In MFC I want to Create a process by opening Command Window and executing a command in that say open notepad.
i Found this tried it didn't work
STARTUPINFO sInfo = {0};
sInfo.cb = sizeof(sInfo);
PROCESS_INFORMATION pInfo = {0};
CreateProcess("C:\\WINDOWS\\System32\\cmd.exe",""0,0,TRUE,
NORMAL_PRIORITY_CLASS,0,0,&sInfo,&pInfo);
You're not telling cmd to do anything. Try this:
CreateProcess(0, "C:\\WINDOWS\\System32\\cmd.exe /c notepad.exe", 0, 0, TRUE, 0, 0, 0, &sInfo, &pInfo);
But maybe this is easier
ShellExecute(0, "open", "cmd.exe", "/C notepad.exe", 0, SW_HIDE);
Or even this:
system("notepad.exe");
Go to the MSDN document we can see, you don't specify the second parameter that is the command line to excute.
On the other hand, there are no NORMAL_PRIORITY_CLASS enum item for the sixth parameter. You should do like this:
STARTUPINFO si = { sizeof(si) };
PROCESS_INFORMATION pi;
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = TRUE;
TCHAR cmdline[] =TEXT(" notepad.exe");
BOOL bRet = ::CreateProcess (
TEXT("C:\\WINDOWS\\System32\\cmd.exe"),
cmdline,
NULL,
NULL,
FALSE,
CREATE_NEW_CONSOLE,
NULL,
NULL,
&si,
&pi);
Related
I tried to open photoshop.exe using C++, but photoshop.exe.manifest did not take effect. If you manually double-click to open photoshop.exe file that shows normal working.
The registry has set and reboot system:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide]
"PreferExternalManifest"=dword:00000001
Maybe it's the path?
TCHAR szCommandLineName[200]= _T("Photoshop.exe");
TCHAR szCommandLinePath[200] = _T("F:\\Program Files\\Adobe Photoshop 2020\\");
TCHAR szCommandLine[200] = _T("F:\\Program Files\\Adobe Photoshop 2020\\Photoshop.exe");
TCHAR buf[1000];
GetCurrentDirectory(1000, buf);
TRACE(_T("Current Directory:%s\n"), buf);
SetCurrentDirectory(szCommandLinePath);
//::WinExec("F:\\Program Files\\Adobe Photoshop 2020\\Photoshop.exe", SW_SHOW);
//ShellExecuteW(NULL, _T("open"), _T("photoshop.exe.bat"), NULL, szCommandLinePath, SW_SHOWNORMAL);
//return;
// system("photoshop.exe");
// return;
STARTUPINFO si = { sizeof(si) };
PROCESS_INFORMATION pi;
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESHOWWINDOW;
//si.wShowWindow = SW_HIDE;
si.wShowWindow = TRUE;
BOOL bRet = ::CreateProcess(
szCommandLine,
NULL,
NULL,
NULL,
FALSE, //bInheritHandles
NULL, //dwCreationFlags
NULL, //lpEnvironment
NULL,//lpCurrentDirectory
&si,
&pi);
int nError = GetLastError();
::CloseHandle(pi.hThread);
::CloseHandle(pi.hProcess);
return ;
I have a console application which calls the CreateProcessWithTokenW() WinAPI function to create a new process which starts a cmd console. By calling it, it starts a new CMD Window. I want to spawn another cmd within the calling cmd window (not in a new window).
So I want to simulate the same behavior like if you start cmd and type "cmd".
ret = CreateProcessWithTokenW(pNewToken, 0, L"C:\\Windows\\System32\\cmd.exe", NULL, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
Here is a minimal reproducible code snippet.
I added CreateProcess instead of CreateProcessWithToken....if i define 0 for 5th argument (dwCreationFlag) than it starts the CMD in the Powershell. But for CreateProcessWithToken the behavior is not the same.
Run this code with a elevated powershell (because it needs Se_Debug_Priv)
#include <stdio.h>
#include <Windows.h>
#include <WinBase.h>
#include <iostream>
#include <tchar.h>
int main() {
//DEFINE HERE PID OF winlogon.exe
DWORD pid = 940;
HANDLE currentProcess = {};
HANDLE AccessToken = {};
currentProcess = OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, pid);
OpenProcessToken(currentProcess, TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY, &AccessToken);
HANDLE pToken = AccessToken;
SECURITY_IMPERSONATION_LEVEL seImpersonateLevel = SecurityImpersonation;
TOKEN_TYPE tokenType = TokenPrimary;
HANDLE pNewToken = new HANDLE;
DuplicateTokenEx(pToken, MAXIMUM_ALLOWED, NULL, seImpersonateLevel, tokenType, &pNewToken);
STARTUPINFO si = {};
PROCESS_INFORMATION pi = {};
//TEST1
//Creates a new window for both functions so the 5th seems to be ignored
CreateProcessWithTokenW(pNewToken, 0, L"C:\\Windows\\System32\\cmd.exe", NULL, 0, NULL, NULL, &si, &pi);
CreateProcessWithTokenW(pNewToken, 0, L"cmds.bat", NULL, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
//TEST2
//Create a new windows, assumed behavior
CreateProcessW(L"C:\\Windows\\System32\\cmd.exe", NULL, NULL, NULL, TRUE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
//Creates also a new window, NOT assumed behavior
CreateProcessW(L"C:\\Windows\\System32\\cmd.exe", NULL, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);
return 0;
}
Get rid of the CREATE_NEW_CONSOLE flag:
CREATE_NEW_CONSOLE
0x00000010
The new process has a new console, instead of inheriting the parent's console. This flag cannot be used with the DETACHED_PROCESS flag.
This flag is enabled by default.
That flash is what is forcing a new CMD window to be created. Without that, the new process will be created in the existing CMD window of the calling process.
As far as I'm concerned, you should use CREATE_NEW_CONSOLE. According to the code:
ret = CreateProcessWithTokenW(pNewToken, 0, L"C:\\Windows\\System32\\cmd.exe", NULL, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
The problem is not with the use of CreateProcessWithTokenW () winapi. Could you please provide us with a minimal reproducible exampleto reproduce the issue.
Here is the code:
STARTUPINFOEX startup_info = {};
PROCESS_INFORMATION process_info = {};
BOOL CreateProcTokenRes = FALSE;
CreateProcTokenRes = CreateProcessWithTokenW(NewToken, 0, L"C:\\Windows\\system32\\cmd.exe", NULL, CREATE_NEW_CONSOLE, NULL, NULL, &startup_info, &process_info);
if (!CreateProcTokenRes)
{
_tprintf(L"Cannot Create Process With Token. Failed with Error Code: %d\n", GetLastError());
CloseHandle(NewToken);
For more details I suggest you could refer to the link:https://niiconsulting.com/checkmate/2019/11/token-manipulation-attacks-part-2-process-of-impersonation/
I want to call tshark.exe from a c++ script via ShellExecute. Is there any way to parse cmd arguments to the application?
e.g. specify output file like this
tshark -w output.pcap
Here is the code
#include <Windows.h>
#include <shellapi.h>
int main()
{
ShellExecute(NULL, "open", "tshark.exe", NULL, "C:\Program Files\Wireshark", SW_SHOWDEFAULT);
return 0;
}
The 4th parameter to ShellExecute() passes command-line arguments to the new process, eg:
ShellExecute(NULL, "open", "tshark.exe", "-w output.pcap", "C:\\Program Files\\Wireshark", SW_SHOWDEFAULT);
Though, you really should be using CreatProcess() instead (ShellExecute() is just going to call it anyway):
STARTUPINFO si = {};
PROCESS_INFORMATION pi = {};
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_SHOWDEFAULT;
char cmd[] = "tshark.exe -w output.pcap";
if (CreateProcessA(NULL, cmd, NULL, NULL, FALSE, 0, NULL, "C:\\Program Files\\Wireshark", &si, &pi))
{
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
}
I tried to use the tutorials around about using the CreateProcessA wherein it uses the STARTUPINFOA and LPPROCESS_INFORMATION.
However, when I tried to use the LPSTARTUPINFOA and LPPROCESS_INFORMATION and sadly it didn't work.
//Working
STARTUPINFOA startUpInfo = {0};
PROCESS_INFORMATION processInformation = {0};
startUpInfo.cb = sizeof(STARTUPINFOA);
CreateProcessA(NULL, "c:\\windows\\system32\\calc.exe", NULL, NULL, FALSE, 0, NULL, NULL, &startUpInfo, &processInformation);
//Fails
LPSTARTUPINFOA startUpInfo;
LPPROCESS_INFORMATION processInformation;
startUpInfo = (LPSTARTUPINFOA)malloc(sizeof(startUpInfo));
processInformation = (LPPROCESS_INFORMATION)malloc(sizeof(processInformation));
ZeroMemory(startUpInfo, sizeof(STARTUPINFOA));
ZeroMemory(processInformation, sizeof(PROCESS_INFORMATION));
startUpInfo->cb = sizeof(STARTUPINFOA);
CreateProcessA(NULL,"c:\\windows\\system32\\calc.exe", NULL, NULL, FALSE, 0, NULL, NULL, startUpInfo, processInformation);
I expect that both would work successfully, however, I wonder why LPSTARTUPINFOA and LPPROCESS_INFORMATION fails. Is there anyone who can enlighten me about my error in this program below.
I'm trying to write an application to open another and self close, so I don't need the console when the external application opens
This is what I've tried so far:
system("cmd.exe /c application.exe"); //console shows, application opens, console wait
system("start \"\" application.exe"); //console shows, application opens, console close
//console does not show but neither the application (I can see it in task manager)
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
ZeroMemory(&pi, sizeof(pi));
CreateProcess(0, "application.exe", 0, 0, FALSE, 0, 0, 0, &si, &pi);
//console does not show but neither the application (I can see it in task manager)
WinExec("application.exe", SW_HIDE);
This is the way I compile:
g++ -o "launcher" "launcher.cpp" -mwindows
This is some code that works for me to accomplish your goal:
// Declare and initialize process blocks
PROCESS_INFORMATION processInformation;
STARTUPINFO startupInfo;
memset(&processInformation, 0, sizeof(processInformation));
memset(&startupInfo, 0, sizeof(startupInfo));
startupInfo.cb = sizeof(startupInfo);
// Call the executable program
TCHAR cmd[] = myCommandText;
int result = ::CreateProcess(NULL, cmd, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS|CREATE_NO_WINDOW, NULL, NULL, &startupInfo, &processInformation);
In this context, myCommandText is a console command