API tools faq
paste
Tal_Liberman

_SECL_STARTUPINFOW SECL_STARTUPINFOW SECL_STARTUPINFO

Tal_Liberman
Aug 1st, 2017
156
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.04 KB | None | 0 0
raw download clone embed print report
  1. https://twitter.com/Tal_Liberman
  2. http://breakingmalware.com
  3.  
  4. typedef struct _SECL_STARTUPINFOW {
  5. DWORD cb;
  6. LPWSTR lpReserved;
  7. LPWSTR lpDesktop;
  8. LPWSTR lpTitle;
  9. DWORD dwX;
  10. DWORD dwY;
  11. DWORD dwXSize;
  12. DWORD dwYSize;
  13. DWORD dwXCountChars;
  14. DWORD dwYCountChars;
  15. DWORD dwFillAttribute;
  16. DWORD dwFlags;
  17. WORD wShowWindow;
  18. WORD cbReserved2;
  19. LPBYTE lpReserved2;
  20. HANDLE hStdInput;
  21. HANDLE hStdOutput;
  22. HANDLE hStdError;
  23. } SECL_STARTUPINFOW, *LPSECL_STARTUPINFOW;
  24.  
  25. advapi32!StartInfo_To_SECL_STARTUPINFOW
  26. unsigned long __stdcall StartInfo_To_SECL_STARTUPINFOW(struct _STARTUPINFOW *, struct _SECL_STARTUPINFOW *) proc near
  27.  
  28. ;
  29. ; tSeclStartupInfo = edx
  30. ; tStartUpInfo = ecx
  31. ;
  32.  
  33. test tStartUpInfo, tStartUpInfo
  34. jz lbl_null_input
  35.  
  36. lbl_null_input: ; Size
  37. push 44h
  38. push 0 ; Val
  39. push tSeclStartupInfo ; Dst
  40. call _memset
  41. add esp, 0Ch
  42. jmp lbl_return
  43.  
  44. mov eax, [tStartUpInfo+_STARTUPINFOW.cb]
  45. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.cb], eax
  46. mov eax, [tStartUpInfo+_STARTUPINFOW.lpReserved]
  47. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.lpReserved], eax
  48. mov eax, [tStartUpInfo+_STARTUPINFOW.lpDesktop]
  49. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.lpDesktop], eax
  50. mov eax, [tStartUpInfo+_STARTUPINFOW.lpTitle]
  51. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.lpTitle], eax
  52. mov eax, [tStartUpInfo+_STARTUPINFOW.dwX]
  53. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.dwX], eax
  54. mov eax, [tStartUpInfo+_STARTUPINFOW.dwY]
  55. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.dwY], eax
  56. mov eax, [tStartUpInfo+_STARTUPINFOW.dwXSize]
  57. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.dwXSize], eax
  58. mov eax, [tStartUpInfo+_STARTUPINFOW.dwYSize]
  59. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.dwYSize], eax
  60. mov eax, [tStartUpInfo+_STARTUPINFOW.dwXCountChars]
  61. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.dwXCountChars], eax
  62. mov eax, [tStartUpInfo+_STARTUPINFOW.dwYCountChars]
  63. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.dwYCountChars], eax
  64. mov eax, [tStartUpInfo+_STARTUPINFOW.dwFillAttribute]
  65. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.dwFillAttribute], eax
  66. mov eax, [tStartUpInfo+_STARTUPINFOW.dwFlags]
  67. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.dwFlags], eax
  68. mov ax, [tStartUpInfo+_STARTUPINFOW.wShowWindow]
  69. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.wShowWindow], ax
  70. mov ax, [tStartUpInfo+_STARTUPINFOW.cbReserved2]
  71. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.cbReserved2], ax
  72. mov eax, [tStartUpInfo+_STARTUPINFOW.lpReserved2]
  73. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.lpReserved2], eax
  74. mov eax, [tStartUpInfo+_STARTUPINFOW.hStdInput]
  75. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.hStdInput], eax
  76. mov eax, [tStartUpInfo+_STARTUPINFOW.hStdOutput]
  77. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.hStdOutput], eax
  78. mov eax, [tStartUpInfo+_STARTUPINFOW.hStdError]
  79. mov [tSeclStartupInfo+_SECL_STARTUPINFOW.hStdError], eax
  80.  
  81. lbl_return:
  82. xor eax, eax
  83. retn
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!