LONG STDCALL CallBack(LPVoid lpBuffer, LPWIN32_FIND_DATAW pFindData, ULONG_PTR lpParam) { PWChar pszExtension; VectorPath *pFiles = (VectorPath *)lpParam; // static WChar *suffix[] = { L".s", L".dat", L".txt" }; static WChar *suffix[] = { L".lua", L".cgm", L".ks", L".tjs", L".ep", L".mev", L".dic", L".tim", L".asd" }; pszExtension = findextw(pFindData->cFileName); for (Int32 i = 0; i != countof(suffix); ++i) { if (!StrICompareW(pszExtension, suffix[i])) { (*pFiles).push_back(*(SFullPath *)&pFindData->cFileName); break; } } return 0; }
BOOL CED6AsDecompiler::DecompilerFile(LPWSTR pszAsFileName, LPWSTR pszOutput /* = NULL */) { LONG Status; WCHAR szOutput[MAX_PATH]; CFileDisk file; Reset(); if (!file.Open(pszAsFileName)) return FALSE; m_AsInfo.BufferSize = file.GetSize(); m_AsInfo.pbAsBuffer = (PBYTE)m_mem.Alloc(m_AsInfo.BufferSize); if (m_AsInfo.pbAsBuffer == NULL) return FALSE; if (!file.Read(m_AsInfo.pbAsBuffer)) return FALSE; Status = DecompilerFile(&m_AsInfo); if (Status != ASDECL_ERROR_UNKNOWN_INSTRUCTION) AS_IF_FAIL_RETURN(Status); if (pszOutput == NULL) { LPWSTR pszExtension; pszExtension = findextw(pszAsFileName); if (!StrICompareW(pszExtension, WSTRING(NAME_DEFAULT_EXTENSION))) pszExtension += countof(WSTRING(NAME_DEFAULT_EXTENSION)) - 1; lstrcpyW(szOutput, pszAsFileName); pszExtension = szOutput + (pszExtension - pszAsFileName); lstrcpyW(pszExtension, WSTRING(NAME_DEFAULT_EXTENSION)); pszOutput = szOutput; } Status = DumpToFile(&m_AsInfo, pszAsFileName, pszOutput); return Status; }
ForceInline VOID main2(Int argc, WChar **argv) { NTSTATUS Status; WCHAR *pExePath, szDllPath[MAX_NTPATH], FullExePath[MAX_NTPATH]; STARTUPINFOW si; PROCESS_INFORMATION pi; #if 0 PVOID buf; // CNtFileDisk file; UNICODE_STRING str; // file.Open((FIELD_BASE(FindLdrModuleByName(NULL)->InLoadOrderModuleList.Flink, LDR_MODULE, InLoadOrderModuleList))->FullDllName.Buffer); // buf = AllocateMemory(file.GetSize32()); // file.Read(buf); // file.Close(); RTL_CONST_STRING(str, L"OllyDbg.exe"); LoadDllFromMemory(GetNtdllHandle(), -1, &str, NULL, LMD_MAPPED_DLL); PrintConsoleW( L"%s handle = %08X\n" L"%s.NtSetEvent = %08X\n", str.Buffer, GetModuleHandleW(str.Buffer), str.Buffer, Nt_GetProcAddress(GetModuleHandleW(str.Buffer), "NtSetEvent") ); getch(); FreeMemory(buf); return; #endif #if 1 if (argc == 1) return; RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, (PBOOLEAN)&Status); while (--argc) { pExePath = findextw(*++argv); if (CHAR_UPPER4W(*(PULONG64)pExePath) == CHAR_UPPER4W(TAG4W('.LNK'))) { if (FAILED(GetPathFromLinkFile(*argv, FullExePath, countof(FullExePath)))) { pExePath = *argv; } else { pExePath = FullExePath; } } else { pExePath = *argv; } RtlGetFullPathName_U(pExePath, sizeof(szDllPath), szDllPath, NULL); #if 0 Status = FakeCreateProcess(szDllPath, NULL); if (!NT_SUCCESS(Status)) #else rmnamew(szDllPath); ZeroMemory(&si, sizeof(si)); si.cb = sizeof(si); Status = CreateProcessInternalW( NULL, pExePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, *szDllPath == 0 ? NULL : szDllPath, &si, &pi, NULL); if (!Status) #endif { PrintConsoleW(L"%s: CreateProcess() failed\n", pExePath); continue; } ULONG Length; UNICODE_STRING DllFullPath; Length = Nt_GetExeDirectory(szDllPath, countof(szDllPath)); CopyStruct(szDllPath + Length, L"XP3Viewer.dll", sizeof(L"XP3Viewer.dll")); DllFullPath.Buffer = szDllPath; DllFullPath.Length = (USHORT)(Length + CONST_STRLEN(L"XP3Viewer.dll")); DllFullPath.Length *= sizeof(WCHAR); DllFullPath.MaximumLength = DllFullPath.Length; Status = InjectDllToRemoteProcess(pi.hProcess, pi.hThread, &DllFullPath, FALSE); if (!NT_SUCCESS(Status)) { // PrintError(GetLastError()); NtTerminateProcess(pi.hProcess, 0); } NtClose(pi.hProcess); NtClose(pi.hThread); } #endif }
BOOL CTobCompiler::CompileFile(LPWSTR fsrcname, LPWSTR fdstname, F_ErrorHandler ErrorHandler) { WChar szOutput[MAX_PATH]; CString err; BOOL haserr = FALSE; Reset(); m_line = 1; m_fsrc = _wfopen(fsrcname, L"rb"); if (!m_fsrc) { m_err.Format("can't open src file '%S'", fsrcname); (this->*ErrorHandler)(GetErrorString(err)); return FALSE; } for(;;) { EToken r = CompilePass1(); if (r == ERR_EOF) break; if (r < 0) { haserr = TRUE; if (!(this->*ErrorHandler)(GetErrorString(err))) return FALSE; } if (r == ERR_SEVERE) return FALSE; } fclose(m_fsrc); m_fsrc = 0; if (!CompilePass2(ErrorHandler) || haserr) return FALSE; if (fdstname == NULL) { CByteArray* bin; if (m_binmap.Lookup("_FILE", bin) && bin->GetSize() > 0) { MultiByteToWideChar( CP_GB2312, 0, (LPSTR)bin->GetData(), bin->GetSize(), szOutput, countof(szOutput)); fdstname = szOutput; } else { LPWSTR pszExtension; lstrcpyW(szOutput, fsrcname); pszExtension = findextw(szOutput); !lstrcmpiW(pszExtension, L".bin") ? lstrcatW(pszExtension, L".bin") : lstrcpyW(pszExtension, L".bin"); fdstname = szOutput; } } m_fdst = _wfopen(fdstname, L"wb"); if (m_fdst == NULL) { m_err.Format("can't create dst file '%S'", fdstname); (this->*ErrorHandler)(GetErrorString(err)); return FALSE; } if (m_bin.GetSize() > 0 && fwrite(m_bin.GetData(), m_bin.GetSize(), 1, m_fdst) != 1) { fclose(m_fdst); m_fdst = 0; m_err.Format("can't write dst file '%S'", fdstname); (this->*ErrorHandler)(GetErrorString(err)); return FALSE; } fclose(m_fdst); m_fdst = NULL; return TRUE; }
Void _DeleteFile(LPWSTR lpFileName) { DWORD dwSize; HANDLE hFile, hFileMeta, hHeap; PByte pbBuffer; if (StrICmpW(findextw(lpFileName), L".uci")) { // wprintf(L"\"%s\" is not a uci image file.\n", lpFileName); return; } // wprintf(L"Processing \"%s\" ... ", lpFileName); SetFileAttributesW(lpFileName, FILE_ATTRIBUTE_NORMAL); hFile = CreateFileW(lpFileName, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDLE_VALUE) { // printf("failed\n"); return; } rmextw(lpFileName); lstrcatW(lpFileName, L".meta"); hFileMeta = CreateFileW(lpFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFileMeta == INVALID_HANDLE_VALUE) { // printf("failed\n"); CloseHandle(hFile); return; } dwSize = GetFileSize(hFileMeta, NULL); do { hHeap = GetProcessHeap(); pbBuffer = (PByte)HeapAlloc(hHeap, 0, dwSize); if (pbBuffer == NULL) break; ReadFile(hFileMeta, pbBuffer, dwSize, &dwSize, NULL); SetFilePointer(hFile, 0, 0, FILE_END); WriteFile(hFile, pbBuffer, dwSize, &dwSize, NULL); HeapFree(hHeap, 0, pbBuffer); } while (0); CloseHandle(hFileMeta); CloseHandle(hFile); // printf("OK\n"); }
ForceInline Void main2(Int argc, WChar **argv) { NTSTATUS Status; WCHAR *pExePath, szDllPath[MAX_NTPATH], FullExePath[MAX_NTPATH]; STARTUPINFOW si; PROCESS_INFORMATION pi; if (argc == 1) return; RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, (PBOOLEAN)&Status); while (--argc) { pExePath = findextw(*++argv); if (CHAR_UPPER4W(*(PULONG64)pExePath) == CHAR_UPPER4W(TAG4W('.LNK'))) { if (FAILED(GetPathFromLinkFile(*argv, FullExePath, countof(FullExePath)))) { pExePath = *argv; } else { pExePath = FullExePath; } } else { pExePath = *argv; } RtlGetFullPathName_U(pExePath, sizeof(szDllPath), szDllPath, NULL); rmnamew(szDllPath); ZeroMemory(&si, sizeof(si)); si.cb = sizeof(si); Status = CreateProcessInternalW( NULL, pExePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, *szDllPath == 0 ? NULL : szDllPath, &si, &pi, NULL); if (!Status) { PrintConsoleW(L"CreateProcess() failed.\n"); continue; } Status = InjectSelfToRemoteProcess(pi.hProcess, pi.hThread); if (!NT_SUCCESS(Status)) { // PrintError(GetLastError()); NtTerminateProcess(pi.hProcess, 0); } NtClose(pi.hProcess); NtClose(pi.hThread); } }