ForceInline VOID main2(Int argc, WChar **argv)
{
NTSTATUS Status;
WCHAR *pExePath, szDllPath[MAX_NTPATH], FullExePath[MAX_NTPATH];
STARTUPINFOW si;
PROCESS_INFORMATION pi;
#if 0
PVOID buf;
// CNtFileDisk file;
UNICODE_STRING str;
// file.Open((FIELD_BASE(FindLdrModuleByName(NULL)->InLoadOrderModuleList.Flink, LDR_MODULE, InLoadOrderModuleList))->FullDllName.Buffer);
// buf = AllocateMemory(file.GetSize32());
// file.Read(buf);
// file.Close();
RTL_CONST_STRING(str, L"OllyDbg.exe");
LoadDllFromMemory(GetNtdllHandle(), -1, &str, NULL, LMD_MAPPED_DLL);
PrintConsoleW(
L"%s handle = %08X\n"
L"%s.NtSetEvent = %08X\n",
str.Buffer, GetModuleHandleW(str.Buffer),
str.Buffer, Nt_GetProcAddress(GetModuleHandleW(str.Buffer), "NtSetEvent")
);
getch();
FreeMemory(buf);
return;
#endif
#if 1
if (argc == 1)
return;
RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, (PBOOLEAN)&Status);
while (--argc)
{
pExePath = findextw(*++argv);
if (CHAR_UPPER4W(*(PULONG64)pExePath) == CHAR_UPPER4W(TAG4W('.LNK')))
{
if (FAILED(GetPathFromLinkFile(*argv, FullExePath, countof(FullExePath))))
{
pExePath = *argv;
}
else
{
pExePath = FullExePath;
}
}
else
{
pExePath = *argv;
}
RtlGetFullPathName_U(pExePath, sizeof(szDllPath), szDllPath, NULL);
#if 0
Status = FakeCreateProcess(szDllPath, NULL);
if (!NT_SUCCESS(Status))
#else
rmnamew(szDllPath);
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
Status = CreateProcessInternalW(
NULL,
pExePath,
NULL,
NULL,
NULL,
FALSE,
CREATE_SUSPENDED,
NULL,
*szDllPath == 0 ? NULL : szDllPath,
&si,
&pi,
NULL);
if (!Status)
#endif
{
PrintConsoleW(L"%s: CreateProcess() failed\n", pExePath);
continue;
}
ULONG Length;
UNICODE_STRING DllFullPath;
Length = Nt_GetExeDirectory(szDllPath, countof(szDllPath));
CopyStruct(szDllPath + Length, L"XP3Viewer.dll", sizeof(L"XP3Viewer.dll"));
DllFullPath.Buffer = szDllPath;
DllFullPath.Length = (USHORT)(Length + CONST_STRLEN(L"XP3Viewer.dll"));
DllFullPath.Length *= sizeof(WCHAR);
DllFullPath.MaximumLength = DllFullPath.Length;
Status = InjectDllToRemoteProcess(pi.hProcess, pi.hThread, &DllFullPath, FALSE);
if (!NT_SUCCESS(Status))
{
// PrintError(GetLastError());
NtTerminateProcess(pi.hProcess, 0);
}
NtClose(pi.hProcess);
NtClose(pi.hThread);
}
#endif
}
static
VOID
RunTestCases(VOID)
{
/* TODO: don't duplicate this in the other tests */
/* TODO: Drive Relative tests don't work yet if the current drive isn't C: */
struct
{
PCWSTR FileName;
PREFIX_TYPE PrefixType;
PCWSTR FullPathName;
PREFIX_TYPE FilePartPrefixType;
SIZE_T FilePartSize;
} TestCases[] =
{
{ L"C:", PrefixCurrentPath, L"", PrefixCurrentPathWithoutLastPart },
{ L"C:\\", PrefixNone, L"C:\\" },
{ L"C:\\test", PrefixNone, L"C:\\test", PrefixCurrentDrive },
{ L"C:\\test\\", PrefixNone, L"C:\\test\\" },
{ L"C:/test/", PrefixNone, L"C:\\test\\" },
{ L"C:\\\\test", PrefixNone, L"C:\\test", PrefixCurrentDrive },
{ L"test", PrefixCurrentPath, L"\\test", PrefixCurrentPath, sizeof(WCHAR) },
{ L"\\test", PrefixCurrentDrive, L"test", PrefixCurrentDrive },
{ L"/test", PrefixCurrentDrive, L"test", PrefixCurrentDrive },
{ L".\\test", PrefixCurrentPath, L"\\test", PrefixCurrentPath, sizeof(WCHAR) },
{ L"\\.", PrefixCurrentDrive, L"" },
{ L"\\.\\", PrefixCurrentDrive, L"" },
{ L"\\\\.", PrefixNone, L"\\\\.\\" },
{ L"\\\\.\\", PrefixNone, L"\\\\.\\" },
{ L"\\\\.\\Something\\", PrefixNone, L"\\\\.\\Something\\" },
{ L"\\??\\", PrefixCurrentDrive, L"??\\" },
{ L"\\??\\C:", PrefixCurrentDrive, L"??\\C:", PrefixCurrentDrive, 3 * sizeof(WCHAR) },
{ L"\\??\\C:\\", PrefixCurrentDrive, L"??\\C:\\" },
{ L"\\??\\C:\\test", PrefixCurrentDrive, L"??\\C:\\test", PrefixCurrentDrive, 6 * sizeof(WCHAR) },
{ L"\\??\\C:\\test\\", PrefixCurrentDrive, L"??\\C:\\test\\" },
{ L"\\\\??\\", PrefixNone, L"\\\\??\\" },
{ L"\\\\??\\C:", PrefixNone, L"\\\\??\\C:" },
{ L"\\\\??\\C:\\", PrefixNone, L"\\\\??\\C:\\" },
{ L"\\\\??\\C:\\test", PrefixNone, L"\\\\??\\C:\\test", PrefixNone, sizeof(L"\\\\??\\C:\\") },
{ L"\\\\??\\C:\\test\\", PrefixNone, L"\\\\??\\C:\\test\\" },
};
WCHAR FullPathNameBuffer[MAX_PATH];
PWSTR ShortName;
SIZE_T Length;
WCHAR ExpectedPathName[MAX_PATH];
SIZE_T FilePartSize;
SIZE_T ExpectedFilePartSize;
const INT TestCount = sizeof(TestCases) / sizeof(TestCases[0]);
INT i;
BOOLEAN Okay;
for (i = 0; i < TestCount; i++)
{
trace("i = %d\n", i);
switch (TestCases[i].PrefixType)
{
case PrefixNone:
ExpectedPathName[0] = UNICODE_NULL;
break;
case PrefixCurrentDrive:
GetCurrentDirectoryW(sizeof(ExpectedPathName) / sizeof(WCHAR), ExpectedPathName);
ExpectedPathName[3] = UNICODE_NULL;
break;
case PrefixCurrentPath:
Length = GetCurrentDirectoryW(sizeof(ExpectedPathName) / sizeof(WCHAR), ExpectedPathName);
if (Length == 3 && TestCases[i].FullPathName[0])
ExpectedPathName[2] = UNICODE_NULL;
break;
default:
skip(0, "Invalid test!\n");
continue;
}
wcscat(ExpectedPathName, TestCases[i].FullPathName);
RtlFillMemory(FullPathNameBuffer, sizeof(FullPathNameBuffer), 0xAA);
Length = 0;
StartSeh()
Length = RtlGetFullPathName_U(TestCases[i].FileName,
sizeof(FullPathNameBuffer),
FullPathNameBuffer,
&ShortName);
EndSeh(STATUS_SUCCESS);
Okay = CheckStringBuffer(FullPathNameBuffer, Length, sizeof(FullPathNameBuffer), ExpectedPathName);
ok(Okay, "Wrong path name '%S', expected '%S'\n", FullPathNameBuffer, ExpectedPathName);
if (!ShortName)
FilePartSize = 0;
else
FilePartSize = ShortName - FullPathNameBuffer;
switch (TestCases[i].FilePartPrefixType)
{
case PrefixNone:
ExpectedFilePartSize = 0;
break;
case PrefixCurrentDrive:
ExpectedFilePartSize = sizeof(L"C:\\");
break;
case PrefixCurrentPath:
ExpectedFilePartSize = GetCurrentDirectoryW(0, NULL) * sizeof(WCHAR);
if (ExpectedFilePartSize == sizeof(L"C:\\"))
ExpectedFilePartSize -= sizeof(WCHAR);
break;
case PrefixCurrentPathWithoutLastPart:
{
WCHAR CurrentPath[MAX_PATH];
PCWSTR BackSlash;
ExpectedFilePartSize = GetCurrentDirectoryW(sizeof(CurrentPath) / sizeof(WCHAR), CurrentPath) * sizeof(WCHAR) + sizeof(UNICODE_NULL);
if (ExpectedFilePartSize == sizeof(L"C:\\"))
ExpectedFilePartSize = 0;
else
{
BackSlash = wcsrchr(CurrentPath, L'\\');
if (BackSlash)
ExpectedFilePartSize -= wcslen(BackSlash + 1) * sizeof(WCHAR);
else
ok(0, "GetCurrentDirectory returned %S\n", CurrentPath);
}
break;
}
default:
skip(0, "Invalid test!\n");
continue;
}
ExpectedFilePartSize += TestCases[i].FilePartSize;
if (ExpectedFilePartSize != 0)
ExpectedFilePartSize = (ExpectedFilePartSize - sizeof(UNICODE_NULL)) / sizeof(WCHAR);
ok(FilePartSize == ExpectedFilePartSize,
"FilePartSize = %lu, expected %lu\n", (ULONG)FilePartSize, (ULONG)ExpectedFilePartSize);
}
}
PWCHAR
GetFileName(
PWCHAR pszHooked,
ULONG HookedBufferCount,
PWCHAR pszOriginal,
ULONG OriginalCount,
LPCSTR lpFileName,
BOOL IsInputUnicode = FALSE
)
{
ULONG Length, AppPathLength;
PWCHAR pszFileName;
static WCHAR szDataPath[] = L"data\\";
static WCHAR szPatch[] = L"patch\\\\\\";
static WCHAR szDataSc[] = L"data_sc\\";
if (IsInputUnicode)
{
lstrcpyW(pszOriginal, (LPWSTR)lpFileName);
}
else
{
Nt_AnsiToUnicode(pszOriginal, OriginalCount, (PCHAR)lpFileName, -1);
}
Length = RtlGetFullPathName_U(pszOriginal, HookedBufferCount * sizeof(WCHAR), pszHooked, NULL);
Length = Length / sizeof(WCHAR) + 1;
AppPathLength = g_AppPathLength;
pszFileName = pszHooked + AppPathLength;
LOOP_ONCE
{
if (StrNICompareW(pszFileName, szDataPath, countof(szDataPath) - 1) ||
StrNICompareW((PWCHAR)g_AppPathBuffer, pszHooked, AppPathLength))
{
pszFileName = pszOriginal;
break;
}
pszFileName += countof(szDataPath) - 2;
RtlMoveMemory(
pszFileName + countof(szDataSc) - countof(szDataPath),
pszFileName,
(Length - (pszFileName - pszHooked)) * sizeof(*pszFileName)
);
pszFileName -= countof(szDataPath) - 2;
CopyStruct(pszFileName, szPatch, sizeof(szPatch) - sizeof(*szPatch));
if (Nt_IsPathExists(pszHooked))
{
pszFileName = pszHooked;
break;
}
CopyStruct(pszFileName, szDataSc, sizeof(szDataSc) - sizeof(*szDataSc));
if (!Nt_IsPathExists(pszHooked))
pszFileName = pszOriginal;
else
pszFileName = pszHooked;
}
/*
AllocConsole();
PrintConsoleW(L"%s\n", pszFileName);
if (!StrICompareW(findextw(pszFileName), L".it3"))
__asm nop;
*/
#if CONSOLE_DEBUG
PrintConsoleW(L"%s\n", pszFileName);
#endif
return pszFileName;
}
PWSTR
GetFileName(
PWSTR HookedPath,
ULONG HookedPathCount,
PWSTR OriginalPath,
ULONG OriginalCount,
LPCSTR InputFileName,
BOOL IsInputUnicode = FALSE
)
{
ULONG_PTR Length, AppPathLength;
PWSTR FileName;
static WCHAR szDataPath[] = L"data\\";
static WCHAR szPatch[] = L"patch\\\\";
static WCHAR szPatch2[] = L"patch2\\";
if (IsInputUnicode)
{
StrCopyW(OriginalPath, (PWSTR)InputFileName);
}
else
{
AnsiToUnicode(OriginalPath, OriginalCount, (PSTR)InputFileName, -1);
}
PLDR_MODULE Module;
Module = FindLdrModuleByHandle(NULL);
AppPathLength = (Module->FullDllName.Length - Module->BaseDllName.Length) / sizeof(WCHAR);
Length = RtlGetFullPathName_U(OriginalPath, HookedPathCount * sizeof(WCHAR), HookedPath, NULL);
Length = Length / sizeof(WCHAR) + 1;
FileName = HookedPath + AppPathLength;
LOOP_ONCE
{
if (StrNICompareW(FileName, szDataPath, countof(szDataPath) - 1) ||
StrNICompareW(Module->FullDllName.Buffer, HookedPath, AppPathLength))
{
FileName = OriginalPath;
break;
}
FileName += countof(szDataPath) - 2;
RtlMoveMemory(
FileName + countof(szPatch) - countof(szDataPath),
FileName,
(Length - (FileName - HookedPath)) * sizeof(*FileName)
);
FileName -= countof(szDataPath) - 2;
CopyStruct(FileName, szPatch, sizeof(szPatch) - sizeof(*szPatch));
WriteLog(L"pass1: %s", HookedPath);
if (IsPathExists(HookedPath))
{
FileName = HookedPath;
break;
}
CopyStruct(FileName, szPatch2, sizeof(szPatch2) - sizeof(*szPatch2));
FileName = IsPathExists(HookedPath) ? HookedPath : OriginalPath;
WriteLog(L"pass2: %s", HookedPath);
}
WriteLog(L"%d, %s -> %s", FileName == HookedPath, OriginalPath, HookedPath);
return FileName;
}
ForceInline Void main2(Int argc, WChar **argv)
{
NTSTATUS Status;
WCHAR *pExePath, szDllPath[MAX_NTPATH], FullExePath[MAX_NTPATH];
STARTUPINFOW si;
PROCESS_INFORMATION pi;
if (argc == 1)
return;
RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, (PBOOLEAN)&Status);
while (--argc)
{
pExePath = findextw(*++argv);
if (CHAR_UPPER4W(*(PULONG64)pExePath) == CHAR_UPPER4W(TAG4W('.LNK')))
{
if (FAILED(GetPathFromLinkFile(*argv, FullExePath, countof(FullExePath))))
{
pExePath = *argv;
}
else
{
pExePath = FullExePath;
}
}
else
{
pExePath = *argv;
}
RtlGetFullPathName_U(pExePath, sizeof(szDllPath), szDllPath, NULL);
rmnamew(szDllPath);
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
Status = CreateProcessInternalW(
NULL,
pExePath,
NULL,
NULL,
NULL,
FALSE,
CREATE_SUSPENDED,
NULL,
*szDllPath == 0 ? NULL : szDllPath,
&si,
&pi,
NULL);
if (!Status)
{
PrintConsoleW(L"CreateProcess() failed.\n");
continue;
}
Status = InjectSelfToRemoteProcess(pi.hProcess, pi.hThread);
if (!NT_SUCCESS(Status))
{
// PrintError(GetLastError());
NtTerminateProcess(pi.hProcess, 0);
}
NtClose(pi.hProcess);
NtClose(pi.hThread);
}
}