开发者

How do I poke the flag in a win32 PE that controls console window display

I have an executable which is part of a batch process. This one executable opens a console window, which is annoying since it's useless to the end user a开发者_开发知识库nd steals focus away from their active task.

We can't compile a new version from of this EXE from source (easily). Is there an easy way to twiddle this setting in the PE?


Found it.

editbin.exe /subsystem:windows foo.exe

editbin.exe is part of MSVC


I have wrote it with python based on the PE specification http://msdn.microsoft.com/en-us/library/windows/hardware/gg463119.aspx

I'm not sure that Windows EXE binaries with console|windows subsystem have same Entry Point Format (with same arguments), but it seem that it is so.

Python Code:

import sys
import struct

if len(sys.argv) < 4:
    print "Change Exe Run Mode Application by burlachenkok@gmail.com\nNot sufficient parametrs. 'exe_src_name.exe' 'exe_dest_name.exe' 'to_console' or 'to_windows'"
    sys.exit(-1)

source = open(sys.argv[1], "rb")
dest   = open(sys.argv[2], "w+b")
dest.write(source.read())

dest.seek(0x3c)
(PeHeaderOffset,)=struct.unpack("H", dest.read(2))

dest.seek(PeHeaderOffset)
(PeSignature,)=struct.unpack("I", dest.read(4))
if PeSignature != 0x4550:
    print "Error in Find PE header"

dest.seek(PeHeaderOffset + 0x5C)

if sys.argv[3].strip() == "to_console":
    # console mode
    dest.write(struct.pack("H", 0x03))
elif sys.argv[3].strip() == "to_windows":
    # window mode
    dest.write(struct.pack("H", 0x02))
else:
    print "Wrong Format: '" + sys.argv[3] + "'"

source.close()
dest.close()

print "Completed succesfully.."


Here is a node version of the Python code :)

const fs = require('fs');
const bufferpack = require('bufferpack');

if(process.argv.length < 4) {
    console.log("Change Exe Run Mode Application \nNot sufficient parameters. 'exe_src_name.exe' 'exe_dest_name.exe' 'to_console' or 'to_windows'");
    process.exit(-1);
}

function read(f, size, offset) {
  if(typeof size == 'undefined') size = 1;
  if(typeof offset == 'undefined') offset = -1;
  const buffer = Buffer.alloc(size);
  fs.readSync(f, buffer, 0, size, offset);
  return buffer;
}

const source = fs.openSync(process.argv[2], "r");
const dest = fs.openSync(process.argv[3], "w+");
fs.writeSync(dest, read(source, fs.statSync(process.argv[2]).size, 0));
const PeHeaderOffset = bufferpack.unpack('<H', read(dest, 2, 0x3c)).pop();
const PeSignature = bufferpack.unpack('<I', read(dest, 4, PeHeaderOffset)).pop();
if(PeSignature != 0x4550) {
  console.log("Error in Find PE header");
  process.exit(-1);
}

if(process.argv[4] == "to_console") {
    // console mode
    fs.writeSync(dest, bufferpack.pack('<H', [0x03]), 0, 1, PeHeaderOffset + 0x5C);
} else if(process.argv[4] == "to_windows") {
    // window mode
    fs.writeSync(dest, bufferpack.pack('<H', [0x02]), 0, 1, PeHeaderOffset + 0x5C);
} else {
    console.log("Wrong Format: '" + process.argv[4] + "'");
}
fs.closeSync(source);
fs.closeSync(dest);

console.log("Completed succesfully.");
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜