News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Problems calling CreateProcessA

Started by MSF, October 02, 2014, 08:39:57 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

MSF

October 02, 2014, 08:39:57 PM
Hi everyone,

I hope this is in the right place, but if not can someone let me know where better to post this and I'll ask a mod to delete it. I couldn't find the MASM For Idiots subforum :)

I'm trying to launch a process (notepad.exe as an example) with MASM. The problem is that I'm passing LpCommandLine as a pointer to a local variable as this is generated dynamically as you can see from the OllyDBG output .

Code Select
CPU Stack
Address   Value      ASCII Comments
0018FC78  /00000000        ; |ApplicationName = NULL
0018FC7C  |0018FC35  5ü   ; |CommandLine = "C:\WINDOWS\System32\notepad.exe"
0018FC80  |00000000        ; |pProcessSecurity = NULL
0018FC84  |00000000        ; |pThreadSecurity = NULL
0018FC88  |00000001       ; |InheritHandles = TRUE
0018FC8C  |00000000        ; |CreationFlags = 0
0018FC90  |00000000        ; |pEnvironment = NULL
0018FC94  |00000000        ; |CurrentDirectory = NULL
0018FC98  |0018FD08  ý   ; |pStartupInfo = 0018FD08 -> STARTUPINFOA {Size=0, Reserved1=NULL, Desktop=NULL, Title=NULL, X=0, Y=0, Width=0, Height=0, XCountChars=0, YCountChars=0, FillAttribute=0, Flags=0, ShowWindow=SW_HIDE, Reserved2=0, Reserved3=NULL, hStdInput=NULL, hStdOutput=NU
0018FC9C  |0018FCF8  øü   ; \pProcessInformation = 0018FCF8 -> PROCESS_INFORMATION {hProcess=NULL, hThread=NULL, ProcessID=0 (0.), ThreadID=0}


This fails with file not found. Watching using ProcMon it appears that the actual file it is trying to use is ÿÿÿpü - which is obviously not a good thing.

Suspecting that I was passing the parameter incorrectly - under OllyDBG I manually edited the .code section of the exe to add C:\Windows\System32\Notepad.EXE after the end of the code and set the LpCommandLine parameter to point to that. Worked perfectly!

So I'm guessing the stack is getting messed around passing a local variable from one routine to the system routine of CreateProcessA.

How do I avoid this?

hutch--

#1
October 02, 2014, 08:45:59 PM
You would normally start another app with CreateProcess() or the older WinExec() which is not just a wrapper for CreateProcess().

Something like,


    invoke WinExec,pFname,SW_SHOWNORMAL

MSF

#2
October 02, 2014, 09:08:41 PM
Hi Hutch,

Thank you for taking the time to look at my thread and post a reply.

As usual (at least for me), once I have clarified all of my thoughts and distilled them into a post - something occurs to me :)

The problem is here :

Code Select
0018FC7C  |0018FC35  5ü   ; |CommandLine = "C:\WINDOWS\System32\notepad.exe"

You'll notice the referenced variable is on the stack but above ESP - hence it was being overwritten calling CreateProcess.

Moving it to a new variable located after ESP, and the problem has gone away!

Thanks again for having a look. Do I mark this as solved now? If so what is the correct procedure for doing that?

hutch--

#3
October 02, 2014, 09:26:04 PM
Nope, this is a forum of members, not a help desk. We help who we can and leave it there as reference for anyone else who may be interested.
Print
Go Up Pages1
User actions