|
D Paste by CreateProcess access vio
Description: This codes gives me an access vio when executed
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 | import std.c.windows.windows; const TOKEN_ASSIGN_PRIMARY = 0x0001; const TOKEN_DUPLICATE = 0x0002; const TOKEN_IMPERSONATE = 0x0004; const TOKEN_QUERY = 0x0008; const TOKEN_QUERY_SOURCE = 0x0010; const TOKEN_ADJUST_PRIVILEGES = 0x0020; const TOKEN_ADJUST_GROUPS = 0x0040; const TOKEN_ADJUST_DEFAULT = 0x0080; const TOKEN_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT; const TOKEN_READ = STANDARD_RIGHTS_READ | TOKEN_QUERY; const TOKEN_WRITE = STANDARD_RIGHTS_WRITE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT; const TOKEN_EXECUTE = STANDARD_RIGHTS_EXECUTE; const TOKEN_SOURCE_LENGTH = 8; struct STARTUPINFOA { DWORD cb = STARTUPINFOA.sizeof; LPSTR lpReserved; LPSTR lpDesktop; LPSTR lpTitle; DWORD dwX; DWORD dwY; DWORD dwXSize; DWORD dwYSize; DWORD dwXCountChars; DWORD dwYCountChars; DWORD dwFillAttribute; DWORD dwFlags; WORD wShowWindow; WORD cbReserved2; PBYTE lpReserved2; HANDLE hStdInput; HANDLE hStdOutput; HANDLE hStdError; } alias STARTUPINFOA* LPSTARTUPINFOA; struct PROCESS_INFORMATION { HANDLE hProcess; HANDLE hThread; DWORD dwProcessId; DWORD dwThreadId; } alias PROCESS_INFORMATION* PPROCESS_INFORMATION, LPPROCESS_INFORMATION; extern (Windows) { BOOL /*WINAPI*/ CreateProcessAsUserA( HANDLE hToken, LPCTSTR lpApplicationName, LPTSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCTSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation ); } // is 'program.exe' LPCTSTR lpApplicationName = .toStringz(pathName.dup); // is '-f oneopt -g twoopt -h threeopt' LPCTSTR lpCommandLine = .toStringz(args.dup); LPSECURITY_ATTRIBUTES lpProcessAttributes = null; LPSECURITY_ATTRIBUTES lpThreadAttributes = null; BOOL bInheritHandles = 0; DWORD dwCreationFlags = 0; LPVOID lpEnvironment = null; // is 'C:\programdir\' LPCTSTR lpCurrentDirectory = .toStringz(globals.programDir.dup); LPSTARTUPINFOA lpStartupInfo = null; LPPROCESS_INFORMATION lpProcessInformation = null; msgBox(pathName); try { CreateProcessAsUserA( cast(HANDLE) /*TOKEN_ALL_ACCESS*/(TOKEN_READ|TOKEN_WRITE|TOKEN_EXECUTE), lpApplicationName, .toStringz(""), lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation ); } catch (Exception e) { msgBox(e.toString, "This box shows up", MsgBoxButtons.OK, MsgBoxIcon.INFORMATION); } |