WinExec函数,启动其他应用程序-阿里云开发者社区

开发者社区> 安全> 正文

WinExec函数,启动其他应用程序

简介: WinExec The WinExec function runs the specified application. Note  This function is provided only for compatibility with 16-bit Windows.

WinExec

The WinExec function runs the specified application.

Note  This function is provided only for compatibility with 16-bit Windows. Applications should use the CreateProcess function.

UINT WinExec(
  LPCSTR lpCmdLine,  // 可执行程序的路径,如"c:\\a.exe"
  UINT uCmdShow      // 启动方式
);

Parameters

lpCmdLine
[in] Pointer to a null-terminated character string that contains the command line (file name plus optional parameters) for the application to be executed. If the name of the executable file in thelpCmdLine parameter does not contain a directory path, the system searches for the executable file in this sequence:
  1. The directory from which the application loaded.
  2. The current directory.
  3. The Windows system directory. The GetSystemDirectory function retrieves the path of this directory.
  4. The Windows directory. The GetWindowsDirectory function retrieves the path of this directory.
  5. The directories listed in the PATH environment variable.
uCmdShow
[in] Specifies how a Windows-based application window is to be shown and is used to supply the wShowWindow member of the STARTUPINFO parameter to the CreateProcess function. For a list of the acceptable values, see the description of the nCmdShow parameter of the ShowWindow function. For a non-Windows – based application, the PIF file, if any, for the application determines the window state.

Return Values

If the function succeeds, the return value is greater than 31.

If the function fails, the return value is one of the following error values:

Value Meaning
0 The system is out of memory or resources.
ERROR_BAD_FORMAT The .exe file is invalid.
ERROR_FILE_NOT_FOUND The specified file was not found.
ERROR_PATH_NOT_FOUND The specified path was not found.

Remarks

The WinExec function returns when the started process calls the GetMessage function or a time-out limit is reached. To avoid waiting for the time out delay, call the GetMessage function as soon as possible in any process started by a call to WinExec.

Security Remarks

The executable name is treated as the first white space-delimited string in lpCmdLine. If the executable or path name has a space in it, there is a risk that a different executable could be run because of the way the function parses spaces. The following example is dangerous because the function will attempt to run "Program.exe", if it exists, instead of "MyApp.exe".

WinExec("C:\Program Files\MyApp", ...) 

If a malicious user were to create an application called "Program.exe" on a system, any program that incorrectly calls WinExec using the Program Files directory will run this application instead of the intended application.

To avoid this problem, use CreateProcess rather than WinExec. However, if you must use WinExec for legacy reasons, make sure the application name is enclosed in quotation marks as shown in the example below.

WinExec("\"C:\Program Files\MyApp.exe\" -L -S", ...)

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享:
+ 订阅

云安全开发者的大本营

其他文章