winapiexec is a small tool that allows you to run WinAPI functions through command line parameters.
http://rammichael.com/winapiexec
From the author's website:
winapiexec is a small tool that allows you to run WinAPI functions through command line parameters.
The syntax is:
winapiexec.exe library.dll@FunctionName 123 unicode_text "a space"
If you don’t specify a library or use “k”, kernel32.dll is used.
If you specify “u” as a library, user32.dll is used.
Numbers are detected automatically, you also can use hex numbers (like 0xFE) and use the minus sign (e.g. -5).
Strings are unicode by default.
You can use special prefixes to specify parameter types:
$s:ascii – an ascii string
$u:unicode – a unicode string (it’s unicode by default, but you can use it to force numbers as strings)
$b:1024 – a zero-bytes buffer with the size you specify, in bytes
$$:1 – a reference to another parameter, you can also use $$:0 for the program’s name (argv[0])
$a:1,$u:2,str – an array of parameters, divided by commas. you can use all the perfixes here
$$:3@2 – a reference to an item in an array of parameters
While referencing to another parameter, note that they are processed by the order of execution, which means there’s no point to reference to a parameter right to the referencing one.
Also note that after a function is run, it’s first parameter (like library.dll@FunctionName) is replaced with the return value.
You can execute multiple WinAPI functions, one after the other, using a comma:
winapiexec.exe library.dll@FunctionName1 123 , library.dll@FunctionName2 456
You can also execute functions nested, using brackets:
winapiexec.exe library.dll@FunctionName1 ( library.dll@FunctionName2 456 )
While the return value of the internal function is passed as a parameter to the external function.
Download:
winapiexec.rar (2.98 KB)
Here are some examples of what you can do:
Display temp path:
winapiexec.exe GetTempPathW 260 $b:520 , u@MessageBoxW 0 $$:3 $$:0 0x40
Greetings:
winapiexec.exe advapi32.dll@GetUserNameW $b:65534 $a:32767 , u@wsprintfW $b:2050 "Hello %s from %s" $$:2 $$:0 , u@MessageBoxW 0 $$:6 ... 0
Hide the taskbar for half a second, then show it:
winapiexec.exe u@ShowWindow ( u@FindWindowW Shell_TrayWnd 0 ) 0 , Sleep 500 , u@ShowWindow $$:3 5
Run calculator for a second, then terminate it:
winapiexec.exe CreateProcessW 0 calc 0 0 0 0x20 0 0 $a:0x44,,,,,,,,,,,,,,,, $b:16 , Sleep 1000 , TerminateProcess $$:11@0 0
Show a messagebox and then create a new instance of the process:
winapiexec.exe u@MessageBoxW 0 Hello! 0 , CreateProcessW $$:0 ( GetCommandLineW ) 0 0 0 0x20 0 0 $a:0x44,,,,,,,,,,,,,,,, $b:16
Eject your cdrom
winapiexec.exe winmm.dll@mciSendStringW "open cdaudio" 0 0 0 , winmm.dll@mciSendStringW "set cdaudio door open" 0 0 0 , winmm.dll@mciSendStringW "close cdaudio" 0 0 0
…and some more useful stuff
Turn off and on monitor:
winapiexec.exe u@SendMessageW 0xFFFF 0x112 0xF170 2
winapiexec.exe u@SendMessageW 0xFFFF 0x112 0xF170 -1
Display the Start menu:
winapiexec.exe u@SendMessageW ( u@FindWindowW Shell_TrayWnd 0 ) 0x111 305 0
Run task manager:
winapiexec.exe u@SendMessageW ( u@FindWindowW Shell_TrayWnd 0 ) 0x111 420 0
More tricks like that:
http://www.codeproject.com/KB/miscctrl/Taskbar_Manipulation.aspx
The syntax is:
winapiexec.exe library.dll@FunctionName 123 unicode_text "a space"
If you don’t specify a library or use “k”, kernel32.dll is used.
If you specify “u” as a library, user32.dll is used.
Numbers are detected automatically, you also can use hex numbers (like 0xFE) and use the minus sign (e.g. -5).
Strings are unicode by default.
You can use special prefixes to specify parameter types:
$s:ascii – an ascii string
$u:unicode – a unicode string (it’s unicode by default, but you can use it to force numbers as strings)
$b:1024 – a zero-bytes buffer with the size you specify, in bytes
$$:1 – a reference to another parameter, you can also use $$:0 for the program’s name (argv[0])
$a:1,$u:2,str – an array of parameters, divided by commas. you can use all the perfixes here
$$:3@2 – a reference to an item in an array of parameters
While referencing to another parameter, note that they are processed by the order of execution, which means there’s no point to reference to a parameter right to the referencing one.
Also note that after a function is run, it’s first parameter (like library.dll@FunctionName) is replaced with the return value.
You can execute multiple WinAPI functions, one after the other, using a comma:
winapiexec.exe library.dll@FunctionName1 123 , library.dll@FunctionName2 456
You can also execute functions nested, using brackets:
winapiexec.exe library.dll@FunctionName1 ( library.dll@FunctionName2 456 )
While the return value of the internal function is passed as a parameter to the external function.
Download:
winapiexec.rar (2.98 KB)
Here are some examples of what you can do:
Display temp path:
winapiexec.exe GetTempPathW 260 $b:520 , u@MessageBoxW 0 $$:3 $$:0 0x40
Greetings:
winapiexec.exe advapi32.dll@GetUserNameW $b:65534 $a:32767 , u@wsprintfW $b:2050 "Hello %s from %s" $$:2 $$:0 , u@MessageBoxW 0 $$:6 ... 0
Hide the taskbar for half a second, then show it:
winapiexec.exe u@ShowWindow ( u@FindWindowW Shell_TrayWnd 0 ) 0 , Sleep 500 , u@ShowWindow $$:3 5
Run calculator for a second, then terminate it:
winapiexec.exe CreateProcessW 0 calc 0 0 0 0x20 0 0 $a:0x44,,,,,,,,,,,,,,,, $b:16 , Sleep 1000 , TerminateProcess $$:11@0 0
Show a messagebox and then create a new instance of the process:
winapiexec.exe u@MessageBoxW 0 Hello! 0 , CreateProcessW $$:0 ( GetCommandLineW ) 0 0 0 0x20 0 0 $a:0x44,,,,,,,,,,,,,,,, $b:16
Eject your cdrom
winapiexec.exe winmm.dll@mciSendStringW "open cdaudio" 0 0 0 , winmm.dll@mciSendStringW "set cdaudio door open" 0 0 0 , winmm.dll@mciSendStringW "close cdaudio" 0 0 0
…and some more useful stuff
Turn off and on monitor:
winapiexec.exe u@SendMessageW 0xFFFF 0x112 0xF170 2
winapiexec.exe u@SendMessageW 0xFFFF 0x112 0xF170 -1
Display the Start menu:
winapiexec.exe u@SendMessageW ( u@FindWindowW Shell_TrayWnd 0 ) 0x111 305 0
Run task manager:
winapiexec.exe u@SendMessageW ( u@FindWindowW Shell_TrayWnd 0 ) 0x111 420 0
More tricks like that:
http://www.codeproject.com/KB/miscctrl/Taskbar_Manipulation.aspx