Databases
StackOverflow2013
Postsdbo
POPython: kernel32.CreateProcessA() What is it doing?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPython: kernel32.CreateProcessA() What is it doing?
    text
    copied!<p>I am currently learning about debuggers and how they stop processes. </p> <p>Here is my code:</p> <pre><code> from ctypes import * WORD = c_ushort DWORD = c_ulong LPBYTE = POINTER(c_ubyte) LPTSTR = POINTER(c_char) HANDLE = c_void_p DEBUG_PROCESS = 0x00000001 CREATE_NEW_CONSOLE = 0x00000010 class STARTUPINFO(Structure): _fields_ = [ ("cb", DWORD), ("lpReserved", LPTSTR), ("lpDesktop", LPTSTR), ("lpTitle", LPTSTR), ("dwX", DWORD), ("dwY", DWORD), ("dwXSize", DWORD), ("dwYSize", DWORD), ("dwXCountChars", DWORD), ("dwYCountChars", DWORD), ("dwFillAttribute",DWORD), ("dwFlags", DWORD), ("wShowWindow", WORD), ("cbReserved2", WORD), ("lpReserved2", LPBYTE), ("hStdInput", HANDLE), ("hStdOutput", HANDLE), ("hStdError", HANDLE), ] class PROCESS_INFORMATION(Structure): _fields_ = [ ("hProcess", HANDLE), ("hThread", HANDLE), ("dwProcessId", DWORD), ("dwThreadId", DWORD), ] kernel32 = windll.kernel32 class debugger(): def __init__(self): pass def load(path_to_exe): creation_flags = DEBUG_PROCESS startupinfo = STARTUPINFO() processinfo = PROCESS_INFORMATION() startupinfo.dwFlags = 0x1 startupinfo.wShowWindow = 0x0 startupinfo.cb = sizeof(startupinfo) if kernel32.CreateProcessA(path_to_exe,None,None,None,None,creation_flags,None,None,byref(startupinfo),byref(processinfo)): print("[*] Process launched") print("[*] PID: %d" % (PROCESS_INFORMATION.dwProcessId)) else: print("[*] Error: 0x%08x." % (kernel32.GetLastError())) debugger.load("C:\\WINDOWS\\system32\\calc.exe") </code></pre> <p>Whenever I run it, it goes to the error. :( I figured out that the reason that it is going to that error is because the kernel32.CreateProcessA is returning false. I'm actually following along Gray hat python right now, and I'm converting this code to python 3 as I read it.</p> <p>My question is, what is the kernel32.CreateProcessA doing, why is it returning false, and how can I prevent it from returning false?</p> <p>Any help would be much appreciated!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload