Hello everyone. I'm trying to write a program that can run valid PE files that do not have the .exe, .com, .bat, .scr, or .pif extensions. I do malware removal for a living, and we see a lot of exe hijacks, so we need to be able to have a program that can run exe files after they're no longer registered as application-x/msdownload in the registry.
I know it's possible, because sysinternals has a tool called psexec which you can use to run programs, and I've renamed calc.exe to calc.pqs and it still runs so long as I launch it from psexec (e.g. psexec.exe calc.pqs).
Someone had recommended using the libraries that psexec uses to try to accomplish this goal. From what I can tell it uses a function(s) from pdh.dll to accomplish this, but I can't tell how.
I've also tried using CreateProcess() & ShellExec() to accomplish this. ShellExec asks what to open it with, CreateProcess returns error 2 (Trying to run an invalid Windows application).