Menu
I would like to clear the command line of my process from within. For example, when viewing my process in Task Manager/Process Explorer, the command line entry would be empty.
I would like to do this within the currently running process rather than restarting the process if possible.
856
There are two commands used to kill a process: kill – Kill a process by ID. killall – Kill a process by name.
In computing, CLS (for clear screen) is a command used by the command-line interpreters COMMAND.COM and cmd.exe on DOS, Digital Research FlexOS, IBM OS/2, Microsoft Windows and ReactOS operating systems to clear the screen or console window of commands and any output generated by them.
On Unix-like operating systems, kill is a builtin command of the Bash shell. It sends a signal to a process. This page covers the bash builtin version of kill, which is distinct from the standalone binary executable, /bin/kill. To figure out which of these is the default kill on your system, run type kill.
I suppose you have to modify the RTL_USER_PROCESS_PARAMETERS part of the PEB of your process (see http://en.wikipedia.org/wiki/Process_Environment_Block for example and http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Process/PEB.html). You can try to use NtQueryInformationProcess to get PEB. Then you can modify ProcessParameters.CommandLine. I hope it will work.
UPDATED: I verified my suggestion. It works. The following test program demonstrate this:
#include <Windows.h>
#include <Winternl.h> // for PROCESS_BASIC_INFORMATION and ProcessBasicInformation
#include <stdio.h>
#include <tchar.h>
typedef NTSTATUS (NTAPI *PFN_NT_QUERY_INFORMATION_PROCESS) (
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength OPTIONAL);
int main()
{
HANDLE hProcess = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, GetCurrentProcessId());
PROCESS_BASIC_INFORMATION pbi;
ULONG ReturnLength;
PFN_NT_QUERY_INFORMATION_PROCESS pfnNtQueryInformationProcess =
(PFN_NT_QUERY_INFORMATION_PROCESS) GetProcAddress (
GetModuleHandle(TEXT("ntdll.dll")), "NtQueryInformationProcess");
NTSTATUS status = pfnNtQueryInformationProcess (
hProcess, ProcessBasicInformation,
(PVOID)&pbi, sizeof(pbi), &ReturnLength);
// remove full information about my command line
pbi.PebBaseAddress->ProcessParameters->CommandLine.Length = 0;
getchar(); // wait till we can verify the results
return 0;
}
If we start the program with some parameters we will see
instead of the following seen before
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
