beyond flash. bridge. bridge. the browswer. red image.
home. intro. content. about. contact.    
           
  chapter 1.    
  chapter 2.  


Chapter 2: WHITE SPACE IN ARGUMENTS TO EXEC IN FLASH

The way the Flash EXEC command is defined in the documentation, the only thing you're allowed to pass in the 'arguments' section of the fscommand actionScript is a file name.

fscommand("exec", "filename.exe");

If you try fscommand("exec", "filename.exe arg1") you'll discover pretty quickly that Flash ignores the space and anything that follows it. This is really easy to confirm. Here's a little application that just displays its own
command line. Let's call it from Flash and see what happens in a couple of simple cases.

PLAY DEMO: » Display Command Line Example
Disclaimer: Windows XP users need to manually find and install a Java Virtual Machine plug-in.


The Flash documentation doesn't mention that you can use relative or absolute paths to the application you want to launch. If you believed the documentation was correct, the implication would be that you couldn't pass parameters to external applications and they would have to be in the same directory as your Flash projector.

 

 

Most of you already know this, but some evil geniuses discovered that if you use a tab character instead of a space after the file name, the application still got launched and the arguments got passed to the application. You could even send multiple arguments if you separated them with tabs instead of spaces. They also discovered that Flash allowed both relative and absolute paths to be used to qualify the location of the file.

Tabs work because most applications, including the DOS command processor, treat all white space characters (tabs and spaces) the same. But you should always test the application you're using to make sure it behaves the same way. For example, without special measures (which not many VB developers are aware of), VB applications
can't be called with a tab character separating the application name!

An Aside: It was this ability to pass arguments to external applications that allowed the first Flash virus to be created. It was always possible to infect an EXE file but to anyone with the Flash player installed, the SWF/LFM-926 virus was much more insidious because it worked from an SWF file which everyone thought was impossible. All it required was some actionScript and knowledge of the DOS debug utility, which meant any number of idiots could have started churning out Flash viruses.


 
  chapter 3.
  chapter 4.
  chapter 5.

 

This site is
sponsored by:

www.northcode.com