Jump to content
Sign in to follow this  
kiboost

Start exe as child of explorer.exe

Recommended Posts

kiboost

Hi,

I try to start an exe file (not from me) which need to be a child process of explorer.exe to run fine.

If I use Run or Shellexecute it doesn't work fine.

I found this : http://www.nirsoft.net/utils/run_from_process.html

With running :

$RFPpath = "D:RunFromProcess-x64.exe"

$myFilePath = "pathtomyfile.exe"

ShellExecute($RFPpath, " nomsg explorer.exe "&$myFilePath, "")

Then myfile.exe is a child process of explorer.exe and all works well.

The problem is that it relies on this utility, which I dunno if it will be maintain, stays free, keep compatible with windows in the future, etc etc

So how could I do that with autoit itself ?

Thanks


Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Share this post


Link to post
Share on other sites
water

I'm sure the WinAPI or WinAPIEX UDFs provide a function to do what you want.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
trancexx

Can't you simply do this:

Run('explorer.exe "' & $myFilePath & '"')
; or:
;ShellExecute("explorer.exe", '"' & $myFilePath & '"')

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites
kiboost

Can't you simply do this:

Run('explorer.exe "' & $myFilePath & '"')
; or:
;ShellExecute("explorer.exe", '"' & $myFilePath & '"')

I've tried this but it make myfile.exe child of an explorer.exe, child of svchost.exe, child of services.exe, child of wininit.exe

Not a child of the user main explorer.exe and doesn't work


Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Share this post


Link to post
Share on other sites
water

I try to start an exe file (not from me) which need to be a child process of explorer.exe to run fine.

Can you please tell us which program needs to be a child of Explorer.exe and why?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
trancexx

I've tried this but it make myfile.exe child of an explorer.exe, child of svchost.exe, child of services.exe, child of wininit.exe

Not a child of the user main explorer.exe and doesn't work

Then next time be more precise about what you want. I gave you what you asked for.

See you then :).


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites
Bert

Can you please tell us which program needs to be a child of Explorer.exe and why?

agreed. I'm curious as well. I've never heard of needing such a thing. If anything you describe what you need as a maulware behavior. Then again the need could be legitimate and I can learn something new.

Share this post


Link to post
Share on other sites
kiboost

Ok no problem and nothing secret there, was not talking about it to not bother you. I must say it's the first time I see such behavior also, and previous version of this software didn't needed this.

It is server.exe, part of Autodesk Backburner. This server.exe start 3dsmax.exe and if server.exe isn't a child process of main explorer.exe 3dsmax.exe has some difficulties to create some files while starting (I guess it ask its parent explorer.exe and don't find it ?). This is for 3dsmax 2014, and 3dsmax2012 (with backburner2012) never had such problems.

The fact is that if I start server.exe with RunFromProcess-x64, all runs fine.

The command that works :

$RFPpath = "D:RunFromProcess-x64.exe"

$startPath = "C:Program Files (x86)AutodeskBackburnerserver.exe"
ShellExecute($RFPpath, " nomsg explorer.exe "&$startPath, "C:Program Files (x86)AutodeskBackburner")

which runs :

D:RunFromProcess-x64.exe nomsg explorer.exe C:Program Files (x86)AutodeskBackburnerserver.exe

You know it all :huggles:


Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Share this post


Link to post
Share on other sites
kiboost

yep but still doesn't know how to do it. Lot of stuff on msdn also but nothing about this I can find.


Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Share this post


Link to post
Share on other sites
water

Can't you let AutoDesk do the startup thing and then connect to this process and do whatever you need to do?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
orbs

this is a really interesting issue which i stumbled a while back: my need was that a setup program - running interactive as administrator - when completed, would launch the installed application as the logged-on user.

i never found a real solution to this - and i'm surprised that the NirSoft guy can do it, because it sounds like a really bad security vulnerability to me - but this is a workaround i can suggest (i confirm it works remotely too):

create a shortcut to the executable you want to be launched as child of explorer.exe (i.e. server.exe)

assign this shortcut with a shortcut key, that is unlikely to be used (e.g. Ctrl+Alt+Shift+F12)

the calling application should NOT launch server.exe directly - instead, it should Send() the shortcut key. the Send() is processed by explorer.exe, and there you go...

Share this post


Link to post
Share on other sites
kiboost

this is a really interesting issue which i stumbled a while back: my need was that a setup program - running interactive as administrator - when completed, would launch the installed application as the logged-on user.

i never found a real solution to this - and i'm surprised that the NirSoft guy can do it, because it sounds like a really bad security vulnerability to me - but this is a workaround i can suggest (i confirm it works remotely too):

create a shortcut to the executable you want to be launched as child of explorer.exe (i.e. server.exe)

assign this shortcut with a shortcut key, that is unlikely to be used (e.g. Ctrl+Alt+Shift+F12)

the calling application should NOT launch server.exe directly - instead, it should Send() the shortcut key. the Send() is processed by explorer.exe, and there you go...

 

wow nice idea ! Will try that !!


Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Share this post


Link to post
Share on other sites
kiboost

hmm this doesn't work.

it start it without any parent process.

Func startServer()
    ConsoleWrite("startServer"&@CR)
    $serverStart = "D:\BB_Server.lnk"
    ShellExecute($serverStart)
EndFunc


HotKeySet("Ctrl+Alt+Shift+F12", "startServer")
Send("Ctrl+Alt+Shift+F12")

About RunFromProcess:

It seems it use traditionnal code injection with kernel32.dll

http://waitfordebug.wordpress.com/2012/02/07/dll-injection-in-python/

But this not 'traditionnal' at for me lol !!

I'm trying with both autoit and python but can't find out how to encode shellcode for a simple winexec command.


Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Share this post


Link to post
Share on other sites
orbs

for Send() you do not need all that. just manually create the shortcut one time, then use just one line Send().

now use the proper syntax for send() - see the help

Send("+^!{F12}")

Share this post


Link to post
Share on other sites
johnmcloud

This work for me:

;johnmcloud
$HotKey = "^!t" ; CTRL + ALT + T
$FileDir = @DesktopDir & "\Temp_Notepad.lnk" ; Directory of the shortcut
FileCreateShortcut(@WindowsDir & "\notepad.exe", $FileDir, @WindowsDir, "", "", @WindowsDir & "\system32\notepad.exe", $HotKey, "0", @SW_MINIMIZE) ; create a shortcut
Send($HotKey) ; send the combination of key for open the software
WinWait("[CLASS:Notepad]") ; wait for the window
FileDelete($FileDir) ; delete the .lnk

Result:

final.jpg

Edited by johnmcloud

Share this post


Link to post
Share on other sites
kiboost

indeed, this solution works ! nice, really, as I think it will be more reliable in the future than a code injection into explorer.exe

anyway, once I've done, I can't create anymore a new shortcut with ctrl+alt+t

I guess all hotkeys for shortcuts are saved somewhere in the registry, so we should delete this also each time we use this snippet


Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×