This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 65%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
I have a MFC C++ application which uses command line arguments. But when the program is running, sensitive information entered on the command line will be displayed in the Command Line column of the Task Manager. 1.So how to delete them? 2.How to change command line arguments in MFC C++?
I use following function in my x32 InitInstance , but it does not work. The Param.CommandLine.Buffer has been changed to empty, because Task Manager still display Command Line. Is there any mistake?
#include <Windows.h>
#include <Winternl.h>
#include <stdio.h>
#include <tchar.h>
typedef NTSTATUS (NTAPI *PFN_NT_QUERY_INFORMATION_PROCESS) (
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength OPTIONAL);
void ClearCommandLine()
{
HANDLE hProcess = OpenProcess (PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
PROCESS_BASIC_INFORMATION pbi = {0};
RTL_USER_PROCESS_PARAMETERS Param = {0};
PFN_NT_QUERY_INFORMATION_PROCESS pfnNtQueryInformationProcess =
(PFN_NT_QUERY_INFORMATION_PROCESS) GetProcAddress (
GetModuleHandle(TEXT("ntdll.dll")), "NtQueryInformationProcess");
NTSTATUS status = pfnNtQueryInformationProcess (
hProcess, ProcessBasicInformation, (PVOID)&pbi, sizeof(pbi), NULL);
wchar_t* lpwszCmd=L"";
USHORT usCmdLen = 2 + 2 * (wcslen(lpwszCmd));
ReadProcessMemory(hProcess, pbi.PebBaseAddress, &peb, sizeof(peb), NULL);
ReadProcessMemory(hProcess, peb.ProcessParameters, &Param, sizeof(Param), NULL);
WriteProcessMemory(hProcess, Param.CommandLine.Buffer, lpwszCmd, usCmdLen,NULL);
WriteProcessMemory(hProcess,&Param.CommandLine.Length, &usCmdLen, sizeof(usCmdLen), NULL);
CloseHandle(hProcess);
}
Hi,
You have posted in the Windows 32 API forum, since your issue is related to C++ I suggest you ask over at the dedicated C++ forum over here:
https://learn.microsoft.com/en-us/answers/topics/c++.html
----------
(If the reply was helpful please don't forget to accept as answer, thank you)
Best regards,
Leon
Hi,
I suggest you could refer to the link to clear a process command line. However you could still see the parameters in Task Manager.
As far as I'm concerned, you'd better pass your sensitive data with other IPC - shared memory or pipe. Then you only need to clean your memory.
I suggest you could refer to the link: https://stackoverflow.com/questions/54886557/c-application-clear-commandline-arguments
Hope it helps!
Thank you!
Hello,
The command line is stored in process memory, even if you clear it in memory, Task Manager still hold a copy.
So for protecting sensitive information, one suggested solution is store them encrypted in a file and then load that file as a parameter.
Thank you!
Thank you RitaHan,
I understand your method, but currently we do not have enough time to implement effective file encryption and decryption, and using encrypted files is inconvenient for users.
Another possibility is to obtain the sensitive information from the user at runtime from a dialog displayed by the application's InitInstance function.
Thanks, I already have a CDialog in InitInstance to catch sensitive information.
However, I still need to use Command Line to get input value. So maybe I still need to delete the info in Task Manager