{"id":20208308,"url":"https://github.com/cubiclesoft/createprocess-windows","last_synced_at":"2025-04-10T12:56:14.479Z","repository":{"id":5814873,"uuid":"7029925","full_name":"cubiclesoft/createprocess-windows","owner":"cubiclesoft","description":"A complete, robust command-line utility to construct highly customized calls to the CreateProcess() Windows API. Released under a MIT or LGPL license.","archived":false,"fork":false,"pushed_at":"2022-05-16T16:20:51.000Z","size":1143,"stargazers_count":88,"open_issues_count":1,"forks_count":30,"subscribers_count":12,"default_branch":"master","last_synced_at":"2023-03-22T15:57:18.697Z","etag":null,"topics":["createprocess","ntcreatetoken","ntsetinformationprocess","sudo","tcp"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cubiclesoft.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-12-06T04:41:37.000Z","updated_at":"2023-01-17T07:47:45.000Z","dependencies_parsed_at":"2022-08-06T19:00:53.275Z","dependency_job_id":null,"html_url":"https://github.com/cubiclesoft/createprocess-windows","commit_stats":null,"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cubiclesoft%2Fcreateprocess-windows","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cubiclesoft%2Fcreateprocess-windows/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cubiclesoft%2Fcreateprocess-windows/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cubiclesoft%2Fcreateprocess-windows/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cubiclesoft","download_url":"https://codeload.github.com/cubiclesoft/createprocess-windows/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224573515,"owners_count":17333807,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["createprocess","ntcreatetoken","ntsetinformationprocess","sudo","tcp"],"created_at":"2024-11-14T05:35:01.936Z","updated_at":"2024-11-14T05:35:02.483Z","avatar_url":"https://github.com/cubiclesoft.png","language":"C++","readme":"CreateProcess() Windows API Command-Line Utility\n================================================\n\nA complete, robust command-line utility to construct highly customized calls to the CreateProcess() Windows API to start new processes. Released under a MIT or LGPL license.\n\nThis project is intended primarily for use from batch files (.bat) to execute other programs. If it can be done with CreateProcess(), it can be done with this command-line program.\n\nWhy would you need this? One use-case would be for programs that don't play nice even with the 'start' command. For example, Apache 'httpd.exe' hangs the command-line even with 'start /B /MIN' but running this program with `/f=DETACHED_PROCESS` to start Apache and it runs completely in the background. I developed this initially for Apache (way overkill for one feature), but I've had need for this program for other things on many different occasions, including starting processes from scripting languages that don't offer sufficient facilities on Windows.\n\nLearn about security tokens, advanced usage of the CreateProcess command-line tool, and much more:\n\n[![Windows Security Objects: A Crash Course + A Brand New Way to Start Processes on Microsoft Windows video](https://user-images.githubusercontent.com/1432111/118288197-0574ec00-b489-11eb-96e5-fab0f6149171.png)](https://www.youtube.com/watch?v=pmteqkbBfAY \"Windows Security Objects: A Crash Course + A Brand New Way to Start Processes on Microsoft Windows\")\n\n[![Donate](https://cubiclesoft.com/res/donate-shield.png)](https://cubiclesoft.com/donate/) [![Discord](https://img.shields.io/discord/777282089980526602?label=chat\u0026logo=discord)](https://cubiclesoft.com/product-support/github/)\n\nFeatures\n--------\n\n* Command-line action!\n* Verbose mode tells you exactly how CreateProcess() will be called. No more guessing!\n* Can redirect stdin, stdout, and stderr to TCP/IP sockets. Avoid blocking on anonymous pipes or storing output in files!\n* Can use named mutexes and semaphores to control how many processes can run at the same time.\n* Start elevated processes (UAC support).\n* Start child processes as any valid user without requiring the user's credentials. Including the powerful NT AUTHORITY\\SYSTEM account!\n* Pre-built binaries using Visual Studio (statically linked C++ runtime, minimal file size of ~162K, direct Win32 API calls).\n* Console and Windows subsystem variants.\n* Unicode support.\n* Offers almost everything CreateProcess() offers plus a couple of nice extras (e.g. output the process ID to a file).\n* Has a liberal open source license. MIT or LGPL, your choice.\n* Sits on GitHub for all of that pull request and issue tracker goodness to easily submit changes and ideas respectively.\n\nUseful Information\n------------------\n\nRunning the command by itself will display the options:\n\n```\n(C) 2021 CubicleSoft. All Rights Reserved.\n\nSyntax: createprocess [options] EXEToRun [arguments]\n\nOptions:\n /v\n Verbose mode.\n\n /w[=Milliseconds]\n Waits for the process to complete before exiting.\n The default behavior is to return immediately.\n If Milliseconds is specified, the number of milliseconds to wait.\n Return code, if any, is returned to caller.\n\n /pid=File\n Writes the process ID to the specified file.\n\n /term\n Used with /w=Milliseconds.\n Terminates the process when the wait time is up.\n\n /runelevated\n Calls CreateProcess() as a high Integrity Level elevated process.\n /w should be specified before this option.\n May trigger elevation. Not compatible with /term when not elevated.\n\n /elevatedtoken\n Uses an elevated token to create a child process.\n May create a temporary SYSTEM service to copy the primary token via\n undocumented Windows kernel APIs.\n\n /systemtoken\n Uses a SYSTEM token to create a child process.\n May create a temporary SYSTEM service to copy the primary token via\n undocumented Windows kernel APIs.\n\n /usetoken=PIDorSIDsAndPrivileges\n Uses the primary token of the specified process ID,\n or a process matching specific comma-separated user/group SIDs\n and/or a process with specific privileges.\n May trigger elevation. See /elevatedtoken.\n\n /createtoken=Parameters\n Creates a primary token from scratch.\n May trigger elevation. See /elevatedtoken.\n Uses an undocumented Windows kernel API.\n The 'Parameters' are semicolon separated:\n UserSID;\n GroupSID:Attr,GroupSID:Attr,...;\n Privilege:Attr,Privilege:Attr,...;\n OwnerSID;\n PrimaryGroupSID;\n DefaultDACL;\n SourceInHex:SourceLUID\n\n /mergeenv\n Merges the current environment with another user environment.\n Use with /elevatedtoken, /systemtoken, /usetoken, /createtoken.\n\n /mutex=MutexName\n Creates a mutex with the specified name.\n Use the named mutex with /singleton or other software\n to detect an already running instance.\n\n /singleton[=Milliseconds]\n Only starts the target process if named /mutex is the only instance.\n If Milliseconds is specified, the number of milliseconds to wait.\n\n /semaphore=MaxCount,SemaphoreName\n Creates a semaphore with the specified name and limit/count.\n Use the named semaphore with /multiton\n to limit the number of running processes.\n\n /multiton[=Milliseconds]\n Checks or waits for a named /semaphore.\n If Milliseconds is specified, the number of milliseconds to wait.\n\n /f=PriorityClass\n Sets the priority class of the new process.\n There is only one priority class per process.\n The 'PriorityClass' can be one of:\n ABOVE_NORMAL_PRIORITY_CLASS\n BELOW_NORMAL_PRIORITY_CLASS\n HIGH_PRIORITY_CLASS\n IDLE_PRIORITY_CLASS\n NORMAL_PRIORITY_CLASS\n REALTIME_PRIORITY_CLASS\n\n /f=CreateFlag\n Sets a creation flag for the new process.\n Multiple /f options can be specified.\n Each 'CreateFlag' can be one of:\n CREATE_DEFAULT_ERROR_MODE\n CREATE_NEW_CONSOLE\n CREATE_NEW_PROCESS_GROUP\n CREATE_NO_WINDOW\n CREATE_PROTECTED_PROCESS\n CREATE_PRESERVE_CODE_AUTHZ_LEVEL\n CREATE_SEPARATE_WOW_VDM\n CREATE_SHARED_WOW_VDM\n DEBUG_ONLY_THIS_PROCESS\n DEBUG_PROCESS\n DETACHED_PROCESS\n INHERIT_PARENT_AFFINITY\n\n /dir=StartDir\n Sets the starting directory of the new process.\n\n /desktop=Desktop\n Sets the STARTUPINFO.lpDesktop member to target a specific desktop.\n\n /title=WindowTitle\n Sets the STARTUPINFO.lpTitle member to a specific title.\n\n /x=XPositionInPixels\n Sets the STARTUPINFO.dwX member to a specific x-axis position, in pixels.\n\n /y=YPositionInPixels\n Sets the STARTUPINFO.dwY member to a specific y-axis position, in pixels.\n\n /width=WidthInPixels\n Sets the STARTUPINFO.dwXSize member to a specific width, in pixels.\n\n /height=HeightInPixels\n Sets the STARTUPINFO.dwYSize member to a specific height, in pixels.\n\n /xchars=BufferWidthInCharacters\n Sets the STARTUPINFO.dwXCountChars member to buffer width, in characters.\n\n /ychars=BufferHeightInCharacters\n Sets the STARTUPINFO.dwYCountChars member to buffer height, in characters.\n\n /f=FillAttribute\n Sets the STARTUPINFO.dwFillAttribute member text and background colors.\n Multiple /f options can be specified.\n Each 'FillAttribute' can be one of:\n FOREGROUND_RED\n FOREGROUND_GREEN\n FOREGROUND_BLUE\n FOREGROUND_INTENSITY\n BACKGROUND_RED\n BACKGROUND_GREEN\n BACKGROUND_BLUE\n BACKGROUND_INTENSITY\n\n /f=StartupFlag\n Sets the STARTUPINFO.dwFlags flag for the new process.\n Multiple /f options can be specified.\n Each 'StartupFlag' can be one of:\n STARTF_FORCEONFEEDBACK\n STARTF_FORCEOFFFEEDBACK\n STARTF_PREVENTPINNING\n STARTF_RUNFULLSCREEN\n STARTF_TITLEISAPPID\n STARTF_TITLEISLINKNAME\n\n /f=ShowWindow\n Sets the STARTUPINFO.wShowWindow flag for the new process.\n There is only one show window option per process.\n The 'ShowWindow' value can be one of:\n SW_FORCEMINIMIZE\n SW_HIDE\n SW_MAXIMIZE\n SW_MINIMIZE\n SW_RESTORE\n SW_SHOW\n SW_SHOWDEFAULT\n SW_SHOWMAXIMIZED\n SW_SHOWMINIMIZED\n SW_SHOWMINNOACTIVE\n SW_SHOWNA\n SW_SHOWNOACTIVATE\n SW_SHOWNORMAL\n\n /hotkey=HotkeyValue\n Sets the STARTUPINFO.hStdInput handle for the new process.\n Specifies the wParam member of a WM_SETHOKEY message to the new process.\n\n /socketip=IPAddress\n Specifies the IP address to connect to over TCP/IP.\n\n /socketport=PortNumber\n Specifies the port number to connect to over TCP/IP.\n\n /sockettoken=Token\n Specifies the token to send to each socket.\n Less secure than using /sockettokenlen and stdin.\n\n /sockettokenlen=TokenLength\n Specifies the length of the token to read from stdin.\n When specified, a token must be sent for each socket.\n\n /stdin=FileOrEmptyOrsocket\n Sets the STARTUPINFO.hStdInput handle for the new process.\n When this option is empty, INVALID_HANDLE_VALUE is used.\n When this option is 'socket', the /socket IP and port are used.\n When this option is not specified, the current stdin is used.\n\n /stdout=FileOrEmptyOrsocket\n Sets the STARTUPINFO.hStdOutput handle for the new process.\n When this option is empty, INVALID_HANDLE_VALUE is used.\n When this option is 'socket', the /socket IP and port are used.\n When this option is not specified, the current stdout is used.\n\n /stderr=FileOrEmptyOrstdoutOrsocket\n Sets the STARTUPINFO.hStdError handle for the new process.\n When this option is empty, INVALID_HANDLE_VALUE is used.\n When this option is 'stdout', the value of stdout is used.\n When this option is 'socket', the /socket IP and port are used.\n When this option is not specified, the current stderr is used.\n\n /attach[=ProcessID]\n Attempt to attach to a parent OR a specific process' console.\n Also resets standard handles back to defaults.\n```\n\nExample usage:\n\n```\nC:\\\u003ecreateprocess /f=DETACHED_PROCESS \"C:\\Program Files\\Apache\\httpd.exe\"\n```\n\nThat starts Apache with a detached console so it runs entirely in the background.\n\nAnother example:\n\n```\nC:\\\u003ewhoami\nmy-pc\\john-doh\n\nC:\\\u003ewhoami /priv\n\nPRIVILEGES INFORMATION\n----------------------\n\nPrivilege Name Description State\n============================= ==================================== ========\nSeShutdownPrivilege Shut down the system Disabled\nSeChangeNotifyPrivilege Bypass traverse checking Enabled\nSeUndockPrivilege Remove computer from docking station Disabled\nSeIncreaseWorkingSetPrivilege Increase a process working set Disabled\nSeTimeZonePrivilege Change the time zone Disabled\n\nC:\\\u003eset MYVAR=123\n\nC:\\\u003ecreateprocess /w /systemtoken /mergeenv C:\\Windows\\System32\\cmd.exe\nMicrosoft Windows [Version 10.0.19042.867]\n(c) 2020 Microsoft Corporation. All rights reserved.\n\nC:\\\u003ewhoami\nnt authority\\system\n\nC:\\\u003ewhoami /priv\n\nPRIVILEGES INFORMATION\n----------------------\n\nPrivilege Name Description State\n========================================= ================================================================== ========\nSeAssignPrimaryTokenPrivilege Replace a process level token Enabled\nSeLockMemoryPrivilege Lock pages in memory Enabled\nSeIncreaseQuotaPrivilege Adjust memory quotas for a process Enabled\nSeTcbPrivilege Act as part of the operating system Enabled\nSeSecurityPrivilege Manage auditing and security log Disabled\nSeTakeOwnershipPrivilege Take ownership of files or other objects Disabled\nSeLoadDriverPrivilege Load and unload device drivers Disabled\nSeDebugPrivilege Debug programs Enabled\n... [It's a fairly lengthy list of powerful privileges]\nSeDelegateSessionUserImpersonatePrivilege Obtain an impersonation token for another user in the same session Enabled\n\nC:\\\u003eset MYVAR\nMYVAR=123\n```\n\nThat starts a Command Prompt child process as NT AUTHORITY\\SYSTEM (the most powerful user account in Windows) in the same console session of the parent non-elevated process with full SYSTEM privileges and merges the current environment variables with the SYSTEM user's environment variables.\n\nLearn how the various `/...token` options work by watching the video linked to at the top of this repo or just [look at the insane diagram](https://github.com/cubiclesoft/createprocess-windows/blob/master/starting_a_child_process_as_another_user_diagram.png).\n\nEven the most hardcore command-line enthusiast should be drooling right now due to brain melt. Be sure to check out the source code.\n\nWindows Subsystem Variant\n-------------------------\n\nWhile `createprocess.exe` is intended for use with console apps, `createprocess-win.exe` is intended for detached console and GUI applications. Starting `createprocess.exe` in certain situations will briefly flash a console window before starting the target process. Calling `createprocess-win.exe` instead will no longer show the console window.\n\nWhy not just use `createprocess-win.exe`? Since `createprocess-win.exe` starts as a Windows GUI application, there is the tendency for it to be run in the background and may not behave as expected with various handles. The software is a little bit trickier to work with as a result. It's also a few KB larger than `createprocess.exe`.\n\nThere is one additional option specifically for `createprocess-win.exe` called `/attach` which attempts to attach to the console of the parent process (if any) and will also reset the standard handles. The `/attach` option, if used, should generally be specified before other options.\n\nTCP/IP Notes\n------------\n\nThe TCP/IP socket options represent a security risk so take proper precautions. Example usage can be seen in the [ProcessHelper class](https://github.com/cubiclesoft/php-misc/blob/master/support/process_helper.php).\n\nIn addition, passing SOCKET handles to the target process causes problems. Sometimes the target process works just fine and sometimes it doesn't. To deal with this issue, up to three threads are started, one for each of the standard handles. Each thread routes data between its socket handle and an associated anonymous pipe of the started process. As a consequence of using the TCP/IP socket option, the `/w` option is always set so that the started process is waited on (i.e. so the threads can transfer data). This doesn't exactly matter as the `/w` option would be used anyway by the caller when passing socket options.\n\nSources\n-------\n\nThe CreateProcess() API in MSDN Library has the intimate details on most options:\n\nhttp://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx\n\nRelated Tools\n-------------\n\n* [PHP Process Helper Class](https://github.com/cubiclesoft/php-misc) - Uses this software to start processes on Windows in the background with non-blocking stdin/stdout/stderr via TCP/IP sockets.\n* [GetTokenInformation](https://github.com/cubiclesoft/gettokeninformation-windows) - Dumps information about Windows security tokens (SIDs, privileges, etc) as JSON.\n* [GetSIDInfo](https://github.com/cubiclesoft/getsidinfo-windows) - Dumps information about Windows Security Identifiers (SIDs) as JSON.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcubiclesoft%2Fcreateprocess-windows","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcubiclesoft%2Fcreateprocess-windows","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcubiclesoft%2Fcreateprocess-windows/lists"}