BOOL DeleteMountPoint(LPCWSTR MountPoint) {
HANDLE handle;
BOOL result;
ULONG resultLength;
REPARSE_GUID_DATA_BUFFER reparseData = {0};
handle = CreateFile(MountPoint, GENERIC_WRITE, 0, NULL, OPEN_EXISTING,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
NULL);
if (handle == INVALID_HANDLE_VALUE) {
DbgPrintW(L"CreateFile failed: %s (%d)\n", MountPoint, GetLastError());
return FALSE;
}
reparseData.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
result = DeviceIoControl(handle, FSCTL_DELETE_REPARSE_POINT, &reparseData,
REPARSE_GUID_DATA_BUFFER_HEADER_SIZE, NULL, 0,
&resultLength, NULL);
CloseHandle(handle);
if (result) {
DbgPrintW(L"DeleteMountPoint %s success\n", MountPoint);
} else {
DbgPrintW(L"DeleteMountPoint %s failed: %d\n", MountPoint, GetLastError());
}
return result;
}
static VOID DokanControl(PDOKAN_CONTROL Control)
{
DWORD written = 0;
DbgPrint("DokanControl\n");
Control->Status = DOKAN_CONTROL_FAIL;
switch (Control->Type)
{
case DOKAN_CONTROL_MOUNT:
DbgPrintW(L"DokanControl Mount\n");
if (DokanControlMount(Control->Mount.Device, Control->Mount.Drive)) {
// DeviceNumber is zero origin
// add 1 to avoid to be the same number with DOKAN_CONTROL_FAIL
g_MountTable[towlower(Control->Mount.Drive) - L'a'] =
(unsigned char)Control->Mount.Device + 1;
Control->Status = DOKAN_CONTROL_SUCCESS;
} else {
Control->Status = DOKAN_CONTROL_FAIL;
}
break;
case DOKAN_CONTROL_UNMOUNT:
DbgPrintW(L"DokanControl Unmount\n");
if (DokanControlUnmount(Control->Unmount.Drive)) {
g_MountTable[towlower(Control->Mount.Drive) - L'a'] = 0;
Control->Status = DOKAN_CONTROL_SUCCESS;
} else {
Control->Status = DOKAN_CONTROL_FAIL;
}
break;
case DOKAN_CONTROL_CHECK:
{
unsigned char device =
g_MountTable[towlower(Control->Check.Drive) - L'a'];
DbgPrintW(L"DokanControl Check : %d\n", device);
Control->Status = device;
}
break;
default:
DbgPrintW(L"DokanControl UnknownType %u\n", Control->Type);
}
return;
}
void ROParser::ClSkillTmp(PUCHAR Buffer)
{
USHORT SkillID = *reinterpret_cast<USHORT*>(Buffer+2);
USHORT SkillLv = *reinterpret_cast<USHORT*>(Buffer+8);
DbgPrintW(DBGINF, _CRT_WIDE("INF ZC_SKILL_TMP ID=%04X LV=%04X\n"), SkillID, SkillLv);
if (SkillID != ITEM_ENCHANTARMS)
return;
switch (SkillLv)
{
case 0x0002:
ItemEnchantArms(CI_ELEMENT_WATER);
break;
case 0x0003:
ItemEnchantArms(CI_ELEMENT_GROUND);
break;
case 0x0004:
ItemEnchantArms(CI_ELEMENT_FIRE);
break;
case 0x0005:
ItemEnchantArms(CI_ELEMENT_WIND);
break;
case 0x0008:
ItemEnchantArms(CI_ELEMENT_SHADOW);
break;
}
}
void Resolver_Sak1()
{
// E8******** // call INITNP
// 85C0 // test eax, eax
// 75** // jne rel8
// 5F // pop edi
// 5E // pos esi
// B801000000 // mov eax, 1
// 5B // pop ebx
// 8B5E // mov esp, ebp
// 5D // pop ebp
// C3 // ret
// 68******** // push "resNameTable.txt"
ULONG Pos = 0;
if (FindAddStack("resNameTable.txt", &Pos) == false)
return;
ULONG InitNP = 0;
if (CompareBinary<UCHAR>(Pos-21, 0xE8)) // call rel32
{
InitNP = Pos - 21;
g_Intrnl.Addr[IA_INITNP] = InitNP;
}
if (CompareBinary<UCHAR>(Pos-23, 0xE8)) // call rel32
{
InitNP = Pos - 23;
g_Intrnl.Addr[IA_INITNP] = InitNP;
}
DbgPrintW(DBGINF, _CRT_WIDE("INF ResolverSak1 InitNP=%08X\n"), InitNP);
}
BOOL DOKANAPI
DokanRemoveMountPoint(
LPCWSTR MountPoint)
{
DOKAN_CONTROL control;
BOOL result;
//ZeroMemory(&control, sizeof(DOKAN_CONTROL));
DOKAN_CONTROL_INIT(control);
control.Type = DOKAN_CONTROL_UNMOUNT;
wcscpy_s(control.MountPoint, sizeof(control.MountPoint) / sizeof(WCHAR), MountPoint);
DbgPrintW(L"DokanRemoveMountPoint %ws\n", MountPoint);
result = DokanMountControl(&control);
if (result) {
DbgPrint("DokanControl recieved DeviceName:%ws\n", control.DeviceName);
SHChangeNotify(SHCNE_DRIVEREMOVED ,SHCNF_PATH|SHCNF_FLUSHNOWAIT,MountPoint,NULL);
SendReleaseIRP(control.DeviceName);
} else {
DbgPrint("DokanRemoveMountPoint failed\n");
}
return result;
}
int ROParser::Send(PUCHAR Buffer, int Length)
{
DbgPrintW(DBGINFL2, _CRT_WIDE("INF ROParser::Send Length=%d\n"), Length);
DbgHexPrintW(Buffer, Length);
return 0;
}
void ROParser::OwnOption(PUCHAR Buffer)
{
USHORT Param1 = *reinterpret_cast<USHORT*>(Buffer+6);
USHORT Param2 = *reinterpret_cast<USHORT*>(Buffer+8);
USHORT Param3 = *reinterpret_cast<USHORT*>(Buffer+10);
DbgPrintW(DBGINF, _CRT_WIDE("INF ZC_OPTION TGT=OWN P1=%04X P2=%04X P3=%04X\n"), Param1, Param2, Param3);
switch (Param1)
{
case OPT_STUN:
NoticeAbnormal("CONDITION_TO_STUN");
break;
case OPT_SLEEP:
NoticeAbnormal("CONDITION_TO_CURSE_SLEEP");
break;
default:
break;
}
if (Param2 & OPT_POISON)
NoticeAbnormal("CONDITION_TO_POISON");
if (Param2 & OPT_BLIND)
{
*reinterpret_cast<USHORT*>(Buffer+8) ^= OPT_BLIND;
NoticeAbnormal("CONDITION_TO_BLIND");
}
}
DWORD APIENTRY
NPOpenEnum(
__in DWORD Scope,
__in DWORD Type,
__in DWORD Usage,
__in LPNETRESOURCE NetResource,
__in LPHANDLE Enum)
{
DWORD status;
UNREFERENCED_PARAMETER(Type);
UNREFERENCED_PARAMETER(Usage);
UNREFERENCED_PARAMETER(NetResource);
DbgPrintW(L"NPOpenEnum\n");
switch (Scope){
case RESOURCE_CONNECTED:
{
*Enum = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
sizeof(ULONG));
if (*Enum)
status = WN_SUCCESS;
else
status = WN_OUT_OF_MEMORY;
}
break;
case RESOURCE_CONTEXT:
default:
status = WN_NOT_SUPPORTED;
break;
}
return status;
}
DWORD APIENTRY
NPCancelConnection(
__in LPWSTR Name,
__in BOOL Force)
{
DbgPrintW(L"NpCancelConnection %s %d\n", Name, Force);
return WN_SUCCESS;
}
NTSTATUS DOKANAPI DokanNtStatusFromWin32(DWORD Error) {
switch (Error) {
#include "ntstatus.i"
default:
DbgPrintW(L"DokanNtStatusFromWin32 - Unknown Win32 error code %d\n", Error);
return STATUS_ACCESS_DENIED;
}
}
DWORD APIENTRY
NPCloseEnum(
__in HANDLE Enum)
{
DbgPrintW(L"NpCloseEnum\n");
HeapFree(GetProcessHeap(), 0, (PVOID)Enum);
return WN_SUCCESS;
}
HANDLE DOKANAPI
DokanOpenRequestorToken(PDOKAN_FILE_INFO FileInfo)
{
BOOL status;
ULONG returnedLength;
PDOKAN_INSTANCE instance;
PDOKAN_OPEN_INFO openInfo;
PEVENT_CONTEXT eventContext;
PEVENT_INFORMATION eventInfo;
HANDLE handle = INVALID_HANDLE_VALUE;
ULONG eventInfoSize;
WCHAR rawDeviceName[MAX_PATH];
openInfo = (PDOKAN_OPEN_INFO)(UINT_PTR)FileInfo->DokanContext;
if (openInfo == NULL) {
return INVALID_HANDLE_VALUE;
}
eventContext = openInfo->EventContext;
if (eventContext == NULL) {
return INVALID_HANDLE_VALUE;
}
instance = openInfo->DokanInstance;
if (instance == NULL) {
return INVALID_HANDLE_VALUE;
}
if (eventContext->MajorFunction != IRP_MJ_CREATE) {
return INVALID_HANDLE_VALUE;
}
eventInfoSize = sizeof(EVENT_INFORMATION);
eventInfo = (PEVENT_INFORMATION)malloc(eventInfoSize);
if (eventInfo == NULL) {
return INVALID_HANDLE_VALUE;
}
RtlZeroMemory(eventInfo, eventInfoSize);
eventInfo->SerialNumber = eventContext->SerialNumber;
status = SendToDevice(
GetRawDeviceName(instance->DeviceName, rawDeviceName, MAX_PATH),
IOCTL_GET_ACCESS_TOKEN,
eventInfo,
eventInfoSize,
eventInfo,
eventInfoSize,
&returnedLength);
if (status) {
handle = eventInfo->Operation.AccessToken.Handle;
} else {
DbgPrintW(L"IOCTL_GET_ACCESS_TOKEN failed\n");
}
free(eventInfo);
return handle;
}
void Resolver_Sak2()
{
// 83C0F6 // add eax, -Ah
// 3D******** // cmp eax, imm32
// 0F87******** // ja rel32
// 33C9 // xor ecx, ecx
// 8A88******** // mov cl, [eax+IA_EFFTBL1]
// FF248D******** // jmp [IA_EFFTBL2+ecx*4]
// A1******** // mov eax, [IA_MINEFFECT]
ULONG Pos = 0;
UCHAR Code[] = {
0x83, 0xC0, 0xF6, // add eax, -Ah
0x3D, // cmp eax, imm32
};
if (FindBin(Code, sizeof(Code), &Pos) == false)
return;
ULONG EffectTable = 0;
ULONG JumpTable = 0;
ULONG MinEffect = 0;
// if (CompareBinary<USHORT>(Pos+16, 0x888A))
if (CompareBinary<UCHAR>(Pos+16, 0x8A)) // mov r8, r/m8
{
EffectTable = *reinterpret_cast<ULONG*>(Pos+18);
g_Intrnl.Addr[IA_EFFTBL1] = EffectTable;
}
// if (CompareBinary<USHORT>(Pos+22, 0x24FF)) // jmp r/m32
if (CompareBinary<UCHAR>(Pos+22, 0xFF)) // jmp r/m32
{
JumpTable = *reinterpret_cast<ULONG*>(Pos+25);
g_Intrnl.Addr[IA_EFFTBL2] = JumpTable;
}
if (CompareBinary<UCHAR>(Pos+29, 0xA1)) // mov eax, moffs32
{
MinEffect = *reinterpret_cast<ULONG*>(Pos+30);
g_Intrnl.Addr[IA_MINEFFECT] = MinEffect;
}
DbgPrintW(DBGINF, _CRT_WIDE("INF ResolverSak2 EffectTable=%08X\n"), EffectTable);
DbgPrintW(DBGINF, _CRT_WIDE("INF ResolverSak2 JumpTable=%08X\n"), JumpTable);
DbgPrintW(DBGINF, _CRT_WIDE("INF ResolverSak2 MinEffect=%08X\n"), MinEffect);
}
DWORD APIENTRY
NPAddConnection(
__in LPNETRESOURCE NetResource,
__in LPWSTR Password,
__in LPWSTR UserName)
{
DbgPrintW(L"NPAddConnection\n");
return NPAddConnection3(NULL, NetResource, Password, UserName, 0);
}
void ROParser::ClAuthAck(PUCHAR Buffer)
{
SuspendWorker();
ResetSessionTable();
g_Intrnl.Session.AID = *reinterpret_cast<ULONG*>(Buffer+8);
DbgPrintW(DBGINF, _CRT_WIDE("INF AC_AUTH_ACK AID=%08X\n"), g_Intrnl.Session.AID);
}
DWORD APIENTRY
NPAddConnection3(
__in HWND WndOwner,
__in LPNETRESOURCE NetResource,
__in LPWSTR Password,
__in LPWSTR UserName,
__in DWORD Flags)
{
DWORD status;
WCHAR temp[128];
WCHAR local[3];
UNREFERENCED_PARAMETER(WndOwner);
UNREFERENCED_PARAMETER(Password);
UNREFERENCED_PARAMETER(UserName);
UNREFERENCED_PARAMETER(Flags);
DbgPrintW(L"NPAddConnection3\n");
DbgPrintW(L" LocalName: %s\n", NetResource->lpLocalName);
DbgPrintW(L" RemoteName: %s\n", NetResource->lpRemoteName);
ZeroMemory(local, sizeof(local));
if (lstrlen(NetResource->lpLocalName) > 1 &&
NetResource->lpLocalName[1] == L':') {
local[0] = (WCHAR)toupper(NetResource->lpLocalName[0]);
local[1] = L':';
local[2] = L'\0';
}
if (QueryDosDevice(local, temp, 128)) {
DbgPrintW(L" WN_ALREADY_CONNECTED");
status = WN_ALREADY_CONNECTED;
} else {
DbgPrintW(L" WN_BAD_NETNAME");
status = WN_BAD_NETNAME;
}
return status;
}
PMOUNT_ENTRY
FindMountEntry(PDOKAN_CONTROL DokanControl)
{
PLIST_ENTRY listEntry;
PMOUNT_ENTRY mountEntry = NULL;
BOOL useMountPoint = DokanControl->MountPoint[0] != L'\0';
BOOL found = FALSE;
WCHAR mountPointDefaultTemplate[4] = L"C:\\";
PWCHAR mountPoint = DokanControl->MountPoint;
if (!useMountPoint && DokanControl->DeviceName[0] == L'\0') {
return NULL;
}
/* NOTE: g_MountList expects MountPoint to has the format of C:\ */
if(useMountPoint && IsMountPointDriveLetter(DokanControl->MountPoint)) {
mountPointDefaultTemplate[0] = DokanControl->MountPoint[0];
NormalizeMountPoint(mountPointDefaultTemplate, sizeof(mountPointDefaultTemplate) / sizeof(WCHAR));
mountPoint = mountPointDefaultTemplate;
}
EnterCriticalSection(&g_CriticalSection);
for (listEntry = g_MountList.Flink; listEntry != &g_MountList; listEntry = listEntry->Flink) {
mountEntry = CONTAINING_RECORD(listEntry, MOUNT_ENTRY, ListEntry);
if (useMountPoint) {
if (wcscmp(mountPoint, mountEntry->MountControl.MountPoint) == 0) {
found = TRUE;
break;
}
} else {
if (wcscmp(DokanControl->DeviceName, mountEntry->MountControl.DeviceName) == 0) {
found = TRUE;
break;
}
}
}
LeaveCriticalSection(&g_CriticalSection);
if (found) {
DbgPrintW(L"FindMountEntry %s -> %s\n",
mountEntry->MountControl.MountPoint, mountEntry->MountControl.DeviceName);
return mountEntry;
} else {
return NULL;
}
}
void ROParser::PushCondition(USHORT Type, UCHAR Flag)
{
// SetConditionIcon(Type, Flag);
UCHAR Buffer[9];
*reinterpret_cast<USHORT*>(Buffer) = PACKET_ZC_CONDITION;
*reinterpret_cast<USHORT*>(Buffer+2) = Type;
*reinterpret_cast<ULONG*>(Buffer+4) = g_Intrnl.Session.AID;
*reinterpret_cast<UCHAR*>(Buffer+8) = Flag;
DbgPrintW(DBGINF, _CRT_WIDE("CHK PushCondition Vars OP=%04X Type=%04X AID=%08X FLAG=%02d\n"), PACKET_ZC_CONDITION, Type, g_Intrnl.Session.AID, Flag);
ExecuteParser(PACKET_ZC_CONDITION, Buffer);
}
BOOL
DokanControlUnmount(
WCHAR DriveLetter)
{
WCHAR volumeName[] = L"\\\\.\\ :";
HANDLE device;
volumeName[4] = DriveLetter;
/*
device = CreateFile(
volumeName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
FILE_FLAG_NO_BUFFERING,
NULL
);
if (device == INVALID_HANDLE_VALUE) {
DbgPrintW(L"DriveLetter %wc\n", DriveLetter);
DbgPrintW(L"DokanControl Unmount failed\n");
return FALSE;
}
CloseHandle(device);
*/
if (!DefineDosDevice(DDD_REMOVE_DEFINITION, &volumeName[4], NULL)) {
DbgPrintW(L"DriveLetter %wc\n", DriveLetter);
DbgPrintW(L"DokanControl DefineDosDevice failed\n");
return FALSE;
} else {
DbgPrintW(L"DokanControl DD_REMOVE_DEFINITION success\n");
}
DeleteMountPoint(L"C:\\mount\\dokan");
return TRUE;
}
DWORD APIENTRY
NPGetResourceParent(
__in LPNETRESOURCE NetResource,
__in LPVOID Buffer,
__in LPDWORD BufferSize)
{
UNREFERENCED_PARAMETER(NetResource);
UNREFERENCED_PARAMETER(Buffer);
UNREFERENCED_PARAMETER(BufferSize);
DbgPrintW(L"NPGetResourceParent\n");
return WN_NOT_SUPPORTED;
}
void ROParser::OwnCondition(PUCHAR Buffer)
{
USHORT Type = *reinterpret_cast<USHORT*>(Buffer+2);
UCHAR Flag = *reinterpret_cast<UCHAR*>(Buffer+8);
DbgPrintW(DBGINF, _CRT_WIDE("INF ZC_CONDITION TGT=OWN TYPE=%04X FLAG=%02X\n"), Type, Flag);
switch (Type)
{
case CI_BREAKWEAPON:
if (g_Intrnl.Session.EnArms != CI_NONE)
DeleteItemEnchantArms();
break;
case CI_HALLUCINATION:
if (Flag)
{
*reinterpret_cast<UCHAR*>(Buffer+8) &= 0;
NoticeAbnormal("CONDITION_TO_HALLUCINATION");
}
break;
case CI_ELEMENT_FIRE:
case CI_ELEMENT_WATER:
case CI_ELEMENT_WIND:
case CI_ELEMENT_GROUND:
case CI_ELEMENT_SHADOW:
case CI_ELEMENT_GHOST:
EnchantArms(Type, Flag, false);
break;
case CI_EXPLOSIONSPIRITS:
NoticeState("爆裂波動", Flag);
break;
case CI_BERSERK:
NoticeState("バーサーク", Flag);
break;
case CI_ASSUMPTIO:
NoticeState("アスムプティオ", Flag);
break;
case CI_MIRACLE:
NoticeState("太陽と月と星の奇跡", Flag);
break;
case CI_CLOSECONFINE_OWN:
case CI_CLOSECONFINE_TGT:
NoticeState("クローズコンファイン", Flag);
break;
default:
break;
}
}
DWORD APIENTRY
NPGetUniversalName(
__in LPCWSTR LocalPath,
__in DWORD InfoLevel,
__in LPVOID Buffer,
__in LPDWORD BufferSize)
{
UNREFERENCED_PARAMETER(LocalPath);
UNREFERENCED_PARAMETER(InfoLevel);
UNREFERENCED_PARAMETER(Buffer);
UNREFERENCED_PARAMETER(BufferSize);
DbgPrintW(L"NPGetUniversalName %s\n", LocalPath);
return WN_NOT_SUPPORTED;
}
DWORD APIENTRY
NPGetResourceInformation(
__in LPNETRESOURCE NetResource,
__out LPVOID Buffer,
__out LPDWORD BufferSize,
__out LPWSTR *System)
{
UNREFERENCED_PARAMETER(NetResource);
UNREFERENCED_PARAMETER(Buffer);
UNREFERENCED_PARAMETER(BufferSize);
UNREFERENCED_PARAMETER(System);
DbgPrintW(L"NPGetResourceInformation\n");
return WN_NOT_SUPPORTED;
}
DWORD APIENTRY
NPEnumResource(
__in HANDLE Enum,
__in LPDWORD Count,
__in LPVOID Buffer,
__in LPDWORD BufferSize)
{
UNREFERENCED_PARAMETER(Enum);
UNREFERENCED_PARAMETER(Count);
UNREFERENCED_PARAMETER(Buffer);
UNREFERENCED_PARAMETER(BufferSize);
DbgPrintW(L"NPEnumResource\n");
return WN_NOT_SUPPORTED;
}
NTSTATUS CreateKey(LPWSTR Root, LPWSTR KeyPath, OUT PHANDLE hKey) {
LPWSTR FullKeyPath = GetFullKeyPath(Root, KeyPath);
DbgPrintW(FullKeyPath);
UNICODE_STRING UnicodePath;
RtlInitUnicodeString(&UnicodePath, FullKeyPath);
OBJECT_ATTRIBUTES ObjectAttributes;
InitializeObjectAttributes(&ObjectAttributes, &UnicodePath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
NTSTATUS Status = ZwCreateKey(hKey, KEY_ALL_ACCESS, &ObjectAttributes, 0, NULL, REG_OPTION_VOLATILE, NULL);
FreeString(FullKeyPath);
return Status;
}
void ROParser::ClSkillAck(PUCHAR Buffer)
{
if (g_Intrnl.Session.NoDivDmg == false)
return;
if (IsOwnAID(*reinterpret_cast<ULONG*>(Buffer+8)) == false)
return;
DbgPrintW(DBGINF, _CRT_WIDE("INF ZC_SKILL_ACK5 ID=%04X LV=%04X Type=%02X Val=%d/%d\n"), *reinterpret_cast<USHORT*>(Buffer+2),
*reinterpret_cast<USHORT*>(Buffer+28),
*reinterpret_cast<ULONG*>(Buffer+24),
*reinterpret_cast<USHORT*>(Buffer+30),
*reinterpret_cast<UCHAR*>(Buffer+32));
if (*reinterpret_cast<UCHAR*>(Buffer+32) == SKDMG_DIVIDE)
{
*reinterpret_cast<USHORT*>(Buffer+30) = 1; // 単発は1固定
*reinterpret_cast<UCHAR*>(Buffer+32) = SKDMG_ONE;
}
}
PMOUNT_ENTRY
InsertMountEntry(PDOKAN_CONTROL DokanControl)
{
PMOUNT_ENTRY mountEntry;
mountEntry = malloc(sizeof(MOUNT_ENTRY));
if (mountEntry == NULL) {
DbgPrintW(L"InsertMountEntry malloc failed\n");
return NULL;
}
ZeroMemory(mountEntry, sizeof(MOUNT_ENTRY));
CopyMemory(&mountEntry->MountControl, DokanControl, sizeof(DOKAN_CONTROL));
InitializeListHead(&mountEntry->ListEntry);
EnterCriticalSection(&g_CriticalSection);
InsertTailList(&g_MountList, &mountEntry->ListEntry);
LeaveCriticalSection(&g_CriticalSection);
return mountEntry;
}
VOID FindMountPoint(PDOKAN_CONTROL Control)
{
WCHAR physical[65536];
WCHAR logical[65536];
QueryDosDevice(NULL, physical, sizeof(physical));
for (WCHAR *pos = physical; *pos; pos += wcslen(pos) + 1) {
QueryDosDevice(pos, logical, sizeof(logical));
if (wcsstr(logical, Control->DeviceName) != NULL
&& wcsstr(logical, pos) == NULL)
{
wcscpy_s(Control->MountPoint, sizeof(Control->MountPoint) / sizeof(WCHAR),
pos);
DbgPrintW(L"DokanControl MountPoint found '%s'\n", Control->MountPoint);
break;
}
}
}
BOOL DOKANAPI DokanRemoveMountPoint(LPCWSTR MountPoint) {
DOKAN_CONTROL control;
BOOL result;
ZeroMemory(&control, sizeof(DOKAN_CONTROL));
control.Type = DOKAN_CONTROL_UNMOUNT;
wcscpy_s(control.MountPoint, sizeof(control.MountPoint) / sizeof(WCHAR),
MountPoint);
DbgPrintW(L"DokanRemoveMountPoint %ws\n", MountPoint);
result = DokanMountControl(&control);
if (result) {
DbgPrint("DokanControl recieved DeviceName:%ws\n", control.DeviceName);
SendReleaseIRP(control.DeviceName);
} else {
DbgPrint("DokanRemoveMountPoint failed\n");
}
return result;
}
void Resolver_Sak4()
{
// A1******** // mov eax, [IA_LANGTYPE]
// 85C0 // test eax, eax
// 0F84B7000000 // je rel32
// 83F803 // cmp eax, 3
// 0F84AE000000 // je rel32
// 83F805 // cmp eax, 5
// 0F84A5000000 // je rel32
ULONG Pos = 0;
UCHAR Code[] = {
0x83, 0xF8, 0x03,
0x0F, 0x84, 0xAE, 0x00, 0x00, 0x00,
};
if (FindBin(Code, sizeof(Code), &Pos) == false)
return;
ULONG ChkName = 0;
if (CompareBinary<USHORT>(Pos+3, 0x840F)) // je rel32
{
ULONG Relative = *reinterpret_cast<ULONG*>(Pos+5);
Pos = (Pos+9) + Relative;
// B9******** // mov ecx, imm32
// E8******** // call rel32
// A1******** // mov eax, [IA_LANGTYPE]
// 85C0 // test eax, eax
// 0F85******** // jne rel32
if (CompareBinary<UCHAR>(Pos+15, 0x85)) // test r/m32, r32
{
ChkName = Pos + 15;
g_Intrnl.Addr[IA_CHKNAME] = ChkName;
}
}
DbgPrintW(DBGINF, _CRT_WIDE("INF ResolverSak4 ChkName=%08X\n"), ChkName);
}
