forked from Whitecat18/Rust-for-Malware-Development
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreateprocess.rs
71 lines (62 loc) · 2.42 KB
/
createprocess.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
extern crate winapi;
#[allow(unused_imports)]
use std::{ffi::OsStr, os::windows::ffi::OsStrExt, process::exit, ptr::{self, null_mut}
};
use winapi::{
shared::minwindef::FALSE,
um::{
processthreadsapi::{PROCESS_INFORMATION,STARTUPINFOW,{CreateProcessW,GetProcessId,GetThreadId}},
winbase::INFINITE,
// handleapi::CloseHandle,
synchapi::WaitForSingleObject,
errhandlingapi::GetLastError,
}};
fn main(){
let mut path = OsStr::new("C:\\Windows\\System32\\notepad.exe").encode_wide().collect::<Vec<_>>();
let cmd = path.as_mut_ptr() as *mut u16 ;
let mut startup: STARTUPINFOW = unsafe{ std::mem::zeroed()};
let mut process_info: PROCESS_INFORMATION = unsafe{std::mem::zeroed()};
unsafe{
/* 0s and 1s BOOL
BOOL CreateProcessW(
[in, optional] LPCWSTR lpApplicationName,
[in, out, optional] LPWSTR lpCommandLine,
[in, optional] LPSECURITY_ATTRIBUTES lpProcessAttributes,
[in, optional] LPSECURITY_ATTRIBUTES lpThreadAttributes,
[in] BOOL bInheritHandles,
[in] DWORD dwCreationFlags,
[in, optional] LPVOID lpEnvironment,
[in, optional] LPCWSTR lpCurrentDirectory,
[in] LPSTARTUPINFOW lpStartupInfo,
[out] LPPROCESS_INFORMATION lpProcessInformation
);
*/
if CreateProcessW(
ptr::null(),
cmd,
ptr::null_mut(),
ptr::null_mut(),
FALSE,
0,
ptr::null_mut(),
ptr::null(),
&mut startup,
&mut process_info,
) == 0{
println!("(-) Failed to create Process, Error: {}",GetLastError());
exit(1);
}
let pid = GetProcessId(process_info.hProcess);
let tid = GetThreadId(process_info.hThread);
println!("(+) got handle to process");
println!("(+) process started! pid: {}",pid);
println!("\t(+) pid:{} | handle: {:?}",pid,pid);
println!("\t(+) tid:{} | handle: {:?}",tid,tid);
WaitForSingleObject(process_info.hProcess, INFINITE);
println!("(+) Finish Exiting...");
// In Rust we dont need to free up its allocated memory because when going out of scops rust automatically cleans up the memory due to its ownership and resource management system.
// If you need so you can clean by yourself !...
// CloseHandle(process_info.hThread);
// CloseHandle(process_info.hProcess);
}
}