>Or is that an attacker wouldn't be able to figure out how to format the parameters?
Bingo. Nor will he know valid values for those parameters. If someone goes to the trouble to run the app in an environment where he can scrutinize memory contents, then he can figure all this out. But that's beyond what I'm trying to prevent.
