-
Notifications
You must be signed in to change notification settings - Fork 12
/
sdb.sprint
105 lines (104 loc) · 8.38 KB
/
sdb.sprint
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
// This is a SprintDLL script. To run it, execute: sprintdll.exe run sdb.sprint
call apphelp.dll!SdbCreateDatabase /return native /into pdb (lpwstr "YourDatabase.sdb", int 0)
call apphelp.dll!SdbBeginWriteListTag /return int /into tDatabase (slotdata pdb, int 0x7001)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "Test Database")
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9007, lpstr "TestTestTestTest", int 0x10)
call apphelp.dll!SdbWriteQWORDTag (slotdata pdb, int 0x5001, long 0)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6022, lpwstr "3.0.0.9")
call apphelp.dll!SdbWriteDWORDTag (slotdata pdb, int 0x4021, int 39)
call apphelp.dll!SdbWriteDWORDTag (slotdata pdb, int 0x4055, int 0)
call apphelp.dll!SdbBeginWriteListTag /return int /into tLibrary (slotdata pdb, int 0x7002)
call apphelp.dll!SdbBeginWriteListTag /return int /into tShim1 (slotdata pdb, int 0x7004)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "AcceptEula")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x600A, lpwstr "AcRes.dll")
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9010, lpstr "AcceptEulaShimSh", int 0x10)
call apphelp.dll!SdbWriteDWORDTag (slotdata pdb, int 0x4021, int 39)
call apphelp.dll!SdbWriteNULLTag (slotdata pdb, int 0x1002)
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tShim1)
call apphelp.dll!SdbBeginWriteListTag /return int /into tShim2 (slotdata pdb, int 0x7004)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "FakeSchTask")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x600A, lpwstr "AcRes.dll")
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9010, lpstr "FakeSchTaskShimS", int 0x10)
call apphelp.dll!SdbWriteDWORDTag (slotdata pdb, int 0x4021, int 39)
call apphelp.dll!SdbWriteNULLTag (slotdata pdb, int 0x1002)
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tShim2)
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tLibrary)
call apphelp.dll!SdbBeginWriteListTag /return int /into tExe1 (slotdata pdb, int 0x7007)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "Winobj.exe")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6006, lpwstr "Winobj")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6005, lpwstr "Sysinternals")
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9004, lpstr "Winobj EXE Winob", int 0x10)
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9011, lpstr "Winobj app Winob", int 0x10)
call apphelp.dll!SdbWriteDWORDTag (slotdata pdb, int 0x4021, int 37)
call apphelp.dll!SdbBeginWriteListTag /return int /into tMatching1 (slotdata pdb, int 0x7008)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "*")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6010, lpwstr "Sysinternals Winobj")
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tMatching1)
call apphelp.dll!SdbBeginWriteListTag /return int /into tShimref1 (slotdata pdb, int 0x7009)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "AcceptEula")
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tShimref1)
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tExe1)
call apphelp.dll!SdbBeginWriteListTag /return int /into tExe2 (slotdata pdb, int 0x7007)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "accesschk.exe")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6006, lpwstr "AccessChk")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6005, lpwstr "Sysinternals")
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9004, lpstr "AccessChk EXE Ac", int 0x10)
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9011, lpstr "AccessChk app Ac", int 0x10)
call apphelp.dll!SdbWriteDWORDTag (slotdata pdb, int 0x4021, int 37)
call apphelp.dll!SdbBeginWriteListTag /return int /into tMatching2 (slotdata pdb, int 0x7008)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "*")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6010, lpwstr "Sysinternals AccessChk")
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tMatching2)
call apphelp.dll!SdbBeginWriteListTag /return int /into tShimref2 (slotdata pdb, int 0x7009)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "AcceptEula")
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tShimref2)
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tExe2)
call apphelp.dll!SdbBeginWriteListTag /return int /into tExe3 (slotdata pdb, int 0x7007)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "autorunsc.exe")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6006, lpwstr "Autoruns")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6005, lpwstr "Sysinternals")
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9004, lpstr "AutorunsC EXE Au", int 0x10)
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9011, lpstr "Autoruns app Aut", int 0x10)
call apphelp.dll!SdbWriteDWORDTag (slotdata pdb, int 0x4021, int 37)
call apphelp.dll!SdbBeginWriteListTag /return int /into tMatching3 (slotdata pdb, int 0x7008)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "*")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6010, lpwstr "Sysinternals autoruns")
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tMatching3)
call apphelp.dll!SdbBeginWriteListTag /return int /into tShimref3 (slotdata pdb, int 0x7009)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "FakeSchTask")
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tShimref3)
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tExe3)
call apphelp.dll!SdbBeginWriteListTag /return int /into tExe4 (slotdata pdb, int 0x7007)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "autoruns.exe")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6006, lpwstr "Autoruns")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6005, lpwstr "Sysinternals")
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9004, lpstr "Autoruns GUI EXE", int 0x10)
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9011, lpstr "Autoruns app Aut", int 0x10)
call apphelp.dll!SdbWriteDWORDTag (slotdata pdb, int 0x4021, int 37)
call apphelp.dll!SdbBeginWriteListTag /return int /into tMatching4 (slotdata pdb, int 0x7008)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "*")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6010, lpwstr "Sysinternals autoruns")
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tMatching4)
call apphelp.dll!SdbBeginWriteListTag /return int /into tShimref4 (slotdata pdb, int 0x7009)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "FakeSchTask")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6008, lpwstr "It's a FAAAAAKE!")
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tShimref4)
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tExe4)
call apphelp.dll!SdbBeginWriteListTag /return int /into tExe5 (slotdata pdb, int 0x7007)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "autoruns64.exe")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6006, lpwstr "Autoruns")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6005, lpwstr "Sysinternals")
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9004, lpstr "Autoruns GUI x64", int 0x10)
call apphelp.dll!SdbWriteBinaryTag (slotdata pdb, int 0x9011, lpstr "Autoruns app Aut", int 0x10)
call apphelp.dll!SdbWriteDWORDTag (slotdata pdb, int 0x4021, int 2)
call apphelp.dll!SdbBeginWriteListTag /return int /into tMatching5 (slotdata pdb, int 0x7008)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "*")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6010, lpwstr "Sysinternals autoruns")
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tMatching5)
call apphelp.dll!SdbBeginWriteListTag /return int /into tShimref5 (slotdata pdb, int 0x7009)
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6001, lpwstr "FakeSchTask")
call apphelp.dll!SdbWriteStringTag (slotdata pdb, int 0x6008, lpwstr "It's a 64-bit FAAAAAKE!")
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tShimref5)
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tExe5)
call apphelp.dll!SdbEndWriteListTag (slotdata pdb, slotdata tDatabase)
call apphelp.dll!SdbCloseDatabaseWrite (slotdata pdb)