removed useless stuff
This commit is contained in:
parent
dd36c535a7
commit
b07114f62f
|
@ -1,185 +0,0 @@
|
|||
/*
|
||||
* MinHook - The Minimalistic API Hooking Library for x64/x86
|
||||
* Copyright (C) 2009-2017 Tsuda Kageyu.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
|
||||
* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#pragma once
|
||||
|
||||
#if !(defined _M_IX86) && !(defined _M_X64) && !(defined __i386__) && !(defined __x86_64__)
|
||||
#error MinHook supports only x86 and x64 systems.
|
||||
#endif
|
||||
|
||||
#include <windows.h>
|
||||
|
||||
// MinHook Error Codes.
|
||||
typedef enum MH_STATUS
|
||||
{
|
||||
// Unknown error. Should not be returned.
|
||||
MH_UNKNOWN = -1,
|
||||
|
||||
// Successful.
|
||||
MH_OK = 0,
|
||||
|
||||
// MinHook is already initialized.
|
||||
MH_ERROR_ALREADY_INITIALIZED,
|
||||
|
||||
// MinHook is not initialized yet, or already uninitialized.
|
||||
MH_ERROR_NOT_INITIALIZED,
|
||||
|
||||
// The hook for the specified target function is already created.
|
||||
MH_ERROR_ALREADY_CREATED,
|
||||
|
||||
// The hook for the specified target function is not created yet.
|
||||
MH_ERROR_NOT_CREATED,
|
||||
|
||||
// The hook for the specified target function is already enabled.
|
||||
MH_ERROR_ENABLED,
|
||||
|
||||
// The hook for the specified target function is not enabled yet, or already
|
||||
// disabled.
|
||||
MH_ERROR_DISABLED,
|
||||
|
||||
// The specified pointer is invalid. It points the address of non-allocated
|
||||
// and/or non-executable region.
|
||||
MH_ERROR_NOT_EXECUTABLE,
|
||||
|
||||
// The specified target function cannot be hooked.
|
||||
MH_ERROR_UNSUPPORTED_FUNCTION,
|
||||
|
||||
// Failed to allocate memory.
|
||||
MH_ERROR_MEMORY_ALLOC,
|
||||
|
||||
// Failed to change the memory protection.
|
||||
MH_ERROR_MEMORY_PROTECT,
|
||||
|
||||
// The specified module is not loaded.
|
||||
MH_ERROR_MODULE_NOT_FOUND,
|
||||
|
||||
// The specified function is not found.
|
||||
MH_ERROR_FUNCTION_NOT_FOUND
|
||||
}
|
||||
MH_STATUS;
|
||||
|
||||
// Can be passed as a parameter to MH_EnableHook, MH_DisableHook,
|
||||
// MH_QueueEnableHook or MH_QueueDisableHook.
|
||||
#define MH_ALL_HOOKS NULL
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// Initialize the MinHook library. You must call this function EXACTLY ONCE
|
||||
// at the beginning of your program.
|
||||
MH_STATUS WINAPI MH_Initialize(VOID);
|
||||
|
||||
// Uninitialize the MinHook library. You must call this function EXACTLY
|
||||
// ONCE at the end of your program.
|
||||
MH_STATUS WINAPI MH_Uninitialize(VOID);
|
||||
|
||||
// Creates a hook for the specified target function, in disabled state.
|
||||
// Parameters:
|
||||
// pTarget [in] A pointer to the target function, which will be
|
||||
// overridden by the detour function.
|
||||
// pDetour [in] A pointer to the detour function, which will override
|
||||
// the target function.
|
||||
// ppOriginal [out] A pointer to the trampoline function, which will be
|
||||
// used to call the original target function.
|
||||
// This parameter can be NULL.
|
||||
MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal);
|
||||
|
||||
// Creates a hook for the specified API function, in disabled state.
|
||||
// Parameters:
|
||||
// pszModule [in] A pointer to the loaded module name which contains the
|
||||
// target function.
|
||||
// pszProcName [in] A pointer to the target function name, which will be
|
||||
// overridden by the detour function.
|
||||
// pDetour [in] A pointer to the detour function, which will override
|
||||
// the target function.
|
||||
// ppOriginal [out] A pointer to the trampoline function, which will be
|
||||
// used to call the original target function.
|
||||
// This parameter can be NULL.
|
||||
MH_STATUS WINAPI MH_CreateHookApi(
|
||||
LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal);
|
||||
|
||||
// Creates a hook for the specified API function, in disabled state.
|
||||
// Parameters:
|
||||
// pszModule [in] A pointer to the loaded module name which contains the
|
||||
// target function.
|
||||
// pszProcName [in] A pointer to the target function name, which will be
|
||||
// overridden by the detour function.
|
||||
// pDetour [in] A pointer to the detour function, which will override
|
||||
// the target function.
|
||||
// ppOriginal [out] A pointer to the trampoline function, which will be
|
||||
// used to call the original target function.
|
||||
// This parameter can be NULL.
|
||||
// ppTarget [out] A pointer to the target function, which will be used
|
||||
// with other functions.
|
||||
// This parameter can be NULL.
|
||||
MH_STATUS WINAPI MH_CreateHookApiEx(
|
||||
LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget);
|
||||
|
||||
// Removes an already created hook.
|
||||
// Parameters:
|
||||
// pTarget [in] A pointer to the target function.
|
||||
MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget);
|
||||
|
||||
// Enables an already created hook.
|
||||
// Parameters:
|
||||
// pTarget [in] A pointer to the target function.
|
||||
// If this parameter is MH_ALL_HOOKS, all created hooks are
|
||||
// enabled in one go.
|
||||
MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget);
|
||||
|
||||
// Disables an already created hook.
|
||||
// Parameters:
|
||||
// pTarget [in] A pointer to the target function.
|
||||
// If this parameter is MH_ALL_HOOKS, all created hooks are
|
||||
// disabled in one go.
|
||||
MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget);
|
||||
|
||||
// Queues to enable an already created hook.
|
||||
// Parameters:
|
||||
// pTarget [in] A pointer to the target function.
|
||||
// If this parameter is MH_ALL_HOOKS, all created hooks are
|
||||
// queued to be enabled.
|
||||
MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget);
|
||||
|
||||
// Queues to disable an already created hook.
|
||||
// Parameters:
|
||||
// pTarget [in] A pointer to the target function.
|
||||
// If this parameter is MH_ALL_HOOKS, all created hooks are
|
||||
// queued to be disabled.
|
||||
MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget);
|
||||
|
||||
// Applies all queued changes in one go.
|
||||
MH_STATUS WINAPI MH_ApplyQueued(VOID);
|
||||
|
||||
// Translates the MH_STATUS to its name as a string.
|
||||
const char * WINAPI MH_StatusToString(MH_STATUS status);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
Binary file not shown.
|
@ -1,11 +1,9 @@
|
|||
#define _CRT_SECURE_NO_WARNINGS
|
||||
#include "MinHook.h"
|
||||
#include <thread>
|
||||
#include <filesystem>
|
||||
#include <fstream>
|
||||
#include <string>
|
||||
#include <sstream>
|
||||
#include "obfuscate.h"
|
||||
HANDLE p;
|
||||
void patch(PVOID address, int opCode, int bytes) {
|
||||
DWORD protectbak, dumbshit;
|
||||
|
@ -19,16 +17,12 @@ void patchm(PVOID address, std::vector<char> bytes, int size) {
|
|||
memcpy(address, bytes.data(), size);
|
||||
VirtualProtect(address, size, protectbak, &dumbshit);
|
||||
}
|
||||
bool neger = true;
|
||||
void log(const char* msg) {
|
||||
if (neger) {
|
||||
time_t currentTime;
|
||||
struct tm* localTime;
|
||||
time(¤tTime);
|
||||
localTime = localtime(¤tTime);
|
||||
printf("[%02d:%02d:%02d] %s\n", localTime->tm_hour, localTime->tm_min, localTime->tm_sec, msg);
|
||||
}
|
||||
|
||||
time_t currentTime;
|
||||
struct tm* localTime;
|
||||
time(¤tTime);
|
||||
localTime = localtime(¤tTime);
|
||||
printf("[%02d:%02d:%02d] %s\n", localTime->tm_hour, localTime->tm_min, localTime->tm_sec, msg);
|
||||
}
|
||||
|
||||
|
||||
|
@ -36,29 +30,29 @@ __declspec(dllexport) void lessgo(HMODULE hmod) {
|
|||
AllocConsole();
|
||||
p = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
|
||||
freopen("CONOUT$", "w", stdout);
|
||||
DWORD64 mod = (DWORD64)LoadLibraryA(std::string(AY_OBFUSCATE("C:\\Ethereal\\Ethereal.dll")).c_str());
|
||||
DWORD64 mod = (DWORD64)LoadLibraryA(std::string("C:\\Ethereal\\Ethereal.dll").c_str());
|
||||
std::stringstream ss;
|
||||
ss << std::hex << mod;
|
||||
patch((void*)(mod + 0x000000000004A980), 0xB8, 1);
|
||||
log(AY_OBFUSCATE("Applied patch 1/10"));
|
||||
log("Applied patch 1/10");
|
||||
patch((void*)(mod + 0x000000000004A981), 0x01, 1);
|
||||
log(AY_OBFUSCATE("Applied patch 2/10"));
|
||||
log("Applied patch 2/10");
|
||||
patch((void*)(mod + 0x000000000004A982), 0x00, 1);
|
||||
log(AY_OBFUSCATE("Applied patch 3/10"));
|
||||
log("Applied patch 3/10");
|
||||
patch((void*)(mod + 0x000000000004A983), 0x00, 1);
|
||||
log(AY_OBFUSCATE("Applied patch 4/10"));
|
||||
log("Applied patch 4/10");
|
||||
patch((void*)(mod + 0x000000000004A984), 0x00, 1);
|
||||
log(AY_OBFUSCATE("Applied patch 5/10"));
|
||||
log("Applied patch 5/10");
|
||||
patch((void*)(mod + 0x000000000004A985), 0xC3, 1);
|
||||
log(AY_OBFUSCATE("Applied patch 6/10"));
|
||||
log("Applied patch 6/10");
|
||||
patch((void*)(mod + 0x000000000004A986), 0x90, 1);
|
||||
log(AY_OBFUSCATE("Applied patch 7/10"));
|
||||
log("Applied patch 7/10");
|
||||
patch((void*)(mod + 0x000000000004A987), 0x90, 1);
|
||||
log(AY_OBFUSCATE("Applied patch 8/10"));
|
||||
log("Applied patch 8/10");
|
||||
patch((void*)(mod + 0x000000000004A988), 0x90, 1);
|
||||
log(AY_OBFUSCATE("Applied patch 9/10"));
|
||||
log("Applied patch 9/10");
|
||||
patch((void*)(mod + 0x000000000004A989), 0x90, 1);
|
||||
log(AY_OBFUSCATE("Applied patch 10/10"));
|
||||
log("Applied patch 10/10");
|
||||
|
||||
while (FindWindowA(0, "Ethereal") == NULL) Sleep(100);
|
||||
HWND w = FindWindowA(0, "Ethereal");
|
||||
|
|
|
@ -1,238 +0,0 @@
|
|||
#pragma once
|
||||
/* --------------------------------- ABOUT -------------------------------------
|
||||
|
||||
Original Author: Adam Yaxley
|
||||
Website: https://github.com/adamyaxley
|
||||
License: See end of file
|
||||
|
||||
Obfuscate
|
||||
Guaranteed compile-time string literal obfuscation library for C++14
|
||||
|
||||
Usage:
|
||||
Pass string literals into the AY_OBFUSCATE macro to obfuscate them at compile
|
||||
time. AY_OBFUSCATE returns a reference to an ay::obfuscated_data object with the
|
||||
following traits:
|
||||
- Guaranteed obfuscation of string
|
||||
The passed string is encrypted with a simple XOR cipher at compile-time to
|
||||
prevent it being viewable in the binary image
|
||||
- Global lifetime
|
||||
The actual instantiation of the ay::obfuscated_data takes place inside a
|
||||
lambda as a function level static
|
||||
- Implicitly convertable to a char*
|
||||
This means that you can pass it directly into functions that would normally
|
||||
take a char* or a const char*
|
||||
|
||||
Example:
|
||||
const char* obfuscated_string = AY_OBFUSCATE("Hello World");
|
||||
std::cout << obfuscated_string << std::endl;
|
||||
|
||||
----------------------------------------------------------------------------- */
|
||||
|
||||
// Workaround for __LINE__ not being constexpr when /ZI (Edit and Continue) is enabled in Visual Studio
|
||||
// See: https://developercommunity.visualstudio.com/t/-line-cannot-be-used-as-an-argument-for-constexpr/195665
|
||||
#ifdef _MSC_VER
|
||||
#define AY_CAT(X,Y) AY_CAT2(X,Y)
|
||||
#define AY_CAT2(X,Y) X##Y
|
||||
#define AY_LINE int(AY_CAT(__LINE__,U))
|
||||
#else
|
||||
#define AY_LINE __LINE__
|
||||
#endif
|
||||
|
||||
#ifndef AY_OBFUSCATE_DEFAULT_KEY
|
||||
// The default 64 bit key to obfuscate strings with.
|
||||
// This can be user specified by defining AY_OBFUSCATE_DEFAULT_KEY before
|
||||
// including obfuscate.h
|
||||
#define AY_OBFUSCATE_DEFAULT_KEY ay::generate_key(AY_LINE)
|
||||
#endif
|
||||
|
||||
namespace ay
|
||||
{
|
||||
using size_type = unsigned long long;
|
||||
using key_type = unsigned long long;
|
||||
|
||||
// Generate a pseudo-random key that spans all 8 bytes
|
||||
constexpr key_type generate_key(key_type seed)
|
||||
{
|
||||
// Use the MurmurHash3 64-bit finalizer to hash our seed
|
||||
key_type key = seed;
|
||||
key ^= (key >> 33);
|
||||
key *= 0xff51afd7ed558ccd;
|
||||
key ^= (key >> 33);
|
||||
key *= 0xc4ceb9fe1a85ec53;
|
||||
key ^= (key >> 33);
|
||||
|
||||
// Make sure that a bit in each byte is set
|
||||
key |= 0x0101010101010101ull;
|
||||
|
||||
return key;
|
||||
}
|
||||
|
||||
// Obfuscates or deobfuscates data with key
|
||||
constexpr void cipher(char* data, size_type size, key_type key)
|
||||
{
|
||||
// Obfuscate with a simple XOR cipher based on key
|
||||
for (size_type i = 0; i < size; i++)
|
||||
{
|
||||
data[i] ^= char(key >> ((i % 8) * 8));
|
||||
}
|
||||
}
|
||||
|
||||
// Obfuscates a string at compile time
|
||||
template <size_type N, key_type KEY>
|
||||
class obfuscator
|
||||
{
|
||||
public:
|
||||
// Obfuscates the string 'data' on construction
|
||||
constexpr obfuscator(const char* data)
|
||||
{
|
||||
// Copy data
|
||||
for (size_type i = 0; i < N; i++)
|
||||
{
|
||||
m_data[i] = data[i];
|
||||
}
|
||||
|
||||
// On construction each of the characters in the string is
|
||||
// obfuscated with an XOR cipher based on key
|
||||
cipher(m_data, N, KEY);
|
||||
}
|
||||
|
||||
constexpr const char* data() const
|
||||
{
|
||||
return &m_data[0];
|
||||
}
|
||||
|
||||
constexpr size_type size() const
|
||||
{
|
||||
return N;
|
||||
}
|
||||
|
||||
constexpr key_type key() const
|
||||
{
|
||||
return KEY;
|
||||
}
|
||||
|
||||
private:
|
||||
|
||||
char m_data[N]{};
|
||||
};
|
||||
|
||||
// Handles decryption and re-encryption of an encrypted string at runtime
|
||||
template <size_type N, key_type KEY>
|
||||
class obfuscated_data
|
||||
{
|
||||
public:
|
||||
obfuscated_data(const obfuscator<N, KEY>& obfuscator)
|
||||
{
|
||||
// Copy obfuscated data
|
||||
for (size_type i = 0; i < N; i++)
|
||||
{
|
||||
m_data[i] = obfuscator.data()[i];
|
||||
}
|
||||
}
|
||||
|
||||
~obfuscated_data()
|
||||
{
|
||||
// Zero m_data to remove it from memory
|
||||
for (size_type i = 0; i < N; i++)
|
||||
{
|
||||
m_data[i] = 0;
|
||||
}
|
||||
}
|
||||
|
||||
// Returns a pointer to the plain text string, decrypting it if
|
||||
// necessary
|
||||
operator char* ()
|
||||
{
|
||||
decrypt();
|
||||
return m_data;
|
||||
}
|
||||
|
||||
// Manually decrypt the string
|
||||
void decrypt()
|
||||
{
|
||||
if (m_encrypted)
|
||||
{
|
||||
cipher(m_data, N, KEY);
|
||||
m_encrypted = false;
|
||||
}
|
||||
}
|
||||
|
||||
// Manually re-encrypt the string
|
||||
void encrypt()
|
||||
{
|
||||
if (!m_encrypted)
|
||||
{
|
||||
cipher(m_data, N, KEY);
|
||||
m_encrypted = true;
|
||||
}
|
||||
}
|
||||
|
||||
// Returns true if this string is currently encrypted, false otherwise.
|
||||
bool is_encrypted() const
|
||||
{
|
||||
return m_encrypted;
|
||||
}
|
||||
|
||||
private:
|
||||
|
||||
// Local storage for the string. Call is_encrypted() to check whether or
|
||||
// not the string is currently obfuscated.
|
||||
char m_data[N];
|
||||
|
||||
// Whether data is currently encrypted
|
||||
bool m_encrypted{ true };
|
||||
};
|
||||
|
||||
// This function exists purely to extract the number of elements 'N' in the
|
||||
// array 'data'
|
||||
template <size_type N, key_type KEY = AY_OBFUSCATE_DEFAULT_KEY>
|
||||
constexpr auto make_obfuscator(const char(&data)[N])
|
||||
{
|
||||
return obfuscator<N, KEY>(data);
|
||||
}
|
||||
}
|
||||
|
||||
// Obfuscates the string 'data' at compile-time and returns a reference to a
|
||||
// ay::obfuscated_data object with global lifetime that has functions for
|
||||
// decrypting the string and is also implicitly convertable to a char*
|
||||
#define AY_OBFUSCATE(data) AY_OBFUSCATE_KEY(data, AY_OBFUSCATE_DEFAULT_KEY)
|
||||
|
||||
// Obfuscates the string 'data' with 'key' at compile-time and returns a
|
||||
// reference to a ay::obfuscated_data object with global lifetime that has
|
||||
// functions for decrypting the string and is also implicitly convertable to a
|
||||
// char*
|
||||
#define AY_OBFUSCATE_KEY(data, key) \
|
||||
[]() -> ay::obfuscated_data<sizeof(data)/sizeof(data[0]), key>& { \
|
||||
static_assert(sizeof(decltype(key)) == sizeof(ay::key_type), "key must be a 64 bit unsigned integer"); \
|
||||
static_assert((key) >= (1ull << 56), "key must span all 8 bytes"); \
|
||||
constexpr auto n = sizeof(data)/sizeof(data[0]); \
|
||||
constexpr auto obfuscator = ay::make_obfuscator<n, key>(data); \
|
||||
static auto obfuscated_data = ay::obfuscated_data<n, key>(obfuscator); \
|
||||
return obfuscated_data; \
|
||||
}()
|
||||
|
||||
/* -------------------------------- LICENSE ------------------------------------
|
||||
|
||||
Public Domain (http://www.unlicense.org)
|
||||
|
||||
This is free and unencumbered software released into the public domain.
|
||||
|
||||
Anyone is free to copy, modify, publish, use, compile, sell, or distribute this
|
||||
software, either in source code form or as a compiled binary, for any purpose,
|
||||
commercial or non-commercial, and by any means.
|
||||
|
||||
In jurisdictions that recognize copyright laws, the author or authors of this
|
||||
software dedicate any and all copyright interest in the software to the public
|
||||
domain. We make this dedication for the benefit of the public at large and to
|
||||
the detriment of our heirs and successors. We intend this dedication to be an
|
||||
overt act of relinquishment in perpetuity of all present and future rights to
|
||||
this software under copyright law.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
|
||||
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
||||
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
----------------------------------------------------------------------------- */
|
Loading…
Reference in New Issue