News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

CreateNamedPipe and StdInput

Started by AgentSmithers, May 03, 2011, 06:17:00 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

AgentSmithers

May 03, 2011, 06:17:00 AM
Hi Guys, Currently I am writing this app to pipe information to a remote shell on my local machine, I prefer to do it through named pipes so I can use it over the network and impersonate the client if needed

Current I have this

Code Select
.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\Ws2_32.inc
include \masm32\include\advapi32.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\Ws2_32.lib
includelib \masm32\lib\advapi32.lib

TokenPrimary = 1
SecurityImpersonation = 2

.data
PipeName db "\\.\pipe\MyPipe", 0
Buffer DB 128 dup (0)
cmd db "cmd.exe", 0

sinfo STARTUPINFO<>
pinfo PROCESS_INFORMATION<>
sa SECURITY_ATTRIBUTES<>

.data?

hPipe dd ?
hPipeCreateFile dd ?
OpenMode dd ?
PipeMode dd ?
BytesReturned dd ?
ProcessHandle dd ?
PsudoThreadHandle dd ?
ThreadHandle dd ?
hToken dd ?
PrimaryToken dd ?

.code
start:

mov OpenMode, PIPE_ACCESS_DUPLEX
or OpenMode, FILE_FLAG_WRITE_THROUGH

mov PipeMode, PIPE_WAIT
or PipeMode, PIPE_TYPE_MESSAGE
or PipeMode, PIPE_READMODE_MESSAGE

invoke CreateNamedPipe, ADDR PipeName, OpenMode, PipeMode, 10, 10000, 2000, 10000, 0
mov hPipe, eax
invoke ConnectNamedPipe, hPipe, 0

mov sinfo.cb, sizeof STARTUPINFO
invoke GetStartupInfo, addr sinfo
mov sinfo.dwFlags, STARTF_USESTDHANDLES

;invoke GetStdHandle, STD_INPUT_HANDLE
mov eax, hPipe
mov sinfo.hStdInput, eax

invoke GetStdHandle, STD_OUTPUT_HANDLE
mov sinfo.hStdOutput, eax
mov sinfo.hStdError, eax

invoke AllocConsole

invoke CreateProcess, 0, ADDR cmd, 0, 0, TRUE, NORMAL_PRIORITY_CLASS, 0, 0, ADDR sinfo, ADDR pinfo

invoke WaitForSingleObject, pinfo.hProcess, -1

Invoke MessageBoxA, 0, ADDR PipeName, ADDR PipeName, 0

exit:
invoke ExitProcess,0
end start

Now is issue is right after CreateProcess is called WaitForSingleObject does not wait when it uses the Pipes Handle as STDInput, Nor does any of the Data I write to the Application gets Pipes to CMD.exe
But
If I use the STD_INPUT_HANDLE the object waits but still does not pipe for a obvious reason. Any clue what I'm missing to get this to work with a named pipe?
Print
Go Up Pages1
User actions