Process, Thread & Handler

Part 1 of the learning path

The is the beginning of my learning path about malware development (aka maldev). I will put here my works, the useful resources and some codes to have a sort of blog/source code haven for all of that I was learning.

Reference:

The video which contains the learning stuffs and the homework of this page

Homework: Hello World! with Win32 API

Here an example of using the MessageBoxW() function:

#include <windows.h>

int main(void) {

    // MessageBoxW : Unicode
    MessageBoxW(
        NULL,
        L"This is the homework 1",
        L"Crow Homeworks",
        MB_OK | MB_ICONINFORMATION
    );

    return EXIT_SUCCESS;
}

Homework : create a Process

Now, in the video, if you stayed until the end, you'll have heard that I assigned you some homework. I wasn't kidding. Here's your homework. I want you to, using some of the Win32 API functions covered in the video, develop a program that will do the following:

Startup a process of your choosing, and print out some values like the PID, TID and Handles for the subsequent processes/threads. Then, have it wait for the process or thread to finish using an API like WaitForSingleObject() before closing the handles to your thread and process, using an API like CloseHandle().

My solution for the homework's crow:

#include <windows.h>
#include <stdio.h>

int main(void) {

    STARTUPINFOW si = { 0 };
    PROCESS_INFORMATION pi = { 0 };

    // BOOL CreateProcessW(
    //   [in, optional]      LPCWSTR               lpApplicationName,
    //   [in, out, optional] LPWSTR                lpCommandLine,
    //   [in, optional]      LPSECURITY_ATTRIBUTES lpProcessAttributes,
    //   [in, optional]      LPSECURITY_ATTRIBUTES lpThreadAttributes,
    //   [in]                BOOL                  bInheritHandles,
    //   [in]                DWORD                 dwCreationFlags,
    //   [in, optional]      LPVOID                lpEnvironment,
    //   [in, optional]      LPCWSTR               lpCurrentDirectory,
    //   [in]                LPSTARTUPINFOW        lpStartupInfo,
    //   [out]               LPPROCESS_INFORMATION lpProcessInformation
    // );

    // Works only on W10 (mspaint.exe doesn't exist on W11)
    if(CreateProcessW(
        L"C:\\Windows\\System32\\mspaint.exe",
        NULL,
        NULL,
        NULL,
        FALSE,
        BELOW_NORMAL_PRIORITY_CLASS,
        NULL,
        NULL,
        &si,
        &pi

    )) {
        printf("(+) got handle to process\n");
        printf("(+) process started! pid: %ld\n", pi.dwProcessId);
        printf("    (+) pid: %ld, handle: %ld\n", pi.dwProcessId, pi.hProcess);
        printf("    (+) tid: %ld, handle: %ld\n", pi.dwThreadId, pi.hThread);

        WaitForSingleObject(pi.hProcess, 10000);

        printf("(+) finished! exiting...\n");

        CloseHandle(pi.hProcess);

        return EXIT_SUCCESS;
    }

    return EXIT_FAILURE;
}

Homework : open a Process

TODO !