2. Tech
  3. MS05016 analysis and test code

MS05016 analysis and test code

xiaoxiao2021-03-05  24

Halo, Room can't enter, sad ...

test environment:

Windows XP SP2

Windows 2003 Server

Create a new Word document, find the following lines (first find root entry):

00002400H: 52 00 6F 00 6F 00 74 00 20 00 45 00 6e 00 74 00; R.O.t. .e.n.t.

00002410H: 72 00 79 00 00 00 AD ba 0d F0 AD ba 0d F0 AD ba; r.y ... . 瓠? 瓠?

00002420H: 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA; 瓠? 瓠? 瓠? 瓠?

00002430H: 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA;? 瓠? 瓠? 瓠? 瓠?

00002440H: 16 00 05 01 FF FF FF FF FF FF 02 00 00 00; ....  ...

00002450H: 06 09 02 00 00 00 00 c0 00 00 00 00 00 00; ........  ... f

00002450h is a CLSID for the corresponding open program

HTA's CLSID corresponds to: {3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}

HTA test procedure: