0x01 Bat文件
新建 1.bat,最后一行是执行的代码/程序,运行后会有cmd窗口闪过
@echo off
if "%1"=="h" goto begin
start mshta vbscript:createobject("wscript.shell").run("""%~nx0"" h",0)(window.close)&&exit
:begin
whoami >>C:\Users\Administrator\Desktop\123.txt
0x02 VBS文件
新建 2.vbs,Run的第一个参数是要运行的bat文件。不会弹窗,效果最好,但是不能隐藏bat打开的第三方窗口
set ws=WScript.CreateObject("WScript.Shell")
ws.Run "C:\Users\Administrator\Desktop\2.bat",0
2.bat内容
whoami >>C:\Users\Administrator\Desktop\123.txt
0x03 C++ WinExec 函数
新建 test1.cpp ,编译运行。引号内为运行程序路径,特殊符号需要转义。后台运行记事本。会有cmd窗口一闪而过,运行命令行程序(netcat)仍保持窗口状态,直到任务结束
#include<cstdio>
#include<cstring>
#include<windows.h>
int main (void)
{
WinExec("notepad",SW_HIDE);
return 0;
}
0x04 C++ ShellExecuteEx 函数
新建test2.cpp,编译运行。后台运行记事本,会有cmd窗口闪过,运行命令行程序没有窗口
#include<cstdio>
#include<cstring>
#include<windows.h>
int main (void)
{
SHELLEXECUTEINFO ShExecInfo = {0};
ShExecInfo.cbSize = sizeof(SHELLEXECUTEINFO);
ShExecInfo.fMask = SEE_MASK_NOCLOSEPROCESS;
ShExecInfo.hwnd = NULL;
ShExecInfo.lpVerb = NULL;
ShExecInfo.lpFile = "notepad.exe";//调用的程序名
ShExecInfo.lpParameters = NULL;//调用程序的命令行参数
ShExecInfo.lpDirectory = NULL;
ShExecInfo.nShow = SW_HIDE;//窗口状态为隐藏
ShExecInfo.hInstApp = NULL;
ShellExecuteEx(&ShExecInfo);
return 0;
}