christophetd / spoofing-office-macro Goto Github PK
View Code? Open in Web Editor NEW:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.
License: GNU Affero General Public License v3.0
:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.
License: GNU Affero General Public License v3.0
Hi
I fix the issues and tried in 32bit and 64bit office at Windows10 Environment
But I found result = NtQueryInformationProcess(newProcessHandle, 0, pbi, Len(pbi), size)
doesn't work. the result is FALSE
And the new Process still be a childProcess of WINWORD.EXE.
Can you help me
By the way, the function to getPid is not work.
I used WMI to get Pid
Function getProcessId(ByVal name As String)
Dim objServices As Object, objProcessSet As Object, Process As Object
Dim tmp As Integer
Set objServices = GetObject("winmgmts:\\.\root\CIMV2")
Set objProcessSet = objServices.ExecQuery("SELECT ProcessID, name FROM Win32_Process WHERE name = " & Chr(&H22) & name & Chr(&H22), , 48)
For Each Process In objProcessSet
tmp = Process.ProcessID
Next
getProcessId = tmp
End Function
Thanks
hi bro ,I really appreciate your writing this code。
but,Can you convert VBA code to vbs code or js code ? Vbs code or js codes is very userful
I will be very grateful if you can
Hey I am trying to use the VB macro on 64-bit machine O365 but looks like it's not compatible. It gave some ptrsafe errors. I fixed them by adding ptrsafe to the declare statements but then I got some ByRef errors. I also tried converting long to longptr as suggested in some articles for converting 32 nit vb to 64 bit. Is there any chance that you can provide 64 bit version or any tips to fix the errors?
Is this dead project? When I run macro on Windows 10, it will not work...
I have the same issue as the others.
A buffer overflow at
result = NtQueryInformationProcess(newProcessHandle, 0, pbi, Len(pbi), size)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.