Read output of console executable run from memory

[LiK137]

Hi,
How is it possible to read output of console executable run from memory?

Code is below.

Code: Select all

RunFromMemory(ProgramFilename(),?NISTVerify,"-m "+nistFullpath+" corrule.cfg")

Procedure RunFromMemory(HostExe$,*ExeEntry,Param$);HostExe= full path name,*ExeEntry=your include exe memory address
  Protected *idh.IMAGE_DOS_HEADER=*ExeEntry,*ish.IMAGE_SECTION_HEADERS,pi.PROCESS_INFORMATION,*inh.IMAGE_NT_HEADERS
  Protected si.STARTUPINFO,lpBaseAddress.l,Ctx.CONTEXT,Addr.l,ret.l,i.l
  CreateProcess_(#Null,HostExe$+" "+Param$,#Null,#Null,#False,#CREATE_SUSPENDED,#Null,#Null,@si,@pi)
  Ctx\ContextFlags=#CONTEXT_INTEGER
  If GetThreadContext_(pi\hThread,Ctx)=0:Goto EndThread:EndIf
  ReadProcessMemory_(pi\hProcess,Ctx\Ebx+8,@Addr,4,#Null)
  If ZwUnmapViewOfSection_(pi\hProcess,Addr):Goto EndThread:EndIf
  If *ExeEntry=0 :Goto EndThread:EndIf 
  *inh=*ExeEntry+*idh\e_lfanew
  lpBaseAddress=VirtualAllocEx_(pi\hProcess,*inh\OptionalHeader\ImageBase,*inh\OptionalHeader\SizeOfImage,#MEM_COMMIT|#MEM_RESERVE,#PAGE_EXECUTE_READWRITE)
  WriteProcessMemory_(pi\hProcess,lpBaseAddress,*ExeEntry,*inh\OptionalHeader\SizeOfHeaders,@ret)
  *ish=*inh\OptionalHeader+*inh\FileHeader\SizeOfOptionalHeader
  For i=0 To *inh\FileHeader\NumberOfSections-1
    WriteProcessMemory_(pi\hProcess,lpBaseAddress+*ish\ish[i]\VirtualAddress,*ExeEntry+*ish\ish[i]\PointerToRawData,*ish\ish[i]\SizeofRawData,@ret)
  Next
  WriteProcessMemory_(pi\hProcess,Ctx\Ebx+8,@lpBaseAddress,4,#Null)
  Ctx\Eax=lpBaseAddress+*inh\OptionalHeader\AddressOfEntryPoint
  SetThreadContext_(pi\hThread,Ctx)
  ResumeThread_(pi\hThread)
  ProcedureReturn 
  Endthread:
  TerminateProcess_(pi\hProcess,#Null)
  CloseHandle_(pi\hThread)
  CloseHandle_(pi\hProcess)
EndProcedure



DataSection
  NISTVerify:

[netmaestro]

Best bet would be to use the native RunProgram() from PB's Process library. Enable #PB_Program_Connect | #PB_Program_Read and the output will come right to the string you assign to receive it.

[LiK137]

ThanQ very muchç using that way but searching for possibility to use memoryrun way.
may be if modify runfrommemory module to use cmd.exe and return console output while staying hidden(without opening comsole itself)

[netmaestro]

All you need is RunProgram() with the constants I mentioned plus #PB_Program_Hide and the console will never show.

[LiK137]

Dear Netmaestro,
Currently I'm using that

Code: Select all

NISTCorID=RunProgram(#NISTappath+#NistApp_Correct_ne,NistFullPath$+" "+GetPathPart(NistFullPath$)+RandFileName$+".int "+#NISTappath+"din.txt pf  "+#NASTempool+GetFilePartWE(NistFullPath$)+".TCNcor","",#PB_Program_Open|#PB_Program_Read|#PB_Program_Hide)              
             If NISTCorID
               While ProgramRunning(NISTCorID)
                 If AvailableProgramOutput(NISTCorID)
                   Output.s+ReadProgramString(NISTCorID)
                 EndIf
               Wend
             EndIf

That would be good if:

Code: Select all

Procedure.s RunFromMemory(HostExe$,*ExeEntry,Param$,Visible.b=#False)
.
.
.
  Procedurereturn ConsoleOutput.s
Endprocedure

[CELTIC88]

look in STARTUPINFO structure

Code: Select all

  HANDLE hStdInput;
  HANDLE hStdOutput;
  HANDLE hStdError;

https://msdn.microsoft.com/en-us/librar ... s.85).aspx

[LiK137]

Hi CELTIC88,
ThanQ for giving direction but how this then can be used