i'm using python to call external programs in win7 x64, but i want to hide command line options.

import winpexpect
thread = winexpect.winspawn(cmd,timeout=TIMEOUT )

import pexpect
thread = pexpect.spawn(cmd,timeout=TIMEOUT )

import subprocess
...

since i'm passing the cmd tool with some secured info , and don't want others to see it in task manager ,is there a way to "obfuscate"/change it ? or even better, hide the process from task manager completely ?

i read about this How to clear a process command line?, but don't know how to do it in python. keywords: RTL_USER_PROCESS_PARAMETERS Process Environment Block

edit: i found a package called winappdbg,

from winappdbg import Process, HexDump
p = Process(pid)

>>> p.get_command_line_block()
(3552076L, 880)

>>> peb=p.get_peb()
<winappdbg.win32.peb_teb.PEB object at 0x00000000030A92C8>

>>> dir(peb)
['ActivationContextData', 'ActiveProcessAffinityMask', 'AnsiCodePageData', 'ApiSetMap', 'AppCompatFlags', 'AppCompatFlagsUser', 'AppCompatInfo', 'AtlThunkSListPtr', 'AtlThunkSListPtr32', 'BeingDebugged', 'BitField', 'CSDVersion', 'CriticalSectionTimeout', 'CrossProcessFlags', 'FastPebLock', 'FlsBitmap', 'FlsBitmapBits', 'FlsCallback', 'FlsHighIndex', 'FlsListHead', 'GdiDCAttributeList', 'GdiHandleBuffer', 'GdiSharedHandleTable', 'HeapDeCommitFreeBlockThreshold', 'HeapDeCommitTotalFreeThreshold', 'HeapSegmentCommit', 'HeapSegmentReserve', 'HotpatchInformation', 'IFEOKey', 'ImageBaseAddress', 'ImageSubsystem', 'ImageSubsystemMajorVersion', 'ImageSubsystemMinorVersion', 'InheritedAddressSpace', 'KernelCallbackTable', 'Ldr', 'LoaderLock', 'MaximumNumberOfHeaps', 'MinimumStackCommit', 'Mutant', 'NtGlobalFlag', 'NumberOfHeaps', 'NumberOfProcessors', 'OSBuildNumber', 'OSCSDVersion', 'OSMajorVersion', 'OSMinorVersion', 'OSPlatformId', 'OemCodePageData', 'PostProcessInitRoutine', 'ProcessAssemblyStorageMap', 'ProcessHeap', 'ProcessHeaps', 'ProcessParameters', 'ProcessStarterHelper', 'ReadImageFileExecOptions', 'ReadOnlySharedMemoryBase', 'ReadOnlyStaticServerData', 'SessionId', 'SubSystemData', 'SystemAssemblyStorageMap', 'SystemDefaultActivationContextData', 'SystemReserved', 'TlsBitmap', 'TlsBitmapBits', 'TlsExpansionBitmap', 'TlsExpansionBitmapBits', 'TlsExpansionCounter', 'TracingFlags', 'UnicodeCaseTableData', 'WerRegistrationData', 'WerShipAssertPtr', '__class__', '__ctypes_from_outparam__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__hash__', '__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__setstate__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_b_base_', '_b_needsfree_', '_fields_', '_objects', '_pack_', 'pContextData', 'pImageHeaderHash', 'pShimData']

>>> peb.ProcessParameters
3549056L

winappdbg _RTL_USER_PROCESS_PARAMETERS ctypes struct def and read command line part here

what can i do with it ? to calculate the address and use p.poke(baseAddr+offsetAddr,newCommandLineString) ?

c++ reference

edit2: seems this code snippet is working

p = Process(pid)
cb=p.get_command_line_block()
p.write(cb[0],'\x00'.join([x for x in 'doingSomething'])+'\x00\x00')

but can someone show me how to do this wihout using winappdbg package ? don't want import another huge module. how to write this with only pywin32 and ctypes ?

btw,i feel this is kind of a hack. do i need to flush all the remaining address with \x00 ? because

>>> cb[1]
880

the original command line is quit long. or do i need to call something so this block of mem address is updated correctly ?