Find The Args
Many applications use more than one executable file. Common uses include separating logic, ensuring failure protection, or calling third-party applications as part of the installation files for the application.
So, in theory, you can execute a deeper executable file if you know the arguments passed from the main application. To find them, you can create a fake executable file to print the arguments, as shown in the example below:
static void Main(string[] args)
{
? if (args.Length != 0)
? {
? ? for (int i = 0; i < args.Length; i++)
? ? {
? ? ? System.Windows.Forms.MessageBox.Show(args[i]);
? ? }?
? }
}
Replacing the deeper original executable file with the fake file will expose the arguments.
If you want to view all application command lines, you can use WMI for assistance. You will retrieve all the running processes in the system and query each one to find the arguments (access denied exceptions may occur for some processes due to low privilege or if they no longer exist):
using System.Management;
private const string COLUMN_COMMAND_LINE = "CommandLine";
static void Main(string[] args)
{
? foreach (var process in Process.GetProcesses())
? {
? ? try
? ? {
? ? ? getCommandLine(process.Id);
? ? }
? ? catch (Exception ex)
? ? {
? ? ?//ohh...
? ? }
? ?}
}
private static void getCommandLine(int processID)?
{
? string query = "SELECT CommandLine FROM Win32_Process WHERE ProcessId = " + processID.ToString();
? ManagementObjectSearcher searcher = new ManagementObjectSearcher(query);
? ManagementObjectCollection.ManagementObjectEnumerator collection = searcher.Get().GetEnumerator();
?
if (collection.MoveNext())
{
? ? Console.WriteLine(collection.Current[COLUMN_COMMAND_LINE].ToString());
? }
}
Mission Accomplish, have fun :)