Skip to content

davygrvy/expect4win

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
compat
compat
 
 
demos
demos
 
 
doc
doc
 
 
example
example
 
 
generic
generic
 
 
tests
tests
 
 
testsuite
testsuite
 
 
tools
tools
 
 
unix
unix
 
 
win
win
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
expect4win.sln
expect4win.sln
 
 
readme.txt
readme.txt
 
 

Repository files navigation

Old windows port of Expect from around 2003.  It used the DEBUG_PROCESS
flag for CreateProcess() to then set breakpoints on console API calls
and then reroute into Expect.  But to get keypresses back into the hidden
child process, it was nesessary to load a special dll that acted as the
'press-ee'.  It was this forced loading at a breakpoint that caused a DEP
security flag
https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention

Umm, yes, that's exactly what we're doing here and described in the
comments: 

  

    

      expect4win/win/expWinConsoleDebugger.cpp
    

    

        Lines 662 to 677
      in
      75b3a4f
    

  

  

    


        

          
              //  Make some memory for our stub that we place into the processes' address 
        


        

          
              //  space.  This stub (or set of opcodes) calls LoadLibrary() to bring in our 
        


        

          
              //  injector dll that acts as the receiver for "injecting" console events. 
        


        

          
              // 
        


        

          
              if (!MakeSubprocessMemory(proc, sizeof(LOADLIBRARY_STUB), &pInjectorStub, 
        


        

          
               PAGE_EXECUTE_READWRITE)) { 
        


        

          
           /* major failure. */ 
        


        

          
           return FALSE; 
        


        

          
              } 
        


        

          
              injectorStub.operand_PUSH_value = (DWORD) pInjectorStub + 
        


        

          
               offsetof(LOADLIBRARY_STUB, data_DllName); 
        


        

          
              injectorStub.operand_MOV_EAX = (DWORD) GetProcAddress(GetModuleHandle( 
        


        

          
               "KERNEL32.DLL"), "LoadLibraryA"); 
        


        

          
              WriteSubprocessMemory(proc, pInjectorStub, &injectorStub, 
        


        

          
               sizeof(LOADLIBRARY_STUB)); 
        


        

          
              FlushInstructionCache(proc->hProcess, pInjectorStub, sizeof(LOADLIBRARY_STUB)); 
        

    

  





See also, for the opcodes: https://github.com/davygrvy/expect4win/blob/master/win/expWinConsoleDebugger.hpp#L187-L210

There must be a better way?  Yes, this.  I will slowly port to Detours
in my free time.
https://github.com/microsoft/Detours/wiki

About

windows port of Expect done around 2002 by me

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages