How do I poke the flag in a win32 PE that controls console window display
I have an executable which is part of a batch process. This one executable opens a console window, which is annoying since it's useless to the end user a开发者_开发知识库nd steals focus away from their active task.
We can't compile a new version from of this EXE from source (easily). Is there an easy way to twiddle this setting in the PE?
Found it.
editbin.exe /subsystem:windows foo.exe
editbin.exe is part of MSVC
I have wrote it with python based on the PE specification http://msdn.microsoft.com/en-us/library/windows/hardware/gg463119.aspx
I'm not sure that Windows EXE binaries with console|windows subsystem have same Entry Point Format (with same arguments), but it seem that it is so.
Python Code:
import sys
import struct
if len(sys.argv) < 4:
print "Change Exe Run Mode Application by burlachenkok@gmail.com\nNot sufficient parametrs. 'exe_src_name.exe' 'exe_dest_name.exe' 'to_console' or 'to_windows'"
sys.exit(-1)
source = open(sys.argv[1], "rb")
dest = open(sys.argv[2], "w+b")
dest.write(source.read())
dest.seek(0x3c)
(PeHeaderOffset,)=struct.unpack("H", dest.read(2))
dest.seek(PeHeaderOffset)
(PeSignature,)=struct.unpack("I", dest.read(4))
if PeSignature != 0x4550:
print "Error in Find PE header"
dest.seek(PeHeaderOffset + 0x5C)
if sys.argv[3].strip() == "to_console":
# console mode
dest.write(struct.pack("H", 0x03))
elif sys.argv[3].strip() == "to_windows":
# window mode
dest.write(struct.pack("H", 0x02))
else:
print "Wrong Format: '" + sys.argv[3] + "'"
source.close()
dest.close()
print "Completed succesfully.."
Here is a node version of the Python code :)
const fs = require('fs');
const bufferpack = require('bufferpack');
if(process.argv.length < 4) {
console.log("Change Exe Run Mode Application \nNot sufficient parameters. 'exe_src_name.exe' 'exe_dest_name.exe' 'to_console' or 'to_windows'");
process.exit(-1);
}
function read(f, size, offset) {
if(typeof size == 'undefined') size = 1;
if(typeof offset == 'undefined') offset = -1;
const buffer = Buffer.alloc(size);
fs.readSync(f, buffer, 0, size, offset);
return buffer;
}
const source = fs.openSync(process.argv[2], "r");
const dest = fs.openSync(process.argv[3], "w+");
fs.writeSync(dest, read(source, fs.statSync(process.argv[2]).size, 0));
const PeHeaderOffset = bufferpack.unpack('<H', read(dest, 2, 0x3c)).pop();
const PeSignature = bufferpack.unpack('<I', read(dest, 4, PeHeaderOffset)).pop();
if(PeSignature != 0x4550) {
console.log("Error in Find PE header");
process.exit(-1);
}
if(process.argv[4] == "to_console") {
// console mode
fs.writeSync(dest, bufferpack.pack('<H', [0x03]), 0, 1, PeHeaderOffset + 0x5C);
} else if(process.argv[4] == "to_windows") {
// window mode
fs.writeSync(dest, bufferpack.pack('<H', [0x02]), 0, 1, PeHeaderOffset + 0x5C);
} else {
console.log("Wrong Format: '" + process.argv[4] + "'");
}
fs.closeSync(source);
fs.closeSync(dest);
console.log("Completed succesfully.");
精彩评论