Author Topic: NONAME  (Read 2529 times)

GoneFishing

  • Member
  • *****
  • Posts: 1071
  • Gone fishing
NONAME
« on: January 17, 2014, 03:44:22 AM »

Recently I was playing with invoking Shell.Application's method Open (takes one parameter of the type VARIANT):
Code: [Select]
include \masm32\include\masm32rt.inc

__UNICODE__ EQU 
 __DEBUG__  EQU   

IDispatch_Invoke  PROTO  :DWORD,:DWORD,:DWORD,:DWORD
IDispatch_GetIDsOfNames   PROTO :DWORD,:DWORD
SetParams PROTO  :DWORD

 VARIANT STRUCT
  dw1   dd 0CCh
  dw2   dd 0CCh
  dw3   dd 0CCh
  dw4   dd 0CCh
 VARIANT   ENDS

 DISPPARAMS   STRUCT
  rgvarg         dd ?
  rgdispidNamedArgs dd ?
  cArgs         dd ?
  cNamedArgs        dd ?
 DISPPARAMS     ENDS

 IFERROR  MACRO arg
   .if    eax!=S_OK
          printf("%s FAILED with hr 0x%08X\n",arg,eax)
          print  LastError$(),13,10,0
          print "Exiting ...",13,10,0
          jmp _exit
   .endif   
          ENDM

 IFDEBUG  MACRO arg
   IFDEF __DEBUG__
          printf("%s : SUCCESS\n",arg)
   ENDIF   
          ENDM
         
 FEEDBACK MACRO arg
   IFERROR  arg
   IFDEBUG  arg
          ENDM

.data   
     IID_IDispatch  GUID <00020400h,0000h,0000h,<0C0h,0h,0h,0h,0h,0h,0h,46h>>
     IID_NULL       GUID <00000000h,0000h,0000h,<0h,0h,0h,0h,0h,0h,0h,0h>>
     dpar DISPPARAMS<>
     varg VARIANT   <>
       
.data?
     DISPID         dd ?,?
     pclsid         dd ?
     ppvShA         dd ?
   
.code
     start:
            call main
         
            inkey
                           
            exit

; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

  main proc
       mov eax,uc$("Shell.Application")
       invoke CLSIDFromProgID,eax,addr pclsid
                               FEEDBACK "CLSIDFromProgID"
       invoke CoInitialize,NULL
       invoke CoCreateInstance,addr pclsid,
                               NULL,
                               CLSCTX_INPROC_SERVER,
                               addr IID_IDispatch,
                               addr ppvShA
                               FEEDBACK "CoCreateInstance"
 
       invoke IDispatch_Invoke,ppvShA,uc$("Open"),1,NULL    ; CHANGE THE THIRD PARAMETER
 
 
       _exit::
 
       invoke CoUninitialize
     
       ret
       
  main endp

; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

  IDispatch_Invoke proc ppv:DWORD,member:DWORD,path:DWORD,result:DWORD
            invoke IDispatch_GetIDsOfNames,ppv,member
            invoke SetParams,path
            ; mov  vres.dw1,0CCCC0000h ; initialize variant
            push NULL
            push NULL
            push result
            push offset dpar
            push 1                     ; DISPATCH_METHOD
            push 409h
            push offset IID_NULL
            push DISPID
           
            mov  edx, ppv           
            mov  ecx, [edx]
            push edx
            call dword ptr  [ecx+24] ; offset of INVOKE
            ; pop  edx
            FEEDBACK "IDispatch_Invoke"
            ret
  IDispatch_Invoke endp
 
  IDispatch_GetIDsOfNames  proc  ppv:DWORD, mname:DWORD
            printf("GetIDsOfNames %s\n ",mname)
            push mname
            mov  eax,esp
            push offset DISPID       
            push 409h
            push 1
            push eax
            push offset IID_NULL
            mov  edx, ppv           
            mov  ecx, [edx]
            push edx
            call dword ptr  [ecx+20] ; offset of GetIDsOfNames
            pop  edx
            FEEDBACK "GetIDsOfNames"
            ret
  IDispatch_GetIDsOfNames endp
 
  SetParams proc wstr:DWORD
            mov     eax,wstr
            mov     varg.dw1,2       
            mov     varg.dw2,0
            mov     varg.dw3,eax
            mov     varg.dw4,0
       
            mov dpar.rgvarg, offset varg
            mov dpar.rgdispidNamedArgs,0
            mov dpar.cArgs,1
            mov dpar.cNamedArgs,0
            ret
  SetParams endp

end start
   
I've tested 61 variants on my W8.1 64 . Below is the list of PARAMETER - KNOWN FOLDER pairs:
Code: [Select]
0  - Desktop
1  - ERROR "The parameter is incorect" (Powershell opens Internet Explorer)
2  - %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
3  - Control Panel\All Control Panel Items
4  - All Control Panel Items\Printers
5  - Documents
6  - %USERPROFILE%\Favorites
7  - %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
8  - %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
9  - %USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
10 - Recycle Bin
11 - %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
12 - nothing?
13 - Music
14 - Videos
15 - nothing?
16 - %USERPROFILE%\Desktop
17 - This PC (My Computer)
18 - Network
19 - %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
20 - C:\Windows\Fonts
21 - %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
22 - C:\ProgramData\Microsoft\Windows\Start Menu
23 - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
24 - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
25 - C:\Users\Public\Desktop
26 - %USERPROFILE%\AppData\Roaming
27 - %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
28 - %USERPROFILE%\AppData\Local
29 - %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
30 - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
31 - %USERPROFILE%\Favorites
32 - %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache
33 - %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies
34 - %USERPROFILE%\AppData\Local\Microsoft\Windows\History
35 - C:\ProgramData
36 - C:\Windows
37 - C:\Windows\System32
38 - C:\Program Files (x86)
39 - Pictures
40 - %USERPROFILE%
41 - C:\Windows\SysWOW64
42 - C:\Program Files (x86)
43 - C:\Program Files (x86)\Common Files
44 - C:\Program Files (x86)\Common Files
45 - C:\ProgramData\Microsoft\Windows\Templates
46 - C:\Users\Public\Documents
47 - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
48 - %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
49 - Control Panel\All Control Panel Items\Network Connections
50 - nothing?
51 - nothing?
52 - nothing?
53 - C:\Users\Public\Music
54 - C:\Users\Public\Pictures
55 - C:\Users\Public\Videos
56 - C:\Windows\Resources
57 - nothing?
58 - C:\ProgramData\OEM Links
59 - %USERPROFILE%\AppData\Local\Microsoft\Windows\Burn\Burn
60 - nothing?
61 - Network
and their official titles as reported by powershell:
Code: [Select]
0 -  Desktop
 1 -  The Internet
 2 -  Programs
 3 -  All Control Panel Items
 4 -  Printers
 5 -  Documents
 6 -  Favorites
 7 -  Startup
 8 -  Recent Items
 9 -  SendTo
10 -  Recycle Bin
11 -  Start Menu
13 -  Music
14 -  Videos
16 -  Desktop
17 -  This PC
18 -  Network
19 -  Network Shortcuts
20 -  Fonts
21 -  Templates
22 -  Start Menu
23 -  Programs
24 -  Startup
25 -  Public Desktop
26 -  Roaming
27 -  Printer Shortcuts
28 -  Local
29 -  Startup
30 -  Startup
31 -  Favorites
32 -  INetCache
33 -  INetCookies
34 -  History
35 -  ProgramData
36 -  Windows
37 -  System32
38 -  Program Files
39 -  Pictures
40 -  %USERPROFILE%
41 -  SysWOW64
42 -  Program Files (x86)
43 -  Common Files
44 -  Common Files
45 -  Templates
46 -  Public Documents
47 -  Administrative Tools
48 -  Administrative Tools
49 -  Network Connections
53 -  Public Music
54 -  Public Pictures
55 -  Public Videos
56 -  Resources
58 -  OEM Links
59 -  Temporary Burn Folder
61 -  Network
values 62-255 are currently free ( maybe Windows 16 will use them ) 
[EDIT]: see ShellSpecialFolderConstants enumeration

to be continued ...


« Last Edit: September 18, 2015, 05:55:14 AM by GoneFishing »

dedndave

  • Member
  • *****
  • Posts: 8823
  • Still using Abacus 2.0
    • DednDave
Re: "The Dark Wood of Error"
« Reply #1 on: January 17, 2014, 02:17:57 PM »
reading Dante and writing COM code in ASM may lead to suicide, buddy   :shock:

GoneFishing

  • Member
  • *****
  • Posts: 1071
  • Gone fishing
« Last Edit: June 15, 2014, 07:13:28 PM by vertograd »