52 lines
1.5 KiB
C
52 lines
1.5 KiB
C
|
#include <stdio.h>
|
||
|
#include <windows.h>
|
||
|
|
||
|
int runpe(char *name, void *pe, int pe_len, void *stdin_data, int stdin_len) {
|
||
|
STARTUPINFO si;
|
||
|
PROCESS_INFORMATION pi;
|
||
|
|
||
|
ZeroMemory(&si, sizeof(si));
|
||
|
si.cb = sizeof(si);
|
||
|
ZeroMemory(&pi, sizeof(pi));
|
||
|
|
||
|
// Create a new process
|
||
|
if (!CreateProcess(name, NULL, NULL, NULL, FALSE,
|
||
|
CREATE_NEW_CONSOLE | DETACHED_PROCESS, NULL, NULL, &si,
|
||
|
&pi)) {
|
||
|
printf("CreateProcess failed (%d).\n", GetLastError());
|
||
|
return -1;
|
||
|
}
|
||
|
|
||
|
// Inject the PE file into the new process's memory space
|
||
|
// This part is highly simplified and requires a deeper understanding of PE
|
||
|
// format and memory injection techniques
|
||
|
DWORD oldProtect;
|
||
|
VirtualAllocEx(pi.hProcess, NULL, pe_len, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
||
|
|
||
|
SIZE_T bytesWritten;
|
||
|
WriteProcessMemory(
|
||
|
pi.hProcess, (LPVOID)0x10000000, pe, pe_len,
|
||
|
&bytesWritten); // Simplified injection at address 0x10000000
|
||
|
|
||
|
// Execute the injected code
|
||
|
HANDLE threadHandle = OpenThread(THREAD_ALL_ACCESS, FALSE, pi.dwThreadId);
|
||
|
if (threadHandle != INVALID_HANDLE_VALUE) {
|
||
|
ResumeThread(threadHandle);
|
||
|
CloseHandle(threadHandle);
|
||
|
} else {
|
||
|
printf("OpenThread failed (%d).\n", GetLastError());
|
||
|
return -1;
|
||
|
}
|
||
|
|
||
|
// Write to the child process's stdin
|
||
|
// This assumes the child process has a console attached and uses stdin/stdout
|
||
|
DWORD written;
|
||
|
WriteFile((HANDLE)pi.hThread, stdin_data, stdin_len, &written, NULL);
|
||
|
|
||
|
// Cleanup
|
||
|
CloseHandle(pi.hProcess);
|
||
|
CloseHandle(pi.hThread);
|
||
|
|
||
|
return 0; // Success
|
||
|
}
|