Sign in to follow this  
Followers 0
flashcoder

[SOLVED] How create a process in hidden mode using CreateProcess api?

14 posts in this topic

#1 ·  Posted (edited)

Hi,

I have this code below, and I'm needing execute a determinate process in hidden mode using only CreateProcess api.

I have made some changes, but without sucess until now.

Someone can help me please?

Delphi example:

function RunApplication(const ACommandLine: string): THandle;
var
  CommandLine: string;
  StartupInfo: TStartupInfo;
  ProcessInformation: TProcessInformation;
begin
  Result := 0;
  FillChar(StartupInfo, SizeOf(TStartupInfo), 0);
  FillChar(ProcessInformation, SizeOf(TProcessInformation), 0);
  StartupInfo.cb := SizeOf(TStartupInfo);
  StartupInfo.dwFlags := STARTF_USESHOWWINDOW;
  StartupInfo.wShowWindow := SW_HIDE;
  CommandLine := ACommandLine;
  UniqueString(CommandLine);
  if CreateProcess(nil, PChar(CommandLine), nil, nil, False,
    NORMAL_PRIORITY_CLASS, nil, nil, StartupInfo, ProcessInformation)
  then
    Result := ProcessInformation.hProcess;
end;

My last attempt was:

#include <ProcessConstants.au3>
#include <Security.au3>
#include <SecurityConstants.au3>
#include <StructureConstants.au3>
#include <WinAPI.au3>

_RunNonElevated(@SystemDir&"\notepad.exe") 

Func _RunNonElevated($sCommandLine = "")
    If Not IsAdmin() Then Return Run($sCommandLine) 
        
    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    
    Local $tSTARTUPINFO = DllStructCreate($tagSTARTUPINFO)
    Local $tPROCESS_INFORMATION = DllStructCreate($tagPROCESS_INFORMATION)
    DllStructSetData($tSTARTUPINFO, 13, @SW_HIDE)
    
    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

    Local $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, 0, ProcessExists("explorer.exe"))

    If $hProcess Then

        Local $hTokOriginal = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)
      
        _WinAPI_CloseHandle($hProcess)
   
        If $hTokOriginal Then
   
            Local $hTokDuplicate = _Security__DuplicateTokenEx($hTokOriginal, $TOKEN_ALL_ACCESS, $SECURITYIMPERSONATION, $TOKENPRIMARY)
            
            _WinAPI_CloseHandle($hTokOriginal)
         
            If $hTokDuplicate Then
         
                _Security__CreateProcessWithToken($hTokDuplicate, 0, $sCommandLine, 0, @ScriptDir, $tSTARTUPINFO, $tPROCESS_INFORMATION)
                _WinAPI_CloseHandle($hTokDuplicate)
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hProcess"))
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hThread"))
              
                Return DllStructGetData($tPROCESS_INFORMATION, "ProcessID")
            EndIf
        EndIf
    EndIf
EndFunc

 

Edited by flashcoder

Share this post


Link to post
Share on other sites



If you need to run with the Windows hidden just use

Run ( "program" , "workingdir", @SW_HIDE)

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

@jpm, I need make this only using CreateProcess api. 

Quote

Run ( "program" , "workingdir", @SW_HIDE)

Don't works.

Edited by flashcoder

Share this post


Link to post
Share on other sites

What is not working? which program are you launching?

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

33 minutes ago, jpm said:

What is not working? which program are you launching?

notepad.exe for example. Script is finalized immediately.

Eg:

Run("notepad",@SystemDir&"\notepad.exe",@SW_HIDE)

 

In other words, "Run" not works here.

Edited by flashcoder

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

SOLVED:

_RunNonElevated(@SystemDir & "\notepad.exe")

Func _RunNonElevated($sCommandLine = "")
   
   Local Const $STARTF_USESHOWWINDOW = 0x1
   Local Const $STARTF_USESTDHANDLES = 0x100
   
    If Not IsAdmin() Then Return Run($sCommandLine) 
        
    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    
    Local $tSTARTUPINFO = DllStructCreate($tagSTARTUPINFO)
    Local $tPROCESS_INFORMATION = DllStructCreate($tagPROCESS_INFORMATION)
    
    MemSet(DllStructGetPtr($tSTARTUPINFO),Chr(0),DllStructGetSize($tSTARTUPINFO))
    MemSet(DllStructGetPtr($tPROCESS_INFORMATION),Chr(0),DllStructGetSize($tPROCESS_INFORMATION))
    
    DllStructSetData($tSTARTUPINFO, "ShowWindow", @SW_HIDE)
    DllStructSetData($tSTARTUPINFO, "Size", DllStructGetSize($tSTARTUPINFO))
    DllStructSetData($tSTARTUPINFO, "Flags", BitOR($STARTF_USESTDHANDLES, $STARTF_USESHOWWINDOW))
    
    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

    Local $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, 0, ProcessExists("explorer.exe"))

    If $hProcess Then

        Local $hTokOriginal = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)
      
        _WinAPI_CloseHandle($hProcess)
   
        If $hTokOriginal Then
   
            Local $hTokDuplicate = _Security__DuplicateTokenEx($hTokOriginal, $TOKEN_ALL_ACCESS, $SECURITYIMPERSONATION, $TOKENPRIMARY)
            
            _WinAPI_CloseHandle($hTokOriginal)
         
            If $hTokDuplicate Then
         
                _Security__CreateProcessWithToken($hTokDuplicate, 0, $sCommandLine, 0, @ScriptDir, $tSTARTUPINFO, $tPROCESS_INFORMATION)
                _WinAPI_CloseHandle($hTokDuplicate)
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hProcess"))
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hThread"))
              
                Return DllStructGetData($tPROCESS_INFORMATION, "ProcessID")
            EndIf
        EndIf
    EndIf
EndFunc   

Func MemSet($pDest, $nChar, $nCount)
DllCall("msvcrt.dll", "ptr:cdecl", "memset", "ptr", $pDest, "int", $nChar, "int", $nCount)
If @error Then Return SetError(1,0,False)
Return True
EndFunc

PS: Tested in Windows 7 Home Premium 64 Bits.

Edited by flashcoder

Share this post


Link to post
Share on other sites
4 hours ago, flashcoder said:

notepad.exe for example. Script is finalized immediately.

Eg:

Run("notepad",@SystemDir&"\notepad.exe",@SW_HIDE)

 

In other words, "Run" not works here.

inf act it works if the workingdir is accessible

Local $iRet = Run("notepad.exe", "", @SW_HIDE)

Share this post


Link to post
Share on other sites
23 hours ago, JohnOne said:

Neither the window nor the process, is hidden.

 

You have sure? :D

Test my solution and see result.

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

Works fine my end (window hidden at least), although it does seem like a drawn out process to do what AutoIt can do in one line (as JPM instructed).

Unless of course your real intent was merely mimicking the security privileges of explorer.exe for your desired application. ;)

Edited by Mobius

Share this post


Link to post
Share on other sites
2 hours ago, JohnOne said:

win 10, window is visible.

Thank you for this information.:)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0