Redirecting cmd output

Started by Don57, October 12, 2012, 05:00:07 AM

Trying to redirect cmd screen to a file, but i am gettind Invalid_User_Buffer in WriteFile. After more reading at Microsoft I'm not sure if the calls redirect to screen output to a file, or they redirect the file to the screen.

; create file

     invoke CreateFile, ADDR lpszSave_File_Name,\                     
                        GENERIC_READ or GENERIC_WRITE,\                   
                        FILE_SHARE_READ or FILE_SHARE_WRITE,\
                        NULL, CREATE_ALWAYS,\
                        FILE_ATTRIBUTE_NORMAL, NULL

     mov hSaveCreateFile ,eax         

; reset StdOut to file

      invoke SetStdHandle, STD_OUTPUT_HANDLE, hSaveCreateFile

      mov hConOut, eax

; set for console out write

      invoke WriteFile, hSaveCreateFile, hConOut, FileBufferSize, ADDR dwBytesRead, 0


that doesn't make any sense to me   :P
it seems like the first parm should be the newly redirected handle (hConOut)
the second parm is a pointer to a buffer

i can't say that i have ever played with this, but....
in addition to the link that Erol gave you...

also, in the old forum, Mike played with pipes a bit (slugsnack i think was his ID)

of course.....
you are creating this process
so, you could do it on the command line and let CMD.EXE take care of it   :t


I tried in the CreateProcess lpCommandLine witth escape sequences but just couldn't get it to work kept on getting a macro nesting error so rather than loose my mind I thought that I would try another way

               .if !rv(CreateProcess,NULL,"c:\\Windows\\System32\\wevtutil.exe el /r test.text",0,0,0,CREATE_NEW_CONSOLE or CREATE_NEW_PROCESS_GROUP,0,0, ADDR sui,ADDR pi)

I also tried qWords line verbatum and couldn't get it to work. I do very low level chip programming and don't use API's or Macros. The API's give me some problems, but my understanding of the Macros is almost nil


try this...
"c:\\Windows\\System32\\wevtutil.exe el >test.txt"


That generates the following errors

C:\Users\Mirage\Work\Scrub Logs\LogCleaner.asm(377) : error A2046: missing single or double quotation mark in string
rv(2): Macro Called From
  C:\Users\Mirage\Work\Scrub Logs\LogCleaner.asm(377): Main Line Code
C:\Users\Mirage\Work\Scrub Logs\LogCleaner.asm(377) : fatal error A1008: unmatched macro nesting
rv(4): Macro Called From
  C:\Users\Mirage\Work\Scrub Logs\LogCleaner.asm(377): Main Line Code

It's enough to drive you mad



you'll just have to break it up...
"c:\\Windows\\System32\\wevtutil.exe el ",62,"test.txt"

not sure how well the rv macro will handle that
i never use it - i just make a string in the .DATA section and pass the pointer

sorry - i forgot that character has meaning in ASM


Thanks for the help. The commas before and after the ASCII are inadmissable and generate assembler errors. If I put the command line in a .DATA declaration it assembles alright, but generates an command not recognized in the command window. I tried both method using the Macro and with a simple invoke CreateProcess. In an earlier post someone mentioned escape squences, which I use in PHP but I can find no reference list to MASM32 escape sequences.


a little google and.....

ahhh, yes - of course   ;)
the CMD.EXE program is the one that chews on redirection - not the utility

you won't need a path for CMD.EXE - but you might for the utility to run under it
in this case, the utility is also in system32 (in PATH), so....

szCmdLine db "cmd.exe /C wevtutil.exe el ",62,"test.txt",0


That's it Thank You very much. I was going a little crazy. :greenclp:


No double backslashes in Masm32 - that is a C disease. Test it below.

include \masm32\include\

   mov eax, rv(StdOut, "C:\\Windows\\C_sucks\\Whatever")
   inkey chr$(10)

end start


rv and rvc differs in their function: only rvc supports escape sequences. Also, as said here, take a look in the documentation (hlhelp.chm) - there list with all usable escape sequences.
