What does WinExec do?
The winexec function enables you to execute another program while running the translator. This program is executed asynchronously. You specify the program and determine how you want the program window displayed. You can also return an error code, if desired.
What does CreateProcess do?
Creates a new runtime process for an application item. For example, a Requisition item type may have a Requisition Approval Process as a top level process. When a particular requisition is created, an application calls CreateProcess to set up the information needed to start the defined process.
What is ShellExecute?
ShellExecute is the code equivalent of a user double clicking a file icon. It causes Windows to work out what application the document file is associated with, launch the program and have it load the document file.
What does CreateProcess return?
If CreateProcess succeeds, it returns a PROCESS_INFORMATION structure containing handles and identifiers for the new process and its primary thread.
What is NtCreateUserProcess?
NtCreateUserProcess() is the lowest and the last function accessible in user-mode that we could call to evade the detection controls (such as User-land Hooking) set by an AV/EDR.
What is reflective DLL injection?
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) file loader.
Can you use fork () in Windows?
Microsoft Windows does not support the fork-exec model, as it does not have a system call analogous to fork() . The spawn() family of functions declared in process. h can replace it in cases where the call to fork() is followed directly by exec() .
How are Windows processes created?
Creating a Windows process consists of several stages carried out in three parts of the operating system: the Windows client-side library Kernel32. dll (in the case of the CreateProcessAsUser, CreateProcessWithTokenW, and CreateProcessWithLogonW routines, part of the work is first done in Advapi32.
What is KnownDlls?
The KnownDlls is a nifty little trick used by Windows to speed up the loading of “default” system shared libraries, using a COW (Copy on Write) mechanism for fast mapping in memory.
Does MinGW support fork?
That’s indisputably a useful capability, but unavailable on Windows, (and hence MinGW), because Windows doesn’t have a fork() compatible API. >
How process are executed in Windows?
One or more threads run in the context of the process. A thread is the basic unit to which the operating system allocates processor time. A thread can execute any part of the process code, including parts currently being executed by another thread. A job object allows groups of processes to be managed as a unit.