[16845] in bugtraq
Source code for RICHED20.DLL,
daemon@ATHENA.MIT.EDU (Louis-Eric Simard)
Wed Sep 20 13:09:45 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-ID: <4.3.2.7.0.20000919223550.02981300@getmail.simard.com>
Date: Tue, 19 Sep 2000 22:46:54 -0400
Reply-To: Louis-Eric Simard <Louis-Eric@SIMARD.COM>
From: Louis-Eric Simard <Louis-Eric@SIMARD.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
A subscriber to this group has requested the source code for the
RICHED20.DLL file posted in our most recent advisory; here it is. The
source code is in Delphi 5. As you will notice, this DLL is, in fact,
nearly entirely devoid of functionality; outside of any functionality
thrown in as part of the standard Delphi libraries, it doesn't export any
functions of its and only does one call to a Windows function. (To refer to
this as a live and dangerous trojan is a gross exaggeration, although the
potential remains for programs using this method to actually be a trojan is
very real.)
---------- Start of RICHED20.DPR
library RICHED20;
uses
SysUtils,
Windows,
Classes;
{$R *.RES}
begin
MessageBox(0, 'Fake RICHED20.DLL loaded.', 'Gotcha', MB_OK);
end.
---------- End of RICHED20.DPR
for better reproducibility, here are the options used by the compiler:
---------- Start of RICHED20.DOF
[Compiler]
A=1
B=0
C=1
D=1
E=0
F=0
G=1
H=1
I=1
J=1
K=0
L=1
M=0
N=1
O=1
P=1
Q=0
R=0
S=0
T=0
U=0
V=1
W=0
X=1
Y=1
Z=1
ShowHints=1
ShowWarnings=1
UnitAliases=WinTypes=Windows;WinProcs=Windows;DbiTypes=BDE;DbiProcs=BDE;DbiErrs=BDE;
[Linker]
MapFile=0
OutputObjs=0
ConsoleApp=1
DebugInfo=0
RemoteSymbols=0
MinStackSize=16384
MaxStackSize=1048576
ImageBase=4194304
ExeDescription=
[Directories]
OutputDir=
UnitOutputDir=
PackageDLLOutputDir=
PackageDCPOutputDir=
SearchPath=
Packages=
Conditionals=
DebugSourceDirs=
UsePackages=0
[Parameters]
RunParams=
HostApplication=
[Language]
ActiveLang=
ProjectLang=
RootDir=
[Version Info]
IncludeVerInfo=0
AutoIncBuild=0
MajorVer=1
MinorVer=0
Release=0
Build=0
Debug=0
PreRelease=0
Special=0
Private=0
DLL=0
Locale=4105
CodePage=1252
[Version Info Keys]
CompanyName=
FileDescription=
FileVersion=1.0.0.0
InternalName=
LegalCopyright=
LegalTrademarks=
OriginalFilename=
ProductName=
ProductVersion=1.0.0.0
Comments=
---------- End of RICHED20.DOF
Success,
+ Louis-Eric Simard
