heidisql -p Safety Problem

2 posts
chieflu's profile image chieflu posted 1 year ago in Feature discussion Permalink

if start heidisql in cmd line mode like : -p=123456 (suppose password is 123456). I can see my password in process info with the command : wmic process pid(heidisql Process id)

Do you consider to hide the password in the command line startup mode? As I known the PlsqlDeveloper 15 has already hidden the password in the command line startup mode.

10138 posts
ansgar's profile image ansgar posted 1 year ago Permalink

If there's a way to do that I would of course do so. I was thinking the command line cannot be modified for the process list. Do you know some more details about the way PlsqlDeveloper does it?

2 posts
chieflu's profile image chieflu posted 1 year ago Permalink

I don't have the authority to post a link,so I copy some code from the website "ired.team" The topic is Masquerading Processes in Userland via _PEB

=========================================================================

typedef NTSTATUS(*MYPROC) (HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);

int main()
{
    HANDLE h = GetCurrentProcess();
    PROCESS_BASIC_INFORMATION ProcessInformation;
    ULONG lenght = 0;
    HINSTANCE ntdll;
    MYPROC GetProcessInformation;
    wchar_t commandline[] = L"C:\\windows\\system32\\notepad.exe";
    ntdll = LoadLibrary(TEXT("Ntdll.dll"));

    //resolve address of NtQueryInformationProcess in ntdll.dll
    GetProcessInformation = (MYPROC)GetProcAddress(ntdll, "NtQueryInformationProcess");

    //get _PEB object
    (GetProcessInformation)(h, ProcessBasicInformation, &ProcessInformation, sizeof(ProcessInformation), &lenght);

    //replace commandline and imagepathname
    ProcessInformation.PebBaseAddress->ProcessParameters->CommandLine.Buffer = commandline;
    ProcessInformation.PebBaseAddress->ProcessParameters->ImagePathName.Buffer = commandline;

    return 0;
}
10138 posts
ansgar's profile image ansgar posted 1 year ago Permalink

Ok, that is C Syntax. HeidiSQL is written in Delphi, so this might be of some help for me: https://theroadtodelphi.com/2011/07/20/two-ways-to-get-the-command-line-of-another-process-using-delphi/ But that does not look as if one can write to the CommandLine property pointer. Not sure. However, quite a bit effort for such cases.

10138 posts
ansgar's profile image ansgar posted 1 year ago Permalink

Not that it makes a difference for security, but I just see the official MySQL client does not hide a password in the command line as well:

Description

Please login to leave a reply, or register at first.