Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-11-2016, 20:25
Sn!per X Sn!per X is offline
Friend
 
Join Date: Nov 2015
Location: AT4RE
Posts: 21
Rept. Given: 0
Rept. Rcvd 12 Times in 6 Posts
Thanks Given: 8
Thanks Rcvd at 53 Times in 15 Posts
Sn!per X Reputation: 12
Post [C/C++/Delphi] Custom MessageBox

http://i.imgur.com/OaCRhu2.gif
MessageBox from Carberp source code leak
c++ code token by naquadria from the leaked code:
Code:
#include 
#include 

HHOOK hMsgBoxHook;
HCURSOR hArrow,hIbeam;

INT_PTR CALLBACK EditDlgProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {
    WNDPROC lpWndProc = (WNDPROC)GetWindowLongPtr(hWnd, GWLP_USERDATA);
    switch (uMsg) {
    case WM_SETFOCUS: {
        return 1;
    }
    case WM_MOUSEWHEEL: {
        return NULL;
    }
    }
    if (GetCursor() == hIbeam)
        SetCursor(hArrow);

    return CallWindowProc(lpWndProc, hWnd, uMsg, wParam, lParam);
}

INT_PTR CALLBACK StaticDlgProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {
    bool bCursor = false;
    WNDPROC lpWndProc = (WNDPROC)GetWindowLongPtr(hWnd, GWLP_USERDATA);
    switch (uMsg) {
    case WM_NOTIFY: {
        switch (((LPNMHDR)lParam)->code) {
        case EN_LINK: {
            ENLINK *lpLink = (ENLINK*)lParam;
            if (lpLink->msg == WM_LBUTTONUP) {
                SendMessage(lpLink->nmhdr.hwndFrom,
                            EM_EXSETSEL,
                            0,
                            (LPARAM)&lpLink->chrg);

                TCHAR szBuf[260];
                SendMessage(lpLink->nmhdr.hwndFrom,
                            EM_GETSELTEXT,
                            0,
                            (LPARAM)szBuf);

                ShellExecute(NULL,
                             TEXT("open"),
                             szBuf,
                             NULL,
                             NULL,
                             SW_SHOWNORMAL);
            }
            bCursor = true;
            break;
        }
        }
        break;
    }
    }
    return CallWindowProc(lpWndProc, hWnd, uMsg, wParam, lParam);
}

LRESULT CALLBACK MsgProc(int nCode, WPARAM wParam, LPARAM lParam) {
    if (nCode == HC_ACTION) {
        CWPSTRUCT *lpMsg = (CWPSTRUCT*)lParam;
        switch (LOWORD(lpMsg->message)) {
        case WM_INITDIALOG: {
            HWND hStatic = GetDlgItem(lpMsg->hwnd,0xFFFF);

            RECT rcStatic;
            GetClientRect(hStatic, &rcStatic);
            TCHAR szBuf[260];

            GetWindowText(hStatic, szBuf, 260);
            HGDIOBJ hFont = (HGDIOBJ)SendMessage(hStatic,
                                                 WM_GETFONT,
                                                 NULL,
                                                 NULL);

            HWND hRich = CreateWindowEx(WS_EX_NOPARENTNOTIFY,
                                        RICHEDIT_CLASS,
                                        NULL,
                                        WS_CHILD + ES_READONLY + WS_VISIBLE + ES_MULTILINE,
                                        0,
                                        0,
                                        rcStatic.right - rcStatic.left + 2,
                                        rcStatic.bottom - rcStatic.top,
                                        hStatic,
                                        NULL,
                                        NULL,
                                        NULL);

            SendMessage(hRich,WM_SETFONT,(WPARAM)hFont, 0);
            SendMessage(hRich,EM_SETBKGNDCOLOR, 0, 0x00FFFFFF);
            SendMessage(hRich,EM_SETEVENTMASK, 0, ENM_LINK);
            SendMessage(hRich,EM_AUTOURLDETECT, TRUE, 0);

            SetWindowText(hRich,szBuf);

            POINT pt = {rcStatic.left,rcStatic.top};
            ScreenToClient(lpMsg->hwnd, &pt);
            SetWindowLongPtr(hStatic,
                             GWLP_USERDATA,
                             SetWindowLongPtr(hStatic,
                                              GWLP_WNDPROC,
                                              (LONG_PTR)StaticDlgProc)
                            );

            SetWindowLongPtr(hRich,
                             GWLP_USERDATA,
                             SetWindowLongPtr(hRich,
                                              GWLP_WNDPROC,
                                              (LONG_PTR)EditDlgProc)
                            );

            break;
        }
        }
    }
    return CallNextHookEx(hMsgBoxHook, nCode, wParam, lParam);
}

int WINAPI ShowHypeMessageBox(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType) {
    int dwResult = 0;
    hMsgBoxHook = SetWindowsHookEx(WH_CALLWNDPROC,
                                   MsgProc,
                                   NULL,
                                   GetCurrentThreadId()
                                  );

    dwResult = MessageBox(hWnd, lpText, lpCaption, uType);
    UnhookWindowsHookEx(hMsgBoxHook);
    return dwResult;
}

int iWinMain() {
    hIbeam = LoadCursor(0, IDC_IBEAM);
    hArrow = LoadCursor(0, IDC_ARROW);
    LoadLibrary(TEXT("riched20"));
    ShowHypeMessageBox(0,
                       TEXT("website: http://www.at4re.com/f\nemail: mailto:admin@at4re.com\nftp: ftp://at4re.com\n\nCode snippet from carberp leak package."),
                       TEXT("carberp leak"),
                       MB_ICONASTERISK);
    return 0;
}
----------------------------------------------------------------------
Same code ported to delphi by Agmcz (ex ghost-dz):

Code:
unit uCustomMessageBox;

interface

uses
  Windows, Messages, RichEdit, ShellAPI;

function ShowHypeMessageBox(hWnd: HWND; lpText: PChar; lpCaption: PChar; uType: UINT ): Integer;

var
  hMsgBoxHook: HHOOK;
  hArrow, hIbeam: HCURSOR;

implementation

var
  lpWndProc: Pointer;

function EditDlgProc(hWnd: HWND; uMsg: UINT; wParam: WPARAM; lParam: LPARAM):
  Integer; stdcall;
begin
  Result := 0;
  lpWndProc := Pointer(GetWindowLong(hWnd, GWL_USERDATA));
  case uMsg of
    WM_SETFOCUS: Result := 1;
    WM_MOUSEWHEEL: Result := 0;
  end;
  if GetCursor = hIbeam then
    SetCursor(hArrow);
  Result := CallWindowProc(lpWndProc, hWnd, uMsg, wParam, lParam);
end;

function StaticDlgProc(hWnd: HWND; uMsg: UINT; wParam: WPARAM; lParam: LPARAM):
  Integer; stdcall;
type
  PENLINK = ^ENLINK;
var
  bCursor: Boolean;
  lpLink: PENLINK;
  szBuf: array[0..260-1] of Char;
begin
  Result := 0;
  bCursor := False;
  lpWndProc := Pointer(GetWindowLong(hWnd, GWL_USERDATA));
  case uMsg of
    WM_NOTIFY:
      begin
        case PNMHdr(lParam)^.code of
          EN_LINK:
            begin
               lpLink := PENLINK(lParam);
              if (lpLink^.msg = WM_LBUTTONUP) then
              begin
                SendMessage(lpLink^.nmhdr.hwndFrom,
                  EM_EXSETSEL,
                  0,
                  Integer(@lpLink^.chrg));

                SendMessage(lpLink^.nmhdr.hwndFrom,
                  EM_GETSELTEXT,
                  0,
                  Integer(@szBuf));

                ShellExecute(0,
                  'open',
                  szBuf,
                  nil,
                  nil,
                  SW_SHOWNORMAL);
              end;
              bCursor := true;
              Exit;
            end;
        end;
      end;
  end;
  Result := CallWindowProc(lpWndProc, hWnd, uMsg, wParam, lParam);
end;

function MsgProc(nCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT;
  stdcall;
var
  lpMsg: PCWPStruct;
  hStatic: HWND;
  rcStatic: TRect;
  hFont: HGDIOBJ;
  hRich: HWND;
  szBuf: array[0..260-1] of Char;
  pt: TPoint;
begin
  Result := 0;
  if (nCode = HC_ACTION) then
    lpMsg := PCWPStruct(lParam);
  case LOWORD(lpMsg^.message) of
    WM_INITDIALOG:
      begin
        hStatic := GetDlgItem(lpMsg^.hwnd, $FFFF);
        GetClientRect(hStatic, rcStatic);
        GetWindowText(hStatic, szBuf, 260);
        hFont := SendMessage(hStatic,
          WM_GETFONT,
          0,
          0);

        hRich := CreateWindowEx(WS_EX_NOPARENTNOTIFY,
          RICHEDIT_CLASS,
          nil,
          WS_CHILD + ES_READONLY + WS_VISIBLE + ES_MULTILINE,
          0,
          0,
          rcStatic.right - rcStatic.left + 2,
          rcStatic.bottom - rcStatic.top,
          hStatic,
          0,
          0,
          nil);

        SendMessage(hRich, WM_SETFONT, hFont, 0);
        SendMessage(hRich, EM_SETBKGNDCOLOR, 0, $00FFFFFF);
        SendMessage(hRich, EM_SETEVENTMASK, 0, ENM_LINK);
        SendMessage(hRich, EM_AUTOURLDETECT, 1, 0);

        SetWindowText(hRich, szBuf);

        ScreenToClient(lpMsg^.hwnd, pt);
        SetWindowLong(hStatic,
          GWL_USERDATA,
          SetWindowLong(hStatic,
          GWL_WNDPROC,
          LONG_PTR(@StaticDlgProc))
          );

        SetWindowLong(hRich,
          GWL_USERDATA,
          SetWindowLong(hRich,
          GWL_WNDPROC,
          LONG_PTR(@EditDlgProc))
          );

        Exit;
      end;
  end;
  Result := CallNextHookEx(hMsgBoxHook, nCode, wParam, lParam);
end;

function ShowHypeMessageBox(hWnd: HWND; lpText: PChar; lpCaption: PChar; uType: UINT ): Integer;
var
  dwResult: Integer;
begin
  dwResult := 0;
  hMsgBoxHook := SetWindowsHookEx(WH_CALLWNDPROC,
    MsgProc,
    0,
    GetCurrentThreadId()
    );
  dwResult := MessageBox(hWnd, lpText, lpCaption, uType);
  UnhookWindowsHookEx(hMsgBoxHook);
  Result := dwResult;
end;

end.
Example Test:
Code:
program msgbox;

uses
  Windows,
  uCustomMessageBox;

begin
  hIbeam := LoadCursor(0, IDC_IBEAM);
  hArrow := LoadCursor(0, IDC_ARROW);
  LoadLibrary('riched32.dll');
  ShowHypeMessageBox(0,
    'website: http://www.at4re.com/f' + #13#10 +
    'email: mailto:admin@at4re.com' + #13#10 +
    'ftp: ftp://at4re.com' + #13#10 +  #13#10 +
    'Code snippet from carberp leak package.',
    'carberp leak',
    MB_ICONASTERISK);
end.
Refferences:
Code:
http://www.at4re.com/f/showthread.php?11697-Custom-MessageBox
http://www.at4re.com/f/showthread.php?11746-Custom-MessageBox
Attached Files
File Type: rar msgbox.rar (4.6 KB, 25 views)
File Type: rar msgbox_2.rar (29.1 KB, 23 views)
Reply With Quote
The Following 4 Users Gave Reputation+1 to Sn!per X For This Useful Post:
Insid3Code (01-11-2016), mr.exodia (01-11-2016), ReBirth (01-12-2016), zeuscane (01-12-2016)
The Following 3 Users Say Thank You to Sn!per X For This Useful Post:
ontryit (01-12-2016), YuqseLx (01-12-2016), zeuscane (01-12-2016)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Themida custom VMs Conquest General Discussion 4 04-11-2020 22:18
Brute Forcing a Custom CRC chessgod101 Source Code 0 05-30-2014 03:48


All times are GMT +8. The time now is 13:55.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )