Is it possible to inspect the command line arguments passed to an VB6 app from outside the app

Question

I have a VB6 application that has a licensing module in VB6 which checks for the authenticated user. If authentication is successful, this application calls main application with authentication information. Now, I wanted to pass information in encrypted format from licensing application to main application through command line parameters. The main application will read command line arguments and checks whether user is authenticated or not. The authentication in main application is required as user can directly open the main application and use it without license.

I am concerned about the level of security with this approach. In web application, we can use various tools like fiddler to examine and view the request/response made by web application. Is there a tool through which user can examine or view Command line arguments passed to/from VB6 application?

Answer 1

Yes, In VB6 you can use Command$ to view command line arguments, and similarly almost all programming languages and technologies would have such command/tool to view command line arguments. One could replace your exe with his/her own exe and just print(like MessageBox) command line arguments.

Now, either change the title of your question or post new question to get some suggestions regarding security model. It would be better to first google the risks regarding this model and other good models

Edit

If you mean "outside the application" then i think replacing the exe would work provided one has such access i.e. s/he can replace the exe of your application by his/her own which would just dump the arguments.

Answer 2

One example of a tool that can see this is Process Monitor. The command-line arguments will show in the Detail column along with the full path to the exe. Starting with Windows Vista, these values can also be shown in Task Manager.