Author Topic: command line arguments  (Read 8765 times)


  • Guest
command line arguments
« on: February 08, 2008, 02:52:44 PM »

all the time I'm asking "where to access command line arguments" *argc or *argv I get [esp+4] and [esp+8].
OK, that's true for linux etc. but I'm working on Windows - and there this answer is wrong!
Anybody an idea where to address them on Windows?

Actually, I'm using the work arround __GetMainArgs from crtdll.dll


  • Guest
Re: command line arguments
« Reply #1 on: February 08, 2008, 07:10:54 PM »
Oh, Windows... "GetCommandLineA".

Out of curiousity, what *do* you find at [esp + 4] at Windows startup? Unlike Linux, a Windows program is "call"ed, so there should be a return address. Above that... it wouldn't surprise me to find some sort of pointer to the command line. Apparently "argc" is not calculated for us - all GetCommandLine seems to return is a complete (but zero-terminated) string... "Just like dos", except for being zero-terminated... Lame...

I'll post an example in the "Example Code" version of this question.



  • Guest
Re: command line arguments
« Reply #2 on: February 08, 2008, 09:55:32 PM »
Hi Frank,

yes, there is some stuff, but I don`t know what it is. See, when I startup a dummy program shell.exe as
C:> shell.exe aaa bbb ccc ddd
from OllyDbg I have the initial stack frame:

ESP ==>  > 77083833  RETURN to kernel32.77083833
ESP+4    > 7FFD9000
ESP+8    > 0012FFEC
ESP+C    > 77B7A9BD  RETURN to ntdll.77B7A9BD
ESP+10   > 7FFD9000
ESP+14   > 0012438C
ESP+18   > 00000000
ESP+1C   > 00000000
ESP+20   > 7FFD9000
ESP+24   > 00000000
ESP+28   > 00000000
ESP+2C   > 00000000
ESP+30   > 0012FFB8
ESP+34   > 00000000
ESP+38   > FFFFFFFF  End of SEH chain
ESP+3C   > 77B48BF2  SE handler
ESP+40   > 77B84D68  ntdll.RtlEnlargedUnsignedMultiply
ESP+44   > 00000000
ESP+48   > 00000000
ESP+4C   > 00000000
ESP+50   > 00402000  OFFSET shell.
ESP+54   > 7FFD9000
ESP+58   > 00000000

Tells me rather nothing - and no one of these "addresses" points out to be a valid memory address ...

Strange ...
green fix


  • Guest
Re: command line arguments
« Reply #3 on: March 31, 2009, 09:09:43 AM »
Yes, Windows is a bit lame in the way it handles command line arguments, but on the other hand, the way it works is only slightly inconvenient.

You call GetCommandLineA to get the command line as a zero terminated string, which you can then manipulate as you wish.

Alternatively, you can call GetCommandLineW, which returns the unicode variant, and then pass that to CommandLineToArgvW, to turn it into an argv style array of unicode strings.

If you really need the data in UTF-8, you can convert an individual element of the array using WideCharToMultiByte.

Personally, if I'd been working for Microsoft when they came up with this scheme (begin flagellation excercises for even voicing that thought) I'd have implemented ArgvA and ArgvW so you could choose which flavour of chocolate cake you prefer without having to bake the @~$< thing yourself.