From: Louis-Eric Simard [Louis-Eric@SIMARD.COM] Sent: Tuesday, September 19, 2000 10:47 PM To: BUGTRAQ@SECURITYFOCUS.COM Subject: Source code for RICHED20.DLL, as posted in advisory SIMARD 20000919.1 A subscriber to this group has requested the source code for the RICHED20.DLL file posted in our most recent advisory; here it is. The source code is in Delphi 5. As you will notice, this DLL is, in fact, nearly entirely devoid of functionality; outside of any functionality thrown in as part of the standard Delphi libraries, it doesn't export any functions of its and only does one call to a Windows function. (To refer to this as a live and dangerous trojan is a gross exaggeration, although the potential remains for programs using this method to actually be a trojan is very real.) ---------- Start of RICHED20.DPR library RICHED20; uses SysUtils, Windows, Classes; {$R *.RES} begin MessageBox(0, 'Fake RICHED20.DLL loaded.', 'Gotcha', MB_OK); end. ---------- End of RICHED20.DPR for better reproducibility, here are the options used by the compiler: ---------- Start of RICHED20.DOF [Compiler] A=1 B=0 C=1 D=1 E=0 F=0 G=1 H=1 I=1 J=1 K=0 L=1 M=0 N=1 O=1 P=1 Q=0 R=0 S=0 T=0 U=0 V=1 W=0 X=1 Y=1 Z=1 ShowHints=1 ShowWarnings=1 UnitAliases=WinTypes=Windows;WinProcs=Windows;DbiTypes=BDE;DbiProcs=BDE;DbiErrs=BDE; [Linker] MapFile=0 OutputObjs=0 ConsoleApp=1 DebugInfo=0 RemoteSymbols=0 MinStackSize=16384 MaxStackSize=1048576 ImageBase=4194304 ExeDescription= [Directories] OutputDir= UnitOutputDir= PackageDLLOutputDir= PackageDCPOutputDir= SearchPath= Packages= Conditionals= DebugSourceDirs= UsePackages=0 [Parameters] RunParams= HostApplication= [Language] ActiveLang= ProjectLang= RootDir= [Version Info] IncludeVerInfo=0 AutoIncBuild=0 MajorVer=1 MinorVer=0 Release=0 Build=0 Debug=0 PreRelease=0 Special=0 Private=0 DLL=0 Locale=4105 CodePage=1252 [Version Info Keys] CompanyName= FileDescription= FileVersion=1.0.0.0 InternalName= LegalCopyright= LegalTrademarks= OriginalFilename= ProductName= ProductVersion=1.0.0.0 Comments= ---------- End of RICHED20.DOF Success, + Louis-Eric Simard