[SOLVED] How create a process in hidden mode using CreateProcess api?

flashcoder · February 9, 2016

Hi,

I have this code below, and I'm needing execute a determinate process in hidden mode using only CreateProcess api.

I have made some changes, but without sucess until now.

Someone can help me please?

Delphi example:

function RunApplication(const ACommandLine: string): THandle;
var
  CommandLine: string;
  StartupInfo: TStartupInfo;
  ProcessInformation: TProcessInformation;
begin
  Result := 0;
  FillChar(StartupInfo, SizeOf(TStartupInfo), 0);
  FillChar(ProcessInformation, SizeOf(TProcessInformation), 0);
  StartupInfo.cb := SizeOf(TStartupInfo);
  StartupInfo.dwFlags := STARTF_USESHOWWINDOW;
  StartupInfo.wShowWindow := SW_HIDE;
  CommandLine := ACommandLine;
  UniqueString(CommandLine);
  if CreateProcess(nil, PChar(CommandLine), nil, nil, False,
    NORMAL_PRIORITY_CLASS, nil, nil, StartupInfo, ProcessInformation)
  then
    Result := ProcessInformation.hProcess;
end;

My last attempt was:

#include <ProcessConstants.au3>
#include <Security.au3>
#include <SecurityConstants.au3>
#include <StructureConstants.au3>
#include <WinAPI.au3>

_RunNonElevated(@SystemDir&"\notepad.exe") 

Func _RunNonElevated($sCommandLine = "")
    If Not IsAdmin() Then Return Run($sCommandLine) 
        
    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    
    Local $tSTARTUPINFO = DllStructCreate($tagSTARTUPINFO)
    Local $tPROCESS_INFORMATION = DllStructCreate($tagPROCESS_INFORMATION)
    DllStructSetData($tSTARTUPINFO, 13, @SW_HIDE)
    
    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

    Local $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, 0, ProcessExists("explorer.exe"))

    If $hProcess Then

        Local $hTokOriginal = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)
      
        _WinAPI_CloseHandle($hProcess)
   
        If $hTokOriginal Then
   
            Local $hTokDuplicate = _Security__DuplicateTokenEx($hTokOriginal, $TOKEN_ALL_ACCESS, $SECURITYIMPERSONATION, $TOKENPRIMARY)
            
            _WinAPI_CloseHandle($hTokOriginal)
         
            If $hTokDuplicate Then
         
                _Security__CreateProcessWithToken($hTokDuplicate, 0, $sCommandLine, 0, @ScriptDir, $tSTARTUPINFO, $tPROCESS_INFORMATION)
                _WinAPI_CloseHandle($hTokDuplicate)
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hProcess"))
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hThread"))
              
                Return DllStructGetData($tPROCESS_INFORMATION, "ProcessID")
            EndIf
        EndIf
    EndIf
EndFunc

Edited February 9, 2016 by flashcoder

JohnOne · February 9, 2016

I'll ask the question now, that someone else would, later.

For what legitimate reason do you wish to hide a process from user?

jpm · February 9, 2016

If you need to run with the Windows hidden just use

Run ( "program" , "workingdir", @SW_HIDE)

flashcoder · February 9, 2016

@jpm, I need make this only using CreateProcess api.

Quote

Run ( "program" , "workingdir", @SW_HIDE)

Don't works.

Edited February 9, 2016 by flashcoder

jpm · February 9, 2016

What is not working? which program are you launching?

flashcoder · February 9, 2016

33 minutes ago, jpm said:

What is not working? which program are you launching?

notepad.exe for example. Script is finalized immediately.

Eg:

Run("notepad",@SystemDir&"\notepad.exe",@SW_HIDE)

In other words, "Run" not works here.

Edited February 9, 2016 by flashcoder

flashcoder · February 9, 2016

SOLVED:

_RunNonElevated(@SystemDir & "\notepad.exe")

Func _RunNonElevated($sCommandLine = "")
   
   Local Const $STARTF_USESHOWWINDOW = 0x1
   Local Const $STARTF_USESTDHANDLES = 0x100
   
    If Not IsAdmin() Then Return Run($sCommandLine) 
        
    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    
    Local $tSTARTUPINFO = DllStructCreate($tagSTARTUPINFO)
    Local $tPROCESS_INFORMATION = DllStructCreate($tagPROCESS_INFORMATION)
    
    MemSet(DllStructGetPtr($tSTARTUPINFO),Chr(0),DllStructGetSize($tSTARTUPINFO))
    MemSet(DllStructGetPtr($tPROCESS_INFORMATION),Chr(0),DllStructGetSize($tPROCESS_INFORMATION))
    
    DllStructSetData($tSTARTUPINFO, "ShowWindow", @SW_HIDE)
    DllStructSetData($tSTARTUPINFO, "Size", DllStructGetSize($tSTARTUPINFO))
    DllStructSetData($tSTARTUPINFO, "Flags", BitOR($STARTF_USESTDHANDLES, $STARTF_USESHOWWINDOW))
    
    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

    Local $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, 0, ProcessExists("explorer.exe"))

    If $hProcess Then

        Local $hTokOriginal = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)
      
        _WinAPI_CloseHandle($hProcess)
   
        If $hTokOriginal Then
   
            Local $hTokDuplicate = _Security__DuplicateTokenEx($hTokOriginal, $TOKEN_ALL_ACCESS, $SECURITYIMPERSONATION, $TOKENPRIMARY)
            
            _WinAPI_CloseHandle($hTokOriginal)
         
            If $hTokDuplicate Then
         
                _Security__CreateProcessWithToken($hTokDuplicate, 0, $sCommandLine, 0, @ScriptDir, $tSTARTUPINFO, $tPROCESS_INFORMATION)
                _WinAPI_CloseHandle($hTokDuplicate)
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hProcess"))
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hThread"))
              
                Return DllStructGetData($tPROCESS_INFORMATION, "ProcessID")
            EndIf
        EndIf
    EndIf
EndFunc   

Func MemSet($pDest, $nChar, $nCount)
DllCall("msvcrt.dll", "ptr:cdecl", "memset", "ptr", $pDest, "int", $nChar, "int", $nCount)
If @error Then Return SetError(1,0,False)
Return True
EndFunc

PS: Tested in Windows 7 Home Premium 64 Bits.

Edited February 10, 2016 by flashcoder

JohnOne · February 9, 2016

Neither the window nor the process, is hidden.

jpm · February 9, 2016

4 hours ago, flashcoder said:
notepad.exe for example. Script is finalized immediately.

Eg:
Run("notepad",@SystemDir&"\notepad.exe",@SW_HIDE)
In other words, "Run" not works here.

inf act it works if the workingdir is accessible

Local $iRet = Run("notepad.exe", "", @SW_HIDE)

flashcoder · February 10, 2016

23 hours ago, JohnOne said:

Neither the window nor the process, is hidden.

You have sure?

Test my solution and see result.

JohnOne · February 10, 2016

I did, that is why I posted the comment.

Mobius · February 10, 2016

Works fine my end (window hidden at least), although it does seem like a drawn out process to do what AutoIt can do in one line (as JPM instructed).

Unless of course your real intent was merely mimicking the security privileges of explorer.exe for your desired application.

Edited February 10, 2016 by Mobius

JohnOne · February 10, 2016

win 10, window is visible.

flashcoder · February 10, 2016

2 hours ago, JohnOne said:

win 10, window is visible.

Thank you for this information.

[SOLVED] How create a process in hidden mode using CreateProcess api?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members