Hi Ramon, I encounter the following problem: the CreateProcessWithTokenW function, it seems to work in UNICODE mode. so I modified easy Code, and selected: check / uncheck the Build project as Unicode (Windows NT or later)
And in the code I added:
IFDEF APP_UNICODE
Mov Eax, SizeOf MSi
Mov MSi.cb, Eax
Invoke CreateProcessWithTokenW, hToken, 0, TextAddrW ("D: \ MFTRead.exe"), 0, 0, 0, 0, Addr MSi, Addr Pinf
ENDIF
But it gives me a system error. I attached project under easy code.
This on vb.net 2010 works fine.
The application has to be run in administrator mode.
Am I doing something wrong with the easycode?
Thank you very much, regards.
Hi AsmAlmeria12,
Sorry for the inconveniences and thanks for attaching a sample project.
Please give me some time to see the problem and fix it.
Regards,
Ramon
Hi,
There is no bug in Easy Code, the problem is that your project is a Masm project and Masm projects use the MASM32 SDK. The 'CreateProcessWithTokenW' function is not defined in any of the include/library files of the MASM32 SDK (it should be in the 'advapi32' files).
So the solution is "manually" calling the 'CreateProcessWithTokenW' function in the following way:
;============ The next line has to be commented ============
;Invoke CreateProcessWithTokenW, hToken, 0, TextAddrW("D:\MFTRead.exe"), 0, 0, 0, 0, Addr MSi, Addr Pinf
Push Edi
Push Esi
;Open the 'advapi32.dll' library
Invoke LoadLibrary, TextStr("advapi32.dll")
.If Eax
;Save the library handle in Edi
Mov Edi, Eax
;Get the 'CreateProcessWithTokenW' function entry point
Invoke GetProcAddress, Edi, TextStr("CreateProcessWithTokenW")
.If Eax
;Save the function entry point in Esi
Mov Esi, Eax
;Put the arguments into the stack
Lea Eax, Pinf
Push Eax
Lea Eax, MSi
Push Eax
Push 0
Push 0
Push 0
Push 0
Push TextAddrW("D:\MFTRead.exe")
Push 0
Push hToken
;Call to 'CreateProcessWithTokenW' function
Call Esi
.EndIf
;Free the 'advapi32.dll' library
Invoke FreeLibrary, Edi
.EndIf
Pop Esi
Pop Edi
But take into account that the 'CreateProcessWithTokenW' function is included in Windows Vista (or Windows Server 2003) and later, so for any previous Windows system the 'GetProcAddress' call will return 0 because the 'CreateProcessWithTokenW' function will not be found, that is, this application will not work for any Windows version previous to Windows Vista (or Windows Server 2003).
Attached is your project (modified for working fine).
Regards and happy New Year!
Hi Ramon, happy new year. Thanks for your explanation. The case is that, if in easy code, I have the option marked: the Build project as Unicode (Windows NT or later).
It does not execute the function: Invoke GetProcAddress, Edi, TextStr ("CreateProcessWithTokenW"). If I uncheck, the option, if it enters, but the same error as before occurs.
The executable that produces easy code, I run in administrator mode, which is how it should work.
This project has really chopped me. Can you think of anything?
Thank you
Hi Ramon, I have already achieved it! Investigating a little more. Attached modifications, in case someone can reuse the code. Thank you.
Invoke RtlZeroMemory, Addr MSi, SizeOf MSi
Invoke RtlZeroMemory, Addr Pinf, SizeOf Pinf
Mov Eax, SizeOf MSi
Mov MSi.cb, Eax
;============ The next line has to be commented ============
;Invoke CreateProcessWithTokenW, hToken, 0, TextAddrW("D:\MFTRead.exe"), 0, 0, 0, 0, Addr MSi, Addr Pinf
Push Edi
Push Esi
;Open the 'advapi32.dll' library
Invoke LoadLibrary, TextStr("advapi32.dll")
.If Eax
;Save the library handle in Edi
Mov Edi, Eax
;Get the 'CreateProcessWithTokenW' function entry point
Invoke GetProcAddress, Edi, TextStr("CreateProcessWithTokenW")
.If Eax
;Save the function entry point in Esi
Mov Esi, Eax
;Put the arguments into the stack
Lea Eax, Pinf
Push Eax
Lea Eax, MSi
Push Eax
Push 0
Push 0
Push 0
Push TextAddrW("D:\MFTRead.exe")
Push 0
Push LOGON_WITH_PROFILE
Push hToken
;Call to 'CreateProcessWithTokenW' function
Call Esi
Invoke PasarADecimal, Eax
.EndIf
;Free the 'advapi32.dll' library
Invoke FreeLibrary, Edi
.EndIf
Pop Esi
Pop Edi
Hi,
Happy New Year!
You should be aware of something. When you check the Build project as Unicode (Windows NT or later) option, the TextStr macro returns a Unicode string and the problem is that the GetProcAddress function only works with ANSI strings (it does not accept Unicode strings), so if the Build project as Unicode (Windows NT or later) option is checked, you should use the TextStrA macro when calling GetProcAddress:
Invoke GetProcAddress, Edi, TextStrA("CreateProcessWithTokenW")
That works perfectly well.
Regards,
Ramon