Bueno para los que esten interesado en algo aparte del malware. hice este codigo hace tiempo para ayudar en un tema en el foro en ingles. ademas es un buen ejemplo de iunkown interface. Básicamente lo que hace es mutear la auto escucha del microfono. dejo una imagen como referencia de lo que el código hace. (no mueve el ratón no nada de eso todo lo hace internamente con la interface.)

Imagen

Opt("MustDeclareVars", 1)

Global Enum $eRender, $eCapture, $eAll, $EDataFlow_enum_count
Global Enum $eConsole, $eMultimedia, $eCommunications, $ERole_enum_count
Global Const $CLSCTX_INPROC_SERVER = 1
Global Const $E_NOTFOUND = 0x80070490
Global Const $S_OK = 0

Global Const $CLSID_MMDeviceEnumerator = "{BCDE0395-E52F-467C-8E3D-C4579291692E}"
Global Const $IID_IMMDeviceEnumerator = "{A95664D2-9614-4F35-A746-DE8DB63617E6}"
Global Const $tagIMMDeviceEnumerator = _
        "EnumAudioEndpoints hresult(int;dword;ptr*);" & _
        "GetDefaultAudioEndpoint hresult(int;int;ptr*);" & _
        "GetDevice hresult(wstr;ptr*);" & _
        "RegisterEndpointNotificationCallback hresult(ptr);" & _
        "UnregisterEndpointNotificationCallback hresult(ptr)"


Global Const $IID_IMMDevice = "{D666063F-1587-4E43-81F1-B948E807363F}"
Global Const $tagIMMDevice = _
        "Activate hresult(struct*;dword;ptr;ptr*);" & _
        "OpenPropertyStore hresult(dword;ptr*);" & _
        "GetId hresult(wstr*);" & _
        "GetState hresult(dword*)"


Global Const $IID_IDeviceTopology = "{2A07407E-6497-4A18-9787-32F79BD0D98F}"
Global Const $tagIDeviceTopology = "GetConnectorCount hresult(int*);GetConnector hresult(int;ptr*);" & _
        "GetSubunitCount hresult(int*);GetSubunit hresult(int;ptr*);GetPartById hresult(int,ptr*);GetDeviceId hresult(ptr*);GetSignalPath hresult(ptr;ptr;bool;ptr*)"


Global Const $IID_IConnector = "{9c2c4058-23f5-41de-877a-df3af236a09e}"
Global Const $tagIConnector = "GetType hresult(ptr*);GetDataFlow hresult(ptr*);ConnectTo hresult(ptr);Disconnect hresult(none);IsConnected hresult(int*);" & _
        "GetConnectedTo hresult(ptr*);GetConnectorIdConnectedTo hresult(wstr*);GetDeviceIdConnectedTo hresult(wstr*)"


Global Const $IID_IPart = "{AE2DE0E4-5BCA-4F2D-AA46-5D13F8FDB3A9}"
Global Const $tagIPart = "GetName hresult(wstr*);GetLocalId hresult(uint*);GetGlobalId hresult(wstr*);GetPartType hresult(ptr);GetSubType hresult(ptr);" & _
        "GetControlInterfaceCount hresult(uint*);GetControlInterface hresult(int;ptr*);EnumPartsIncoming hresult(ptr*);EnumPartsOutgoing hresult(ptr*);" & _
        "GetTopologyObject hresult(ptr*);Activate hresult(dword;struct*;ptr*);RegisterControlChangeCallback hresult(ptr);UnregisterControlChangeCallback hresult(ptr)"

Global Const $IID_IPartsList = "{6DAA848C-5EB0-45CC-AEA5-998A2CDA1FFB}"
Global Const $tagIPartsList = "GetCount hresult(uint*);GetPart hreuslt(uint;ptr*)"

Global Const $IID_IAudioMute = "{DF45AEEA-B74A-4B6B-AFAD-2366B6AA012E}"
Global Const $tagIAudioMute = "SetMute hresult(bool;ptr);GetMute hresult(int*)"

MUTE()

Func MUTE()
Local $hr = -1

Local $oMMDeviceEnumerator = ObjCreateInterface($CLSID_MMDeviceEnumerator, $IID_IMMDeviceEnumerator, $tagIMMDeviceEnumerator)
If @error Then
    ConsoleWrite("!Error Creating IMMDeviceEnumerator Interface" & @CRLF)
    Exit
EndIf

Local $pDevice = 0
$hr = $oMMDeviceEnumerator.GetDefaultAudioEndpoint($eRender, $eConsole, $pDevice)

If FAILED($hr) Then
    ConsoleWrite("!Error Getting Default Render Endpoint Device" & @CRLF)
    $oMMDeviceEnumerator = 0
    Exit
EndIf


Local $oMMDevice = ObjCreateInterface($pDevice, $IID_IMMDevice, $tagIMMDevice)
If @error Then
    ConsoleWrite("!Error Creating IMMDevice Interface" & @CRLF)
    $oMMDeviceEnumerator = 0
    Exit
EndIf


Local $pDeviceTopology = 0
$hr = $oMMDevice.Activate(__uuidof($IID_IDeviceTopology), $CLSCTX_INPROC_SERVER, 0, $pDeviceTopology)
If FAILED($hr) Then
    ConsoleWrite("!Error Getting Device Topology" & @CRLF)
    $oMMDeviceEnumerator = 0
    $oMMDevice = 0
    Exit
EndIf

Local $oDeviceTopology = ObjCreateInterface($pDeviceTopology, $IID_IDeviceTopology, $tagIDeviceTopology)

If @error Then
    ConsoleWrite("!Error Creating IDeviceTopology Interface" & @CRLF)
    $oMMDeviceEnumerator = 0
    $oMMDevice = 0
    Exit
EndIf


Local $pConnEndpoint = 0
$hr = $oDeviceTopology.GetConnector(0, $pConnEndpoint)
If FAILED($hr) Then
    ConsoleWrite("!Error Getting endpoint Connector" & @CRLF)
    $oMMDeviceEnumerator = 0
    $oMMDevice = 0
    $oDeviceTopology = 0
    Exit
EndIf


Local $oIConnector = ObjCreateInterface($pConnEndpoint, $IID_IConnector, $tagIConnector)
If @error Then
    ConsoleWrite("!Error Creating IConnector Interface" & @CRLF)
    $oMMDeviceEnumerator = 0
    $oMMDevice = 0
    $oDeviceTopology = 0
    Exit
EndIf


Local $pConnDevice = 0
$hr = $oIConnector.GetConnectedTo($pConnDevice)
If FAILED($hr) Then
    ConsoleWrite("!Error GetConnectedTo Device" & @CRLF)
    $oMMDeviceEnumerator = 0
    $oMMDevice = 0
    $oDeviceTopology = 0
    Exit
EndIf


Local $oConnDevice = ObjCreateInterface($pConnDevice, $IID_IConnector, $tagIConnector)

If @error Then
    ConsoleWrite("!Error Creation oConnDevice(IConnector) Interface" & @CRLF)
    $oMMDeviceEnumerator = 0
    $oMMDevice = 0
    $oDeviceTopology = 0
    Exit
EndIf


Local $pPart = 0
$hr = $oConnDevice.QueryInterface($IID_IPart, $pPart)
If FAILED($hr) Then
    ConsoleWrite("!Error Getting Part" & @CRLF)
    $oMMDeviceEnumerator = 0
    $oMMDevice = 0
    $oDeviceTopology = 0
    $oConnDevice = 0
    Exit
EndIf

Local $oIPart = ObjCreateInterface($pPart, $IID_IPart, $tagIPart)
If @error Then
    ConsoleWrite("!Error Creating IPart Interface" & @CRLF)
    $oMMDeviceEnumerator = 0
    $oMMDevice = 0
    $oDeviceTopology = 0
    Exit
EndIf


ConsoleWrite(">>>>>>>>>>>>>>>>>BEGIN<<<<<<<<<<<<<<<<<<<<" & @CRLF)
GetPart($oIPart)
$oIPart = 0
EndFunc

Func GetPart(ByRef $oIPart)
    Local $sPartName = ""
    Local $PartLocalId = ""
    Local $hr = -1
    ConsoleWrite("+Part" & @CRLF)

    $hr = $oIPart.GetName($sPartName)
    If FAILED($hr) Then
        ConsoleWrite("Not Part Name" & @CRLF)
        Return $hr
    EndIf

    $oIPart.GetLocalId($PartLocalId)
    If FAILED($hr) Then
        ConsoleWrite("Not Part ID" & @CRLF)
        Return $hr
    EndIf

    ConsoleWrite(">" & $sPartName)
    ConsoleWrite(" ID: " & $PartLocalId & @CRLF)

    If StringInStr($sPartName, "mic") Then
        Local $pIAudioMute = 0
        Local $bMute = 0
        Local $oIAudioMute = 0
        $hr = $oIPart.Activate($CLSCTX_INPROC_SERVER, __uuidof($IID_IAudioMute), $pIAudioMute)
        If SUCCEEDED($hr) Then
            $oIAudioMute = ObjCreateInterface($pIAudioMute, $IID_IAudioMute, $tagIAudioMute)
            If @error Then
                ConsoleWrite("!Error Creating IAudioMute Interface")
            EndIf
            $hr = $oIAudioMute.GetMute($bMute)
            If FAILED($hr) Then
                ConsoleWrite("!Error Getting Mute State" & @CRLF)
            EndIf
            $hr = $oIAudioMute.SetMute(Not ($bMute), Null)
            If SUCCEEDED($hr) Then
                ConsoleWrite("!MUTE: " & (($bMute = False) ? "ON!" : "OFF!") & @CRLF)
                TrayTip("!MUTE: " & (($bMute = False) ? "ON!" : "OFF!"), "Danyfirex", 2, 1)
                Sleep(2000)
            EndIf
        EndIf
    EndIf

    Local $pIncomingParts = 0
    $hr = $oIPart.EnumPartsIncoming($pIncomingParts)
    If ($hr = $E_NOTFOUND) Then
        ConsoleWrite("Not incoming Parts in Part" & @CRLF)
        Return $S_OK
    EndIf

    If FAILED($hr) Then
        ConsoleWrite("!ERROR Enumerating incoming Parts" & @CRLF)
        Return $hr
    EndIf

    Local $oIPartsList = ObjCreateInterface($pIncomingParts, $IID_IPartsList, $tagIPartsList)
    If @error Then
        ConsoleWrite("!Error Creating IPartsList Interface")
    EndIf

    Local $iNParts = 0
    $oIPartsList.GetCount($iNParts)

    If FAILED($hr) Then
        ConsoleWrite("Couldn't get count of incoming parts")
        Return $hr
    EndIf

    Local $pIncomingPart = 0
    Local $oIPart2 = 0
    For $i = 0 To $iNParts - 1
        $hr = $oIPartsList.GetPart($i, $pIncomingPart)
        If (FAILED($hr)) Then
            ConsoleWrite("Not Got Part" & @CRLF)
            $oIPartsList = 0
            Return $hr
        EndIf
        Local $oIPart2 = ObjCreateInterface($pIncomingPart, $IID_IPart, $tagIPart)
        If @error Then
            ConsoleWrite("!Error Creating IPartsList(2) Interface")
            $oIPartsList = 0
            Return $hr
        EndIf

        $hr = GetPart($oIPart2)
        If FAILED($hr) Then
            $oIPartsList = 0
            $oIPart2 = 0
            Return $hr
        EndIf
    Next
    $oIPart2=0
    Return $S_OK
EndFunc   ;==>GetPart



Func __uuidof($sGUID)
    Local $tGUID = DllStructCreate("ulong Data1;ushort Data2;ushort Data3;byte Data4[8]")
    DllCall("ole32.dll", "long", "CLSIDFromString", "wstr", $sGUID, "struct*", $tGUID)
    If @error Then Return SetError(@error, @extended, 0)
    Return $tGUID
EndFunc   ;==>__uuidof

Func SUCCEEDED($hr)
    Return ($hr >= 0)
EndFunc   ;==>SUCCEEDED

Func FAILED($hr)
    Return ($hr < 0)
EndFunc   ;==>FAILED

Saludos
Imagen
Capo , muy bien @Pink , quedo guapo todo hermano

Gracias
Indetectables RAT v.0.9.5

@Indetectables Team
Responder

Volver a “Fuentes”