http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/ (blog 'DidierStevens) Sat, 11 Feb 2012 16:16:49 +0000 hourly 1 http://wordpress.com/ http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/#comment-49202 Sun, 01 Jan 2012 06:53:27 +0000 http://blog.didierstevens.com/?p=1989#comment-49202 [...] Excel with cmd.dll & regedit.dll [...]

]]> http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/#comment-48528 Thu, 15 Dec 2011 22:34:21 +0000 http://blog.didierstevens.com/?p=1989#comment-48528 @danielweis A Kiwi neighbor of yours has done that http://blog.didierstevens.com/2011/04/19/signed-spreadsheet-with-cmd-dll-regedit-dll/

]]> http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/#comment-48527 Thu, 15 Dec 2011 22:28:02 +0000 http://blog.didierstevens.com/?p=1989#comment-48527 Hi There, will you be making your completed spreadsheet with all the macro configuration in it available for download? Great work by the way

]]> http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/#comment-42507 Fri, 22 Apr 2011 08:10:55 +0000 http://blog.didierstevens.com/?p=1989#comment-42507 @teo I’ve used it in 2 situations:
1) you administer LUA users, you’ve restricted them from using cmd.exe and/or regedit, and now you need to debug an issue in a LUA context.
2) cleaning up an infected PC where the malware prevents you from running tools like cmd.exe and regedit.

]]> http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/#comment-42497 Thu, 21 Apr 2011 18:30:23 +0000 http://blog.didierstevens.com/?p=1989#comment-42497 Can u pls give me an example where I could use this thing? Apart from demonstrating all these techniques. In what situation would that this be useful? Keep “wow-ing” us Didier.

]]> http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/#comment-42469 Tue, 19 Apr 2011 14:05:54 +0000 http://blog.didierstevens.com/?p=1989#comment-42469 [...] Remember my Excel with cmd.dll & regedit.dll? [...]

]]> http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/#comment-41578 Mon, 24 Jan 2011 00:04:12 +0000 http://blog.didierstevens.com/?p=1989#comment-41578 [...] to block this DLL with SRP or AppLocker. But now I found out it’s also easy to bypass this, much easier than what I’ve done before. I just have to replace a call to LoadLibrary with a call to LoadLibraryEx, and pass it argument [...]

]]> http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/#comment-39074 Sun, 11 Jul 2010 10:20:17 +0000 http://blog.didierstevens.com/?p=1989#comment-39074 [...] and wscript.exe? It's also worth mentioning that even after you have done the above, it is still very easy to bypass these restrictions via process injection. I reckon a student could easily do this if they [...]

]]> http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/#comment-37855 Fri, 19 Mar 2010 16:36:02 +0000 http://blog.didierstevens.com/?p=1989#comment-37855 @sgt Pepper Regedit.dll and cmd.dll run inside the Excel process with new threads. Provided Excel runs under the (elevated) Admin account, regedit will too.

]]> http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/#comment-37854 Fri, 19 Mar 2010 16:17:23 +0000 http://blog.didierstevens.com/?p=1989#comment-37854 cool stuff. Is the regedit in godmode (admin)?

]]>