int main (int argc, char *argv[])
{
SIZE_T code_size=0;
LPVOID code=NULL;
DWORD pid=0, cpu_mode=0;
char *proc=NULL, *pic=NULL;
char *dll=NULL, *cmd=NULL;
char *cpu=NULL;
int i, plist=0, native=0, dbg=0;
char opt;
setw (300);
printf("\n [ PIC/DLL injector v0.1");
printf("\n [ Copyright (c) 2014, 2015 Odzhan\n\n");
for (i=1; i<argc; i++) {
if (argv[i][0]=='/' || argv[i][0]=='-') {
opt=argv[i][1];
switch (opt) {
// wait after memory allocation before running thread
case 'd' :
dbg=1;
break;
// Execute command in remote process
case 'e' :
cmd=getparam (argc, argv, &i);
break;
// Load PIC file into remote process
case 'f' :
pic=getparam (argc, argv, &i);
break;
// Load DLL into remote process
case 'l' :
dll=getparam (argc, argv, &i);
break;
// List running processes
case 'p' :
plist=1;
break;
// Return PID for cpu mode
case 'x' :
cpu=getparam (argc, argv, &i);
break;
case '?' :
case 'h' :
default : { usage (); break; }
}
} else {
// assume it's process name or id
proc=argv[i];
}
}
#if !defined (__GNUC__)
// check if we're elevated token just incase target requires it
if (!isElevated ()) {
printf (" [ warning: current process token isn't elevated\n");
}
#endif
// enable debug privilege in case remote process requires it
if (!set_priv (SE_DEBUG_NAME, TRUE)) {
printf (" [ warning: unable to enable debug privilege\n");
}
if (cpu!=NULL) {
cpu_mode=strtol (cpu, NULL, 10);
if (cpu_mode!=32 && cpu_mode!=64) {
printf (" [ invalid cpu mode. 32 and 64 are valid");
return 0;
}
}
// list process?
if (plist) {
pslist(cpu_mode);
return 0;
}
// no target process?
if (proc==NULL) {
printf (" [ no target process specified\n");
usage();
}
// try convert proc to integer
pid=strtol (proc, NULL, 10);
if (pid==0) {
printf (" [ searching %s-bit processes for %s\n",
cpu_mode==0 ? "32 and 64" : (cpu_mode==64 ? "32" : "64"), proc);
// else get id from name
pid=name2pid (proc, cpu_mode);
}
// no target action?
if (cmd==NULL && dll==NULL && pic==NULL) {
printf (" [ no action specified for %s\n", proc);
usage();
}
// have a pid?
if (pid == 0)
{
printf (" [ unable to obtain process id for %s\n", proc);
return 0;
}
// is it ourselves?
if (pid==GetCurrentProcessId()) {
printf (" [ cannot injekt self, bye\n");
} else {
// no, is this a PIC
if (pic != NULL) {
if (read_pic (pic, &code, &code_size)) {
// injekt pic code without parameters
inject (pid, code, code_size, NULL, 0, dbg);
xfree (code);
}
} else
// is this DLL for LoadLibrary?
if (dll != NULL) {
inject (pid, LoadDLLPIC, LoadDLLPIC_SIZE, dll, lstrlen(dll), dbg);
} else
// is this command for WinExec?
if (cmd != NULL) {
inject (pid, ExecPIC, ExecPIC_SIZE, cmd, lstrlen(cmd), dbg);
}
}
return 0;
}
bool IE_Imp_MSWrite::read_pap (pap_t process)
{
static const char *text_align[] = {"left", "center", "right", "justify"};
int fcMac, pnPara, fcFirst, cfod, fc, fcLim;
unsigned char page[0x80];
UT_String properties, tmp, lastprops;
if (process == All) { UT_DEBUGMSG(("PAP:\n")); }
fcMac = wri_struct_value(wri_file_header, "fcMac");
pnPara = wri_struct_value(wri_file_header, "pnPara");
fcFirst = 0x80;
while (true)
{
gsf_input_seek(mFile, pnPara++ * 0x80, G_SEEK_SET);
gsf_input_read(mFile, 0x80, page);
fc = READ_DWORD(page);
cfod = page[0x7f];
if (process == All)
{
UT_DEBUGMSG((" fcFirst = %d\n", fc));
UT_DEBUGMSG((" cfod = %d\n", cfod));
}
if (fc != fcFirst) UT_WARNINGMSG(("read_pap: fcFirst wrong.\n"));
// read all FODs (format descriptors)
for (int fod = 0; fod < cfod; fod++)
{
int bfprop, cch;
int jc, dxaRight, dxaLeft, dxaLeft1, dyaLine, fGraphics;
int rhcPage, rHeaderFooter, rhcFirst;
int tabs, dxaTab[14], jcTab[14];
if (process == All) { UT_DEBUGMSG((" PAP-FOD #%02d:\n", fod + 1)); }
// read a FOD (format descriptor)
fcLim = READ_DWORD(page + 4 + fod * 6);
bfprop = READ_WORD(page + 8 + fod * 6);
if (process == All)
{
UT_DEBUGMSG((" fcLim = %d\n", fcLim));
UT_DEBUGMSG((bfprop == 0xffff ? " bfprop = 0x%04X\n" : " bfprop = %d\n", bfprop));
}
// default PAP values
jc = 0;
dxaRight = dxaLeft = dxaLeft1 = 0;
dyaLine = 240;
rhcPage = rHeaderFooter = rhcFirst = 0;
fGraphics = 0;
tabs = 0;
// if the PAP FPROPs (formatting properties) differ from the defaults, get them
if (bfprop != 0xffff && bfprop + (cch = page[bfprop + 4]) < 0x80)
{
if (process == All) { UT_DEBUGMSG((" cch = %d\n", cch)); }
if (cch >= 2) jc = page[bfprop + 6] & 3;
if (cch >= 6) dxaRight = READ_WORD(page + bfprop + 9);
if (cch >= 8) dxaLeft = READ_WORD(page + bfprop + 11);
if (cch >= 10) dxaLeft1 = READ_WORD(page + bfprop + 13);
if (cch >= 12) dyaLine = READ_WORD(page + bfprop + 15);
if (cch >= 17)
{
rhcPage = page[bfprop + 21] & 1;
rHeaderFooter = page[bfprop + 21] & 6;
rhcFirst = page[bfprop + 21] & 8;
fGraphics = page[bfprop + 21] & 0x10;
}
for (int n = 0; n < 14; n++)
{
if (cch >= 4 * (n + 1) + 26)
{
dxaTab[tabs] = READ_WORD(page + bfprop + n * 4 + 27);
jcTab[tabs] = page[bfprop + n * 4 + 29] & 3;
tabs++;
}
}
if (dxaRight & 0x8000) dxaRight = -0x10000 + dxaRight;
if (dxaLeft & 0x8000) dxaLeft = -0x10000 + dxaLeft;
if (dxaLeft1 & 0x8000) dxaLeft1 = -0x10000 + dxaLeft1;
if (dyaLine < 240) dyaLine = 240;
if (process == All && rHeaderFooter)
{
if (rhcPage)
{
if (!hasFooter)
{
hasFooter = true;
page1Footer = rhcFirst;
}
}
else
{
if (!hasHeader)
{
hasHeader = true;
page1Header = rhcFirst;
}
}
}
}
if ((process == All && !rHeaderFooter) ||
(rHeaderFooter && ((process == Header && !rhcPage) ||
(process == Footer && rhcPage))))
{
UT_DEBUGMSG((" jc = %d\n", jc));
UT_DEBUGMSG((" dxaRight = %d\n", dxaRight));
UT_DEBUGMSG((" dxaLeft = %d\n", dxaLeft));
UT_DEBUGMSG((" dxaLeft1 = %d\n", dxaLeft1));
UT_DEBUGMSG((" dyaLine = %d\n", dyaLine));
UT_DEBUGMSG((" rhcPage = %d\n", rhcPage));
UT_DEBUGMSG((" rHeaderFooter = %d\n", rHeaderFooter));
UT_DEBUGMSG((" rhcFirst = %d\n", rhcFirst));
UT_DEBUGMSG((" fGraphics = %d\n", fGraphics));
UT_LocaleTransactor lt(LC_NUMERIC, "C");
UT_String_sprintf(properties, "text-align:%s; line-height:%.1f",
text_align[jc],
static_cast<float>(dyaLine) / 240.0);
if (tabs)
{
properties += "; tabstops:";
UT_DEBUGMSG((" Tabs:\n"));
for (int n = 0; n < tabs; n++)
{
UT_String_sprintf(tmp, "%.4fin/%c0",
static_cast<float>(dxaTab[n]) / 1440.0,
jcTab[n] ? 'D' : 'L');
properties += tmp;
UT_DEBUGMSG((" #%02d dxa = %d, jcTab = %d\n", n + 1, dxaTab[n], jcTab[n]));
if (n != tabs - 1) properties += ",";
}
}
if (process == Header || process == Footer)
{
// For reasons unknown, the left and right margins from the paper
// are included in the indents of the headers and footers.
dxaLeft -= xaLeft;
dxaRight -= xaRight;
}
if (dxaLeft1)
{
UT_String_sprintf(tmp, "; text-indent:%.4fin",
static_cast<float>(dxaLeft1) / 1440.0);
properties += tmp;
}
if (dxaLeft)
{
UT_String_sprintf(tmp, "; margin-left:%.4fin",
static_cast<float>(dxaLeft) / 1440.0);
properties += tmp;
}
if (dxaRight)
{
UT_String_sprintf(tmp, "; margin-right:%.4fin",
static_cast<float>(dxaRight) / 1440.0);
properties += tmp;
}
// new attributes, only if there was a line feed or FPROPs have changed
if (lf || strcmp(properties.c_str(), lastprops.c_str()) != 0)
{
const gchar *attributes[3];
attributes[0] = PT_PROPS_ATTRIBUTE_NAME;
attributes[1] = properties.c_str();
attributes[2] = NULL;
appendStrux(PTX_Block, attributes);
lastprops = properties;
}
if (fGraphics) read_pic(fcFirst, fcLim - fcFirst);
else read_txt(fcFirst, fcLim - 1);
}
fcFirst = fcLim;
if (fcLim >= fcMac)
{
UT_DEBUGMSG((" PAP-FODs end, fcLim (%d) >= fcMac (%d)\n", fcLim, fcMac));
return true;
}
}
}
}
