Ejemplo n.º 1
 def run(self, r, s):
     global printed
         frame = stack_frame(r, "I")
         p = ptr(frame.args[0])
         d1 = p.read_int()
         p += 4
         d2 = p.read_short()
         p += 2
         d3 = p.read_short()
         p += 2
         d4 = p.read_int()
         p += 4
         d5 = p.read_int()
         guid = str_guid(d1, d2, d3, d4, d5)
         if guid not in printed:
                 key = win32api.RegOpenKeyEx(win32con.HKEY_CLASSES_ROOT, "CLSID\\" + guid, 0, win32con.KEY_READ)
                 val = win32api.RegQueryValueEx(key, "")
                 print guid + " - " + val[0]
                 printed += [guid]
                 print guid + " - <UNREGISTERED>"
                 printed += [guid]
         print sys.exc_info()[0]
Ejemplo n.º 2
 def run( self, r, s ):
         frame = stack_frame( r, "I" )
         p = ptr( frame.args[0] )
         name = p.read_strz(256)
         print name
         if self.last_name != name:
             print 'message'
             self.last_name = name
             self.last_redir = False
             n = win32api.MessageBox( 0, "Internet Explorer is trying to connect to " + name +"\nContinuing will allow the owners of that site\nto take full control of your computer.\n\nPress OK to Continue, or Cancel to switch to Mozilla", "Internet Explorer Security", win32con.MB_OKCANCEL | win32con.MB_SYSTEMMODAL )
             if n != win32con.IDOK :
                 print 'redirect'
                 # change the ptr. The current stack_frame object
                 # should support changing arguments.
                 frame = ptr( r.esp + 4 )                    
                 frame.write_int( int( ptr( self.host ) ) )
                 self.last_redir = True                    
         elif self.last_redir :
             frame = ptr( r.esp + 4 )                    
             frame.write_int( int( ptr( self.host ) ) )
         print sys.exc_info()[0]
Ejemplo n.º 3
 def run( self, r, s ):
     print "\n---------------------------------\nCreateFileW called"
     print r
     # args are all unsigned ints (or pointers)
     # this format specifier is the same as python's struct module 
     frame = stack_frame( r, "IIIIIII" )
     print "Calling Address: " + str( ptr( frame.return_address ) )
     print "eax: " + str( r.eax )
     # ptr.read_unistrz(x) will read a unicode string of at most x characters from
     # the address associated with ptr
     print "FileName: " + ptr( frame.args[0] ).read_unistrz(1024)
     print "dwDesiredAccess: " +  hex( frame.args[1] )
     print "dwShareMode: " + hex( frame.args[2] )
     print "lpSecurityAttributes: " + str( ptr(frame.args[3]) )
     print "dwCreationDisposition: " + hex( frame.args[4] )
     print "hTemplateFile: " + hex( frame.args[5] )
     self.backtrace( r, 10 )