struct IHxHelpPaneServer : public IUnknown {
virtual HRESULT __stdcall DisplayTask(PWCHAR) = 0;
virtual HRESULT __stdcall DisplayContents(PWCHAR) = 0;
virtual HRESULT __stdcall DisplaySearchResults(PWCHAR) = 0;
virtual HRESULT __stdcall Execute(const PWCHAR) = 0;
};
DEFINE_GUID(IID_IHxHelpPaneServer, 0x8cec592c, 0x07a1, 0x11d9, 0xB1, 0x5E, 0x00, 0x0D, 0x56, 0xBF, 0xE6, 0xEE);
2.创建IHxHelpPaneServer接口实例
hr_init = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
IIDFromString(L"{8CEC58AE-07A1-11D9-B15E-000D56BFE6EE}", &ClassHxHelpPaneServerc);
HRESULT hr = CoCreateInstance(ClassHxHelpPaneServerc, NULL, CLSCTX_ALL, IID_IHxHelpPaneServer, (void**)&IPaneServer);
wchar_t FiletoExecute[MAX_PATH];
wcscpy(FiletoExecute, L"file://");
wcscat(FiletoExecute, path);
hr = IPaneServer->Execute((LPWSTR)FiletoExecute);
struct
IHxHelpPaneServer : public IUnknown {
virtual HRESULT __stdcall DisplayTask(PWCHAR) = 0;
virtual HRESULT __stdcall DisplayContents(PWCHAR) = 0;
virtual HRESULT __stdcall DisplaySearchResults(PWCHAR) = 0;
virtual HRESULT __stdcall Execute(const PWCHAR) = 0;
};
#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \
EXTERN_C const IID name \
= { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } }
DEFINE_GUID(IID_IHxHelpPaneServer, 0x8cec592c, 0x07a1, 0x11d9, 0xB1, 0x5E, 0x00, 0x0D, 0x56, 0xBF, 0xE6, 0xEE);
VOID HelpPaneServerDeChaining(wchar_t* path)
{
DFR_LOCAL(OLE32, CoInitializeEx);
DFR_LOCAL(OLE32, IIDFromString);
DFR_LOCAL(OLE32, CoCreateInstance);
DFR_LOCAL(MSVCRT, wcscpy);
DFR_LOCAL(MSVCRT, wcscat);
DFR_LOCAL(KERNEL32, GetLastError);
DFR_LOCAL(OLE32, CoUninitialize);
HRESULT hr_init;
IHxHelpPaneServer* IPaneServer;
GUID ClassHxHelpPaneServerc;
hr_init = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
IIDFromString(L"{8CEC58AE-07A1-11D9-B15E-000D56BFE6EE}", &ClassHxHelpPaneServerc);
HRESULT hr = CoCreateInstance(ClassHxHelpPaneServerc, NULL, CLSCTX_ALL, IID_IHxHelpPaneServer, (void**)&IPaneServer);
if (SUCCEEDED(hr))
{
wchar_t FiletoExecute[MAX_PATH];
wcscpy(FiletoExecute, L"file://");
wcscat(FiletoExecute, path);
hr = IPaneServer->Execute((LPWSTR)FiletoExecute);
if (SUCCEEDED(hr))
{
print_msg("[+] Succeed Create Process.");
}
else {
print_error("[-] Failed Create Process : 0x%02x", GetLastError());
}
IPaneServer->Release();
}
CoUninitialize();
}