Chad Duffey

BeforeMainLauncher.cpp

Blog Logo

This is the companion launcher source used in the CreateProcess post.

Raw file: BeforeMainLauncher.cpp

#include <windows.h>

#include <iostream>
#include <string>

int wmain(int argc, wchar_t** argv)
{
    std::wstring target = L"C:\\Windows\\System32\\notepad.exe";
    if (argc > 1)
    {
        target = argv[1];
    }

    STARTUPINFOW si = {};
    si.cb = sizeof(si);

    PROCESS_INFORMATION pi = {};
    std::wstring commandLine = L"\"" + target + L"\"";

    std::wcout << L"Calling CreateProcessW for: " << commandLine << std::endl;

    BOOL ok = CreateProcessW(
        nullptr,
        &commandLine[0],
        nullptr,
        nullptr,
        FALSE,
        CREATE_SUSPENDED,
        nullptr,
        nullptr,
        &si,
        &pi);

    if (!ok)
    {
        std::wcerr << L"CreateProcessW failed. GetLastError=" << GetLastError() << std::endl;
        return 1;
    }

    std::wcout << L"Process object exists. PID=" << pi.dwProcessId
               << L" initial TID=" << pi.dwThreadId << std::endl;
    std::wcout << L"The initial thread is suspended. Attach WinDbg now, or inspect with Process Explorer."
               << std::endl;
    std::wcout << L"Press Enter to ResumeThread..." << std::endl;
    std::wstring ignored;
    std::getline(std::wcin, ignored);

    ResumeThread(pi.hThread);

    std::wcout << L"Thread resumed. Press Enter to close handles and exit launcher." << std::endl;
    std::getline(std::wcin, ignored);

    CloseHandle(pi.hThread);
    CloseHandle(pi.hProcess);
    return 0;
}
Image

Chad Duffey

Windows Security, Active Directory, Exploit Development, Detection Engineering

Back to Overview