Suppose you have an .EXE and you want to check if it has Command-Line Options. How can one know if the .EXE has this ability. In my case I know that Nir Sofers WebBrowserPassView.exe has the ability to start it via cmd.exe and WebBrowserPassView.exe /stext output.txt. But how can I find out if I don't know?
asked Jan 15, 2012 at 11:08
Add a comment
|
7 Answers
The easiest way would be to use use ProcessExplorer but it would still require some searching.
Make sure your exe is running and open ProcessExplorer. In ProcessExplorer find the name of your binary file and double click it to show properties. Click the Strings tab. Search down the list of string found in the binary file. Most strings will be garbage so they can be ignored. Search for anything that might possibly resemble a command line switch. Test this switch from the command line and see if it does anything.
Note that it might be your binary simply has no command line switches.
For reference here is the above steps applied to the Chrome executable. The command line switches accepted by Chrome can be seen in the list:
-
7This was extremely helpful with finding out the switches for MalwareBytes. To expedite your search, most program switches start with a "/" or "-" so using the find dialog (lower right of image above) with these characters may help you find what you are looking for quicker. Commented Mar 4, 2013 at 17:10
-
1What sort of features does the "Find" in this Process Explorer properties panel support? RegEx? Wildcards? I can't seem to figure it out at first glance. Commented Feb 5, 2016 at 13:53
-
3@JohnSuit, Only basic search I'm afraid but you may notice the "Save" button which lets you export the list to a .txt file. You can open this document with any text editor that supports RegEx, Wildcards etc and search that way.– AdamCommented Feb 6, 2016 at 23:33
-
Go to 'Image tab' (the left most) you will find the command line agruments in the the text box under 'Command Line'. I am using Process Explorer v16.43– SarkerCommented Jun 9, 2022 at 8:59
Invoke it from the shell, with an argument like /? or --help. Those are the usual help switches.
-
1They do not help, since the .exe just starts, with no further output. Commented Jan 15, 2012 at 11:12
-
Yeah well but there must be a possibility to debug this via RE or some other techniques. Commented Jan 15, 2012 at 11:16
-
2@Ian you are of course free to debug your way through the app and look for switches.– yas4891Commented Jan 15, 2012 at 11:20
Sysinternals has another tool you could use, Strings.exe
Example:
strings.exe c:\windows\system32\wuauclt.exe > %temp%\wuauclt_strings.txt && %temp%\wuauclt_strings.txt
-
Thanks @user8027324. I've added some formatting to your answer. Strings.exe isn't exactly a foolproof way to do this, but I've certainly used it for that purpose before. Commented May 17, 2017 at 23:59
-
Strings output is also included in ProcessExplorer, in the Strings tab of process Properties. Commented Jan 5, 2021 at 2:16
Really this is an extension to Marcin's answer.
But you could also try passing "rubbish" arguments to see if you get any errors back. Getting any response from the executable directly in the shell will mean that it is likely looking at the arguments you're passing, with an error response being close to a guarantee that it is.
Failing that you might have to directly ask the publishers/creators/owners... sniffing the binaries yourself just seems like far too much work for an end-user.
-
This is a great idea to feed garbage as a parameter to see how the program responds. Commented Oct 15, 2020 at 6:33
Just use IDA PRO (https://www.hex-rays.com/products/ida/index.shtml) to disassemble the file, and search for some known command line option (using Search...Text) - in that section you will then typically see all the command line options - for the program (LIB2NIST.exe) in the screenshot below, for example, it shows a documented command line option (/COM2TAG) but also some undocumented ones, like /L. Hope this helps?
answered Oct 3, 2013 at 10:22
-
3"just use IDA PRO" is the largest over simplification I've seen in a long time. -1– codaamokCommented Jan 4, 2023 at 16:26
Unless the writer of the executable has specifically provided a way for you to display a list of all the command line switches that it offers, then there is no way of doing this.
As Marcin suggests, the typical switches for displaying all of the options are either /? or /help (some applications might prefer the Unix-style syntax, -? and -help, respectively). But those are just a common convention.
If those don't work, you're out of luck. You'll need to check the documentation for the application, or perhaps try decompiling the executable (if you know what you're looking for).
answered Jan 15, 2012 at 11:16
This is what I get from console on Windows 10:
C:\>find /?
Searches for a text string in a file or files.
FIND [/V] [/C] [/N] [/I] [/OFF[LINE]] "string" [[drive:][path]filename[ ...]]
/V Displays all lines NOT containing the specified string.
/C Displays only the count of lines containing the string.
/N Displays line numbers with the displayed lines.
/I Ignores the case of characters when searching for the string.
/OFF[LINE] Do not skip files with offline attribute set.
"string" Specifies the text string to find.
[drive:][path]filename
Specifies a file or files to search.
If a path is not specified, FIND searches the text typed at the prompt
or piped from another command.
