@ -0,0 +1,22 @@
|
|||||||
|
// amlegit_dll.cpp : Defines the exported functions for the DLL.
|
||||||
|
//
|
||||||
|
|
||||||
|
#include "pch.h"
|
||||||
|
#include "framework.h"
|
||||||
|
#include "amlegit_dll.h"
|
||||||
|
|
||||||
|
|
||||||
|
// This is an example of an exported variable
|
||||||
|
AMLEGITDLL_API int namlegitdll=0;
|
||||||
|
|
||||||
|
// This is an example of an exported function.
|
||||||
|
AMLEGITDLL_API int fnamlegitdll(void)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
// This is the constructor of a class that has been exported.
|
||||||
|
Camlegitdll::Camlegitdll()
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
@ -0,0 +1,22 @@
|
|||||||
|
// The following ifdef block is the standard way of creating macros which make exporting
|
||||||
|
// from a DLL simpler. All files within this DLL are compiled with the AMLEGITDLL_EXPORTS
|
||||||
|
// symbol defined on the command line. This symbol should not be defined on any project
|
||||||
|
// that uses this DLL. This way any other project whose source files include this file see
|
||||||
|
// AMLEGITDLL_API functions as being imported from a DLL, whereas this DLL sees symbols
|
||||||
|
// defined with this macro as being exported.
|
||||||
|
#ifdef AMLEGITDLL_EXPORTS
|
||||||
|
#define AMLEGITDLL_API __declspec(dllexport)
|
||||||
|
#else
|
||||||
|
#define AMLEGITDLL_API __declspec(dllimport)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
// This class is exported from the dll
|
||||||
|
class AMLEGITDLL_API Camlegitdll {
|
||||||
|
public:
|
||||||
|
Camlegitdll(void);
|
||||||
|
// TODO: add your methods here.
|
||||||
|
};
|
||||||
|
|
||||||
|
extern AMLEGITDLL_API int namlegitdll;
|
||||||
|
|
||||||
|
AMLEGITDLL_API int fnamlegitdll(void);
|
@ -0,0 +1,182 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<ItemGroup Label="ProjectConfigurations">
|
||||||
|
<ProjectConfiguration Include="Debug|Win32">
|
||||||
|
<Configuration>Debug</Configuration>
|
||||||
|
<Platform>Win32</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Release|Win32">
|
||||||
|
<Configuration>Release</Configuration>
|
||||||
|
<Platform>Win32</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Debug|x64">
|
||||||
|
<Configuration>Debug</Configuration>
|
||||||
|
<Platform>x64</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Release|x64">
|
||||||
|
<Configuration>Release</Configuration>
|
||||||
|
<Platform>x64</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
</ItemGroup>
|
||||||
|
<PropertyGroup Label="Globals">
|
||||||
|
<VCProjectVersion>16.0</VCProjectVersion>
|
||||||
|
<ProjectGuid>{0DC4C851-FA89-47FE-A891-C7590376D2C2}</ProjectGuid>
|
||||||
|
<Keyword>Win32Proj</Keyword>
|
||||||
|
<RootNamespace>amlegitdll</RootNamespace>
|
||||||
|
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||||
|
</PropertyGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||||
|
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||||
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||||
|
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||||
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||||
|
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||||
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||||
|
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||||
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||||
|
<ImportGroup Label="ExtensionSettings">
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="Shared">
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<PropertyGroup Label="UserMacros" />
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
<TargetName>hello_world</TargetName>
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
|
<TargetName>hello_world</TargetName>
|
||||||
|
<LinkIncremental>true</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
<TargetName>hello_world</TargetName>
|
||||||
|
<LinkIncremental>true</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
|
<TargetName>hello_world</TargetName>
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
<ClCompile>
|
||||||
|
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||||
|
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>NDEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Windows</SubSystem>
|
||||||
|
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||||
|
<OptimizeReferences>true</OptimizeReferences>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
<EnableUAC>false</EnableUAC>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
|
<ClCompile>
|
||||||
|
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>WIN32;_DEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Windows</SubSystem>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
<EnableUAC>false</EnableUAC>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
<ClCompile>
|
||||||
|
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>_DEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Windows</SubSystem>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
<EnableUAC>false</EnableUAC>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
|
<ClCompile>
|
||||||
|
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||||
|
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>WIN32;NDEBUG;AMLEGITDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Windows</SubSystem>
|
||||||
|
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||||
|
<OptimizeReferences>true</OptimizeReferences>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
<EnableUAC>false</EnableUAC>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<None Include="cpp.hint" />
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClInclude Include="amlegit_dll.h" />
|
||||||
|
<ClInclude Include="framework.h" />
|
||||||
|
<ClInclude Include="pch.h" />
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClCompile Include="amlegit_dll.cpp" />
|
||||||
|
<ClCompile Include="dllmain.cpp" />
|
||||||
|
<ClCompile Include="pch.cpp">
|
||||||
|
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
|
||||||
|
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
||||||
|
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
||||||
|
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
|
||||||
|
</ClCompile>
|
||||||
|
</ItemGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||||
|
<ImportGroup Label="ExtensionTargets">
|
||||||
|
</ImportGroup>
|
||||||
|
</Project>
|
@ -0,0 +1,42 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<ItemGroup>
|
||||||
|
<Filter Include="Source Files">
|
||||||
|
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||||
|
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||||
|
</Filter>
|
||||||
|
<Filter Include="Header Files">
|
||||||
|
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||||
|
<Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
|
||||||
|
</Filter>
|
||||||
|
<Filter Include="Resource Files">
|
||||||
|
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||||
|
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||||
|
</Filter>
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<None Include="cpp.hint" />
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClInclude Include="framework.h">
|
||||||
|
<Filter>Header Files</Filter>
|
||||||
|
</ClInclude>
|
||||||
|
<ClInclude Include="amlegit_dll.h">
|
||||||
|
<Filter>Header Files</Filter>
|
||||||
|
</ClInclude>
|
||||||
|
<ClInclude Include="pch.h">
|
||||||
|
<Filter>Header Files</Filter>
|
||||||
|
</ClInclude>
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClCompile Include="amlegit_dll.cpp">
|
||||||
|
<Filter>Source Files</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="dllmain.cpp">
|
||||||
|
<Filter>Source Files</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="pch.cpp">
|
||||||
|
<Filter>Source Files</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
</ItemGroup>
|
||||||
|
</Project>
|
@ -0,0 +1,4 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<PropertyGroup />
|
||||||
|
</Project>
|
@ -0,0 +1,2 @@
|
|||||||
|
#define AMLEGITDLL_API __declspec(dllexport)
|
||||||
|
#define AMLEGITDLL_API __declspec(dllimport)
|
@ -0,0 +1,39 @@
|
|||||||
|
// dllmain.cpp : Defines the entry point for the DLL application.
|
||||||
|
#include "pch.h"
|
||||||
|
|
||||||
|
void __stdcall main_thread(HMODULE current_module)
|
||||||
|
{
|
||||||
|
|
||||||
|
const auto create_console = []() -> bool
|
||||||
|
{
|
||||||
|
if (AllocConsole()) {
|
||||||
|
freopen_s(reinterpret_cast<FILE**>(stdin), "CONIN$", "r", stdin);
|
||||||
|
freopen_s(reinterpret_cast<FILE**>(stdout), "CONOUT$", "w", stdout);
|
||||||
|
SetConsoleTitleA("[amlegit_dll] - xerox@hacks.ltd");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
|
||||||
|
//check to make sure we actually alloc console
|
||||||
|
if (!create_console())
|
||||||
|
FreeLibraryAndExitThread(current_module, EXIT_FAILURE);
|
||||||
|
|
||||||
|
std::cout << "[+] Hello world" << std::endl;
|
||||||
|
|
||||||
|
FreeConsole();
|
||||||
|
FreeLibraryAndExitThread(current_module, EXIT_SUCCESS);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool __stdcall DllMain(HMODULE module_entry, std::uint32_t call_reason, void*) {
|
||||||
|
|
||||||
|
if (call_reason == DLL_PROCESS_ATTACH)
|
||||||
|
if (CreateThread(nullptr, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(main_thread), module_entry, 0, nullptr) != INVALID_HANDLE_VALUE)
|
||||||
|
return true;
|
||||||
|
else
|
||||||
|
FreeLibraryAndExitThread(module_entry, EXIT_FAILURE);
|
||||||
|
else
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
@ -0,0 +1,7 @@
|
|||||||
|
#pragma once
|
||||||
|
|
||||||
|
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
|
||||||
|
// Windows Header Files
|
||||||
|
#include <windows.h>
|
||||||
|
#include <thread>
|
||||||
|
#include <iostream>
|
@ -0,0 +1,5 @@
|
|||||||
|
// pch.cpp: source file corresponding to the pre-compiled header
|
||||||
|
|
||||||
|
#include "pch.h"
|
||||||
|
|
||||||
|
// When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
|
@ -0,0 +1,13 @@
|
|||||||
|
// pch.h: This is a precompiled header file.
|
||||||
|
// Files listed below are compiled only once, improving build performance for future builds.
|
||||||
|
// This also affects IntelliSense performance, including code completion and many code browsing features.
|
||||||
|
// However, files listed here are ALL re-compiled if any one of them is updated between builds.
|
||||||
|
// Do not add files here that you will be updating frequently as this negates the performance advantage.
|
||||||
|
|
||||||
|
#ifndef PCH_H
|
||||||
|
#define PCH_H
|
||||||
|
|
||||||
|
// add headers that you want to pre-compile here
|
||||||
|
#include "framework.h"
|
||||||
|
|
||||||
|
#endif //PCH_H
|
@ -0,0 +1,65 @@
|
|||||||
|
#include <Windows.h>
|
||||||
|
#include <tuple>
|
||||||
|
#include <cstdint>
|
||||||
|
|
||||||
|
#pragma once
|
||||||
|
//--- amlegit dll functions
|
||||||
|
namespace amlegit
|
||||||
|
{
|
||||||
|
//--- function is only for extracting the driver
|
||||||
|
static std::tuple<std::uintptr_t, std::size_t> get_driver()
|
||||||
|
{
|
||||||
|
auto get_driver_temp =
|
||||||
|
reinterpret_cast<__int64(*)(unsigned*)>(
|
||||||
|
GetProcAddress(LoadLibrary(L"buffer.dll"), "GetDriver"));
|
||||||
|
unsigned driver_size;
|
||||||
|
if (get_driver_temp)
|
||||||
|
return { get_driver_temp(&driver_size), driver_size };
|
||||||
|
return { {}, {} };
|
||||||
|
}
|
||||||
|
|
||||||
|
//--- this function calls GetDriver inside buffer.dll
|
||||||
|
static bool load_driver()
|
||||||
|
{
|
||||||
|
auto load_drv =
|
||||||
|
reinterpret_cast<bool(*)()>(
|
||||||
|
GetProcAddress(LoadLibrary(L"buffer.dll"), "ExportLoad"));
|
||||||
|
return load_drv ? load_drv() : false;
|
||||||
|
}
|
||||||
|
|
||||||
|
//--- driver_name is the name of the driver which is in current working directory
|
||||||
|
static bool map_driver(const char* driver_name)
|
||||||
|
{
|
||||||
|
auto map_drv =
|
||||||
|
reinterpret_cast<bool(*)(const char*)>(
|
||||||
|
GetProcAddress(LoadLibrary(L"mmap.dll"), "ExportMap"));
|
||||||
|
return map_drv ? map_drv(driver_name) : false;
|
||||||
|
}
|
||||||
|
|
||||||
|
//--- hooks ioctl of gpuenergydrv.sys
|
||||||
|
static bool connect_driver()
|
||||||
|
{
|
||||||
|
auto connect_drv =
|
||||||
|
reinterpret_cast<bool(*)()>(
|
||||||
|
GetProcAddress(LoadLibrary(L"inject.dll"), "ExportConnect"));
|
||||||
|
return connect_drv ? connect_drv() : false;
|
||||||
|
}
|
||||||
|
|
||||||
|
//--- pasted from: https://github.com/btbd/hwid
|
||||||
|
static bool spoof()
|
||||||
|
{
|
||||||
|
auto spoof_addr =
|
||||||
|
reinterpret_cast<bool(*)()>(
|
||||||
|
GetProcAddress(LoadLibrary(L"inject.dll"), "ExportSpoof"));
|
||||||
|
return spoof_addr ? spoof_addr() : false;
|
||||||
|
}
|
||||||
|
|
||||||
|
//--- this doesnt hide memory!
|
||||||
|
static bool inject(const char* wind_name, const char* dll_name)
|
||||||
|
{
|
||||||
|
auto inject_addr =
|
||||||
|
reinterpret_cast<bool(*)(const char*, const char*)>(
|
||||||
|
GetProcAddress(LoadLibrary(L"inject.dll"), "ExportInject"));
|
||||||
|
return inject_addr ? inject_addr(wind_name, dll_name) : false;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,40 @@
|
|||||||
|
#include <iostream>
|
||||||
|
#include <fstream>
|
||||||
|
#include <filesystem>
|
||||||
|
#include "amlegit.hpp"
|
||||||
|
#include "hooked_functions.hpp"
|
||||||
|
|
||||||
|
using namespace std;
|
||||||
|
|
||||||
|
/*
|
||||||
|
Warning! This will get you banned, do not use this!
|
||||||
|
*/
|
||||||
|
int main()
|
||||||
|
{
|
||||||
|
//--- hook DeviceIoControl
|
||||||
|
hook::install(&DeviceIoControl, &shithook::h_device_io_control);
|
||||||
|
|
||||||
|
//--- get driver buffer
|
||||||
|
auto [driver_ptr, driver_size] = amlegit::get_driver();
|
||||||
|
cout << hex << showbase << "[+] driver_ptr: " << driver_ptr << endl;
|
||||||
|
cout << hex << showbase << "[+] driver_size: " << driver_size << endl;
|
||||||
|
|
||||||
|
//--- writes driver to file
|
||||||
|
ofstream driver(filesystem::path("driver.sys"), std::ofstream::out | std::ofstream::binary);
|
||||||
|
driver.write(reinterpret_cast<char*>(driver_ptr), driver_size);
|
||||||
|
driver.close();
|
||||||
|
cout << "[+] wrote driver to disk" << endl;
|
||||||
|
|
||||||
|
//--- load driver
|
||||||
|
amlegit::load_driver();
|
||||||
|
cout << "[+] loaded intel lan driver" << endl;
|
||||||
|
amlegit::map_driver("driver.sys");
|
||||||
|
cout << "[+] mapped unsigned driver" << endl;
|
||||||
|
amlegit::connect_driver();
|
||||||
|
cout << "[+] connected to driver" << endl;
|
||||||
|
|
||||||
|
//--- inject dll into process with window name
|
||||||
|
amlegit::inject("Rainbow Six", "hello_world.dll");
|
||||||
|
cout << "[+] injected dll" << endl;
|
||||||
|
cin.get();
|
||||||
|
}
|
@ -0,0 +1,169 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<ItemGroup Label="ProjectConfigurations">
|
||||||
|
<ProjectConfiguration Include="Debug|Win32">
|
||||||
|
<Configuration>Debug</Configuration>
|
||||||
|
<Platform>Win32</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Release|Win32">
|
||||||
|
<Configuration>Release</Configuration>
|
||||||
|
<Platform>Win32</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Debug|x64">
|
||||||
|
<Configuration>Debug</Configuration>
|
||||||
|
<Platform>x64</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Release|x64">
|
||||||
|
<Configuration>Release</Configuration>
|
||||||
|
<Platform>x64</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
</ItemGroup>
|
||||||
|
<PropertyGroup Label="Globals">
|
||||||
|
<VCProjectVersion>16.0</VCProjectVersion>
|
||||||
|
<ProjectGuid>{6CFA63DA-34DE-46E7-81BA-876CF3267A4F}</ProjectGuid>
|
||||||
|
<Keyword>Win32Proj</Keyword>
|
||||||
|
<RootNamespace>amlegitdriver</RootNamespace>
|
||||||
|
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||||
|
</PropertyGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||||
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||||
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||||
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||||
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||||
|
<ImportGroup Label="ExtensionSettings">
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="Shared">
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<PropertyGroup Label="UserMacros" />
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
|
<LinkIncremental>true</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
<LinkIncremental>true</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
|
<ClCompile>
|
||||||
|
<PrecompiledHeader>
|
||||||
|
</PrecompiledHeader>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<LanguageStandard>stdcpplatest</LanguageStandard>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Console</SubSystem>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
<ClCompile>
|
||||||
|
<PrecompiledHeader>
|
||||||
|
</PrecompiledHeader>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<LanguageStandard>stdcpplatest</LanguageStandard>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Console</SubSystem>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
|
<ClCompile>
|
||||||
|
<PrecompiledHeader>
|
||||||
|
</PrecompiledHeader>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||||
|
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<LanguageStandard>stdcpplatest</LanguageStandard>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Console</SubSystem>
|
||||||
|
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||||
|
<OptimizeReferences>true</OptimizeReferences>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
<ClCompile>
|
||||||
|
<PrecompiledHeader>
|
||||||
|
</PrecompiledHeader>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||||
|
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<LanguageStandard>stdcpplatest</LanguageStandard>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Console</SubSystem>
|
||||||
|
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||||
|
<OptimizeReferences>true</OptimizeReferences>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClCompile Include="amlegit_driver.cpp" />
|
||||||
|
<ClCompile Include="hook.cpp" />
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClInclude Include="amlegit.hpp" />
|
||||||
|
<ClInclude Include="hook.hpp" />
|
||||||
|
<ClInclude Include="hooked_functions.hpp" />
|
||||||
|
</ItemGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||||
|
<ImportGroup Label="ExtensionTargets">
|
||||||
|
</ImportGroup>
|
||||||
|
</Project>
|
@ -0,0 +1,36 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<ItemGroup>
|
||||||
|
<Filter Include="Source Files">
|
||||||
|
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||||
|
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||||
|
</Filter>
|
||||||
|
<Filter Include="Header Files">
|
||||||
|
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||||
|
<Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
|
||||||
|
</Filter>
|
||||||
|
<Filter Include="Resource Files">
|
||||||
|
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||||
|
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||||
|
</Filter>
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClCompile Include="amlegit_driver.cpp">
|
||||||
|
<Filter>Source Files</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="hook.cpp">
|
||||||
|
<Filter>Source Files</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClInclude Include="amlegit.hpp">
|
||||||
|
<Filter>Header Files</Filter>
|
||||||
|
</ClInclude>
|
||||||
|
<ClInclude Include="hooked_functions.hpp">
|
||||||
|
<Filter>Header Files</Filter>
|
||||||
|
</ClInclude>
|
||||||
|
<ClInclude Include="hook.hpp">
|
||||||
|
<Filter>Header Files</Filter>
|
||||||
|
</ClInclude>
|
||||||
|
</ItemGroup>
|
||||||
|
</Project>
|
@ -0,0 +1,4 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<PropertyGroup />
|
||||||
|
</Project>
|
@ -0,0 +1,42 @@
|
|||||||
|
#include "hook.hpp"
|
||||||
|
|
||||||
|
namespace hook
|
||||||
|
{
|
||||||
|
//--- default constructor
|
||||||
|
detour::detour(void* addr_to_hook, void* jmp_to_addr)
|
||||||
|
: hook_addr((std::uintptr_t)addr_to_hook), detour_addr((std::uintptr_t)jmp_to_addr)
|
||||||
|
{
|
||||||
|
//finish the shellcode by adding the address to jmp to
|
||||||
|
*(uintptr_t*)(jmp_code + OFFSET_TO_ADDRESS) = (std::uintptr_t)jmp_to_addr;
|
||||||
|
//save old bytes
|
||||||
|
memcpy(org_bytes, (void*)hook_addr, JMP_CODE_SIZE);
|
||||||
|
//install the hook.
|
||||||
|
install();
|
||||||
|
}
|
||||||
|
|
||||||
|
detour::~detour()
|
||||||
|
{uninstall();}
|
||||||
|
|
||||||
|
void detour::install()
|
||||||
|
{
|
||||||
|
//install the hook.
|
||||||
|
write_to_readonly((void *)hook_addr, jmp_code, JMP_CODE_SIZE);
|
||||||
|
hook_installed = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
void detour::uninstall()
|
||||||
|
{
|
||||||
|
//write the original bytes back.
|
||||||
|
write_to_readonly((void *)hook_addr, org_bytes, JMP_CODE_SIZE);
|
||||||
|
hook_installed = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
uintptr_t detour::hook_address()
|
||||||
|
{return hook_addr;}
|
||||||
|
|
||||||
|
uintptr_t detour::detour_address()
|
||||||
|
{return detour_addr;}
|
||||||
|
|
||||||
|
bool detour::installed()
|
||||||
|
{return hook_installed;}
|
||||||
|
}
|
@ -0,0 +1,109 @@
|
|||||||
|
#pragma once
|
||||||
|
#include <Windows.h>
|
||||||
|
#include <map>
|
||||||
|
#include <memory>
|
||||||
|
|
||||||
|
#define JMP_CODE_SIZE 14
|
||||||
|
#define OFFSET_TO_ADDRESS 0x2
|
||||||
|
|
||||||
|
namespace hook
|
||||||
|
{
|
||||||
|
class detour
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
detour(void* addrToHook, void* jmpTo);
|
||||||
|
~detour();
|
||||||
|
void install();
|
||||||
|
void uninstall();
|
||||||
|
bool installed();
|
||||||
|
uintptr_t hook_address();
|
||||||
|
uintptr_t detour_address();
|
||||||
|
private:
|
||||||
|
bool hook_installed{ false };
|
||||||
|
uintptr_t hook_addr, detour_addr;
|
||||||
|
unsigned char jmp_code[JMP_CODE_SIZE] = {
|
||||||
|
0x48, 0xb8, //movabs rax, &jmpTo
|
||||||
|
0x0, //jmpTo address will be here in these 0's
|
||||||
|
0x0,
|
||||||
|
0x0,
|
||||||
|
0x0,
|
||||||
|
0x0,
|
||||||
|
0x0,
|
||||||
|
0x0,
|
||||||
|
0x0,
|
||||||
|
0xff, 0xe0, //jmp rax
|
||||||
|
0x90, 0x90 //nop, nop
|
||||||
|
};
|
||||||
|
char org_bytes[JMP_CODE_SIZE];
|
||||||
|
};
|
||||||
|
|
||||||
|
static std::map<uintptr_t, std::unique_ptr<detour>> hooks{};
|
||||||
|
|
||||||
|
__forceinline void write_to_readonly(void* addr, void* data, int size)
|
||||||
|
{
|
||||||
|
DWORD old_flags;
|
||||||
|
VirtualProtect((LPVOID)addr, size, PAGE_READWRITE, &old_flags);
|
||||||
|
memcpy((void*)addr, data, size);
|
||||||
|
VirtualProtect((LPVOID)addr, size, old_flags, &old_flags);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
Author: xerox
|
||||||
|
Date: 12/19/2019
|
||||||
|
|
||||||
|
Create Hook without needing to deal with objects
|
||||||
|
*/
|
||||||
|
__forceinline void install(void* addr_to_hook, void* jmp_to_addr) {
|
||||||
|
|
||||||
|
if (!addr_to_hook)
|
||||||
|
return;
|
||||||
|
|
||||||
|
hooks.insert({
|
||||||
|
(std::uintptr_t)addr_to_hook,
|
||||||
|
std::make_unique<detour>(
|
||||||
|
addr_to_hook,
|
||||||
|
jmp_to_addr
|
||||||
|
)}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
Author: xerox
|
||||||
|
Date: 12/19/2019
|
||||||
|
|
||||||
|
Enable hook given the address to hook
|
||||||
|
*/
|
||||||
|
__forceinline void enable(void* addr)
|
||||||
|
{
|
||||||
|
if (!addr)
|
||||||
|
return;
|
||||||
|
hooks.at((std::uintptr_t)addr)->install();
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
Author: xerox
|
||||||
|
Date: 12/19/2019
|
||||||
|
|
||||||
|
Disable hook givent the address of the hook
|
||||||
|
*/
|
||||||
|
__forceinline void disable(void* addr)
|
||||||
|
{
|
||||||
|
if (!addr)
|
||||||
|
return;
|
||||||
|
hooks.at((std::uintptr_t)addr)->uninstall();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
Author: xerox
|
||||||
|
Date: 12/19/2019
|
||||||
|
|
||||||
|
Remove hook completely from vector
|
||||||
|
*/
|
||||||
|
__forceinline void remove(void* addr)
|
||||||
|
{
|
||||||
|
if (!addr)
|
||||||
|
return;
|
||||||
|
hooks.erase((std::uintptr_t)addr);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,57 @@
|
|||||||
|
#include <iostream>
|
||||||
|
#include "hook.hpp"
|
||||||
|
|
||||||
|
namespace shithook
|
||||||
|
{
|
||||||
|
static BOOL h_device_io_control(
|
||||||
|
HANDLE hDevice,
|
||||||
|
DWORD dwIoControlCode,
|
||||||
|
LPVOID lpInBuffer,
|
||||||
|
DWORD nInBufferSize,
|
||||||
|
LPVOID lpOutBuffer,
|
||||||
|
DWORD nOutBufferSize,
|
||||||
|
LPDWORD lpBytesReturned,
|
||||||
|
LPOVERLAPPED lpOverlapped
|
||||||
|
)
|
||||||
|
{
|
||||||
|
switch (dwIoControlCode)
|
||||||
|
{
|
||||||
|
case 0x2248D2:
|
||||||
|
std::cout << std::endl << "[IOCTL] Testing communication" << std::endl;
|
||||||
|
break;
|
||||||
|
case 0x224DCA:
|
||||||
|
std::cout << std::endl << "[IOCTL] Read data (MmCopyVirtualMemory)" << std::endl;
|
||||||
|
break;
|
||||||
|
case 0x225CC1:
|
||||||
|
std::cout << std::endl << "[IOCTL] Write data (MmCopyVirtualMemory)" << std::endl;
|
||||||
|
break;
|
||||||
|
case 0x224986:
|
||||||
|
std::cout << std::endl << "[IOCTL] Allocate Virtual Memory (MmMapLockedPagesSpecifyCache, ZwOpenProcess, ZwAllocateVirtualMemory)" << std::endl;
|
||||||
|
break;
|
||||||
|
case 0x235C42:
|
||||||
|
std::cout << std::endl << "[IOCTL] Spoofer (Pasted from hwid)" << std::endl;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
std::cout << "[-] unknown ioctl code " << std::showbase << std::hex << dwIoControlCode << std::endl;
|
||||||
|
}
|
||||||
|
|
||||||
|
std::cout << "[+] buffer size: " << nInBufferSize << std::endl;
|
||||||
|
|
||||||
|
for (auto idx = 0u; idx < nInBufferSize; ++idx)
|
||||||
|
printf("0x%x ", ((uint8_t*)lpInBuffer)[idx]);
|
||||||
|
|
||||||
|
hook::disable(&DeviceIoControl);
|
||||||
|
bool result = DeviceIoControl(
|
||||||
|
hDevice,
|
||||||
|
dwIoControlCode,
|
||||||
|
lpInBuffer,
|
||||||
|
nInBufferSize,
|
||||||
|
lpOutBuffer,
|
||||||
|
nOutBufferSize,
|
||||||
|
lpBytesReturned,
|
||||||
|
lpOverlapped
|
||||||
|
);
|
||||||
|
hook::enable(&DeviceIoControl);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
}
|
After Width: | Height: | Size: 44 KiB |
Before Width: | Height: | Size: 43 KiB After Width: | Height: | Size: 43 KiB |
Before Width: | Height: | Size: 30 KiB After Width: | Height: | Size: 30 KiB |
After Width: | Height: | Size: 22 KiB |
Before Width: | Height: | Size: 144 KiB After Width: | Height: | Size: 144 KiB |
Before Width: | Height: | Size: 163 KiB After Width: | Height: | Size: 163 KiB |
Before Width: | Height: | Size: 66 KiB After Width: | Height: | Size: 66 KiB |
After Width: | Height: | Size: 48 KiB |
Before Width: | Height: | Size: 15 KiB After Width: | Height: | Size: 15 KiB |
Before Width: | Height: | Size: 15 KiB After Width: | Height: | Size: 15 KiB |
Before Width: | Height: | Size: 87 KiB After Width: | Height: | Size: 87 KiB |
After Width: | Height: | Size: 167 KiB |
Before Width: | Height: | Size: 112 KiB After Width: | Height: | Size: 112 KiB |
Before Width: | Height: | Size: 122 KiB After Width: | Height: | Size: 122 KiB |