When coming across malicious Windows executable files, I noticed that some .exe files are able to run without opening a window of any kind. However, when running executables written in languages like C or C++, they always open up a console window at the very least.
How are malicious Windows executables able to run without having a window or showing up in the taskbar?
Is it a certain language or API that allows them to do this?
Lots of ways. The simplest is that they can run as a Windows subsystem process (instead of a Console subsystem - i.e. command-line one), and just not bother to ever create and show a window. They can run as a service process, or as a child of a service process (via injection into the service); those don't show UI. They can run on a different desktop (though there's no reason to do this, unless they want to show a window but don't want other processes to see that window). There's probably many others.
Related
I want to develop an application with VB.NET 4.7.2 Framework, using WinForms. The application must run like a service, that is, ran at Windows startup (after boot, before login). It's intended to run only on a local enviroment, and play some sound files while the local user hasn't logon yet.
My first aproach to this problem was developing a WinForm app that accepted command line args, so when it was executed without args, the GUI appeared to let the user customize some of the features of the program, and when it was executed with args, then no GUI is shown and music is played.
However, the method for detecting when login/logouts and other NT Session Events happened was by hooking a script onto the Windows Scheduler, which ended up being a bad idea, because half of the times, the program would lock up (as the Windows Scheduler would try to execute multiple times) or didn't even execute the program (because it didn't even fire up correctly the login event).
Now, I've considered remaking my code into two programs, a service that runs the code, and a GUI app that sets up the settings for the service program. My idea is to embed an executable inside the main GUI app executable, so it automatically extracts it to a folder in order to run the service program.
However, I can imagine this isn't a pretty clean solution; more so if it triggers by error an antivirus.
I would appreciate some kind of help to get this working on a much clean and safe way.
Note: The main goal of this question is to preserve the all-in-one executable format, if possible. If not, either design a way to run a WinForm app like a system service (run at Windows startup, before login), or two individual programs, one as a service and the other as the GUI program.
We're experiencing problems spying a Citrix window.
Our team is not able to spy the outline of the Citrix application window once it is launched. We tried full-screen, on the desktop, on the laptop, closing all other windows, and numerous other scenarios. I believe that it is because the sign-in is via internet explorer and once the Citrix application is launched, the application detaches from Blue Prism.
We were working to troubleshoot this issue and are trying to set up a separate business object for the Citrix window. Another problem is that we cannot launch the Citrix .exe file because it does not allow us to input any parameters to log-in that way. We’re now looking into saving the Citrix file as an .ica file (see https://support.citrix.com/article/CTX804493).
Does anyone have any suggestions?
You'll need to use Surface Automation techniques in order to interact with applications launched via Citrix. Essentially bitmap mapping.
If you are having difficulty attaching to the citrix window itself, try using a dedicated application like citrix receiver and have Blue Prism launch that application.
You could also try checking the windows process running (.exe) once citrix is launched via IE, and then try attaching to that process.
Good Luck.
Try using System Internals process monitor to make sure you attach the correct application, download it for free from Microsoft
When you work with Citrix it depends on the mode you are using. Some of the windows will actually be separate windows, use the Active Accessibility mode to spy them. Some other "windows" or tabs are only visual and you will need to use the Region mode to interact with them.
You should probably be aware that BP has a known issue not flushing all unused memory until the process is finished. If you have a large scale SA process that requires a lot of image processing, OCR etc. it should be a design consideration.
I am doing some research into building a cross-platform desktop application using web technologies. Both node-webkit and electron/atom would be perfect for the job.
However, with it being a multi-window app, my clients aren't too keen on the vast number of processes which chromium creates (2 per window).
I've looked into passing some different command line switches, --single-process and a few others but they only seem to cause the app to crash on startup.
I then looked at node itself, the closest i got here was the process API exposes methods to set the group PID. Alas, this is unsupported on windows which is my primary target platform.
I don't know if you've ever googled "hide process from task manager", it's starting to look a bit scary and deep-webish. there must be an easier way.
Does anyone have some suggestions or maybe a different technology?
This isn't possible, sorry! The code that allows single-process in Chromium is busted and bitrotted
I've been dealing with the same issue and can confirm that as of Electron version 1.4.10 the --single-process flag is still crashing the app.
I ended up using --process-per-site. It groups the processes per web site/domain. If you are using Angular in your app (with the same index page), all Browsers will be launched with the same process.
https://www.chromium.org/developers/design-documents/process-models
Currently I have a plugin for Petrel that is used in batch mode. So Petrel is launched from the command line, with the class/method to run specified via command line parameters. All fairly straight forward.
However, I'd like this operation to be performed from a Windows service. Simple experimentation suggests this won't work due to Petrel needing to open a window and thus needing to be run from a logged in user account.
Is there a way around this, or is it impossible to run Petrel from a service?
You may be able to use PetrelEngine. It is normally used to launch Petrel in silent mode for automated testing, but I think it might work for you.
PetrelEngine.Instance.Initialize("-licensePackage Package1");
I have some scripts (AutoIt) browsing YouTube for list of trending videos etc. It involves no mouse clicks (just keystrokes). The script takes a long time to finish and I can't use my PC during this time (it needs the window activated to work on it).
Is there anything I can do about this? Can these scripts run from a server or some stuff like that?
I've run into a similar problem: got to run automation with AutoIt on a Windows Server and the whole thing had got to be headless. Using Remote Desktop simply didin't work because then I'd had to keep a client opened and maximized all the time.
Short solution: install a VNC server in the Windows Server, open a client from another computer, log in and close the client. As the AutoIt script was being started by a Jenkins job, before closing the client the Jenkins applet had to be started via web interface.
By the way, I've had this idea from this post: How to run remote headless GUI automation.
As Johannes said, AutoIt probably wouldn't be suitable (and likewise AutoHotkey), but you could check out the many GUI and web testing frameworks that exist for other languages. With some of those, you can run a "headless" browser (a program that navigates the web just like a browser, but has no visible window); or you can run a standard browser on a virtual display like a Xvfb X11 server. This would be easiest if the server (or wherever it's going to run) is running a Unix-like OS, but it may be possible with Windows too.
Selenium Webdriver seems to be a very popular choice for scripting and testing actual browsers. It's natively Java but has bindings for languages like Ruby. It can also hook into something called HtmlUnit, which is also Java; that's one of the more popular headless browsers. Another (a relative newcomer) is phantom.js, which is in Javascript but (again) has bindings for other languages.
As far as I know this will not work unless the user account is logged on. You could try to see if you could convert it to an exe and run this as a service, but even then I don't think this will work. Let me know if you found out!
You can either:
Hide your window (SetWindowState #SW_HIDE) or something like that...
and use ControlClicks (if the they are original controls!)
or
Hide your window and use SendControl
or
use SendKeepActive
or
use OLEObjects like ie.au3 for automation.
Good Luck