diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..1ff0c42 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,63 @@ +############################################################################### +# Set default behavior to automatically normalize line endings. +############################################################################### +* text=auto + +############################################################################### +# Set default behavior for command prompt diff. +# +# This is need for earlier builds of msysgit that does not have it on by +# default for csharp files. +# Note: This is only used by command line +############################################################################### +#*.cs diff=csharp + +############################################################################### +# Set the merge driver for project and solution files +# +# Merging from the command prompt will add diff markers to the files if there +# are conflicts (Merging from VS is not affected by the settings below, in VS +# the diff markers are never inserted). Diff markers may cause the following +# file extensions to fail to load in VS. An alternative would be to treat +# these files as binary and thus will always conflict and require user +# intervention with every merge. To do so, just uncomment the entries below +############################################################################### +#*.sln merge=binary +#*.csproj merge=binary +#*.vbproj merge=binary +#*.vcxproj merge=binary +#*.vcproj merge=binary +#*.dbproj merge=binary +#*.fsproj merge=binary +#*.lsproj merge=binary +#*.wixproj merge=binary +#*.modelproj merge=binary +#*.sqlproj merge=binary +#*.wwaproj merge=binary + +############################################################################### +# behavior for image files +# +# image files are treated as binary by default. +############################################################################### +#*.jpg binary +#*.png binary +#*.gif binary + +############################################################################### +# diff behavior for common document formats +# +# Convert binary document formats to text before diffing them. This feature +# is only available from the command line. Turn it on by uncommenting the +# entries below. +############################################################################### +#*.doc diff=astextplain +#*.DOC diff=astextplain +#*.docx diff=astextplain +#*.DOCX diff=astextplain +#*.dot diff=astextplain +#*.DOT diff=astextplain +#*.pdf diff=astextplain +#*.PDF diff=astextplain +#*.rtf diff=astextplain +#*.RTF diff=astextplain diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1c9a181 --- /dev/null +++ b/.gitignore @@ -0,0 +1,242 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. + +# User-specific files +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +[Xx]64/ +[Xx]86/ +[Bb]uild/ +bld/ +[Bb]in/ +[Oo]bj/ + +# Visual Studio 2015 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUNIT +*.VisualState.xml +TestResult.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# DNX +project.lock.json +artifacts/ + +*_i.c +*_p.c +*_i.h +*.ilk +*.meta +*.obj +*.pch +*.pdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# JustCode is a .NET coding add-in +.JustCode + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml + +# TODO: Un-comment the next line if you do not want to checkin +# your web deploy settings because they may include unencrypted +# passwords +#*.pubxml +*.publishproj + +# NuGet Packages +*.nupkg +# The packages folder can be ignored because of Package Restore +**/packages/* +# except build/, which is used as an MSBuild target. +!**/packages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/packages/repositories.config +# NuGet v3's project.json files produces more ignoreable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directory +AppPackages/ +BundleArtifacts/ + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!*.[Cc]ache/ + +# Others +ClientBin/ +[Ss]tyle[Cc]op.* +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.pfx +*.publishsettings +node_modules/ +orleans.codegen.cs + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm + +# SQL Server files +*.mdf +*.ldf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# LightSwitch generated files +GeneratedArtifacts/ +ModelManifest.xml + +# Paket dependency manager +.paket/paket.exe + +# FAKE - F# Make +.fake/ diff --git a/OLEDLG.sln b/OLEDLG.sln new file mode 100644 index 0000000..c04e2f0 --- /dev/null +++ b/OLEDLG.sln @@ -0,0 +1,28 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 14 +VisualStudioVersion = 14.0.25420.1 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "OLEDLG", "OLEDLG\OLEDLG.vcxproj", "{7E6259D1-4031-47A6-95A2-FA9900B1B98C}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {7E6259D1-4031-47A6-95A2-FA9900B1B98C}.Debug|x64.ActiveCfg = Debug|x64 + {7E6259D1-4031-47A6-95A2-FA9900B1B98C}.Debug|x64.Build.0 = Debug|x64 + {7E6259D1-4031-47A6-95A2-FA9900B1B98C}.Debug|x86.ActiveCfg = Debug|Win32 + {7E6259D1-4031-47A6-95A2-FA9900B1B98C}.Debug|x86.Build.0 = Debug|Win32 + {7E6259D1-4031-47A6-95A2-FA9900B1B98C}.Release|x64.ActiveCfg = Release|x64 + {7E6259D1-4031-47A6-95A2-FA9900B1B98C}.Release|x64.Build.0 = Release|x64 + {7E6259D1-4031-47A6-95A2-FA9900B1B98C}.Release|x86.ActiveCfg = Release|Win32 + {7E6259D1-4031-47A6-95A2-FA9900B1B98C}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/OLEDLG/OLEDLG.cpp b/OLEDLG/OLEDLG.cpp new file mode 100644 index 0000000..342915c --- /dev/null +++ b/OLEDLG/OLEDLG.cpp @@ -0,0 +1,868 @@ +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// ͷļ +#include "pch.h" +#include "OLEDLG.h" +#include "PEB.h" +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// ԭַָ +PVOID pfnOleUIAddVerbMenuA; +PVOID pfnOleUICanConvertOrActivateAs; +PVOID pfnOleUIInsertObjectA; +PVOID pfnOleUIPasteSpecialA; +PVOID pfnOleUIEditLinksA; +PVOID pfnOleUIChangeIconA; +PVOID pfnOleUIConvertA; +PVOID pfnOleUIBusyA; +PVOID pfnOleUIUpdateLinksA; +PVOID pfnOleUIPromptUserA; +PVOID pfnOleUIObjectPropertiesA; +PVOID pfnOleUIChangeSourceA; +PVOID pfnOleUIAddVerbMenuW; +PVOID pfnOleUIBusyW; +PVOID pfnOleUIChangeIconW; +PVOID pfnOleUIChangeSourceW; +PVOID pfnOleUIConvertW; +PVOID pfnOleUIEditLinksW; +PVOID pfnOleUIInsertObjectW; +PVOID pfnOleUIObjectPropertiesW; +PVOID pfnOleUIPasteSpecialW; +PVOID pfnOleUIPromptUserW; +PVOID pfnOleUIUpdateLinksW; +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// Զ庯 +//int dword_20002000; // weak +LPVOID vax_hMem = NULL; +//int dword_20002004; // weak +INT vax_dwSize = 0; +//int dword_20002008; // weak +HMODULE ole_hModule = NULL; // oledlg ԭʼģ +//char byte_2000200C; // weak +INT vax_index = 0; +//int dword_20002010; // weak +LPVOID vax_lpMem = NULL; +//int dword_20002014; // weak +HMODULE vax_hModule = NULL; // VA_X ģ +//int dword_20002018; // weak +HMODULE curr_hModule = NULL; // ̾ + +CONST CHAR* oPublicKeyX = "4065234961,2221233238252903594850812155620126,3175203956977476891557515669668792"; +CONST CHAR* oPublicKeyY = "1329115615,9626603984703850283064885442292035,3463780848057510008753765087591958"; +CONST CHAR* cPublicKeyX = "2127088620,2558213661223504372788100802238141,2694097057723490910395353919176313"; +CONST CHAR* cPublicKeyY = "2127088620,8809976404932220599325753072055172,1929719295914332726580392022338415"; + +#define OUTPUT_DEBUG_PRINTF(str) DebugOut(str) +#define PUT_PUT_DEBUG_BUF_LEN 255 +void DebugOut(const char* strOutputString, ...) +{ + CHAR strBuffer[PUT_PUT_DEBUG_BUF_LEN] = { 0 }; + va_list vlArgs; + va_start(vlArgs, strOutputString); + _vsnprintf_s(strBuffer, sizeof(strBuffer) - 1, strOutputString, vlArgs); //_vsnprintf_s _vsnprintf + //vsprintf(strBuffer,strOutputString,vlArgs); + va_end(vlArgs); + OutputDebugStringA(strBuffer); //OutputDebugString // OutputDebugStringW +} + +VOID HideModule() +{ + PEB* peb; + PLIST_ENTRY Head, Cur; + PPEB_LDR_DATA ldr; + PLDR_MODULE ldm; + + //ȡPEBṹ + //__asm + //{ + // mov eax, fs:[0x30] + // mov peb, eax + //} + +#if defined(_M_X64) + peb = (PEB*)__readgsqword(0x60); +#elif defined(_M_IX86) + peb = (PEB*)__readfsdword(0x30); +#endif + + ldr = peb->Ldr; //ȡ_PEB_LDR_DATAṹ + Head = &(ldr->InMemoryOrderModuleList); //ȡģַ + Cur = Head->Flink; //ȡָĽ. + + do + { + ldm = CONTAINING_RECORD(Cur, LDR_MODULE, InMemoryOrderModuleList);//ȡ _LDR_DATA_TABLE_ENTRYṹַ + //printf("EntryPoint [0x%X]\n",ldm->BaseAddress); + if (ldm->BaseAddress == curr_hModule) //жҪصDLLַṹеĻַǷһ + { //.־Ϊ1,ʾѾʼ. + *(CHAR*)ldm->BaseDllName.Buffer = '_'; + break; + } + Cur = Cur->Flink; + } while (Head != Cur); +} + +INT EncryptName(LPCSTR lpProcName) +{ + INT result = 0; + while (*lpProcName) + result = _rotl((*lpProcName++ | 0x20) + result, 0x0D); + + return result; +} + +#pragma warning (disable:4996) +VOID repl_PublicKey(LPVOID lpMem) +{ + //DebugOut("lpMem | 0x%08X | %hs", lpMem, lpMem); + //DebugOut("vax_hMem | 0x%08X | %hs", vax_hMem, vax_hMem); + + if (vax_hMem && lpMem && *(CHAR*)lpMem == 'x'/*0x78*/) // 'x' + { + DebugOut("rpl_PublicKey : [lpMem][0x%.8X][%hs]", lpMem, lpMem); + DebugOut("rpl_PublicKey : [vax_hMem][0x%.8X],[vax_dwSize][0x%.8X]", vax_hMem, vax_dwSize); + + INT szcp = 0; + + do + { + if (*(CHAR*)vax_hMem == '1') + { + if (!strnicmp((CONST CHAR*)vax_hMem, oPublicKeyY, 11)) + { + DebugOut("rpl_PublicKey : [oPublicKeyY][0x%.8X][%.80hs]", vax_hMem, vax_hMem); + vax_index++; + strcpy((CHAR*)vax_hMem, cPublicKeyY); + *(DWORD*)&vax_hMem += 0x50; + szcp++; + if (szcp >= 2) break; + } + } + + if (*(CHAR*)vax_hMem == '4') + { + if (!strnicmp((CONST CHAR*)vax_hMem, oPublicKeyX, 11)) + { + DebugOut("rpl_PublicKey : [oPublicKeyX][0x%.8X][%.80hs]", vax_hMem, vax_hMem); + vax_index++; + strcpy((CHAR*)vax_hMem, cPublicKeyX); + *(DWORD*)&vax_hMem += 0x50; + szcp++; + if (szcp >= 2) break; + } + } + + *(DWORD*)&vax_hMem += 1; + vax_dwSize--; + } while (vax_dwSize >= 0x50); + + vax_hMem = NULL; + vax_dwSize = 0; + } +} +#pragma warning (default:4996) + +VOID rem_HookModule() +{ + RemoveImport(vax_hModule, "kernel32.dll", "GetProcAddress", (INT_PTR)fn_GetProcAddress); + RemoveImport(vax_hModule, "kernel32.dll", "VirtualAlloc", (INT_PTR)fn_VirtualAlloc); +} + +//WINBASEAPI +_Ret_maybenull_ +HMODULE WINAPI fn_LoadLibraryA(_In_ LPCSTR lpLibFileName) +{ + //DebugOut("fn_LoadLibraryA : [%hs]", lpLibFileName); + HMODULE hModule = LoadLibraryA(lpLibFileName); + + if (hModule && hModule == curr_hModule) + { + FreeLibrary(hModule); + rem_HookModule(); + HideModule(); + hModule = ole_hModule; + } + + return hModule; +} + +//WINBASEAPI +FARPROC WINAPI fn_GetProcAddress(_In_ HMODULE hModule, _In_ LPCSTR lpProcName) +{ + FARPROC fpAddress = GetProcAddress(hModule, lpProcName); + //DebugOut("fn_GetProcAddress | 0x%08X | %hs", fpAddress, lpProcName); + + if (fpAddress && (UINT)lpProcName > 0xFFFF) + { + //DebugOut("fn_GetProcAddress : [%hs]", lpProcName); + + INT EnCrc = EncryptName(lpProcName); + switch (EnCrc) + { + case 0xFEECC773: // LoadLibraryA + //DebugOut("fn_GetProcAddress : [Hook][LoadLibraryA]"); + fpAddress = (FARPROC)&fn_LoadLibraryA; + break; + case 0xD7E8FBC6: // HeapAlloc + //DebugOut("fn_GetProcAddress : [Hook][HeapAlloc]"); + fpAddress = (FARPROC)&fn_HeapAlloc; + break; + case 0xC28581E4: // HeapFree + //DebugOut("fn_GetProcAddress : [Hook][HeapFree]"); + fpAddress = (FARPROC)&fn_HeapFree; + break; + } + } + + return fpAddress; +} + +//WINBASEAPI +_Ret_maybenull_ +_Post_writable_byte_size_(dwSize) +LPVOID WINAPI fn_VirtualAlloc(_In_opt_ LPVOID lpAddress, _In_ SIZE_T dwSize, _In_ DWORD flAllocationType, _In_ DWORD flProtect) +{ + LPVOID lpMem = VirtualAlloc(lpAddress, dwSize, flAllocationType, flProtect); + //DebugOut("fn_VirtualAlloc | 0x%08X | %hs", lpMem, lpMem); + + if (!vax_lpMem && lpMem) + vax_lpMem = lpMem; + + return lpMem; +} + +//WINBASEAPI +_Ret_maybenull_ +_Post_writable_byte_size_(dwBytes) +LPVOID WINAPI fn_HeapAlloc(_In_ HANDLE hHeap, _In_ DWORD dwFlags, _In_ SIZE_T dwBytes) +{ + LPVOID icmpbuf = HeapAlloc(hHeap, dwFlags, dwBytes); + //DebugOut("fn_HeapAlloc | 0x%08X | 0x%08X | %hs", icmpbuf, dwBytes, icmpbuf); + + if (!vax_index && icmpbuf && dwBytes == 0xFFFF) + { + vax_hMem = icmpbuf; + vax_dwSize = (INT)dwBytes; + } + return icmpbuf; +} + +////NTSYSAPI +//PVOID fn_RtlAllocateHeap(PVOID HeapHandle, ULONG Flags, SIZE_T Size) +//{ +//} + +//WINBASEAPI +_Success_(return != FALSE) +BOOL WINAPI fn_HeapFree(_Inout_ HANDLE hHeap, _In_ DWORD dwFlags, __drv_freesMem(Mem) _Frees_ptr_opt_ LPVOID lpMem) +{ + //DebugOut("fn_HeapFree | 0x%08X", lpMem); + + repl_PublicKey(lpMem); + return HeapFree(hHeap, dwFlags, lpMem); +} + +//BOOLEAN RtlFreeHeap(_In_ PVOID HeapHandle, _In_opt_ ULONG Flags, _In_ PVOID HeapBase) +//{ +//} + +// ô +//HookImage("ZwSetInformationFile", (DWORD)MyZwSetInformationFile); +//HookImage("NtTerminateProcess", (DWORD)MyNtTerminateProcess); +//HookImage("NtTerminateThread", (DWORD)MyNtTerminateThread); +//HookImport("kernel32.dll", "ExitProcess", (DWORD)MyNtTerminateProcess); +//RemoveImage("NtTerminateProcess"); + +/******************************************** +ҹĿkernel32.dllntdll.dllĺ +********************************************/ +BOOL HookImage(LPCSTR szName, DWORD Newfunc) +{ + HMODULE hMod = LoadLibrary(TEXT("NTDLL")); + DWORD RealAddr = (DWORD)GetProcAddress(hMod, szName); + ULONG Size = 0; + DWORD protect; + + hMod = LoadLibrary(TEXT("kernel32.dll")); + PIMAGE_IMPORT_DESCRIPTOR pImport = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hMod, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &Size); + if (pImport == NULL) + { + return FALSE; + } + + PIMAGE_THUNK_DATA32 Pthunk = (PIMAGE_THUNK_DATA32)((DWORD)hMod + pImport->FirstThunk); + MEMORY_BASIC_INFORMATION mbi; + VirtualQuery(Pthunk, &mbi, sizeof(MEMORY_BASIC_INFORMATION)); + VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, &mbi.Protect); + + while (Pthunk->u1.Function) + { + if (RealAddr == Pthunk->u1.Function) + { + Pthunk->u1.Function = Newfunc; + break; + } + Pthunk++; + } + + VirtualProtect(mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &protect); + + return TRUE; +} + +/******************************************** +Ŀntdllĺ +********************************************/ +BOOL RemoveImage(LPCSTR szName) +{ + HMODULE hMod = LoadLibrary(TEXT("kernel32.dll")); + ULONG Size = 0; + PIMAGE_IMPORT_DESCRIPTOR pImport = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hMod, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &Size); + DWORD* pName = (DWORD*)((DWORD)hMod + pImport->OriginalFirstThunk); + + while (pName) + { + LPSTR pAddr = (LPSTR)(*pName + (DWORD)hMod + 2); + if (_stricmp(pAddr, szName) == 0) + { + DWORD Protect; + VirtualProtect(pAddr, strlen(pAddr), PAGE_READWRITE, &Protect); + memset(pAddr, 0, strlen(pAddr)); + VirtualProtect(pAddr, strlen(pAddr), Protect, pName); + break; + } + pName++; + } + + return TRUE; +} + +/******************************************** +ҹĿĺ +********************************************/ +BOOL HookImport(HMODULE hModule, LPCSTR szDLL, LPCSTR szName, INT_PTR Newfunc) +{ + ULONG Size = 0; + DWORD protect; + MEMORY_BASIC_INFORMATION mbi; + if (!hModule) return FALSE; + + PIMAGE_IMPORT_DESCRIPTOR pImport = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hModule, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &Size); + + ////дڴ汣ԱתСд + VirtualQuery(pImport, &mbi, sizeof(MEMORY_BASIC_INFORMATION)); + VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, &mbi.Protect); + + while (pImport->Name) + { + LPCSTR pszModName = (LPCSTR)((PBYTE)hModule + pImport->Name); + if (_stricmp(pszModName, szDLL) == 0) + { + break; + } + pImport++; + } + + VirtualProtect(mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &protect); + ////дڴ汣Ļԭı + + HMODULE m_hModule = LoadLibraryA(szDLL); + if (!pImport || !m_hModule) return FALSE; + + INT_PTR RealAddr = (INT_PTR)GetProcAddress(m_hModule, szName); + + PIMAGE_THUNK_DATA Pthunk = (PIMAGE_THUNK_DATA)((INT_PTR)hModule + pImport->FirstThunk); + + ////дڴ汣Աд뺯ַ + VirtualQuery(Pthunk, &mbi, sizeof(MEMORY_BASIC_INFORMATION)); + VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, &mbi.Protect); + + while (Pthunk->u1.Function) + { + if (RealAddr == Pthunk->u1.Function) + { + Pthunk->u1.Function = Newfunc; + break; + } + Pthunk++; + } + + VirtualProtect(mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &protect); + ////дڴ汣Ļԭı + + return TRUE; +} + +BOOL RemoveImport(HMODULE hModule, LPCSTR szDLL, LPCSTR szName, INT_PTR Newfunc) +{ + ULONG Size = 0; + DWORD protect; + MEMORY_BASIC_INFORMATION mbi; + if (!hModule) return FALSE; + + PIMAGE_IMPORT_DESCRIPTOR pImport = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hModule, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &Size); + + ////дڴ汣ԱתСд + VirtualQuery(pImport, &mbi, sizeof(MEMORY_BASIC_INFORMATION)); + VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, &mbi.Protect); + + while (pImport->Name) + { + LPCSTR pszModName = (LPCSTR)((PBYTE)hModule + pImport->Name); + if (_stricmp(pszModName, szDLL) == 0) + { + break; + } + pImport++; + } + + VirtualProtect(mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &protect); + ////дڴ汣Ļԭı + + HMODULE m_hModule = LoadLibraryA(szDLL); + if (!pImport || !m_hModule) return FALSE; + + INT_PTR RealAddr = (INT_PTR)GetProcAddress(m_hModule, szName); + + PIMAGE_THUNK_DATA Pthunk = (PIMAGE_THUNK_DATA)((INT_PTR)hModule + pImport->FirstThunk); + + ////дڴ汣Աд뺯ַ + VirtualQuery(Pthunk, &mbi, sizeof(MEMORY_BASIC_INFORMATION)); + VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, &mbi.Protect); + + while (Pthunk->u1.Function) + { + if (Newfunc == Pthunk->u1.Function) + { + Pthunk->u1.Function = RealAddr; + break; + } + Pthunk++; + } + + VirtualProtect(mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &protect); + ////дڴ汣Ļԭı + + return TRUE; +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// OLEDLG ռ +namespace OLEDLG +{ + // ȡԭʼַ + FARPROC WINAPI GetAddress(PCSTR pszProcName) + { + FARPROC fpAddress; + CHAR szProcName[16]; + TCHAR tzTemp[MAX_PATH]; + + fpAddress = GetProcAddress(ole_hModule, pszProcName); + if (fpAddress == NULL) + { + if (HIWORD(pszProcName) == 0) + { +#pragma warning(disable: 6273) + wsprintfA(szProcName, "%d", pszProcName); +#pragma warning(default: 6273) + pszProcName = szProcName; + } + + wsprintf(tzTemp, TEXT("޷ҵ %hs޷С"), pszProcName); + MessageBox(NULL, tzTemp, TEXT("OLEDLG"), MB_ICONSTOP); + ExitProcess(-2); + } + + return fpAddress; + } + + // ʼԭʼַָ + inline VOID WINAPI InitializeAddresses() + { + pfnOleUIAddVerbMenuA = GetAddress("OleUIAddVerbMenuA"); + pfnOleUICanConvertOrActivateAs = GetAddress("OleUICanConvertOrActivateAs"); + pfnOleUIInsertObjectA = GetAddress("OleUIInsertObjectA"); + pfnOleUIPasteSpecialA = GetAddress("OleUIPasteSpecialA"); + pfnOleUIEditLinksA = GetAddress("OleUIEditLinksA"); + pfnOleUIChangeIconA = GetAddress("OleUIChangeIconA"); + pfnOleUIConvertA = GetAddress("OleUIConvertA"); + pfnOleUIBusyA = GetAddress("OleUIBusyA"); + pfnOleUIUpdateLinksA = GetAddress("OleUIUpdateLinksA"); + pfnOleUIPromptUserA = GetAddress("OleUIPromptUserA"); + pfnOleUIObjectPropertiesA = GetAddress("OleUIObjectPropertiesA"); + pfnOleUIChangeSourceA = GetAddress("OleUIChangeSourceA"); + pfnOleUIAddVerbMenuW = GetAddress("OleUIAddVerbMenuW"); + pfnOleUIBusyW = GetAddress("OleUIBusyW"); + pfnOleUIChangeIconW = GetAddress("OleUIChangeIconW"); + pfnOleUIChangeSourceW = GetAddress("OleUIChangeSourceW"); + pfnOleUIConvertW = GetAddress("OleUIConvertW"); + pfnOleUIEditLinksW = GetAddress("OleUIEditLinksW"); + pfnOleUIInsertObjectW = GetAddress("OleUIInsertObjectW"); + pfnOleUIObjectPropertiesW = GetAddress("OleUIObjectPropertiesW"); + pfnOleUIPasteSpecialW = GetAddress("OleUIPasteSpecialW"); + pfnOleUIPromptUserW = GetAddress("OleUIPromptUserW"); + pfnOleUIUpdateLinksW = GetAddress("OleUIUpdateLinksW"); + } + + // ԭʼģ + inline BOOL WINAPI Load(HMODULE hModule) + { + TCHAR tzPath[MAX_PATH]; + TCHAR tzTemp[MAX_PATH * 2]; + + GetSystemDirectory(tzPath, MAX_PATH); + lstrcat(tzPath, TEXT("\\oledlg.dll")); + ole_hModule = LoadLibrary(tzPath); + if (ole_hModule == NULL) + { + wsprintf(tzTemp, TEXT("޷ %s޷С"), tzPath); + MessageBox(NULL, tzTemp, TEXT("OLEDLG"), MB_ICONSTOP); + } + else + { + InitializeAddresses(); + + curr_hModule = hModule; + vax_hModule = GetModuleHandle(TEXT("VA_X")); + + HookImport(vax_hModule, "kernel32.dll", "GetProcAddress", (INT_PTR)fn_GetProcAddress); + HookImport(vax_hModule, "kernel32.dll", "VirtualAlloc", (INT_PTR)fn_VirtualAlloc); + } + + return (ole_hModule != NULL); + } + + // ͷԭʼģ + inline VOID WINAPI Free() + { + if (ole_hModule) + { + FreeLibrary(ole_hModule); + } + } +} +using namespace OLEDLG; +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// ں +#ifdef _DEBUG +int main(int argc, PTSTR argv[]) +{ + TCHAR tzTemp[MAX_PATH * 2]; + + vax_hModule = LoadLibrary(TEXT("C:\\Users\\lvtx\\AppData\\Local\\Microsoft\\VisualStudio\\16.0_fff0df99\\Extensions\\lamnofad.jeo\\VA_X")); + + wsprintf(tzTemp, TEXT("VA_X.dll hModule: 0x%08X"), vax_hModule); + MessageBox(NULL, tzTemp, TEXT("OLEDLG"), MB_ICONSTOP); + + HookImport(vax_hModule, "kernel32.dll", "GetProcAddress", (INT_PTR)fn_GetProcAddress); + HookImport(vax_hModule, "kernel32.dll", "VirtualAlloc", (INT_PTR)fn_VirtualAlloc); + + system("pause"); + + return 0; +} +#else +BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, PVOID pvReserved) +{ + if (dwReason == DLL_PROCESS_ATTACH) + { + DisableThreadLibraryCalls(hModule); + + return Load(hModule); + } + else if (dwReason == DLL_PROCESS_DETACH) + { + Free(); + } + + return TRUE; +} +#endif // _DEBUG +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIAddVerbMenuA(void) +{ + prevFunc(); + setFunc(&pfnOleUIAddVerbMenuA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUICanConvertOrActivateAs(void) +{ + prevFunc(); + setFunc(&pfnOleUICanConvertOrActivateAs); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIInsertObjectA(void) +{ + prevFunc(); + setFunc(&pfnOleUIInsertObjectA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIPasteSpecialA(void) +{ + prevFunc(); + setFunc(&pfnOleUIPasteSpecialA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIEditLinksA(void) +{ + prevFunc(); + setFunc(&pfnOleUIEditLinksA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIChangeIconA(void) +{ + prevFunc(); + setFunc(&pfnOleUIChangeIconA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIConvertA(void) +{ + prevFunc(); + setFunc(&pfnOleUIConvertA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIBusyA(void) +{ + prevFunc(); + setFunc(&pfnOleUIBusyA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIUpdateLinksA(void) +{ + prevFunc(); + setFunc(&pfnOleUIUpdateLinksA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIPromptUserA(void) +{ + prevFunc(); + setFunc(&pfnOleUIPromptUserA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIObjectPropertiesA(void) +{ + prevFunc(); + setFunc(&pfnOleUIObjectPropertiesA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIChangeSourceA(void) +{ + prevFunc(); + setFunc(&pfnOleUIChangeSourceA); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIAddVerbMenuW(void) +{ + prevFunc(); + setFunc(&pfnOleUIAddVerbMenuW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIBusyW(void) +{ + prevFunc(); + setFunc(&pfnOleUIBusyW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIChangeIconW(void) +{ + prevFunc(); + setFunc(&pfnOleUIChangeIconW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIChangeSourceW(void) +{ + prevFunc(); + setFunc(&pfnOleUIChangeSourceW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIConvertW(void) +{ + prevFunc(); + setFunc(&pfnOleUIConvertW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIEditLinksW(void) +{ + prevFunc(); + setFunc(&pfnOleUIEditLinksW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIInsertObjectW(void) +{ + prevFunc(); + setFunc(&pfnOleUIInsertObjectW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIObjectPropertiesW(void) +{ + prevFunc(); + setFunc(&pfnOleUIObjectPropertiesW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIPasteSpecialW(void) +{ + prevFunc(); + setFunc(&pfnOleUIPasteSpecialW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIPromptUserW(void) +{ + prevFunc(); + setFunc(&pfnOleUIPromptUserW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +ALCDECL AheadLib_OleUIUpdateLinksW(void) +{ + prevFunc(); + setFunc(&pfnOleUIUpdateLinksW); + endFunc(); +} +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// diff --git a/OLEDLG/OLEDLG.h b/OLEDLG/OLEDLG.h new file mode 100644 index 0000000..6cc2897 --- /dev/null +++ b/OLEDLG/OLEDLG.h @@ -0,0 +1,115 @@ +#pragma once +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// ͷļ +#include +#ifdef _DEBUG +#include +#endif +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// +#if defined(_M_X64) +#pragma comment(linker, "/EXPORT:OleUIAddVerbMenuA=AheadLib_OleUIAddVerbMenuA,@1") +#pragma comment(linker, "/EXPORT:OleUICanConvertOrActivateAs=AheadLib_OleUICanConvertOrActivateAs,@2") +#pragma comment(linker, "/EXPORT:OleUIInsertObjectA=AheadLib_OleUIInsertObjectA,@3") +#pragma comment(linker, "/EXPORT:OleUIPasteSpecialA=AheadLib_OleUIPasteSpecialA,@4") +#pragma comment(linker, "/EXPORT:OleUIEditLinksA=AheadLib_OleUIEditLinksA,@5") +#pragma comment(linker, "/EXPORT:OleUIChangeIconA=AheadLib_OleUIChangeIconA,@6") +#pragma comment(linker, "/EXPORT:OleUIConvertA=AheadLib_OleUIConvertA,@7") +#pragma comment(linker, "/EXPORT:OleUIBusyA=AheadLib_OleUIBusyA,@8") +#pragma comment(linker, "/EXPORT:OleUIUpdateLinksA=AheadLib_OleUIUpdateLinksA,@9") +#pragma comment(linker, "/EXPORT:OleUIPromptUserA=AheadLib_OleUIPromptUserA,@10") +#pragma comment(linker, "/EXPORT:OleUIObjectPropertiesA=AheadLib_OleUIObjectPropertiesA,@11") +#pragma comment(linker, "/EXPORT:OleUIChangeSourceA=AheadLib_OleUIChangeSourceA,@12") +#pragma comment(linker, "/EXPORT:OleUIAddVerbMenuW=AheadLib_OleUIAddVerbMenuW,@13") +#pragma comment(linker, "/EXPORT:OleUIBusyW=AheadLib_OleUIBusyW,@14") +#pragma comment(linker, "/EXPORT:OleUIChangeIconW=AheadLib_OleUIChangeIconW,@15") +#pragma comment(linker, "/EXPORT:OleUIChangeSourceW=AheadLib_OleUIChangeSourceW,@16") +#pragma comment(linker, "/EXPORT:OleUIConvertW=AheadLib_OleUIConvertW,@17") +#pragma comment(linker, "/EXPORT:OleUIEditLinksW=AheadLib_OleUIEditLinksW,@18") +#pragma comment(linker, "/EXPORT:OleUIInsertObjectW=AheadLib_OleUIInsertObjectW,@19") +#pragma comment(linker, "/EXPORT:OleUIObjectPropertiesW=AheadLib_OleUIObjectPropertiesW,@20") +#pragma comment(linker, "/EXPORT:OleUIPasteSpecialW=AheadLib_OleUIPasteSpecialW,@21") +#pragma comment(linker, "/EXPORT:OleUIPromptUserW=AheadLib_OleUIPromptUserW,@22") +#pragma comment(linker, "/EXPORT:OleUIUpdateLinksW=AheadLib_OleUIUpdateLinksW,@23") +#elif defined(_M_IX86) +#pragma comment(linker, "/EXPORT:OleUIAddVerbMenuA=_AheadLib_OleUIAddVerbMenuA,@1") +#pragma comment(linker, "/EXPORT:OleUICanConvertOrActivateAs=_AheadLib_OleUICanConvertOrActivateAs,@2") +#pragma comment(linker, "/EXPORT:OleUIInsertObjectA=_AheadLib_OleUIInsertObjectA,@3") +#pragma comment(linker, "/EXPORT:OleUIPasteSpecialA=_AheadLib_OleUIPasteSpecialA,@4") +#pragma comment(linker, "/EXPORT:OleUIEditLinksA=_AheadLib_OleUIEditLinksA,@5") +#pragma comment(linker, "/EXPORT:OleUIChangeIconA=_AheadLib_OleUIChangeIconA,@6") +#pragma comment(linker, "/EXPORT:OleUIConvertA=_AheadLib_OleUIConvertA,@7") +#pragma comment(linker, "/EXPORT:OleUIBusyA=_AheadLib_OleUIBusyA,@8") +#pragma comment(linker, "/EXPORT:OleUIUpdateLinksA=_AheadLib_OleUIUpdateLinksA,@9") +#pragma comment(linker, "/EXPORT:OleUIPromptUserA=_AheadLib_OleUIPromptUserA,@10") +#pragma comment(linker, "/EXPORT:OleUIObjectPropertiesA=_AheadLib_OleUIObjectPropertiesA,@11") +#pragma comment(linker, "/EXPORT:OleUIChangeSourceA=_AheadLib_OleUIChangeSourceA,@12") +#pragma comment(linker, "/EXPORT:OleUIAddVerbMenuW=_AheadLib_OleUIAddVerbMenuW,@13") +#pragma comment(linker, "/EXPORT:OleUIBusyW=_AheadLib_OleUIBusyW,@14") +#pragma comment(linker, "/EXPORT:OleUIChangeIconW=_AheadLib_OleUIChangeIconW,@15") +#pragma comment(linker, "/EXPORT:OleUIChangeSourceW=_AheadLib_OleUIChangeSourceW,@16") +#pragma comment(linker, "/EXPORT:OleUIConvertW=_AheadLib_OleUIConvertW,@17") +#pragma comment(linker, "/EXPORT:OleUIEditLinksW=_AheadLib_OleUIEditLinksW,@18") +#pragma comment(linker, "/EXPORT:OleUIInsertObjectW=_AheadLib_OleUIInsertObjectW,@19") +#pragma comment(linker, "/EXPORT:OleUIObjectPropertiesW=_AheadLib_OleUIObjectPropertiesW,@20") +#pragma comment(linker, "/EXPORT:OleUIPasteSpecialW=_AheadLib_OleUIPasteSpecialW,@21") +#pragma comment(linker, "/EXPORT:OleUIPromptUserW=_AheadLib_OleUIPromptUserW,@22") +#pragma comment(linker, "/EXPORT:OleUIUpdateLinksW=_AheadLib_OleUIUpdateLinksW,@23") +#endif +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// 궨 +#define EXTERNC extern "C" +#ifdef _M_X64 +#define NAKED +#else +#define NAKED __declspec(naked) +#endif +#define EXPORT __declspec(dllexport) + +#define ALCPP EXPORT NAKED +#define ALSTD EXTERNC EXPORT NAKED void __stdcall +#define ALCFAST EXTERNC EXPORT NAKED void __fastcall +#define ALCDECL EXTERNC NAKED void __cdecl +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + +INT EncryptName(LPCSTR lpProcName); + +_Ret_maybenull_ +HMODULE WINAPI fn_LoadLibraryA(_In_ LPCSTR lpLibFileName); + +FARPROC WINAPI fn_GetProcAddress(_In_ HMODULE hModule, _In_ LPCSTR lpProcName); + +_Ret_maybenull_ +_Post_writable_byte_size_(dwSize) +LPVOID WINAPI fn_VirtualAlloc(_In_opt_ LPVOID lpAddress, _In_ SIZE_T dwSize, _In_ DWORD flAllocationType, _In_ DWORD flProtect); + +_Ret_maybenull_ +_Post_writable_byte_size_(dwBytes) +LPVOID WINAPI fn_HeapAlloc(_In_ HANDLE hHeap, _In_ DWORD dwFlags, _In_ SIZE_T dwBytes); + +_Success_(return != FALSE) +BOOL WINAPI fn_HeapFree(_Inout_ HANDLE hHeap, _In_ DWORD dwFlags, __drv_freesMem(Mem) _Frees_ptr_opt_ LPVOID lpMem); + +BOOL HookImage(LPCSTR szName, DWORD Newfunc); +BOOL RemoveImage(LPCSTR szName); + +BOOL HookImport(HMODULE hModule, LPCSTR szDLL, LPCSTR szName, INT_PTR Newfunc); +BOOL RemoveImport(HMODULE hModule, LPCSTR szDLL, LPCSTR szName, INT_PTR Newfunc); + +extern "C" extern void prevFunc(); +extern "C" extern void setFunc(LPVOID p); +extern "C" extern void endFunc(); + +#pragma optimize( "", off ) + +template T* retT() +{ + return new T; +} \ No newline at end of file diff --git a/OLEDLG/OLEDLG.rc b/OLEDLG/OLEDLG.rc new file mode 100644 index 0000000..ef882a0 Binary files /dev/null and b/OLEDLG/OLEDLG.rc differ diff --git a/OLEDLG/OLEDLG.vcxproj b/OLEDLG/OLEDLG.vcxproj new file mode 100644 index 0000000..6a8d0bf --- /dev/null +++ b/OLEDLG/OLEDLG.vcxproj @@ -0,0 +1,208 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + {7E6259D1-4031-47A6-95A2-FA9900B1B98C} + Win32Proj + OLEDLG + 8.1 + + + + DynamicLibrary + true + v140 + Unicode + + + DynamicLibrary + false + v140 + true + Unicode + + + DynamicLibrary + true + v140 + Unicode + + + DynamicLibrary + false + v140 + true + Unicode + + + + + + + + + + + + + + + + + + + + + + true + + + true + + + false + + + false + + + + Use + pch.h + Level3 + Disabled + WIN32;_DEBUG;OLEDLG_EXPORTS;_WINDOWS;_USRDLL;OLEDLG_EXPORTS;%(PreprocessorDefinitions) + true + true + + + Windows + true + false + + + _M_IX86 + true + + + + + Use + pch.h + Level3 + Disabled + _DEBUG;OLEDLG_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + true + + + Windows + true + false + + + _M_X64 + + + + + Level3 + Use + pch.h + MaxSpeed + true + true + WIN32;NDEBUG;OLEDLG_EXPORTS;_WINDOWS;_USRDLL;OLEDLG_EXPORTS;%(PreprocessorDefinitions) + true + true + MultiThreaded + + + Windows + true + true + true + false + + + _M_IX86 + true + + + + + Level3 + Use + pch.h + MaxSpeed + true + true + NDEBUG;OLEDLG_EXPORTS;_WINDOWS;_USRDLL;OLEDLG_EXPORTS;%(PreprocessorDefinitions) + true + true + MultiThreaded + + + Windows + true + true + true + false + + + _M_X64 + + + + + + + + + + + + + Create + Create + Create + Create + + + + + + + + false + Document + false + false + false + + + + + + + + + + \ No newline at end of file diff --git a/OLEDLG/OLEDLG.vcxproj.filters b/OLEDLG/OLEDLG.vcxproj.filters new file mode 100644 index 0000000..d4c5151 --- /dev/null +++ b/OLEDLG/OLEDLG.vcxproj.filters @@ -0,0 +1,55 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + 头文件 + + + 头文件 + + + 头文件 + + + 头文件 + + + 头文件 + + + + + 源文件 + + + 源文件 + + + + + 资源文件 + + + + + 源文件 + + + + + + \ No newline at end of file diff --git a/OLEDLG/PEB.h b/OLEDLG/PEB.h new file mode 100644 index 0000000..c6ded64 --- /dev/null +++ b/OLEDLG/PEB.h @@ -0,0 +1,160 @@ +#pragma once +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// ͷļ +#include +#ifdef _DEBUG +#include +#endif +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +//===============================================================================================// +typedef struct _UNICODE_STRING +{ + USHORT Length; + USHORT MaximumLength; + PWSTR Buffer; +} UNICODE_STRING, *PUNICODE_STR; + +// WinDbg> dt -v ntdll!_LDR_DATA_TABLE_ENTRY +//__declspec( align(8) ) +typedef struct _LDR_DATA_TABLE_ENTRY +{ + //LIST_ENTRY InLoadOrderLinks; // As we search from PPEB_LDR_DATA->InMemoryOrderModuleList we dont use the first entry. + LIST_ENTRY InMemoryOrderModuleList; + LIST_ENTRY InInitializationOrderModuleList; + PVOID DllBase; + PVOID EntryPoint; + ULONG SizeOfImage; + UNICODE_STRING FullDllName; + UNICODE_STRING BaseDllName; + ULONG Flags; + SHORT LoadCount; + SHORT TlsIndex; + LIST_ENTRY HashTableEntry; + ULONG TimeDateStamp; +} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; + +// WinDbg> dt -v ntdll!_PEB_LDR_DATA +typedef struct _PEB_LDR_DATA //, 7 elements, 0x28 bytes +{ + DWORD dwLength; + DWORD dwInitialized; + LPVOID lpSsHandle; + LIST_ENTRY InLoadOrderModuleList; + LIST_ENTRY InMemoryOrderModuleList; + LIST_ENTRY InInitializationOrderModuleList; + LPVOID lpEntryInProgress; +} PEB_LDR_DATA, *PPEB_LDR_DATA; + +// WinDbg> dt -v ntdll!_PEB_FREE_BLOCK +typedef struct _PEB_FREE_BLOCK // 2 elements, 0x8 bytes +{ + struct _PEB_FREE_BLOCK * pNext; + DWORD dwSize; +} PEB_FREE_BLOCK, *PPEB_FREE_BLOCK; + +// struct _PEB is defined in Winternl.h but it is incomplete +// WinDbg> dt -v ntdll!_PEB +typedef struct _PEB // 65 elements, 0x210 bytes +{ + BOOLEAN InheritedAddressSpace; + BOOLEAN ReadImageFileExecOptions; + BOOLEAN BeingDebugged; + BOOLEAN SpareBool; +#ifdef _M_X64 + UCHAR Padding0[4]; +#endif + HANDLE Mutant; + PVOID ImageBaseAddress; + PPEB_LDR_DATA Ldr; // PEB_LDR_DATA* + PVOID ProcessParameters; // RTL_USER_PROCESS_PARAMETERS* + PVOID SubSystemData; + HANDLE ProcessHeap; + RTL_CRITICAL_SECTION* FastPebLock; + PVOID unreliable_member_1; + PVOID unreliable_member_2; + ULONG unreliable_member_3; +#ifdef _M_X64 + UCHAR Padding1[4]; +#endif + PVOID KernelCallbackTable; + ULONG SystemReserved[2]; + PVOID unreliable_member_4; + ULONG TlsExpansionCounter; +#ifdef _M_X64 + UCHAR Padding2[4]; +#endif + PVOID TlsBitmap; + ULONG TlsBitmapBits[2]; + PVOID ReadOnlySharedMemoryBase; + PVOID unreliable_member_5; + PVOID* ReadOnlyStaticServerData; + PVOID AnsiCodePageData; + PVOID OemCodePageData; + PVOID UnicodeCaseTableData; + ULONG NumberOfProcessors; + ULONG NtGlobalFlag; + LARGE_INTEGER CriticalSectionTimeout; + ULONG_PTR HeapSegmentReserve; + ULONG_PTR HeapSegmentCommit; + ULONG_PTR HeapDeCommitTotalFreeThreshold; + ULONG_PTR HeapDeCommitFreeBlockThreshold; + ULONG NumberOfHeaps; + ULONG MaximumNumberOfHeaps; + PVOID* ProcessHeaps; + PVOID GdiSharedHandleTable; + PVOID ProcessStarterHelper; + ULONG GdiDCAttributeList; +#ifdef _M_X64 + UCHAR Padding3[4]; +#endif + RTL_CRITICAL_SECTION* LoaderLock; + ULONG OSMajorVersion; + ULONG OSMinorVersion; + USHORT OSBuildNumber; + union { + USHORT OSCSDVersion; + struct { + BYTE OSCSDMajorVersion; + BYTE OSCSDMinorVersion; + }; + }; + ULONG OSPlatformId; + ULONG ImageSubsystem; + ULONG ImageSubsystemMajorVersion; + ULONG ImageSubsystemMinorVersion; +#ifdef _M_X64 + UCHAR Padding4[4]; +#endif + KAFFINITY unreliable_member_6; +#ifdef _M_X64 + ULONG GdiHandleBuffer[0x3C]; +#else + ULONG GdiHandleBuffer[0x22]; +#endif + VOID(*PostProcessInitRoutine)(VOID); + PVOID TlsExpansionBitmap; + ULONG TlsExpansionBitmapBits[0x20]; + ULONG SessionId; +#ifdef _M_X64 + UCHAR Padding5[4]; +#endif +} PEB, *PPEB; + +typedef struct _LDR_MODULE +{ + LIST_ENTRY InLoadOrderModuleList; //+0x00 + LIST_ENTRY InMemoryOrderModuleList; //+0x08 + LIST_ENTRY InInitializationOrderModuleList; //+0x10 + void* BaseAddress; //+0x18 + void* EntryPoint; //+0x1c + ULONG SizeOfImage; + UNICODE_STRING FullDllName; + UNICODE_STRING BaseDllName; + ULONG Flags; + SHORT LoadCount; + SHORT TlsIndex; + HANDLE SectionHandle; + ULONG CheckSum; + ULONG TimeDateStamp; +} LDR_MODULE, *PLDR_MODULE; \ No newline at end of file diff --git a/OLEDLG/framework.h b/OLEDLG/framework.h new file mode 100644 index 0000000..c0d10f8 --- /dev/null +++ b/OLEDLG/framework.h @@ -0,0 +1,14 @@ +#pragma once + +#define WIN32_LEAN_AND_MEAN // 从 Windows 头文件中排除极少使用的内容 +// Windows 头文件 +#include +#include +#include + +#define _CRT_SECURE_NO_WARNINGS + +#pragma warning (disable:4091) +#include +#pragma comment(lib, "imagehlp.lib") +#pragma warning (default:4091) diff --git a/OLEDLG/masm.asm b/OLEDLG/masm.asm new file mode 100644 index 0000000..d8098f4 --- /dev/null +++ b/OLEDLG/masm.asm @@ -0,0 +1,73 @@ +;/********************************************************************* +;* Filename: masm.asm +;* Author: lvtx (wiflvtx@gmail.com) +;*********************************************************************/ +TITLE masm.asm + +;------------------------------- +; FOR X64 +;------------------------------- +IFDEF _M_X64 +.CODE +prevFunc proc + mov qword ptr [rsp+38h], rcx + mov qword ptr [rsp+40h], rdx + mov qword ptr [rsp+48h], r8 + mov qword ptr [rsp+50h], r9 + ret +prevFunc endp + +setFunc proc + mov rax, rcx + ret +setFunc endp + +endFunc proc + pop rbx + add rsp, 28h + pop rbx + pop rcx + pop rdx + pop r8 + pop r9 + sub rsp, 20h + push rbx + jmp qword ptr [rax] + ret +endFunc endp +ENDIF + +;------------------------------- +; FOR X86 +;------------------------------- +IFDEF _M_IX86 +.MODEL FLAT +.CODE +_prevFunc proc + mov dword ptr ss:[esp+38h], ecx + mov dword ptr ss:[esp+40h], edx + mov dword ptr ss:[esp+48h], esi + mov dword ptr ss:[esp+50h], edi + ret +_prevFunc endp + +_setFunc proc + mov eax, ecx + ret +_setFunc endp + +_endFunc proc + pop ebx + add esp, 28h + pop ebx + pop ecx + pop edx + pop esi + pop edi + sub esp, 20h + push ebx + jmp dword ptr ds:[eax] + ret +_endFunc endp +ENDIF +END \ No newline at end of file diff --git a/OLEDLG/pch.cpp b/OLEDLG/pch.cpp new file mode 100644 index 0000000..b6fb8f4 --- /dev/null +++ b/OLEDLG/pch.cpp @@ -0,0 +1,5 @@ +// pch.cpp: 与预编译标头对应的源文件 + +#include "pch.h" + +// 当使用预编译的头时,需要使用此源文件,编译才能成功。 diff --git a/OLEDLG/pch.h b/OLEDLG/pch.h new file mode 100644 index 0000000..9660927 --- /dev/null +++ b/OLEDLG/pch.h @@ -0,0 +1,13 @@ +// pch.h: 这是预编译标头文件。 +// 下方列出的文件仅编译一次,提高了将来生成的生成性能。 +// 这还将影响 IntelliSense 性能,包括代码完成和许多代码浏览功能。 +// 但是,如果此处列出的文件中的任何一个在生成之间有更新,它们全部都将被重新编译。 +// 请勿在此处添加要频繁更新的文件,这将使得性能优势无效。 + +#ifndef PCH_H +#define PCH_H + +// 添加要在此处预编译的标头 +#include "framework.h" + +#endif //PCH_H diff --git a/OLEDLG/resource.h b/OLEDLG/resource.h new file mode 100644 index 0000000..85e39dd --- /dev/null +++ b/OLEDLG/resource.h @@ -0,0 +1,14 @@ +//{{NO_DEPENDENCIES}} +// Microsoft Visual C++ generated include file. +// Used by oledlg.rc + +// ¶һĬֵ +// +#ifdef APSTUDIO_INVOKED +#ifndef APSTUDIO_READONLY_SYMBOLS +#define _APS_NEXT_RESOURCE_VALUE 101 +#define _APS_NEXT_COMMAND_VALUE 40001 +#define _APS_NEXT_CONTROL_VALUE 1001 +#define _APS_NEXT_SYMED_VALUE 101 +#endif +#endif diff --git a/README.md b/README.md new file mode 100644 index 0000000..9d5170b --- /dev/null +++ b/README.md @@ -0,0 +1,53 @@ +# OLEDLG for Visual Assist X-[VS2015] + +#### +ߣlvtx + +#### +[VS2015] OLEDLG for Visual Assist X ͨƽⲹ + +#### ʹ˵ + +1. ʹ VS2015 дͱģԭ OLEDLG.dll API ٳ VA_X.dll ʵ滻 Visual Assist X ע Public KeyӶʹ DoubleLabyrinth ϴǰ [VisualAssist-keygen-demo](https://github.com/DoubleLabyrinth/VisualAssist-keygen-demo.git) Լע롣 + ![ͼƬ˵](https://images.gitee.com/uploads/images/2021/0726/223855_980d0a61_1232593.png "001.png") + ![ͼƬ˵](https://images.gitee.com/uploads/images/2021/0726/223905_bbff7222_1232593.png "002.png") + ![ͼƬ˵](https://images.gitee.com/uploads/images/2021/0726/223913_3f9f6ec8_1232593.png "003.png") + +2. ʹñҪעһǣOLEDLG.dll ҪƵVS汾 devenv.exe ڵͬһĿ¼ڲŻЧ +עVisualStudio Devenv.exeĿ¼, VisualAssistĿ¼ҼVSͼ鿴ԣԲ鿴Ŀ¼λã + ![ͼƬ˵](https://images.gitee.com/uploads/images/2021/0726/223947_18e05cee_1232593.png "004.png") + +3. KEYGEN ʹ÷ DoubleLabyrinth ԭȫһģֻ΢޸һЩطѣӰעɡʹԭĻе DoubleLabyrinth е Github ȥرɣҾͲæϴˡ +עȨûΧǣ1 ~ 255ȨڷΧǣ2000 ~ 2099[] + +``` + Usage: + VisualAssist-keygen.exe + + [-renew] Generate renew-key. + This parameter is optional. + + The username licensed to. + This parameter must be specified. + + The maximum number of copies that can be run under the newly-generated license. + The value should be in 1 ~ 255. + This parameter must be specified. + + The date when the newly-generated license expires. + The format must be one of the following: + 1. "yyyy/mm/dd" + 2. "yyyy-mm-dd" + 3. "yyyy.mm.dd" + This parameter must be specified. +``` + ![ͼƬ˵](https://images.gitee.com/uploads/images/2021/0726/224106_97675254_1232593.png "005.png") + ![ͼƬ˵](https://images.gitee.com/uploads/images/2021/0726/224121_fc2d26a2_1232593.png "006.png") + ![ͼƬ˵](https://images.gitee.com/uploads/images/2021/0726/224135_0c684166_1232593.png "007.png") + +#### ˵ +ע֮жػ°װVAXʱkeyʾЧ"Cancel"ťɡVS汾ӣҪ"No"ť + ![ͼƬ˵](https://images.gitee.com/uploads/images/2021/0726/224145_5565f404_1232593.png "008.png") + +#### ע +˵һ£Դѧϰοҵ֮ϣԸ \ No newline at end of file