As we know, MS prohibits using most of standard Win32 API in Windows Store applications. Obviously there are lots of ways to overcome this limit and to call any API you like, if you are not going to publish your app on Windows Store. And here is one of them.
Idea is really simple and rather old (lots of viruses use it): search for kernel32.dll base in memory, then parse its exports for LoadLibraryA and GetProcAddress, call them – and get profit.
Writing here so this post can be indexed by google.
if(Tmp=='M' && Tmp=='Z')
MessageBoxA(0,"A native MessageBox!","Test",MB_OK);
Complete project is attached. It contains sources and compiled appx files for side-loading.
Code compiles fine for x86/x64 and ARM, tested on x86/x64. Can someone test it on ARM? Ability to sideload metro apps is required.
The application should output a MessageBox, then execute cmd.exe.
A note: Windows Store application runs in a sandbox and as a limited account, so most of API returns “access denied”. You can check this in a launched CMD – it displays “access denied” even on a “dir” command because normally “modern ui” apps don’t have even read access to c:.
To overcome this – add “all application packages” full control to the directories/objects you like (for example to c:).