/********************************************************************** * Functions *********************************************************************/ BOOL CALLBACK IH_DlgMain(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { switch(uMsg) { case WM_INITDIALOG: { g_HWND=hwndDlg; EnableWindow(GetDlgItem(hwndDlg, IDC_BTN_INLINE), FALSE); EnableWindow(GetDlgItem(hwndDlg, IDC_BTN_COPY), FALSE); } return TRUE; case WM_HELP: { char id[10]=""; sprintf(id, "%d", IDS_HELPINLINE); SetEnvironmentVariableA("HELPID", id); SetEnvironmentVariableA("HELPTITLE", "Inline Help"); DialogBox(hInst, MAKEINTRESOURCE(DLG_HELP), hwndDlg, DlgHelp); } return TRUE; case WM_BROWSE: { strcpy(g_szFileName, (const char*)wParam); //Retrieve the directory of the file. int i=strlen(g_szFileName)-1; int j=0; while(g_szFileName[i]!='\\') { i--; j++; } strncpy(g_szTargetDir, g_szFileName, strlen(g_szFileName)-j-1); //Retrieve stuff. EnableWindow(GetDlgItem(g_HWND, IDC_BTN_INLINE), FALSE); EnableWindow(GetDlgItem(g_HWND, IDC_BTN_COPY), FALSE); SendDlgItemMessageA(g_HWND, IDC_EDT_OEP, EM_SETREADONLY, 0, 0); //Enable change of OEP... DragAcceptFiles(g_HWND, FALSE); g_FileIsDll=IH_Debugger(g_szFileName, &g_TargetData, IH_DebugEnd_Callback, IH_ErrorMessageCallback); } return TRUE; case WM_DROPFILES: { //Get the dropped file name. DragQueryFileA((HDROP)wParam, 0, g_szFileName, 256); //Retrieve the directory of the file. int i=strlen(g_szFileName)-1; int j=0; while(g_szFileName[i]!='\\') { i--; j++; } strncpy(g_szTargetDir, g_szFileName, strlen(g_szFileName)-j-1); //Retrieve stuff. EnableWindow(GetDlgItem(g_HWND, IDC_BTN_INLINE), FALSE); EnableWindow(GetDlgItem(g_HWND, IDC_BTN_COPY), FALSE); SendDlgItemMessageA(g_HWND, IDC_EDT_OEP, EM_SETREADONLY, 0, 0); //Enable change of OEP... DragAcceptFiles(g_HWND, FALSE); g_FileIsDll=IH_Debugger(g_szFileName, &g_TargetData, IH_DebugEnd_Callback, IH_ErrorMessageCallback); } return TRUE; case WM_COMMAND: { switch(LOWORD(wParam)) { case IDC_BTN_INLINE: { NoFocus(); if(!(g_TargetData.EmptyEntry)) { MessageBoxA(hwndDlg, "You need to specify the place to start the inline...", "N00B!", MB_ICONERROR); return TRUE; } char patch_filename[256]=""; patch_filename[0]=0; OPENFILENAME ofstruct; memset(&ofstruct, 0, sizeof(ofstruct)); ofstruct.lStructSize=sizeof(ofstruct); ofstruct.hwndOwner=hwndDlg; ofstruct.hInstance=hInst; if(!g_FileIsDll) ofstruct.lpstrFilter="Executable files (*.exe)\0*.exe\0\0"; else ofstruct.lpstrFilter="Executable files (*.dll)\0*.dll\0\0"; ofstruct.lpstrFile=patch_filename; ofstruct.nMaxFile=256; ofstruct.lpstrInitialDir=g_szTargetDir; ofstruct.lpstrTitle="Save file"; if(!g_FileIsDll) ofstruct.lpstrDefExt="exe"; else ofstruct.lpstrDefExt="dll"; ofstruct.Flags=OFN_EXTENSIONDIFFERENT|OFN_HIDEREADONLY|OFN_NONETWORKBUTTON|OFN_OVERWRITEPROMPT; GetSaveFileName(&ofstruct); if(!patch_filename[0]) { MessageBoxA(hwndDlg, "You must select a file...", "Warning", MB_ICONWARNING); return TRUE; } CopyFileA(g_szFileName, patch_filename, FALSE); SetPE32Data(patch_filename, 0, UE_OEP, g_TargetData.EmptyEntry-g_TargetData.ImageBase); long newflags=(long)GetPE32Data(patch_filename, g_TargetData.EntrySectionNumber, UE_SECTIONFLAGS); SetPE32Data(patch_filename, g_TargetData.EntrySectionNumber, UE_SECTIONFLAGS, (newflags|0x80000000)); IH_GenerateAsmCode(g_codeText, g_TargetData); CopyToClipboard(g_codeText); MessageBoxA(hwndDlg, "1) Open the file you just saved with OllyDbg\n2) Open Multimate Assembler v1.5+\n3) Paste the code\n4) Modify the code to do something with the Security DLL\n5) Save the patched file with OllyDbg\n6) Enjoy!", "Instructions", MB_ICONINFORMATION); } return TRUE; case IDC_EDT_FREESPACE: { char free_temp[10]=""; GetDlgItemTextA(hwndDlg, IDC_EDT_FREESPACE, free_temp, 10); sscanf(FormatTextHex(free_temp), "%X", &(g_TargetData.EmptyEntry)); } return TRUE; case IDC_BTN_COPY: { NoFocus(); if(g_codeText[0]) { IH_GenerateAsmCode(g_codeText, g_TargetData); CopyToClipboard(g_codeText); MessageBoxA(hwndDlg, "Code copied to clipboard!", "Yay!", MB_ICONINFORMATION); } else MessageBoxA(hwndDlg, "There is no code to copy, please load a file first...", "Error!", MB_ICONERROR); } return TRUE; case IDC_BTN_PLUGINS: { NoFocus(); PLUGFUNC PluginFunction; HINSTANCE PLUGIN_INST; char total_found_s[5]=""; char plugin_name[100]=""; char plugin_dll[100]=""; char dll_to_load[256]=""; char temp_str[5]=""; int total_found=0; GetPrivateProfileStringA("Plugins", "total_found", "", total_found_s, 4, sg_szPluginIniFilePath); sscanf(total_found_s, "%d", &total_found); if(total_found) { HMENU myMenu=0; myMenu=CreatePopupMenu(); for(int i=1; i!=(total_found+1); i++) { sprintf(temp_str, "%d", i); GetPrivateProfileStringA(temp_str, "plugin_name", "", plugin_name, 100, sg_szPluginIniFilePath); AppendMenuA(myMenu, MF_STRING, i, plugin_name); } POINT cursorPos; GetCursorPos(&cursorPos); SetForegroundWindow(hwndDlg); UINT MenuItemClicked=TrackPopupMenu(myMenu, TPM_RETURNCMD|TPM_NONOTIFY, cursorPos.x, cursorPos.y, 0, hwndDlg, 0); SendMessage(hwndDlg, WM_NULL, 0, 0); if(!MenuItemClicked) return TRUE; sprintf(temp_str, "%d", (int)MenuItemClicked); GetPrivateProfileStringA(temp_str, "plugin_dll", "", plugin_dll, 100, sg_szPluginIniFilePath); sprintf(dll_to_load, "plugins\\%s", plugin_dll); PLUGIN_INST=LoadLibraryA(dll_to_load); if(!PLUGIN_INST) MessageBoxA(hwndDlg, "There was an error loading the plugin", plugin_dll, MB_ICONERROR); else { PluginFunction=(PLUGFUNC)GetProcAddress(PLUGIN_INST, "PluginFunction"); if(!PluginFunction) MessageBoxA(hwndDlg, "The export \"PluginFunction\" could not be found, please contact the plugin supplier", plugin_dll, MB_ICONERROR); else { if(!g_TargetData.ImageBase) g_TargetData.ImageBase=0x400000; ShowWindow(GetParent(hwndDlg), 0); PluginFunction(PLUGIN_INST, hwndDlg, g_TargetData.SecurityAddrRegister, sg_szAKTDirectory, g_TargetData.ImageBase); ShowWindow(GetParent(hwndDlg), 1); FreeLibrary(PLUGIN_INST); SetForegroundWindow(hwndDlg); } } } else { HMENU myMenu=0; myMenu=CreatePopupMenu(); AppendMenuA(myMenu, MF_STRING|MF_GRAYED, 1, "No plugins found :("); POINT cursorPos; GetCursorPos(&cursorPos); SetForegroundWindow(hwndDlg); TrackPopupMenu(myMenu, TPM_RETURNCMD|TPM_NONOTIFY, cursorPos.x, cursorPos.y, 0, hwndDlg, 0); } } return TRUE; case IDC_EDT_OEP: { char temp_oep[10]=""; GetDlgItemTextA(hwndDlg, IDC_EDT_OEP, temp_oep, 10); sscanf(temp_oep, "%X", &(g_TargetData.OEP)); } return TRUE; } } return TRUE; } return FALSE; }
BOOL CALLBACK DlgMain(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) ///Dialog callback. { switch(uMsg) { case WM_INITDIALOG: { fingerprint_function_addr = FindFingerprintFunctionAddr(); if(!fingerprint_function_addr) { MessageBoxA(hwndDlg, "Something went wrong, try loading a .exe file first...", "Error!", MB_ICONERROR); EndDialog(hwndDlg, 0); } else EnableWindow(GetDlgItem(hwndDlg, IDC_BTN_COPY), FALSE); } return TRUE; case WM_CLOSE: { EndDialog(hwndDlg, 0); } return TRUE; case WM_COMMAND: { switch(LOWORD(wParam)) { case IDC_EDT_HWID: { char hwid_text[10] = ""; char code_text[255] = ""; GetDlgItemTextA(hwndDlg, IDC_EDT_HWID, hwid_text, 10); FormatTextHex(hwid_text); unsigned int* struct_addr = (unsigned int*)dword_struct; if(hwid_text[0]) { sscanf(hwid_text, "%X", (unsigned int*)(dword_struct + 1)); sprintf(code_text, "lea edi, dword ptr ds:[%s+0%X]\r\nmov dword ptr ds:[edi],0%.08X\r\nlea edi, dword ptr ds:[edi+4]\r\nmov dword ptr ds:[edi],0%.08X", register_used, fingerprint_function_addr, struct_addr[0], struct_addr[1]); EnableWindow(GetDlgItem(hwndDlg, IDC_BTN_COPY), TRUE); SetDlgItemTextA(hwndDlg, IDC_EDT_CODE, code_text); } else { EnableWindow(GetDlgItem(hwndDlg, IDC_BTN_COPY), FALSE); SetDlgItemTextA(hwndDlg, IDC_EDT_CODE, ""); } } return TRUE; case IDC_BTN_COPY: { char code_text[255] = ""; GetDlgItemTextA(hwndDlg, IDC_EDT_CODE, code_text, 255); CopyToClipboard(code_text); } return TRUE; case IDC_BTN_ABOUT: { MessageBoxA(hwndDlg, "Sample plugin, created by Mr. eXoDia", plugin_name, MB_ICONINFORMATION); } return TRUE; } } return TRUE; } return FALSE; }