Start exe as child of explorer.exe

[kiboost]

Hi,

I try to start an exe file (not from me) which need to be a child process of explorer.exe to run fine.

If I use Run or Shellexecute it doesn't work fine.

I found this : http://www.nirsoft.net/utils/run_from_process.html

With running :

$RFPpath = "D:RunFromProcess-x64.exe"

$myFilePath = "pathtomyfile.exe"

ShellExecute($RFPpath, " nomsg explorer.exe "&$myFilePath, "")

Then myfile.exe is a child process of explorer.exe and all works well.

The problem is that it relies on this utility, which I dunno if it will be maintain, stays free, keep compatible with windows in the future, etc etc

So how could I do that with autoit itself ?

Thanks

[water]

I'm sure the WinAPI or WinAPIEX UDFs provide a function to do what you want.

[trancexx]

Can't you simply do this:

Run('explorer.exe "' & $myFilePath & '"')
; or:
;ShellExecute("explorer.exe", '"' & $myFilePath & '"')

[kiboost]

Can't you simply do this:

Run('explorer.exe "' & $myFilePath & '"')
; or:
;ShellExecute("explorer.exe", '"' & $myFilePath & '"')

I've tried this but it make myfile.exe child of an explorer.exe, child of svchost.exe, child of services.exe, child of wininit.exe

Not a child of the user main explorer.exe and doesn't work

[water]

I try to start an exe file (not from me) which need to be a child process of explorer.exe to run fine.

Can you please tell us which program needs to be a child of Explorer.exe and why?

[trancexx]

I've tried this but it make myfile.exe child of an explorer.exe, child of svchost.exe, child of services.exe, child of wininit.exe

Not a child of the user main explorer.exe and doesn't work

Then next time be more precise about what you want. I gave you what you asked for.

See you then .

[Bert]

Can you please tell us which program needs to be a child of Explorer.exe and why?

agreed. I'm curious as well. I've never heard of needing such a thing. If anything you describe what you need as a maulware behavior. Then again the need could be legitimate and I can learn something new.

[kiboost]

Ok no problem and nothing secret there, was not talking about it to not bother you. I must say it's the first time I see such behavior also, and previous version of this software didn't needed this.

It is server.exe, part of Autodesk Backburner. This server.exe start 3dsmax.exe and if server.exe isn't a child process of main explorer.exe 3dsmax.exe has some difficulties to create some files while starting (I guess it ask its parent explorer.exe and don't find it ?). This is for 3dsmax 2014, and 3dsmax2012 (with backburner2012) never had such problems.

The fact is that if I start server.exe with RunFromProcess-x64, all runs fine.

The command that works :

$RFPpath = "D:RunFromProcess-x64.exe"

$startPath = "C:Program Files (x86)AutodeskBackburnerserver.exe"
ShellExecute($RFPpath, " nomsg explorer.exe "&$startPath, "C:Program Files (x86)AutodeskBackburner")

which runs :

D:RunFromProcess-x64.exe nomsg explorer.exe C:Program Files (x86)AutodeskBackburnerserver.exe

You know it all

[Bert]

Interesting! I learned something new.

I did a bit of google-ling and I found some information on it:

'?do=embed' frameborder='0' data-embedContent>>

Edited September 20, 2013 by YogiBear

[kiboost]

yep but still doesn't know how to do it. Lot of stuff on msdn also but nothing about this I can find.

[water]

Can't you let AutoDesk do the startup thing and then connect to this process and do whatever you need to do?

[kiboost]

Still no solution.

I've came accroos this which may be a good direction to go :

http://forum.sysinternals.com/tip-run-process-in-system-account-scexe_topic16714.html

If anyone have any input ...

[Bert]

You need to get the Process ID first for explorer.exe then run

from the site link you provided:

RunFromProcess requires 2 command-line parameters:
RunFromProcess.exe [Parent Process Name/ID] [Process To Run]

 

[orbs]

this is a really interesting issue which i stumbled a while back: my need was that a setup program - running interactive as administrator - when completed, would launch the installed application as the logged-on user.

i never found a real solution to this - and i'm surprised that the NirSoft guy can do it, because it sounds like a really bad security vulnerability to me - but this is a workaround i can suggest (i confirm it works remotely too):

create a shortcut to the executable you want to be launched as child of explorer.exe (i.e. server.exe)

assign this shortcut with a shortcut key, that is unlikely to be used (e.g. Ctrl+Alt+Shift+F12)

the calling application should NOT launch server.exe directly - instead, it should Send() the shortcut key. the Send() is processed by explorer.exe, and there you go...

[kiboost]

this is a really interesting issue which i stumbled a while back: my need was that a setup program - running interactive as administrator - when completed, would launch the installed application as the logged-on user.

i never found a real solution to this - and i'm surprised that the NirSoft guy can do it, because it sounds like a really bad security vulnerability to me - but this is a workaround i can suggest (i confirm it works remotely too):

create a shortcut to the executable you want to be launched as child of explorer.exe (i.e. server.exe)

assign this shortcut with a shortcut key, that is unlikely to be used (e.g. Ctrl+Alt+Shift+F12)

the calling application should NOT launch server.exe directly - instead, it should Send() the shortcut key. the Send() is processed by explorer.exe, and there you go...

 

wow nice idea ! Will try that !!

[kiboost]

hmm this doesn't work.

it start it without any parent process.

Func startServer()
    ConsoleWrite("startServer"&@CR)
    $serverStart = "D:\BB_Server.lnk"
    ShellExecute($serverStart)
EndFunc


HotKeySet("Ctrl+Alt+Shift+F12", "startServer")
Send("Ctrl+Alt+Shift+F12")

About RunFromProcess:

It seems it use traditionnal code injection with kernel32.dll

http://waitfordebug.wordpress.com/2012/02/07/dll-injection-in-python/

But this not 'traditionnal' at for me lol !!

I'm trying with both autoit and python but can't find out how to encode shellcode for a simple winexec command.

[orbs]

for Send() you do not need all that. just manually create the shortcut one time, then use just one line Send().

now use the proper syntax for send() - see the help

Send("+^!{F12}")

[JohnOne]

I thought a program is a child of whatever program started it.

So it is already child of explorer.exe if started manually from clicking.

[johnmcloud]

This work for me:

;johnmcloud
$HotKey = "^!t" ; CTRL + ALT + T
$FileDir = @DesktopDir & "\Temp_Notepad.lnk" ; Directory of the shortcut
FileCreateShortcut(@WindowsDir & "\notepad.exe", $FileDir, @WindowsDir, "", "", @WindowsDir & "\system32\notepad.exe", $HotKey, "0", @SW_MINIMIZE) ; create a shortcut
Send($HotKey) ; send the combination of key for open the software
WinWait("[CLASS:Notepad]") ; wait for the window
FileDelete($FileDir) ; delete the .lnk

Result:

Edited October 2, 2013 by johnmcloud

[kiboost]

indeed, this solution works ! nice, really, as I think it will be more reliable in the future than a code injection into explorer.exe

anyway, once I've done, I can't create anymore a new shortcut with ctrl+alt+t

I guess all hotkeys for shortcuts are saved somewhere in the registry, so we should delete this also each time we use this snippet