Source code for RICHED20.DLL, as posted in advisory SIMARD 20000919.1

[Louis-Eric Simard <Louis-Eric () SIMARD COM>]

A subscriber to this group has requested the source code for the
RICHED20.DLL file posted in our most recent advisory; here it is. The
source code is in Delphi 5. As you will notice, this DLL is, in fact,
nearly entirely devoid of functionality; outside of any functionality
thrown in as part of the standard Delphi libraries, it doesn't export any
functions of its and only does one call to a Windows function. (To refer to
this as a live and dangerous trojan is a gross exaggeration, although the
potential remains for programs using this method to actually be a trojan is
very real.)


---------- Start of RICHED20.DPR

library RICHED20;

uses
  SysUtils,
  Windows,
  Classes;

{$R *.RES}

begin
  MessageBox(0, 'Fake RICHED20.DLL loaded.', 'Gotcha', MB_OK);
end.

---------- End of RICHED20.DPR

for better reproducibility, here are the options used by the compiler:

---------- Start of RICHED20.DOF

[Compiler]
A=1
B=0
C=1
D=1
E=0
F=0
G=1
H=1
I=1
J=1
K=0
L=1
M=0
N=1
O=1
P=1
Q=0
R=0
S=0
T=0
U=0
V=1
W=0
X=1
Y=1
Z=1
ShowHints=1
ShowWarnings=1
UnitAliases=WinTypes=Windows;WinProcs=Windows;DbiTypes=BDE;DbiProcs=BDE;DbiErrs=BDE;
[Linker]
MapFile=0
OutputObjs=0
ConsoleApp=1
DebugInfo=0
RemoteSymbols=0
MinStackSize=16384
MaxStackSize=1048576
ImageBase=4194304
ExeDescription=
[Directories]
OutputDir=
UnitOutputDir=
PackageDLLOutputDir=
PackageDCPOutputDir=
SearchPath=
Packages=
Conditionals=
DebugSourceDirs=
UsePackages=0
[Parameters]
RunParams=
HostApplication=
[Language]
ActiveLang=
ProjectLang=
RootDir=
[Version Info]
IncludeVerInfo=0
AutoIncBuild=0
MajorVer=1
MinorVer=0
Release=0
Build=0
Debug=0
PreRelease=0
Special=0
Private=0
DLL=0
Locale=4105
CodePage=1252
[Version Info Keys]
CompanyName=
FileDescription=
FileVersion=1.0.0.0
InternalName=
LegalCopyright=
LegalTrademarks=
OriginalFilename=
ProductName=
ProductVersion=1.0.0.0
Comments=

---------- End of RICHED20.DOF

Success,

 + Louis-Eric Simard