flat assembler
Message board for the users of flat assembler.

Index > Windows > CreateProcess Problem

Author
Thread Post new topic Reply to topic
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox 28 Jan 2008, 19:18
I used createfile bo get a write handle to file. File is creating, process too (return 1), and file is enpty =/ What did i wrong?

Code:
format pe console
section '.code' code readable executable


push 0
push 0x80
push 2
push 0
push 0
push 0x10000000
push fp
call [CreateFileA]
mov [output],eax
mov [output1],eax


push PROCESS_INFORMATION
push STARTUPINFO
push 0
push 0
push 0
push 0
push 0
push 0
push cmd
push 0
call [CreateProcessA]
push eax
push f
call [printf]
add esp,8

push [output]
call [CloseHandle]


push [output1]
call [CloseHandle]
retn
section '.data' data readable writeable
fp db 'file.txt',0
cmd db 'c:\windows\system32\cmd.exe',0
f db '%d',13,10,0
PROCESS_INFORMATION:
dd 4 dup 0
STARTUPINFO:
dd 68
dd 10 dup 0
dd 256
dd 2 dup 0
dd 0
output dd 0
output1 dd 0
section '.idata' import data readable
dd 0,0,0,RVA kernel32_name,RVA kernel32_table
dd 0,0,0,RVA msvcrt_name,RVA msvcrt_table
dd 5 dup 0
kernel32_table:
CreateProcessA dd RVA _CreateProcessA
CreateFileA dd RVA _CreateFileA
GetLastError dd RVA _GetLastError
VirtualAlloc dd RVA _VirtualAlloc
CloseHandle dd RVA _CloseHandle
dd 0
msvcrt_table:
memset dd RVA _memset
printf dd RVA _printf
dd 0
kernel32_name db 'kernel32.dll',0
msvcrt_name db 'msvcrt.dll',0
_CreateProcessA db 0,0,'CreateProcessA',0
_CreateFileA db 0,0,'CreateFileA',0
_GetLastError db 0,0,'GetLastError',0
_VirtualAlloc db 0,0,'VirtualAlloc',0
_CloseHandle db 0,0,'CloseHandle',0
_memset db 0,0,'memset',0
_printf db 0,0,'printf',0    
Post 28 Jan 2008, 19:18
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20356
Location: In your JS exploiting you and your system
revolution 28 Jan 2008, 19:38
You need to use WriteFile to write data into the newly created file.
Post 28 Jan 2008, 19:38
View user's profile Send private message Visit poster's website Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox 28 Jan 2008, 20:08
CreateProcess write to it. i replaced orginal stdout with my handle, so it should work.
Post 28 Jan 2008, 20:08
View user's profile Send private message Reply with quote
Yardman



Joined: 12 Apr 2005
Posts: 244
Location: US
Yardman 29 Jan 2008, 15:48
[ Post removed by author. ]


Last edited by Yardman on 04 Apr 2012, 03:01; edited 1 time in total
Post 29 Jan 2008, 15:48
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20356
Location: In your JS exploiting you and your system
revolution 29 Jan 2008, 15:55
asmrox,

You need to give time for the target process to start. After creating the process, sleep for a short while then close the file handle.

TFM wrote:
CreateProcess returns without waiting for the new process to finish its initialization
Post 29 Jan 2008, 15:55
View user's profile Send private message Visit poster's website Reply with quote
Yardman



Joined: 12 Apr 2005
Posts: 244
Location: US
Yardman 29 Jan 2008, 16:34
[ Post removed by author. ]


Last edited by Yardman on 04 Apr 2012, 03:03; edited 1 time in total
Post 29 Jan 2008, 16:34
View user's profile Send private message Reply with quote
TNick



Joined: 29 Jan 2008
Posts: 13
Location: Brasov, Romania
TNick 29 Jan 2008, 16:48
Hello!
Quote:

Perhaps you
should also do a CloseHandle on the process that you
create.

Both on the process handle and on the thread handle, which are returned in
PROCESS_INFORMATION Structure.

Nick
Post 29 Jan 2008, 16:48
View user's profile Send private message Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox 30 Jan 2008, 17:02
huh? why 'welcome prompt' go on stderr?


and how i do this with stdin?
push 0
push 0x80
push 3
push 0
push 0x00000001
push 0x80000000
push fp2
call [CreateFileA]
mov [input],eax

and input is in startupinfo structure.

in reading file i put dir\r\n, but in output thers no result of it =(
Post 30 Jan 2008, 17:02
View user's profile Send private message Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY 30 Jan 2008, 21:39
Talking about process I'll ask my question here: How to patch a process in memory? Do you have example code?

Thanks
Post 30 Jan 2008, 21:39
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20356
Location: In your JS exploiting you and your system
revolution 30 Jan 2008, 21:45
OzzY wrote:
Talking about process I'll ask my question here: How to patch a process in memory?
WriteProcessMemory
Post 30 Jan 2008, 21:45
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.