212 lines
6.1 KiB
Plaintext
212 lines
6.1 KiB
Plaintext
// Desktop desktop;
|
|
// desktop.open("Default",false,Desktop::AccessReadObjects);
|
|
// if(!desktop.isOkay())return ComResult::Fail;
|
|
|
|
|
|
|
|
// getInfo();
|
|
// WindowStation windowStation;
|
|
|
|
|
|
|
|
// windowStation.open("SAWinSta",WindowStation::AccessReadScreen,false);
|
|
// if(!windowStation.isOkay())
|
|
// {
|
|
// DWORD errorCode(::GetLastError());
|
|
// ::sprintf(strLastError,"system error code %d(0x%08lx)",errorCode,errorCode);
|
|
// mLogFile.writeLine(String("ERROR ACCESSING WINDOW STATION ")+strLastError);
|
|
// }
|
|
// else mLogFile.writeLine("WINDOW STATION IS OPEN");
|
|
// desktop.open("Default",false,Desktop::AccessReadObjects|Desktop::AccessSwitchDesktop);
|
|
|
|
|
|
void RemoteProcess::getInfo(void)
|
|
{
|
|
WindowStationEnumerator windowStationEnumerator;
|
|
windowStationEnumerator.enumerateWindowStations();
|
|
for(int index=0;index<windowStationEnumerator.size();index++)
|
|
{
|
|
DesktopEnumerator desktopEnumerator;
|
|
WindowStation windowStation;
|
|
mLogFile.writeLine(String("WindowStationName: '")+windowStationEnumerator[index]);
|
|
// ::OutputDebugString(String("WindowStationName: '")+windowStationEnumerator[index]+String("'\n"));
|
|
if(!windowStation.open(windowStationEnumerator[index]))::OutputDebugString("could not open window station\n");
|
|
desktopEnumerator.enumerateDesktops(windowStation);
|
|
for(int dindex=0;dindex<desktopEnumerator.size();dindex++)
|
|
{
|
|
Desktop desktop;
|
|
// ::OutputDebugString(String("Desktop Name:")+desktopEnumerator[dindex]+String("\n"));
|
|
mLogFile.writeLine(String("Desktop Name:")+desktopEnumerator[dindex]);
|
|
if(!desktop.open(desktopEnumerator[dindex]))continue;
|
|
DesktopWindowEnumerator desktopWindowEnumerator;
|
|
desktopWindowEnumerator.enumerateDesktopWindows(desktop);
|
|
for(int dwindex=0;dwindex<desktopWindowEnumerator.size();dwindex++)
|
|
{
|
|
String strClassName;
|
|
::GetClassName(desktopWindowEnumerator[dwindex],(LPSTR)strClassName,String::MaxString);
|
|
// ::OutputDebugString(String("Windows Class Name:")+strClassName+String("\n"));
|
|
mLogFile.writeLine(String("Windows Class Name:")+strClassName);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
HWND hButton;
|
|
hButton=::CreateWindow("BUTTTON","",WS_VISIBLE|WS_CHILD,0,0,320,200,(HWND)::GetDesktopWindow(),(HMENU)101,(HINSTANCE)0x400000,0);
|
|
::ShowWindow(hButton,SW_SHOW);
|
|
::UpdateWindow(hButton);
|
|
|
|
PureDevice deskDevice(::GetDesktopWindow());
|
|
PureDevice compatibleDevice;
|
|
PureBitmap compatibleBitmap;
|
|
|
|
compatibleBitmap.compatibleBitmap(deskDevice,pureBitmap.width(),pureBitmap.height());
|
|
compatibleDevice.compatibleDevice(deskDevice);
|
|
compatibleDevice.select((GDIObj)pureBitmap.getBitmap());
|
|
deskDevice.stretchBlt(Rect(0,0,320,200),compatibleDevice,Rect(0,0,pureBitmap.width(),pureBitmap.height()));
|
|
::Sleep(1000);
|
|
::DestroyWindow(hButton);
|
|
|
|
|
|
|
|
bool InterceptGetHostByName::setOriginalThunk(void)
|
|
{
|
|
DWORD countBytes;
|
|
|
|
mThisProcess.writeProcessMemory((void*)mBaseAddress,mOriginalThunk,sizeof(mOriginalThunk),&countBytes);
|
|
return countBytes==sizeof(mOriginalThunk);
|
|
}
|
|
|
|
|
|
|
|
|
|
mThisProcess.readProcessMemory((void*)mBaseAddress,mOriginalThunk,sizeof(mOriginalThunk),&countBytes);
|
|
if(!(countBytes==sizeof(mOriginalThunk)))return false;
|
|
|
|
|
|
|
|
#if 0
|
|
write((BYTE)(0x50));
|
|
|
|
push eax ; 0x50
|
|
mov eax,909090 ; 0xB8,0x00,0x00,0x00,0x00
|
|
call eax ; 0xFF,0xD0
|
|
pop eax ; 0x58
|
|
retn 4 ; 0xC2,0x00,0x00
|
|
|
|
|
|
|
|
|
|
776B5194 55 push ebp
|
|
776B5195 8B EC mov ebp,esp
|
|
776B5197 81 EC D8 00 00 00 sub esp,0D8h
|
|
776B519D 53 push ebx
|
|
776B519E 8D 45 F4 lea eax,[ebp-0Ch]
|
|
776B51A1 56 push esi
|
|
776B51A2 8D 4D F0 lea ecx,[ebp-10h]
|
|
776B51A5 57 push edi
|
|
776B51A6 50 push eax
|
|
776B51A7 51 push ecx
|
|
776B51A8 FF 15 9C F7 6B 77 call dword ptr ds:[776BF79Ch]
|
|
776B51AE 85 C0 test eax,eax
|
|
776B51B0 74 0E je 776B51C0
|
|
776B51B2 50 push eax
|
|
776B51B3 FF 15 4C D0 6B 77 call dword ptr ds:[776BD04Ch]
|
|
776B51B9 33 C0 xor eax,eax
|
|
776B51BB E9 19 01 00 00 jmp 776B52D9
|
|
776B51C0 83 7D 08 00 cmp dword ptr [ebp+8],0
|
|
776B51C4 74 0C je 776B51D2
|
|
776B51C6 8B 45 08 mov eax,dword ptr [ebp+8]
|
|
776B51C9 80 38 00 cmp byte ptr [eax],0
|
|
776B51CC 74 04 je 776B51D2
|
|
776B51CE 8B F0 mov esi,eax
|
|
776B51D0 EB 22 jmp 776B51F4
|
|
776B51D2 68 C8 00 00 00 push 0C8h
|
|
776B51D7 8D 85 28 FF FF FF lea eax,[ebp-0D8h]
|
|
776B51DD 50 push eax
|
|
776B51DE E8 FF 00 00 00 call 776B52E2
|
|
776B51E3 85 C0 test eax,eax
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if 0
|
|
getsockopt
|
|
setsockopt
|
|
recv
|
|
recvfrom
|
|
WSApSetPostRoutine
|
|
AcceptEx
|
|
EnumProtocolsA
|
|
EnumProtocolsW
|
|
GetAcceptExSockaddrs
|
|
GetAddressByNameA
|
|
GetAddressByNameW
|
|
GetNameByTypeA
|
|
GetNameByTypeW
|
|
GetServiceA
|
|
GetServiceW
|
|
GetTypeByNameA
|
|
GetTypeByNameW
|
|
MigrateWinsockConfiguration
|
|
NPLoadNameSpaces
|
|
SetServiceA
|
|
SetServiceW
|
|
TransmitFile
|
|
WEP
|
|
WSAAsyncGetHostByAddr
|
|
WSAAsyncGetHostByName X
|
|
WSAAsyncGetProtoByName
|
|
WSAAsyncGetProtoByNumber
|
|
WSAAsyncGetServByName
|
|
WSAAsyncGetServByPort
|
|
WSAAsyncSelect
|
|
WSACancelAsyncRequest
|
|
WSACancelBlockingCall
|
|
WSACleanup
|
|
WSAGetLastError
|
|
WSAIsBlocking
|
|
WSARecvEx
|
|
WSASetBlockingHook
|
|
WSASetLastError
|
|
WSAStartup
|
|
WSAUnhookBlockingHook
|
|
__WSAFDIsSet
|
|
accept
|
|
bind
|
|
closesocket
|
|
connect
|
|
dn_expand
|
|
gethostbyaddr X
|
|
gethostbyname Y intercepted, positive results
|
|
gethostname X
|
|
getnetbyname ?
|
|
getpeername X
|
|
getprotobyname
|
|
getprotobynumber
|
|
getservbyname
|
|
getservbyport
|
|
getsockname
|
|
htonl
|
|
htons
|
|
inet_addr X
|
|
inet_network X
|
|
inet_ntoa X returns 209.139.139.88
|
|
ioctlsocket
|
|
listen
|
|
ntohl
|
|
ntohs
|
|
rcmd
|
|
rexec
|
|
rresvport
|
|
s_perror
|
|
select
|
|
send X
|
|
sendto
|
|
sethostname X
|
|
shutdown
|
|
socket
|
|
#endif
|