Запуск GUI без отображения на панели задач

[heybabyone]

Цель состоит в том, чтобы запустить при помощи CreateProcessW, ShellExecuteW приложуху которая имеет GUI, но игнорирует SW_HIDE - спецификация программы.
xttps://prnt.sc/zbp4bk
Как на скрине моя программа запускается как хром или psi+

Можно конечно найти после создание его окно, скрыть, но это такое...
Другой вариант есть с удочерением WinForms.
Есть ли другие методы запуска такого приложения если абсолютно игорируется SW_HIDE и подобное флажки?
Другой вариант - создание скрытого рабочего стола и запуск уже там. Но это детектится жестко.

 

[DildoFagins]

С какого времени другой десктоп стал палиться?

 

[heybabyone]

С какого времени другой десктоп стал палиться?

xttps://github.com/MalwareTech/CreateDesktop/blob/master/Main.cpp
Если имеешь ввиду такой код с CreateDesktop, то это обильно применятеся в молваре. Даже дело не в этом.
У меня мб запуск того же firefox и может палиться как hvnc. Мб я не прав.

 

[DildoFagins]

Хз, если ты не хочешь создавать новый рабочий стол, а софт действительно игнорирует SW_HIDE (мы вроде тут уже натыкались на персонажа, который просто неправильно передавал SW_HIDE в новый процесс), то можно либо проинжектить код и им перехватить всяческие CreateWindow (но это тоже палево), либо постоянно сидеть и мониторить новые окна у процесса и посылать им оконные сообщения на скрытия (но тогда окна могут успеть промелькнуть на экране пользователя). Надо кстати еще не забыть и из Alt+Tab скрыть в таком случае.

 

[smelly__vx]

For CreateProcessW the application visualization is determined by the STARTUPINFOW data structure. More specifically, the member wShowMember must be set to the SW_HIDE (0) flag.

#include <windows.h>

INT main (VOID)
{
    WCHAR lpApplicationPath [MAX_PATH * sizeof (WCHAR)] = {"C:\\Users\\Example\\Desktop\\Example.exe"};
    PROCESS_INFORMATION Pi = {0};
    STARTUPINFOW Si = {0};
    
    Si.cb = sizeof (Si);
    Si.wShowWindow = 0; // SW_HIDE
    
    if (! CreateProcess (lpApplicationPath, // lpApplicationName
                         NULL, // lpCommandLine
                         NULL, // lpProcessAttributes
                         NULL, // lpThreadAttributes
                         FALSE, // bInheritHandles
                         NORMAL_PRIORITY_CLASS, // dwCreationFlags
                         NULL, // lpEnvironment
                         NULL, // lpCurrentDirectory
                         &Si, // lpStartupInfo
                         &Pi)) // lpProcessInformation
    {
        DWORD dwError = GetLastError(); // preserve error code
        printf ("%ld\r\n", dwError);
        return dwError;
    }
    
    // If process is successful ...
    
    WaitForSingleObject (Pi.hProces, INFINITE); // suspend thread until process completes
    
    // when process terminates ...
    if (Pi.hProcess)
        CloseHandle(Pi.hProcess);
        
    if (Pi.hThread)
        CloseHandle(Pi.hThread);
        
    return ERROR_SUCCESS;
}

 

[heybabyone]

For CreateProcessW the application visualization is determined by the STARTUPINFOW data structure. More specifically, the member wShowMember must be set to the SW_HIDE (0) flag.

my english little bit подводит, отвечу на русском, переведешь.
Некоторые проги не воспринимают этот флаг - SW_HIDE (ShellExecute в том числе)

 

[smelly__vx]

Replying in Russian works. I apologize for not knowing Russian

The issue with CreateProcessW and ShellExecuteEx lies within the processes CreateProcessExW function. When the application is ran using ShellExecuteW and CreateProcessW the the target process Window style is defined from the target process.

To expand upon this idea: when an application is executed by the user it will invoke CreateWindowEx. This function coincides with RegisterClass. When RegisterClass is invoked a WNDCLASS structure is associated with the current modules HWND. You can see this demonstrated on MSDN here.

The problem you're facing: when your target application runs its WNDCLASS member is being initialized with valid data. This is normal. However, CreateProcessW and ShellExecuteW will make the set the SW_HIDE attribute only when the target application invokes ShowWindow with the SW_SHOWDEFAULT - additionally, other external processes may attempt to alter the processes WNDCLASS which may disrupt your attempts at making it invisible.

The solution to this problem is you're going to have to get a HANDLE on your target application and force it to be set to SW_HIDE. This will look something like this...

#include <windows.h>

//make global to make things easier...
PROCESS_INFORMATION Pi;
STARTUPINFOW Si;

//EnumWindow callback routine
BOOL CALLBACK EnumWindowCallBackRoutine(HWND hWnd, LPARAM lParam)
{
    DWORD dwProcessId = 0;
    
    GetWindowThreadProcessId(hWnd, &dwProcessId);
    
    if(dwProcessId == Pi.dwProcessId)
    {
        ShowWindow(hWnd, SW_HIDE);
    }

    return TRUE;
}

INT main (VOID)
{
    WCHAR lpApplicationPath [MAX_PATH * sizeof (WCHAR)] = {"C:\\Users\\Example\\Desktop\\Example.exe"};

    ZeroMemory(&Pi, sizeof(Pi));
    ZeroMemory(&Si, sizeof(Si));
    
    Si.cb = sizeof (Si);
    Si.wShowWindow = 0; // SW_HIDE
    
    if (! CreateProcess (lpApplicationPath, // lpApplicationName
                         NULL, // lpCommandLine
                         NULL, // lpProcessAttributes
                         NULL, // lpThreadAttributes
                         FALSE, // bInheritHandles
                         NORMAL_PRIORITY_CLASS, // dwCreationFlags
                         NULL, // lpEnvironment
                         NULL, // lpCurrentDirectory
                         &Si, // lpStartupInfo
                         &Pi)) // lpProcessInformation
    {
        DWORD dwError = GetLastError(); // preserve error code
        printf ("%ld\r\n", dwError);
        return dwError;
    }
    
    
    EnumWindows(EnumWindowCallBackRoutine, NULL);
    
    // If process is successful ...
    WaitForSingleObject (Pi.hProcess, INFINITE); // suspend thread until process completes
    
    // when process terminates ...
    if (Pi.hProcess)
        CloseHandle(Pi.hProcess);
        
    if (Pi.hThread)
        CloseHandle(Pi.hThread);
        
    return ERROR_SUCCESS;
}

 

[heybabyone]

Replying in Russian works. I apologize for not knowing Russian

The issue with CreateProcessW and ShellExecuteEx lies within the processes CreateProcessExW function. When the application is ran using ShellExecuteW and CreateProcessW the the target process Window style is defined from the target process.

To expand upon this idea: when an application is executed by the user it will invoke CreateWindowEx. This function coincides with RegisterClass. When RegisterClass is invoked a WNDCLASS structure is associated with the current modules HWND. You can see this demonstrated on MSDN here.

The problem you're facing: when your target application runs its WNDCLASS member is being initialized with valid data. This is normal. However, CreateProcessW and ShellExecuteW will make the set the SW_HIDE attribute only when the target application invokes ShowWindow with the SW_SHOWDEFAULT - additionally, other external processes may attempt to alter the processes WNDCLASS which may disrupt your attempts at making it invisible.

The solution to this problem is you're going to have to get a HANDLE on your target application and force it to be set to SW_HIDE. This will look something like this...

#include <windows.h>

//make global to make things easier...
PROCESS_INFORMATION Pi;
STARTUPINFOW Si;

//EnumWindow callback routine
BOOL CALLBACK EnumWindowCallBackRoutine(HWND hWnd, LPARAM lParam)
{
    DWORD dwProcessId = 0;
   
    GetWindowThreadProcessId(hWnd, &dwProcessId);
   
    if(dwProcessId == Pi.dwProcessId)
    {
        ShowWindow(hWnd, SW_HIDE);
    }

    return TRUE;
}

INT main (VOID)
{
    WCHAR lpApplicationPath [MAX_PATH * sizeof (WCHAR)] = {"C:\\Users\\Example\\Desktop\\Example.exe"};

    ZeroMemory(&Pi, sizeof(Pi));
    ZeroMemory(&Si, sizeof(Si));
   
    Si.cb = sizeof (Si);
    Si.wShowWindow = 0; // SW_HIDE
   
    if (! CreateProcess (lpApplicationPath, // lpApplicationName
                         NULL, // lpCommandLine
                         NULL, // lpProcessAttributes
                         NULL, // lpThreadAttributes
                         FALSE, // bInheritHandles
                         NORMAL_PRIORITY_CLASS, // dwCreationFlags
                         NULL, // lpEnvironment
                         NULL, // lpCurrentDirectory
                         &Si, // lpStartupInfo
                         &Pi)) // lpProcessInformation
    {
        DWORD dwError = GetLastError(); // preserve error code
        printf ("%ld\r\n", dwError);
        return dwError;
    }
   
   
    EnumWindows(EnumWindowCallBackRoutine, NULL);
   
    // If process is successful ...
    WaitForSingleObject (Pi.hProcess, INFINITE); // suspend thread until process completes
   
    // when process terminates ...
    if (Pi.hProcess)
        CloseHandle(Pi.hProcess);
       
    if (Pi.hThread)
        CloseHandle(Pi.hThread);
       
    return ERROR_SUCCESS;
}

you solved my problem. But before EnumWindows(EnumWindowCallBackRoutine, NULL); need set Sleep()
Thank's