Command line parameter examples
Kaspersky Research Sandbox allows you to start object execution with specific command line parameters. The Command line parameters field is optional and available only when a Microsoft Windows or Linux execution environment is selected.
You can use environment variables by placing the % sign in front of and after the variable name, for example: %SYSTEMROOT%. By default, the environment variables are expanded on the user's host, before transferring and executing the object in the Sandbox. To transfer environment variables to the Sandbox as is, without expansion, use the %% sign, for example: %%SYSTEMROOT%%.
In Linux, use the -C key in the command line interpreter to transfer system variables to the Sandbox, for example: /bin/bash -c "$sample -lah $PWD >> $PWD/$HOSTNAME.log"
The command line may contain a variable $sample that will be replaced in the Sandbox with the actual path to the object in the operating system (for example, <notepad path> /A $sample).
The length of the command line must not exceed 1024 characters, otherwise Kaspersky Research Sandbox will shorten it. Depending on the technical constraints of an operating system that is used as an execution environment in the Sandbox, the length of the command line may be further shortened.
Examples: Specify an application that you want to execute the object with: %windir%\System32\notepad.exe /a $sample "%ProgramFiles%\Internet Explorer\iexplore.exe" $sample Specify a file to write the output of the object to: $sample > %userprofile%\test_output.txt Execute an object and write the output into a file that includes the computer name as the file name: $sample --t –r=2 >> %TEMP%\%COMPUTERNAME%.txt Specify keys for an object execution in Linux execution environment: $sample -key1=1 -key2=two |
Environment variables usage
Environment variables |
Microsoft Windows 10 x64 |
Microsoft Windows 7 x64 |
Microsoft Windows 7 |
Microsoft Windows XP |
Linux |
|---|---|---|---|---|---|
ALLUSERSPROFILE |
|
|
|
|
— |
APPDATA |
|
|
|
|
— |
CLIENTNAME |
— |
— |
— |
|
— |
CommonProgramFiles |
|
|
|
|
— |
CommonProgramFiles(x86) |
|
|
— |
— |
— |
CommonProgramW6432 |
|
|
— |
— |
— |
COMPLUS_ProfAPI_ProfilerCompatibilitySetting |
|
|
|
|
— |
COMPUTERNAME |
|
|
|
|
— |
ComSpec |
|
|
|
|
— |
COR_ENABLE_PROFILING |
|
|
|
|
— |
COR_PROFILER |
|
|
|
|
— |
DriverData |
|
— |
— |
— |
— |
FP_NO_HOST_CHECK |
— |
|
|
|
— |
HOME |
— |
— |
— |
— |
|
HOMEDRIVE |
|
|
|
|
— |
HOMEPATH |
|
|
|
|
— |
LOCALAPPDATA |
|
|
|
— |
— |
LOGNAME |
— |
— |
— |
— |
|
LOGONSERVER |
|
|
|
|
— |
— |
— |
— |
— |
|
|
NUMBER_OF_PROCESSORS |
|
|
|
|
— |
OneDrive |
|
— |
— |
— |
— |
OS |
|
|
|
|
— |
Path |
|
|
|
|
|
PATHEXT |
|
|
|
|
— |
PROCESSOR_ARCHITECTURE |
|
|
|
|
— |
PROCESSOR_IDENTIFIER |
|
|
|
|
— |
PROCESSOR_LEVEL |
|
|
|
|
— |
PROCESSOR_REVISION |
|
|
|
|
— |
ProgramData |
|
|
|
— |
— |
ProgramFiles |
|
|
|
|
— |
ProgramFiles(x86) |
|
|
— |
— |
— |
ProgramW6432 |
|
|
— |
— |
— |
PROMPT |
|
|
|
|
— |
PSModulePath |
|
|
|
— |
— |
PUBLIC |
|
|
|
— |
— |
PWD |
— |
— |
— |
— |
|
SESSIONNAME |
|
|
|
|
— |
SHELL |
— |
— |
— |
— |
|
SHLVL |
— |
— |
— |
— |
|
SystemDrive |
|
|
|
|
— |
SystemRoot |
|
|
|
|
— |
TEMP |
|
|
|
|
— |
TERM |
— |
— |
— |
— |
|
TMP |
|
|
|
|
— |
USER |
— |
— |
— |
— |
|
USERDOMAIN |
|
|
|
|
— |
USERDOMAIN_ROAMINGPROFILE |
|
— |
— |
— |
— |
USERNAME |
|
|
|
|
— |
USERPROFILE |
|
|
|
|
— |
windir |
|
|
|
|
— |
windows_tracing_flags |
— |
|
|
— |
— |
windows_tracing_logfile |
— |
|
|
— |
— |
XDG_RUNTIME_DIR |
— |
— |
— |
— |
|
XDG_SEAT |
— |
— |
— |
— |
|
XDG_SESSION_ID |
— |
— |
— |
— |
|
XDG_VTNR |
— |
— |
— |
— |
|
