Add files via upload

HookPorts/BeginDispatch.cpp

@@ -0,0 +1,89 @@
+#include <windows.h>
+#include <stdio.h>
+
+#include "./BeginDispatch.h"
+#include "../Config/Config.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+
+#include "./Dispatch_NTDLL.h"
+#include "./Dispatch_KERNEL32.h"
+#include "./Dispatch_USER32.h"
+#include "./Dispatch_ADVAPI32.h"
+
+
+
+//
+//BeginDispatch Functions
+//
+int BeginDispatchBySandBoxName(IN const WCHAR * lpSandBoxName)
+{
+	//Return Value:
+	//-1 = error
+	//0 = warning
+	//1 = succeed
+
+	int iRet = 0;
+
+	//
+	//Patch DLL
+	//
+	Dispatch_NTDLL_Start();
+
+	Dispatch_KERNEL32_Start();
+
+	Dispatch_USER32_Start();
+
+	Dispatch_ADVAPI32_Start();
+
+	ScanCurrentProcModule();
+
+	return iRet;
+}
+
+int CheckTargetModule( IN const WCHAR * lpModuleName )
+{
+	//
+	//List of Module will be patch
+	//
+	//ntdll.dll kernel32.dll user32.dll gdi32.dll advapi32.dll shell32.dll
+	//ole32.dll ws2_32.dll crypt32.dll msi.dll sxs.dll secur32.dll hnetcfg.dll
+	//setupapi.dll wtsapi32.dll pstorec.dll
+
+//	if( wcsicmp(lpModuleName,L"kernel32.dll") == 0 )
+//	{
+//#ifdef Dbg
+//		DebugLog(DbgInfo,L"kernel32.dll Patched!");
+//#endif
+//	}
+//
+//	if( wcsicmp(lpModuleName,L"user32.dll") == 0 )
+//	{
+//#ifdef Dbg
+//		DebugLog(DbgInfo,L"user32.dll Patched!");
+//#endif
+//	}
+//
+//	if( wcsicmp(lpModuleName,L"gdi32.dll") == 0 )
+//	{
+//#ifdef Dbg
+//		DebugLog(DbgInfo,L"gdi32.dll Patched!");
+//#endif
+//	}
+//
+//	if( wcsicmp(lpModuleName,L"advapi32.dll") == 0 )
+//	{
+//#ifdef Dbg
+//		DebugLog(DbgInfo,L"advapi32.dll Patched!");
+//#endif
+//	}
+//
+//	if( wcsicmp(lpModuleName,L"shell32.dll") == 0 )
+//	{
+//#ifdef Dbg
+//		DebugLog(DbgInfo,L"shell32.dll Patched!");
+//#endif
+//	}
+
+	return 0;
+}

HookPorts/BeginDispatch.h

@@ -0,0 +1,5 @@
+#pragma once
+
+int BeginDispatchBySandBoxName(IN const WCHAR * lpSandBoxName);
+
+int CheckTargetModule( IN const WCHAR * lpModuleName );

HookPorts/CloneAPI_ADVAPI32.cpp

@@ -0,0 +1,88 @@
+#include <windows.h>
+
+#include "./CloneAPI_ADVAPI32.h"
+#include "./Main.h"
+
+
+
+//
+//CloneAPI_ADVAPI32 Functions
+//
+LONG
+WINAPI
+CAPI_RegCreateKeyW(
+    IN HKEY hKey,
+    IN LPCWSTR lpSubKey,
+    OUT PHKEY phkResult
+    )
+{
+	LONG ret = NULL;
+	typedef LONG (WINAPI *lpAddFun)(HKEY,LPCWSTR,PHKEY);
+	HINSTANCE hDll = GetModuleHandleW( CONF_CloneAPI_CloneADVAPI32 );
+	lpAddFun addFun = (lpAddFun)GetProcAddress(hDll,"RegCreateKeyW");
+	if( addFun != NULL )
+	{
+		ret = addFun(hKey,lpSubKey,phkResult);
+	}
+	return ret;
+}
+
+LONG
+WINAPI
+CAPI_RegCloseKey(
+    IN HKEY hKey
+    )
+{
+	LONG ret = NULL;
+	typedef LONG (WINAPI *lpAddFun)(HKEY);
+	HINSTANCE hDll = GetModuleHandleW( CONF_CloneAPI_CloneADVAPI32 );
+	lpAddFun addFun = (lpAddFun)GetProcAddress(hDll,"RegCloseKey");
+	if( addFun != NULL )
+	{
+		ret = addFun(hKey);
+	}
+	return ret;
+}
+
+LONG
+WINAPI
+CAPI_RegOpenKeyExW(
+    IN HKEY hKey,
+    IN LPCWSTR lpSubKey,
+    IN DWORD ulOptions,
+    IN REGSAM samDesired,
+    OUT PHKEY phkResult
+    )
+{
+	LONG ret = NULL;
+	typedef LONG (WINAPI *lpAddFun)(HKEY,LPCWSTR,DWORD,REGSAM,PHKEY);
+	HINSTANCE hDll = GetModuleHandleW( CONF_CloneAPI_CloneADVAPI32 );
+	lpAddFun addFun = (lpAddFun)GetProcAddress(hDll,"RegOpenKeyExW");
+	if( addFun != NULL )
+	{
+		ret = addFun(hKey,lpSubKey,ulOptions,samDesired,phkResult);
+	}
+	return ret;
+}
+
+LONG
+WINAPI
+CAPI_RegQueryValueExW(
+    IN HKEY hKey,
+    IN LPCWSTR lpValueName,
+    IN LPDWORD lpReserved,
+    OUT LPDWORD lpType,
+    IN OUT LPBYTE lpData,
+    IN OUT LPDWORD lpcbData
+    )
+{
+	LONG ret = NULL;
+	typedef LONG (WINAPI *lpAddFun)(HKEY,LPCWSTR,LPDWORD,LPDWORD,LPBYTE,LPDWORD);
+	HINSTANCE hDll = GetModuleHandleW( CONF_CloneAPI_CloneADVAPI32 );
+	lpAddFun addFun = (lpAddFun)GetProcAddress(hDll,"RegQueryValueExW");
+	if( addFun != NULL )
+	{
+		ret = addFun(hKey,lpValueName,lpReserved,lpType,lpData,lpcbData);
+	}
+	return ret;
+}

HookPorts/CloneAPI_ADVAPI32.h

@@ -0,0 +1,36 @@
+#pragma once
+
+LONG
+WINAPI
+CAPI_RegCreateKeyW(
+    IN HKEY hKey,
+    IN LPCWSTR lpSubKey,
+    OUT PHKEY phkResult
+    );
+
+LONG
+WINAPI
+CAPI_RegCloseKey(
+    IN HKEY hKey
+    );
+
+LONG
+WINAPI
+CAPI_RegOpenKeyExW(
+    IN HKEY hKey,
+    IN LPCWSTR lpSubKey,
+    IN DWORD ulOptions,
+    IN REGSAM samDesired,
+    OUT PHKEY phkResult
+    );
+
+LONG
+WINAPI
+CAPI_RegQueryValueExW(
+    IN HKEY hKey,
+    IN LPCWSTR lpValueName,
+    IN LPDWORD lpReserved,
+    OUT LPDWORD lpType,
+    IN OUT LPBYTE lpData,
+    IN OUT LPDWORD lpcbData
+    );

HookPorts/CloneAPI_FLTLIB.cpp

@@ -0,0 +1,42 @@
+#include <windows.h>
+
+#include "./CloneAPI_FLTLIB.h"
+#include "./Main.h"
+
+
+
+//
+//CloneAPI_FLTLIB Functions
+//
+HRESULT
+WINAPI
+CAPI_FilterGetDosName(
+	IN LPCWSTR  lpVolumeName,
+	IN OUT LPWSTR  lpDosName,
+	IN DWORD  dwDosNameBufferSize
+	)
+{
+	//
+	//Parameters:
+	//
+	//[lpVolumeName]
+	//The lpVolumeName input string can be any of the following. The trailing backslash (\) is optional. 
+	//
+	//A drive letter, such as "D:\"
+	//A path to a volume mount point, such as "c:\mnt\edrive\"
+	//A unique volume identifier (also called a volume GUID name), such as "\??\Volume{7603f260-142a-11d4-ac67-806d6172696f}\"
+	//A nonpersistent device name (also called a target name or an NT device name), such as "\Device\HarddiskVolume1\"
+	//
+	//[Return Value]
+	//FilterGetDosName returns S_OK if successful. Otherwise, it returns an error value.
+
+	HRESULT ret = NULL;
+	typedef HRESULT (WINAPI *lpAddFun)(LPCWSTR,LPWSTR,DWORD);
+	HINSTANCE hDll = GetModuleHandleW( CONF_CloneAPI_CloneFLTLIB );
+	lpAddFun addFun = (lpAddFun)GetProcAddress(hDll,"FilterGetDosName");
+	if( addFun != NULL )
+	{
+		ret = addFun(lpVolumeName,lpDosName,dwDosNameBufferSize);
+	}
+	return ret;
+}

HookPorts/CloneAPI_FLTLIB.h

@@ -0,0 +1,9 @@
+#pragma once
+
+HRESULT
+WINAPI
+CAPI_FilterGetDosName(
+	IN LPCWSTR  lpVolumeName,
+	IN OUT LPWSTR  lpDosName,
+	IN DWORD  dwDosNameBufferSize
+	);