Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: ba4d8ecf58
Fetching contributors…

Cannot retrieve contributors at this time

executable file 129 lines (110 sloc) 4.572 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129
Dim functions(56)
functions(0) = "advapi32.dll!RegCloseKey"
functions(1) = "advapi32.dll!RegConnectRegistryW"
functions(2) = "advapi32.dll!RegCopyTreeW"
functions(3) = "advapi32.dll!RegCreateKeyW"
functions(4) = "advapi32.dll!RegCreateKeyExW"
functions(5) = "advapi32.dll!RegCreateKeyTransactedW"
functions(6) = "advapi32.dll!RegDeleteKeyW"
functions(7) = "advapi32.dll!RegDeleteKeyExW"
functions(8) = "advapi32.dll!RegDeleteKeyTransactedW"
functions(9) = "advapi32.dll!RegDeleteKeyValueW"
functions(10) = "advapi32.dll!RegDeleteTreeW"
functions(11) = "advapi32.dll!RegDeleteValueW"
functions(12) = "advapi32.dll!RegDisablePredefinedCacheW"
functions(13) = "advapi32.dll!RegDisablePredefinedCacheExW"
functions(14) = "advapi32.dll!RegDisableReflectionKeyW"
functions(15) = "advapi32.dll!RegEnableReflectionKeyW"
functions(16) = "advapi32.dll!RegEnumKeyW"
functions(17) = "advapi32.dll!RegEnumKeyExW"
functions(18) = "advapi32.dll!RegEnumValueW"
functions(19) = "advapi32.dll!RegFlushKeyW"
functions(20) = "advapi32.dll!RegGetValueW"
functions(21) = "advapi32.dll!RegLoadAppKeyW"
functions(22) = "advapi32.dll!RegLoadKeyW"
functions(23) = "advapi32.dll!RegLoadMUIStringW"
functions(24) = "advapi32.dll!RegNotifyChangeKeyValue"
functions(25) = "advapi32.dll!RegOpenCurrentUserW"
functions(26) = "advapi32.dll!RegOpenKeyW"
functions(27) = "advapi32.dll!RegOpenKeyExW"
functions(28) = "advapi32.dll!RegOpenKeyTransactedW"
functions(29) = "advapi32.dll!RegOpenUserClassesRootW"
functions(30) = "advapi32.dll!RegOverridePredefKeyW"
functions(31) = "advapi32.dll!RegQueryInfoKeyW"
functions(32) = "advapi32.dll!RegQueryMultipleValuesW"
functions(33) = "advapi32.dll!RegQueryReflectionKeyW"
functions(34) = "advapi32.dll!RegQueryValueW"
functions(35) = "advapi32.dll!RegQueryValueExW"
functions(36) = "advapi32.dll!RegReplaceKeyW"
functions(37) = "advapi32.dll!RegRestoreKeyW"
functions(38) = "advapi32.dll!RegSaveKeyW"
functions(39) = "advapi32.dll!RegSaveKeyExW"
functions(40) = "advapi32.dll!RegSetKeyValueW"
functions(41) = "advapi32.dll!RegSetValueW"
functions(42) = "advapi32.dll!RegSetValueExW"
functions(43) = "advapi32.dll!RegUnLoadKeyW"
functions(44) = "kernel32.dll!GetPrivateProfileIntW"
functions(45) = "kernel32.dll!GetPrivateProfileSectionW"
functions(46) = "kernel32.dll!GetPrivateProfileSectionNamesW"
functions(47) = "kernel32.dll!GetPrivateProfileStringW"
functions(48) = "kernel32.dll!GetPrivateProfileStructW"
functions(49) = "kernel32.dll!GetProfileIntW"
functions(50) = "kernel32.dll!GetProfileSectionW"
functions(51) = "kernel32.dll!GetProfileStringW"
functions(52) = "kernel32.dll!WritePrivateProfileSectionW"
functions(53) = "kernel32.dll!WritePrivateProfileStringW"
functions(54) = "kernel32.dll!WritePrivateProfileStructW"
functions(55) = "kernel32.dll!WriteProfileSectionW"
functions(56) = "kernel32.dll!WriteProfileStringW"

Dim spyMgr


Set spyMgr = WScript.CreateObject("DeviareCOM.NktSpyMgr", "spyMgr_")

spyMgr.Initialize

WScript.Echo "NkySpyMgr Initialized"

Dim hooks
Set hooks = CreateObject("Scripting.Dictionary")
Dim func

Dim hook
For Each func in functions
Set hook = spyMgr.CreateHook(func, 33)
'hook.Hook True
hooks.add func, hook
Next

WScript.Echo "Hooks Created"

Dim processes, process

Set processes = spyMgr.Processes()
Set process = processes.First()

Do While Not process Is Nothing
If LCase(process.Name) = "outlook.exe" And process.PlatformBits = 32 Then
'If LCase(process.Name) = "iexplore.exe" And process.PlatformBits = 32 Then
For Each key in hooks
'WScript.Echo key
WScript.Echo "Before hooking " & key & " on iexplore.exe"
'MsgBox TypeName(hooks.Item(key))
hooks.Item(key).Attach process, False
WScript.Echo "After hooking " & key & " on iexplore.exe"
Next
End If
Set process = processes.Next()
Loop

WScript.Echo "Hooks attached to processes"

For Each key in hooks
hooks.Item(key).Hook True
Next

WScript.Echo "Hooks in True"

Sub spyMgr_OnFunctionCalled(ByVal hook, ByVal proc, ByVal callInfo)
Dim params, param, log

log = hook.FunctionName
Set params = callInfo.Params()
If Not params Is Nothing Then
log = log & " #parameters = " & params.Count & " param names: "
Set param = params.First()
Do While Not param is Nothing
log = log & param.Name & " "
Set param = params.Next()
Loop

End If

WScript.Echo log
End Sub

Dim wshShell
Set wshShell = WScript.CreateObject("WScript.Shell")
wshShell.Popup "Press the OK button to exit this script"
Something went wrong with that request. Please try again.