flat assembler
Message board for the users of flat assembler.

Index > Windows > Return Value Of Function

Goto page Previous  1, 2, 3
Author
Thread Post new topic Reply to topic
Trentie89



Joined: 01 Feb 2017
Posts: 26
Location: Perth, Australia.
Trentie89 17 Feb 2017, 11:30
So what your saying is SetWindowText is a redundant API.?.
Post 17 Feb 2017, 11:30
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20414
Location: In your JS exploiting you and your system
revolution 17 Feb 2017, 11:41
No. Just that you need to use it correctly. It is for windows within applications, not applications as a whole.
Post 17 Feb 2017, 11:41
View user's profile Send private message Visit poster's website Reply with quote
Trentie89



Joined: 01 Feb 2017
Posts: 26
Location: Perth, Australia.
Trentie89 17 Feb 2017, 11:55
Essentially champo,

I Want to create a process using CreateProcess, and have full privileges over it
including security. I Have managed to use the CreateProcess function right, but i
cant seem to take control of the process i have opened, is it because i haven't
placed the right security attributes in CreateProcess.?.
Post 17 Feb 2017, 11:55
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20414
Location: In your JS exploiting you and your system
revolution 17 Feb 2017, 12:02
To have full control, including debug privileges, you need to create a valid security descriptor and add all the rights you intend to use. And then pass that descriptor handle when you use CreateProcess.
Post 17 Feb 2017, 12:02
View user's profile Send private message Visit poster's website Reply with quote
Trentie89



Joined: 01 Feb 2017
Posts: 26
Location: Perth, Australia.
Trentie89 17 Feb 2017, 12:47
Im still on newb stage with FASM. I Understand completely what your saying, any chance you could show me a simple CreateProcess asm file with full security privlidges, ill paypal you if you like. Thanks.!.
Post 17 Feb 2017, 12:47
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20414
Location: In your JS exploiting you and your system
revolution 17 Feb 2017, 13:28
There is already some example code that creates a security token. You can modify it to create a different token with other privileges as you need.

See: https://board.flatassembler.net/topic.php?p=86712

BTW: That code also has error handling and error message formatting included.
Post 17 Feb 2017, 13:28
View user's profile Send private message Visit poster's website Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 17 Feb 2017, 23:24
Trentie89
You don't need a security descriptor. The value of eax after the call to CreateProcess is a boolean value. It makes no sense to pass it to the SetWindowText. SetWindowText expects a window handle. You don't have it. To find it, you need to enumerate all windows in the system, until you find one that belongs to the process. The handle of that window can then be passed to SetWindowText. That's a bit more code, than you'd expect:

Code:
include 'win32ax.inc' 

struct FIND_WINDOW_REQ
    pid  dd ?
    hWnd dd ?
ends

.data 
path db 'DIALOG.EXE',0
szErrTitle db 'Error',0
szNewProcFailed db 'Failed to create new process',0
szWaitFailed db 'New process did not start to wait for user input',0
szLookupFailed db 'Failed to find process window',0
szNewTitleFailed db 'Failed to set window title',0

align 16
sinfo STARTUPINFO 
pinfo PROCESS_INFORMATION 


.code 

proc EnumWindowsProc hWnd, pRequest
    local pid:DWORD
    
    invoke GetWindowThreadProcessId,[hWnd],addr pid
    xor ecx,ecx
    mov eax,[pid]
    mov edx,[pRequest]
    sub eax,[edx+FIND_WINDOW_REQ.pid]
    cmovz ecx,[hWnd]
    mov [edx+FIND_WINDOW_REQ.hWnd],ecx
ret
endp

proc FindWindowByPid
    local request:FIND_WINDOW_REQ
    xor edx,edx
    mov [request.pid],ecx
    mov [request.hWnd],edx
    invoke EnumWindows,EnumWindowsProc,addr request
    mov eax,[request.hWnd]
ret
endp

start:
    invoke CreateProcess,path,path,NULL,NULL,FALSE,NORMAL_PRIORITY_CLASS,NULL,NULL,sinfo,pinfo
    mov edx,szNewProcFailed
    test eax,eax
    jz .err
    
    invoke WaitForInputIdle,[pinfo.hProcess],5000
    mov edx,szWaitFailed
    test eax,eax
    jnz .err
    
    mov ecx,[pinfo.dwProcessId]
    call FindWindowByPid
    mov edx,szLookupFailed
    test eax,eax
    jz .err
    
    invoke SetWindowText,eax,"New Text!"
    mov edx,szNewTitleFailed
    test eax,eax
    jz .err
    
  .exit:
    invoke CloseHandle,[pinfo.hProcess]
    invoke CloseHandle,[pinfo.hThread]
    invoke ExitProcess,0
  .err:
    invoke MessageBox,NULL,edx,szErrTitle,MB_ICONERROR
  jmp .exit
.end start    


P.S. And the security descriptor would have nothing to do with the rights you get over the process. All possible rights are given to you by the handle returned from CreateProcess in the pinfo structure without any security descriptors.

_________________
Faith is a superposition of knowledge and fallacy
Post 17 Feb 2017, 23:24
View user's profile Send private message Reply with quote
Trentie89



Joined: 01 Feb 2017
Posts: 26
Location: Perth, Australia.
Trentie89 19 Feb 2017, 01:29
Thanks so much, l_inc. Your a brilliant programmer. I Owe you one.!. Your code
works flawlessly, and thanks for explaining that process descriptor too in greater detail. Smile.

BTW : To those who saw my first error, illegal instruction, when there was nothing wrong
with the code, that was because i was using internet explorer to copy and paste on windows 10.

Which obviously doesn't render the characters in the right format, on firefox it works perfect.!.
Post 19 Feb 2017, 01:29
View user's profile Send private message Reply with quote
Trentie89



Joined: 01 Feb 2017
Posts: 26
Location: Perth, Australia.
Trentie89 19 Feb 2017, 04:00
I Just want to say that i want to master FASM. ASM Is the only language that i wish to master(i have already mastered PHP over 13 years) but i am just starting out with FASM. I Hope that the FASM community grows and more and more people contribute, i am just a newbie, but when i learn more, i will help others. I Have so many questions, if you guys are kind enough to answer them(as i said i can paypal for tuition's). Id like to know now how to open a file in ASM and read its contents, can you show me some code how to do that.?. Thanks guys.

Trent.
Post 19 Feb 2017, 04:00
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 20 Feb 2017, 23:40
Trentie89
Quote:
Id like to know now how to open a file in ASM and read its contents, can you show me some code how to do that.?

The typical combo consists of 3 functions: CreateFile, ReadFile, CloseHandle. These are very easy to google out together with tons of usage examples.

P.S. Somebody would definitely explain what your mistakes are, if you provide your code you came up with that for some reason doesn't work.

_________________
Faith is a superposition of knowledge and fallacy
Post 20 Feb 2017, 23:40
View user's profile Send private message Reply with quote
rococo795



Joined: 19 Oct 2016
Posts: 6
rococo795 27 Feb 2017, 11:15
l_inc !!! Hi!!! A visit to the Mikl___ ??? According to the second link google !!! It has long been waiting for !!!
Post 27 Feb 2017, 11:15
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 27 Feb 2017, 13:01
rococo795
Hi. I don't have much time these days (and months) to enter a yet another forum. You may send me a private message though, if you'd like to discuss anything on that matter.

_________________
Faith is a superposition of knowledge and fallacy
Post 27 Feb 2017, 13:01
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.