Discussion:
no shell in an exe?
(too old to reply)
T
2020-03-31 07:21:07 UTC
Permalink
Hi All,

Anyone know if there is a bit somewhere in

https://docs.microsoft.com/en-us/windows/win32/debug/pe-format

that will tell Windows not to run the program without a big
black box shell pop up?

Many thanks,
-T
R.Wieser
2020-03-31 07:54:35 UTC
Permalink
T,

Hello again. :-)
Post by T
Anyone know if there is a bit somewhere in
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format
that will tell Windows not to run the program without a big
black box shell pop up?
The target environment (gui, console, others) of the program is stored in
the "Subsystem" field (inside the "Optional Header Windows-Specific Fields
(Image Only)" record). You could try to change the
IMAGE_SUBSYSTEM_WINDOWS_CUI (value=3) value into IMAGE_SUBSYSTEM_WINDOWS_GUI
(value=2). I've got no idea what the side effects (if any) of such a
change might be though.

But depending on how you start the program there might be another option: If
you "shell" the program that command/function might have an option to run
the program on the background (not showing anything). For instance,
VBScripts "run" (WScript.Shell) has got a second argument, which, when set
to Zero, will hide the called program.

Regards,
Rudy Wieser
T
2020-03-31 08:14:38 UTC
Permalink
Post by R.Wieser
T,
Hello again. :-)
Post by T
Anyone know if there is a bit somewhere in
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format
that will tell Windows not to run the program without a big
black box shell pop up?
The target environment (gui, console, others) of the program is stored in
the "Subsystem" field (inside the "Optional Header Windows-Specific Fields
(Image Only)" record). You could try to change the
IMAGE_SUBSYSTEM_WINDOWS_CUI (value=3) value into IMAGE_SUBSYSTEM_WINDOWS_GUI
(value=2). I've got no idea what the side effects (if any) of such a
change might be though.
But depending on how you start the program there might be another option: If
you "shell" the program that command/function might have an option to run
the program on the background (not showing anything). For instance,
VBScripts "run" (WScript.Shell) has got a second argument, which, when set
to Zero, will hide the called program.
Regards,
Rudy Wieser
Hi Rudy,

I know you'd know the answer! Thank you!

-T

Do you know of a utility to do that for me?
R.Wieser
2020-03-31 09:04:52 UTC
Permalink
T,
Post by T
I know you'd know the answer! Thank you!
:-) And you're welcome.
Post by T
Do you know of a utility to do that for me?
No idea. But that might be caused because of me rather trying to write such
a solution myself than looking for somebody elses for it (which are often
written as complete toolboxes when I only need a single tool. IOW, bloated).

If you want to attempt to do it yourself, the offset to that field is in a
fixed location in relation to the "PE" header. You just need to skip the
"MZ" header.

Regards,
Rudy Wieser
Felix Palmen
2020-03-31 09:16:02 UTC
Permalink
[PE Subsystem]
Do you know of a utility to do that for me?
In case of software built by yourself, your linker should have
appropriate options.
--
Dipl.-Inform. Felix Palmen <***@palmen-it.de> ,.//..........
{web} http://palmen-it.de {jabber} [see email] ,//palmen-it.de
{pgp public key} http://palmen-it.de/pub.txt // """""""""""
{pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A
T
2020-03-31 12:42:26 UTC
Permalink
Post by Felix Palmen
[PE Subsystem]
Do you know of a utility to do that for me?
In case of software built by yourself, your linker should have
appropriate options.
It is software I downloaded (Rakudo Star).
Kaz Kylheku
2020-03-31 17:20:01 UTC
Permalink
Post by T
Hi All,
Anyone know if there is a bit somewhere in
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format
that will tell Windows not to run the program without a big
black box shell pop up?
Yes there is, and it can be changed with Microsoft's EDITBIN
utility (and other ways).

Google for editbin.exe.
R.Wieser
2020-03-31 18:44:13 UTC
Permalink
Kaz,
Post by Kaz Kylheku
Google for editbin.exe.
[quote]
You can start this tool only from the Visual Studio command prompt. You
cannot start it from a system command prompt or from File Explorer.
[/quote]

(
https://docs.microsoft.com/en-us/cpp/build/reference/editbin-reference?view=vs-2019 )

In other words: Not a stand-alone tool.
Post by Kaz Kylheku
and other ways
In this particular case an HEX-editor would do too, though maybe not as easy
as point-and-click.

Regards,
Rudy Wieser
T
2020-04-01 01:44:03 UTC
Permalink
Post by Kaz Kylheku
Post by T
Hi All,
Anyone know if there is a bit somewhere in
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format
that will tell Windows not to run the program without a big
black box shell pop up?
Yes there is, and it can be changed with Microsoft's EDITBIN
utility (and other ways).
Google for editbin.exe.
Hi Kaz,

Thank you!

hexedit is plan B.

Plan A is Rudy's

"start /min \"C:\\......\""

-T

Loading...