What I want to do is use the Windows C API from my own single command line application to create a brand new process. (A couple of them actually). I want to be able to name this process whatever I want and all I want it to do is do a sleep(30) to get me going.
Im having trouble doing this with the CreateFile() API as it wants me to specify an executable to run the new process from. What I am after is something a bit like Fork() on Linux.
How do I go about doing this? Do I have to do something complex like embed an exe that calls sleep() in the resource section of my program, drop it then run CreateProcess() on it?
Reading around and talking to people, this is what I have found for anyone who has the same question as me.
CreateProcess() requires an executable to launch. There is no equivalent of fork() on windows. You need to pass it an executable file.
There are two ways of doing this:
1) embed a new executable in the resource section, drop it to disk and then call CreateProcess() on this from the main executable.
2) Have your main process call CreateProcess() on its own executable file, and handle what happens when it is called again dynamically. For example, if I run myApp.exe with no arguments, Perform its main tasks such as calling CreateFile() on its own executable. To tell that its not just running normally you could do something like this time handing the executable an argument. You can then handle this accordingly. eg if you then call myapp.exe with the argument "foo", the application then knows its being run differently and handle execution accordingly. Eg in main, when it see's the argument foo, it could walk its own PEB and change the process name to foo.exe (so it looks like a new executable) and then perform any actions you want.
I hope my explanation makes sense there.
Thanks for the help
Related
I have a huge project that is creating a lot of files and folders that I want to track them.
In order to debug the code, I would like to replace a system call behavior to check what is going on.
My idea is to hook a new function in the same place where the system call is being used and see the behavior of the application, after it has started. To be more clear, here is an example of what I need:
The application is creating a annoying folder like /tmp/annoying_folder. So I would like to intercept every mkdir system call and check if the it's argument is the annoying_folder and if it is the case, force it to return an error, so I can locate which process is doing this and also know it's stack call.
What I have tried up to now is using LD_PRELOAD, which is not working in the case of this application, because it is doing direct system calls, instead of going through libc.
I'm having trouble using gdb, because I'm not sure which process is doing these calls, because the application is started by a script that calls multiple other processes.
Through strace I'm able to see the mkdir call that I'm looking for, but it doesn't help me much, because I need to also know the stack trace call of the application to figure out where is the code that is generating this.
So one option that thought to be interesting is to use LD_PRELOAD to load a library with a constructor function that would change the hook point of mkdir and redirect it to my custom function. But I need directions on how to do that for Linux system calls.
Do someone knows how to change System calls function pointers at runtime?
I wasn't able to intercept those system calls as I expected, but I've found an interesting workaround with stap utility.
I've created the following script:
#! /bin/stap -g
probe nd_syscall.mkdir.return {
folder_name = user_string(#entry(pointer_arg(1)), "-");
folder_name_prefix = substr(folder_name, 0, 9);
if(folder_name_prefix == "/tmp/test") {
printf("[%d] [%d] [%16s] [%s]\n", uid(), pid(), execname(), folder_name);
raise(%{ SIGSTOP %});
}
Then I was able to send a signal stop to the process and after that connect gdb to analyze the application stack trace.
i have a C program that opens an mp3 and extract the jpg artwork in the same folder. If i execute this program with no root privileges i get a crash. If i execute it with sudo it works normally.
Now, i need another C programs who launch the previous program when it needs a jpg artwork for the selected mp3.
I tried to call popen("./firstProgram test.mp3" , "r") function or system("/(absolute path)/firstProgram test.mp3") function by calling them even with sudo in the command or not and either with relative or absolute paths. But no version seems to work.
How can i launch the first program from the second one with success?
Thanks!
fork and then use execl
char sudo[]="/usr/bin/sudo";
char pbin[]="/usr/local/bin/puppet";
NOTICE("running puppet: %s %s",sudo,pbin);
errno=0;
execl(sudo,sudo,pbin,(char *)NULL);
/* we should never get as far as this */
obviously I recommend reading man execl for further info
Unix (Linux) systems have contained a C Programming Manual in them since possibly forever. Look in Section 2, "System Calls".
This Wikipedia Page explains the Unix Manual "sections"
It is section 2 of the manual you can read about "System Calls"
Try the command: man 2 setuid
This will give you the manual for the setuid() system call which I think is what you want.
That manual page will also list references to other related system calls that may be what you want.
Remember when compiling C programs and using system calls that do low-level hardware access, to use the -O2, or -O3 option to gcc. There is a mention of it in the manual.
Ultimately the setuid() system call makes a running process started by one user change the UID of that running process to be running as some other user. (For example, you may see the Apache running as "apache", even though it was started by root).
setuid(0) lets you be root.
I am having trouble with the function fopen(). I would always send the exact location of a file as an arguement to fopen(),
which would look something like this:
fopen("c:\\Users/Username/Desktop/Projects/program_name/version 1.0/data/important_data.txt", "r");
That works just fine on my computer, but what if I decide to transfer the program to another computer?
The location would completely change.
It would no longer be:
c:\\Users/Username/Desktop/Projects/program_name/version 1.0/data/important_data.txt
But it would rather be something like:
c:\\Users/OtherUsername/Desktop/program_name/version 1.0/data/important_data.txt
My question is, how do I make a portable function which can obtain the location of a file, if I only give the
name (including the type e.g. .txt) of the file to the function?
Keep in mind, I've been learning C for less than a year. There are still a lot of things which I must learn, and
things like this are of high importance.
this is operating system specific. on linux you can use the locate shell command and parse its output ( http://www.linfo.org/locate.html )
C: Run a System Command and Get Output?
How do I execute a Shell built-in command with a C function?
however this solution will only work on linux. i think yano's solution in the comments above is better ...
I've been following tutorials online on C coding, and the code is using the Apache APR library.
It uses the apr_proc_t structure to execute an external app.
I'm confused about this function, could someone explain what this function means:
apr_status_t apr_procattr_cmdtype_set ( apr_procattr_t * attr,
apr_cmdtype_e cmd
)
Set what type of command the child process will call.
Parameters:
attr The procattr we care about.
cmd The type of command. One of:
APR_SHELLCMD -- Anything that the shell can handle
APR_PROGRAM -- Executable program (default)
APR_PROGRAM_ENV -- Executable program, copy environment
APR_PROGRAM_PATH -- Executable program on PATH, copy env
The apr_procattr_cmdtype_set function is used to tell APR how you want to execute the external command, it probably just sets an internal flag and does a bit of bookkeeping.
Let us look at the enum apr_cmdtype_e:
APR_SHELLCMD
use the shell to invoke the program
APR_PROGRAM
invoke the program directly, no copied env
APR_PROGRAM_ENV
invoke the program, replicating our environment
APR_PROGRAM_PATH
find program on PATH, use our environment
APR_SHELLCMD_ENV
use the shell to invoke the program, replicating our environment
The first and last options (APR_SHELLCMD and APR_SHELLCMD_ENV) pretty much say "use a portable version of system" (with or without copying the current environment variables to the new process). The others are just variations on the Unix fork/exec pair with the flag choosing which of the exec family of functions to use.
I need to make a debug shell inside each c exe(linux enviroment), and my solution is as follows:
Read elf symbols from exe file, build a symbol->address table in
memory;
Run a thread calling readline to accept user input, some thing
like a c function call;
use Lex & yacc to parse the function name and arg list;
Find address of the function in the symbol table;
Call the function with args list;
Every function written can be input as shell command instantly.
I don't think this is a fresh idea, and my question is: Are there any mature codes implemented already?
Thanks for your help!
Sure. If you had working with VxWorks, you'll find WindShell is what you're looking for. I had port a similar shell to Linux. You can download the source from:
https://sourceforge.net/projects/zprj/
Note: don't use the source in commercial products, since they are ported from WindShell. If you do want a shell in commercial fields, then you shall develop one with LEX/YACC.