Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Suppose I have a compiled exe, and I want to find the parameter or command line argument of the exe, how do I do it using a debugger? I think this topic enters into category of reverse engineering, but I can’t seem to find a guide of how to achieve this trick.
The closest that I could get is to use a debugger on the exe, and set breakpoints on CreateProcess. However, how do I find the CreateProcess function inside the debugger?
Run the exe with some command line parameter, like “target.exe -whateverabc”
Then when your debugger loads the exe, search the memory for -whateverabc and set a read breakpoint on that memory location and possible duplicates. Hopefully when the breakpoint triggers you’ll be inside the function that checks the command line parameters in that exe.
To set a breakpoint on CreateProcess you can type ‘bpx CreateProcess” in some debuggers.
Or write a small app that uses LoadLibrary on kernel32.dll or w/e dll that contains your function and then GetProcAddress w/ the name of the function to get its address. Then you set a breakpoint on execution on that address;