Jump to navigation Jump to search
Used to execute another program. If malware creates a new process, you will need to analyze the new process as well.
Note This function is provided only for compatibility with 16-bit Windows. Applications should use the CreateProcess function.
UINT WINAPI WinExec( _In_ LPCSTR lpCmdLine, _In_ UINT uCmdShow );
- lpCmdLine [in]
- The command line (file name plus optional parameters) for the application to be executed. If the name of the executable file in the lpCmdLine parameter does not contain a directory path, the system searches for the executable file in this sequence:
- The directory from which the application loaded.
- The current directory.
- The Windows system directory. The GetSystemDirectory function retrieves the path of this directory.
- The Windows directory. The GetWindowsDirectory function retrieves the path of this directory.
- The directories listed in the PATH environment variable.
- uCmdShow [in]
- The display options. For a list of the acceptable values, see the description of the nCmdShow parameter of the ShowWindow function.
If the function succeeds, the return value is greater than 31.
If the function fails, the return value is one of the following error values.
|0||The system is out of memory or resources.|
|ERROR_BAD_FORMAT||The .exe file is invalid.|
|ERROR_FILE_NOT_FOUND||The specified file was not found.|
|ERROR_PATH_NOT_FOUND||The specified path was not found.|