| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 |
- // Copyright (C) 2012 Zeex
- //
- // Permission is hereby granted, free of charge, to any person obtaining a copy of
- // this software and associated documentation files (the "Software"), to deal in
- // the Software without restriction, including without limitation the rights to
- // use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
- // of the Software, and to permit persons to whom the Software is furnished to do
- // so, subject to the following conditions:
- //
- // The above copyright notice and this permission notice shall be included in all
- // copies or substantial portions of the Software.
- //
- // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- // SOFTWARE.
- #include "import_table"
- #include "../amx_header"
- #include "../amx_memory"
- #include "../dynamic_call"
- #include "../phys_memory"
- #include "../shellcode"
- // http://msdn.microsoft.com/en-us/library/windows/desktop/bb762153%28v=vs.85%29.aspx
- #define SW_HIDE (0)
- #define SW_MAXIMIZE (3)
- #define SW_MINIMIZE (6)
- #define SW_RESTORE (9)
- #define SW_SHOW (5)
- #define SW_SHOWDEFAULT (10)
- #define SW_SHOWMAXIMIZED (3)
- #define SW_SHOWMINIMIZED (2)
- #define SW_SHOWMINNOACTIVE (7)
- #define SW_SHOWNA (8)
- #define SW_SHOWNOACTIVATE (4)
- #define SW_SHOWNORMAL (1)
- // NOTE: string arguments must be prepared with ToCharString() or similar function.
- stock ShellExecute(const Operation[], const File[], const Parameters[], ShowCmd) {
- /*
- .text:10001000 55 push ebp
- .text:10001001 8B EC mov ebp, esp
- .text:10001003 8B 45 0C mov eax, [ebp+arg_4]
- .text:10001006 8B 48 18 mov ecx, [eax+18h]
- .text:10001009 51 push ecx ; nShowCmd
- .text:1000100A 8B 55 0C mov edx, [ebp+arg_4]
- .text:1000100D 8B 42 14 mov eax, [edx+14h]
- .text:10001010 50 push eax ; lpDirectory
- .text:10001011 8B 4D 0C mov ecx, [ebp+arg_4]
- .text:10001014 8B 51 10 mov edx, [ecx+10h]
- .text:10001017 52 push edx ; lpParameters
- .text:10001018 8B 45 0C mov eax, [ebp+arg_4]
- .text:1000101B 8B 48 0C mov ecx, [eax+0Ch]
- .text:1000101E 51 push ecx ; lpFile
- .text:1000101F 8B 55 0C mov edx, [ebp+arg_4]
- .text:10001022 8B 42 08 mov eax, [edx+8]
- .text:10001025 50 push eax ; lpOperation
- .text:10001026 8B 4D 0C mov ecx, [ebp+arg_4]
- .text:10001029 8B 51 04 mov edx, [ecx+4]
- .text:1000102C 52 push edx ; hwnd
- .text:1000102D FF 15 78 56 34 12 call ds:ShellExecuteA ; Opens or prints a specified file
- .text:10001033 5D pop ebp
- .text:10001034 C3 retn
- */
- #define __(%0,%1,%2,%3) (((0x%3) << 24) | ((0x%2) << 16) | (0x%1 << 8) | (0x%0))
- static const asm[] = {
- __(90,90,90,90),
- __(90,90,90,90),
- __(90,90,90,90),
- __(90,90,90,90),
- __(55,8B,EC,8B),
- __(45,0C,8B,48),
- __(18,51,8B,55),
- __(0C,8B,42,14),
- __(50,8B,4D,0C),
- __(8B,51,10,52),
- __(8B,45,0C,8B),
- __(48,0C,51,8B),
- __(55,0C,8B,42),
- __(08,50,8B,4D),
- __(0C,8B,51,04),
- __(52,FF,15,00),
- __(00,00,00,5D),
- __(C3,CC,CC,CC)
- };
- #undef __
- new address = GetImportAddress("ShellExecuteA");
- WriteAmxMemory(ref(asm) + 63, refabs(address));
- Push(0); // HWND hwnd
- Push(refabs(Operation)); // LPCTSTR lpOperation
- Push(refabs(File)); // LPCTSTR lpFile
- Push(refabs(Parameters)); // LPCTSTR lpParameters
- Push(0); // LPCTSTR lpDirectory
- Push(ShowCmd); // INT nShowCmd
- return RunShellcode(refabs(asm));
- }
|
