Home > Software design >  Why starts a exe in bat leads command-line ends with space char?
Why starts a exe in bat leads command-line ends with space char?

Time:11-18

Bat:

START notepad.exe

Using WMI winapi to query command line:

HRESULT hr = 0;
hr = wbemLocator_.CoCreateInstance(CLSID_WbemLocator);
hr = wbemLocator_->ConnectServer(CComBSTR(L"ROOT\\CIMV2"), NULL, NULL, NULL, 0, NULL, NULL, &wbemServices_);
hr = ::CoSetProxyBlanket(wbemServices_, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, NULL, RPC_C_AUTHN_LEVEL_CALL, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE);

CComPtr<IEnumWbemClassObject> enumWbemClassObject;
hr = wbemServices_->ExecQuery(CComBSTR(L"WQL"), CComBSTR(WStringUtils::Format(L"SELECT ProcessId, CommandLine, ExecutablePath FROM Win32_Process WHERE ProcessId = %d", processId).c_str()), WBEM_FLAG_FORWARD_ONLY, NULL, &enumWbemClassObject);
CComPtr<IWbemClassObject> wbemClassObject;
ULONG count = 0;
hr = enumWbemClassObject->Next(WBEM_INFINITE, 1, &wbemClassObject, &count);

CComVariant commandLineVar;
wbemClassObject->Get(L"CommandLine", 0, &commandLineVar, 0, 0);

The commandLineVar will end with a blank char.

Here's the screenshot from procexp.exe: enter image description here

How does this happen? How to avoid this?

CodePudding user response:

I can confirm this behavior but I don't know why it happens. Any application that uses "standard" command line argument parsing will probably not notice.

Silly workarounds:

call notepad.exe&REM if you don't mind the batch waiting

start /B cmd.exe /C call notepad.exe

CodePudding user response:

Just using WMIC.exe, the CommandLine is returned correctly, (I have enclosed the result in brackets to show that there is no trailing space character):

Batch file:

Start %SystemRoot%\System32\notepad.exe
For /F Tokens^=6^ Delims^=^" %%G In ('%SystemRoot%\System32\wbem\WMIC.exe Process Where "CommandLine Like '%%notepad.exe%%' And Not CommandLine Like '%%[%%]notepad.exe[%%]%%'" Get CommandLine /Format:MOF 2^>NUL') Do @Echo [%%G]

Output:

C:\Users\user1633272>Start C:\Windows\System32\notepad.exe

C:\Users\user1633272>For /F Tokens^=6^ Delims^=^" %G In ('C:\Windows\System32\wbem\WMIC.exe Process Where "CommandLine Like '%notepad.exe%' And Not CommandLine Like '%[%]notepad.exe[%]%'" Get CommandLine /Format:MOF 2^>NUL') Do @Echo [%G]
[C:\Windows\System32\notepad.exe]

Even if you include additional trailing spaces in the start command line, those are stripped by the parser and not passed as part of the command line string so those are not returned as part of the CommandLine property either.

Note you should be aware that my WMIC command additionally filters with a NOT LIKE string, otherwise the WMIC command itself would be returned, because that additionally includes the string notepad.exe within its content.

I assume therefore in your particular case, that the pType is not defined as a string, when retrieved from the COM object, whereas my MOF formatting above suggests that COM to MOF is requesting/translating it correctly.

Page link:https//www.codepudding.com/Softwaredesign/195521.html

Prev:How do I change directory to a specific folder in a path?
Next:Use Powershell to delete ShellIconOverlayIdentifiers on Windows
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding