 1 character after finding the letter c.
Edit - Oh, or how about this:
I haven't tested to make sure it's not hitting the disk for a file search during the butchered call( but it's returning faster than the timing threshold I'm using, so I'm hopeful.
Queue
When cmd.exe is run by Windows (like by running a batch file via shortcut or explorer, or self executed such as from a piped command) %cmdcmdline% seems to consistently end with a quotation mark. Regardless, if at least a single character is known (c, m and d being obvious choices), %cmdcmdline% can consistently be packed down to a single character:
Code: Select all
echo %cmdcmdline%
:: %cmdcmdline:"=*% %cmdcmdline:*c=*% %cmdcmdline:~0,1%
echo %cmdcmdline%
This is similar to what jeb showed earlier, but it strips quotation marks first, then trims down to 1 character after finding the letter c.
Edit - Oh, or how about this:
Code: Select all
echo %cmdcmdline%
set _=5
call(%%cmdcmdline:~1,%_%%%
echo %cmdcmdline%
I haven't tested to make sure it's not hitting the disk for a file search during the butchered call( but it's returning faster than the timing threshold I'm using, so I'm hopeful.
Queue