****************************************************************************************
URIFind is a small tool for finding all of the registered URL protocols in your system,
it is useful for reviewing security vulnerabilities about URL protocols, do you remember
the recent Firefox's "FirefoxURL" command injection vulnerability?:)
Example for using:
URIFind.exe > output.txt
The output file may like follows:
[callto]
rundll32.exe msconf.dll,CallToProtocolHandler %l
[file]
[FirefoxURL]
C:/PROGRA~1/MOZILL~1/FIREFOX.EXE -requestPending -osint -url "%1"
[ftp]
"C:/Program Files/Internet Explorer/iexplore.exe" %1
...
Find 21 URL Protocols
by cocoruder(frankruder_at_hotmail.com), 2007.09
****************************************************************************************/
#include
#include
void main(void)
{
HKEY hKey,hKeyQ,hKeyCmd;
DWORD cbName = MAX_PATH;
TCHAR achKey[MAX_PATH];
DWORD cSubKeys;
FILETIME ftime;
DWORD cbData = MAX_PATH;
DWORD j = 0;
DWORD tp,tp1=0,retVal;
BYTE rData[MAX_PATH],tmpBuff[MAX_PATH];
char szRecvCmdData[1024];
DWORD cbRecvCmdData;
RegOpenKeyEx(HKEY_CLASSES_ROOT, "", 0, KEY_READ, &hKey);
RegQueryInfoKey(
hKey, // key handle
NULL, // buffer for class name
NULL, // size of class string
NULL, // reserved
&cSubKeys, // number of subkeys
NULL, // longest subkey size
NULL, // longest class string
NULL, // number of values for this key
NULL, // longest value name
NULL, // longest value data
NULL, // security descriptor
NULL // last write time
);
DWORD dwAllProtocols=0;
for (j = 0; j
{
cbName=MAX_PATH;
achKey[0] = '/0';
memset(achKey,0,sizeof(achKey));
RegEnumKeyEx(hKey,
j,
achKey,
&cbName,
NULL,
NULL,
NULL,
&ftime);
if (achKey[0]==0x00)
{
continue;
}
RegOpenKeyEx(HKEY_CLASSES_ROOT, achKey, 0, KEY_QUERY_VALUE, &hKeyQ );
cbData = MAX_PATH;
memset(rData,0,sizeof(rData));
retVal=RegQueryValueEx(hKeyQ,"URL Protocol",NULL,&tp,rData,&cbData );
if (retVal == ERROR_SUCCESS)
{
sprintf((char *)tmpBuff,"%s//shell//open//command",achKey);
//get the command line
RegOpenKeyEx(HKEY_CLASSES_ROOT, (char *)tmpBuff, 0, KEY_QUERY_VALUE, &hKeyCmd);
memset(szRecvCmdData,0,sizeof(szRecvCmdData));
cbRecvCmdData=sizeof(szRecvCmdData);
retVal=RegQueryValueEx(hKeyCmd,NULL,NULL,&tp1,(unsigned char *)szRecvCmdData,&cbRecvCmdData);
printf("[%s]/n%s/n/n",achKey,szRecvCmdData);
dwAllProtocols++;
RegCloseKey(hKeyCmd);
}
RegCloseKey(hKeyQ);
}
RegCloseKey(hKey);
printf("/nFind %d URL Protocols",dwAllProtocols);
}
URIFind is a small tool for finding all of the registered URL protocols in your system,
it is useful for reviewing security vulnerabilities about URL protocols, do you remember
the recent Firefox's "FirefoxURL" command injection vulnerability?:)
Example for using:
URIFind.exe > output.txt
The output file may like follows:
[callto]
rundll32.exe msconf.dll,CallToProtocolHandler %l
[file]
[FirefoxURL]
C:/PROGRA~1/MOZILL~1/FIREFOX.EXE -requestPending -osint -url "%1"
[ftp]
"C:/Program Files/Internet Explorer/iexplore.exe" %1
...
Find 21 URL Protocols
by cocoruder(frankruder_at_hotmail.com), 2007.09
****************************************************************************************/
#include
#include
void main(void)
{
HKEY hKey,hKeyQ,hKeyCmd;
DWORD cbName = MAX_PATH;
TCHAR achKey[MAX_PATH];
DWORD cSubKeys;
FILETIME ftime;
DWORD cbData = MAX_PATH;
DWORD j = 0;
DWORD tp,tp1=0,retVal;
BYTE rData[MAX_PATH],tmpBuff[MAX_PATH];
char szRecvCmdData[1024];
DWORD cbRecvCmdData;
RegOpenKeyEx(HKEY_CLASSES_ROOT, "", 0, KEY_READ, &hKey);
RegQueryInfoKey(
hKey, // key handle
NULL, // buffer for class name
NULL, // size of class string
NULL, // reserved
&cSubKeys, // number of subkeys
NULL, // longest subkey size
NULL, // longest class string
NULL, // number of values for this key
NULL, // longest value name
NULL, // longest value data
NULL, // security descriptor
NULL // last write time
);
DWORD dwAllProtocols=0;
for (j = 0; j
{
cbName=MAX_PATH;
achKey[0] = '/0';
memset(achKey,0,sizeof(achKey));
RegEnumKeyEx(hKey,
j,
achKey,
&cbName,
NULL,
NULL,
NULL,
&ftime);
if (achKey[0]==0x00)
{
continue;
}
RegOpenKeyEx(HKEY_CLASSES_ROOT, achKey, 0, KEY_QUERY_VALUE, &hKeyQ );
cbData = MAX_PATH;
memset(rData,0,sizeof(rData));
retVal=RegQueryValueEx(hKeyQ,"URL Protocol",NULL,&tp,rData,&cbData );
if (retVal == ERROR_SUCCESS)
{
sprintf((char *)tmpBuff,"%s//shell//open//command",achKey);
//get the command line
RegOpenKeyEx(HKEY_CLASSES_ROOT, (char *)tmpBuff, 0, KEY_QUERY_VALUE, &hKeyCmd);
memset(szRecvCmdData,0,sizeof(szRecvCmdData));
cbRecvCmdData=sizeof(szRecvCmdData);
retVal=RegQueryValueEx(hKeyCmd,NULL,NULL,&tp1,(unsigned char *)szRecvCmdData,&cbRecvCmdData);
printf("[%s]/n%s/n/n",achKey,szRecvCmdData);
dwAllProtocols++;
RegCloseKey(hKeyCmd);
}
RegCloseKey(hKeyQ);
}
RegCloseKey(hKey);
printf("/nFind %d URL Protocols",dwAllProtocols);
}