int main (int argc, char *argv[]) { SIZE_T code_size=0; LPVOID code=NULL; DWORD pid=0, cpu_mode=0; char *proc=NULL, *pic=NULL; char *dll=NULL, *cmd=NULL; char *cpu=NULL; int i, plist=0, native=0, dbg=0; char opt; setw (300); printf("\n [ PIC/DLL injector v0.1"); printf("\n [ Copyright (c) 2014, 2015 Odzhan\n\n"); for (i=1; i<argc; i++) { if (argv[i][0]=='/' || argv[i][0]=='-') { opt=argv[i][1]; switch (opt) { // wait after memory allocation before running thread case 'd' : dbg=1; break; // Execute command in remote process case 'e' : cmd=getparam (argc, argv, &i); break; // Load PIC file into remote process case 'f' : pic=getparam (argc, argv, &i); break; // Load DLL into remote process case 'l' : dll=getparam (argc, argv, &i); break; // List running processes case 'p' : plist=1; break; // Return PID for cpu mode case 'x' : cpu=getparam (argc, argv, &i); break; case '?' : case 'h' : default : { usage (); break; } } } else { // assume it's process name or id proc=argv[i]; } } #if !defined (__GNUC__) // check if we're elevated token just incase target requires it if (!isElevated ()) { printf (" [ warning: current process token isn't elevated\n"); } #endif // enable debug privilege in case remote process requires it if (!set_priv (SE_DEBUG_NAME, TRUE)) { printf (" [ warning: unable to enable debug privilege\n"); } if (cpu!=NULL) { cpu_mode=strtol (cpu, NULL, 10); if (cpu_mode!=32 && cpu_mode!=64) { printf (" [ invalid cpu mode. 32 and 64 are valid"); return 0; } } // list process? if (plist) { pslist(cpu_mode); return 0; } // no target process? if (proc==NULL) { printf (" [ no target process specified\n"); usage(); } // try convert proc to integer pid=strtol (proc, NULL, 10); if (pid==0) { printf (" [ searching %s-bit processes for %s\n", cpu_mode==0 ? "32 and 64" : (cpu_mode==64 ? "32" : "64"), proc); // else get id from name pid=name2pid (proc, cpu_mode); } // no target action? if (cmd==NULL && dll==NULL && pic==NULL) { printf (" [ no action specified for %s\n", proc); usage(); } // have a pid? if (pid == 0) { printf (" [ unable to obtain process id for %s\n", proc); return 0; } // is it ourselves? if (pid==GetCurrentProcessId()) { printf (" [ cannot injekt self, bye\n"); } else { // no, is this a PIC if (pic != NULL) { if (read_pic (pic, &code, &code_size)) { // injekt pic code without parameters inject (pid, code, code_size, NULL, 0, dbg); xfree (code); } } else // is this DLL for LoadLibrary? if (dll != NULL) { inject (pid, LoadDLLPIC, LoadDLLPIC_SIZE, dll, lstrlen(dll), dbg); } else // is this command for WinExec? if (cmd != NULL) { inject (pid, ExecPIC, ExecPIC_SIZE, cmd, lstrlen(cmd), dbg); } } return 0; }
bool IE_Imp_MSWrite::read_pap (pap_t process) { static const char *text_align[] = {"left", "center", "right", "justify"}; int fcMac, pnPara, fcFirst, cfod, fc, fcLim; unsigned char page[0x80]; UT_String properties, tmp, lastprops; if (process == All) { UT_DEBUGMSG(("PAP:\n")); } fcMac = wri_struct_value(wri_file_header, "fcMac"); pnPara = wri_struct_value(wri_file_header, "pnPara"); fcFirst = 0x80; while (true) { gsf_input_seek(mFile, pnPara++ * 0x80, G_SEEK_SET); gsf_input_read(mFile, 0x80, page); fc = READ_DWORD(page); cfod = page[0x7f]; if (process == All) { UT_DEBUGMSG((" fcFirst = %d\n", fc)); UT_DEBUGMSG((" cfod = %d\n", cfod)); } if (fc != fcFirst) UT_WARNINGMSG(("read_pap: fcFirst wrong.\n")); // read all FODs (format descriptors) for (int fod = 0; fod < cfod; fod++) { int bfprop, cch; int jc, dxaRight, dxaLeft, dxaLeft1, dyaLine, fGraphics; int rhcPage, rHeaderFooter, rhcFirst; int tabs, dxaTab[14], jcTab[14]; if (process == All) { UT_DEBUGMSG((" PAP-FOD #%02d:\n", fod + 1)); } // read a FOD (format descriptor) fcLim = READ_DWORD(page + 4 + fod * 6); bfprop = READ_WORD(page + 8 + fod * 6); if (process == All) { UT_DEBUGMSG((" fcLim = %d\n", fcLim)); UT_DEBUGMSG((bfprop == 0xffff ? " bfprop = 0x%04X\n" : " bfprop = %d\n", bfprop)); } // default PAP values jc = 0; dxaRight = dxaLeft = dxaLeft1 = 0; dyaLine = 240; rhcPage = rHeaderFooter = rhcFirst = 0; fGraphics = 0; tabs = 0; // if the PAP FPROPs (formatting properties) differ from the defaults, get them if (bfprop != 0xffff && bfprop + (cch = page[bfprop + 4]) < 0x80) { if (process == All) { UT_DEBUGMSG((" cch = %d\n", cch)); } if (cch >= 2) jc = page[bfprop + 6] & 3; if (cch >= 6) dxaRight = READ_WORD(page + bfprop + 9); if (cch >= 8) dxaLeft = READ_WORD(page + bfprop + 11); if (cch >= 10) dxaLeft1 = READ_WORD(page + bfprop + 13); if (cch >= 12) dyaLine = READ_WORD(page + bfprop + 15); if (cch >= 17) { rhcPage = page[bfprop + 21] & 1; rHeaderFooter = page[bfprop + 21] & 6; rhcFirst = page[bfprop + 21] & 8; fGraphics = page[bfprop + 21] & 0x10; } for (int n = 0; n < 14; n++) { if (cch >= 4 * (n + 1) + 26) { dxaTab[tabs] = READ_WORD(page + bfprop + n * 4 + 27); jcTab[tabs] = page[bfprop + n * 4 + 29] & 3; tabs++; } } if (dxaRight & 0x8000) dxaRight = -0x10000 + dxaRight; if (dxaLeft & 0x8000) dxaLeft = -0x10000 + dxaLeft; if (dxaLeft1 & 0x8000) dxaLeft1 = -0x10000 + dxaLeft1; if (dyaLine < 240) dyaLine = 240; if (process == All && rHeaderFooter) { if (rhcPage) { if (!hasFooter) { hasFooter = true; page1Footer = rhcFirst; } } else { if (!hasHeader) { hasHeader = true; page1Header = rhcFirst; } } } } if ((process == All && !rHeaderFooter) || (rHeaderFooter && ((process == Header && !rhcPage) || (process == Footer && rhcPage)))) { UT_DEBUGMSG((" jc = %d\n", jc)); UT_DEBUGMSG((" dxaRight = %d\n", dxaRight)); UT_DEBUGMSG((" dxaLeft = %d\n", dxaLeft)); UT_DEBUGMSG((" dxaLeft1 = %d\n", dxaLeft1)); UT_DEBUGMSG((" dyaLine = %d\n", dyaLine)); UT_DEBUGMSG((" rhcPage = %d\n", rhcPage)); UT_DEBUGMSG((" rHeaderFooter = %d\n", rHeaderFooter)); UT_DEBUGMSG((" rhcFirst = %d\n", rhcFirst)); UT_DEBUGMSG((" fGraphics = %d\n", fGraphics)); UT_LocaleTransactor lt(LC_NUMERIC, "C"); UT_String_sprintf(properties, "text-align:%s; line-height:%.1f", text_align[jc], static_cast<float>(dyaLine) / 240.0); if (tabs) { properties += "; tabstops:"; UT_DEBUGMSG((" Tabs:\n")); for (int n = 0; n < tabs; n++) { UT_String_sprintf(tmp, "%.4fin/%c0", static_cast<float>(dxaTab[n]) / 1440.0, jcTab[n] ? 'D' : 'L'); properties += tmp; UT_DEBUGMSG((" #%02d dxa = %d, jcTab = %d\n", n + 1, dxaTab[n], jcTab[n])); if (n != tabs - 1) properties += ","; } } if (process == Header || process == Footer) { // For reasons unknown, the left and right margins from the paper // are included in the indents of the headers and footers. dxaLeft -= xaLeft; dxaRight -= xaRight; } if (dxaLeft1) { UT_String_sprintf(tmp, "; text-indent:%.4fin", static_cast<float>(dxaLeft1) / 1440.0); properties += tmp; } if (dxaLeft) { UT_String_sprintf(tmp, "; margin-left:%.4fin", static_cast<float>(dxaLeft) / 1440.0); properties += tmp; } if (dxaRight) { UT_String_sprintf(tmp, "; margin-right:%.4fin", static_cast<float>(dxaRight) / 1440.0); properties += tmp; } // new attributes, only if there was a line feed or FPROPs have changed if (lf || strcmp(properties.c_str(), lastprops.c_str()) != 0) { const gchar *attributes[3]; attributes[0] = PT_PROPS_ATTRIBUTE_NAME; attributes[1] = properties.c_str(); attributes[2] = NULL; appendStrux(PTX_Block, attributes); lastprops = properties; } if (fGraphics) read_pic(fcFirst, fcLim - fcFirst); else read_txt(fcFirst, fcLim - 1); } fcFirst = fcLim; if (fcLim >= fcMac) { UT_DEBUGMSG((" PAP-FODs end, fcLim (%d) >= fcMac (%d)\n", fcLim, fcMac)); return true; } } } }