HANDLE WINAPI MyCreateFileA(LPSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
{
WCHAR szFile[MAX_PATH];
DWORD dwLength;
dwLength = StrLengthA(lpFileName);
dwLength = MYAPI(MultiByteToWideChar)(CP_ACP, 0, lpFileName, dwLength + 1, szFile, countof(szFile)) - 1;
do if ((dwDesiredAccess & GENERIC_WRITE) == 0)
{
if (dwLength < 3 ||
szFile[dwLength - 4] != '.' ||
(CHAR_UPPER3W(*(PULONG64)(&szFile[dwLength - 3]))) != TAG3W('DAT'))
{
break;
}
if (MYAPI(GetFileAttributesW)(szFile) != -1)
break;
dwLength -= 4;
*(PULONG64)(szFile + dwLength) = TAG4W('_sc.');
*(PULONG64)(szFile + dwLength + 4) = TAG3W('dat');
} while (0);
return MYAPI(CreateFileW)(szFile, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
Void Init()
{
#if defined(NULL_IAT)
if (!InitFunction(&g_func))
DebugException();
#endif
CMem::CreateGlobalHeap();
// AddVectoredExceptionHandler(True, VectoredHandler);
INTEL_STATIC SPatch p[] =
{
{ 0xB8, 1, 0x3B98C }, // 验证
// { 0x24EB, 2, 0x4B14F }, // 边界
// { 0xD5EB, 2, 0x4B17E }, // 边界
{ 0xEB, 1, 0x4B14F }, // 边界
{ 0xEB, 1, 0x4B17E }, // 边界
{ 0xEB, 1, 0x483D1 }, // 边界
{ 0xEB, 1, 0x4AADA }, // 边界
{ 0xEB, 1, 0x4AB12 }, // 边界
{ SWAP2('【'), 4, 0x49C7B },
{ SWAP2('【'), 4, 0x49CA0 },
{ SWAP2('】'), 4, 0x49EF6 },
{ SWAP2('】'), 4, 0x49F1B },
#if defined (MY_DEBUG)
{ (UInt32)MyCreateFontIndirectA, 4, 0x5B044 },
{ (UInt32)MyGetGlyphOutlineA, 4, 0x5B04C },
#endif
};
INTEL_STATIC SFuncPatch f[] =
{
{ CALL, 0x2F2E1, DecodeImage, 0x00 },
{ CALL, 0x23EAA, MylstrcmpiA, 0x01 },
// { CALL, 0x2F065, MylstrcmpA, 0x01 },
{ CALL, 0x43904, GetSeSize, 0x00 },
{ CALL, 0x4392D, ReadSe, 0x00 },
};
WChar szPath[MAX_PATH];
DWORD i;
#if defined (MY_DEBUG)
PatchMemory(p, countof(p), f, countof(f), MYAPI(GetModuleHandleW)(0));
#else
PatchMemoryNoVP(p, countof(p), f, countof(f), MYAPI(GetModuleHandleW)(0));
#endif
#if defined(NULL_IAT)
HMODULE hVorbisfile = g_func.LoadStayedLibraryA("vorbisfile.dll", &g_func);
#else
HMODULE hVorbisfile = LoadLibraryExW(L"vorbisfile.dll", NULL, 0);
#endif
GetFuncAddress(vorbis_func.ov_clear, hVorbisfile, "ov_clear");
GetFuncAddress(vorbis_func.ov_open_callbacks, hVorbisfile, "ov_open_callbacks");
GetFuncAddress(vorbis_func.ov_test_callbacks, hVorbisfile, "ov_test_callbacks");
GetFuncAddress(vorbis_func.ov_pcm_seek, hVorbisfile, "ov_pcm_seek");
GetFuncAddress(vorbis_func.ov_pcm_total, hVorbisfile, "ov_pcm_total");
GetFuncAddress(vorbis_func.ov_read, hVorbisfile, "ov_read");
GetFuncAddress(vorbis_func.ov_time_total, hVorbisfile, "ov_time_total");
i = MYAPI(GetModuleFileNameW)(NULL, szPath, countof(szPath));
while (szPath[--i] != '\\');
++i;
*(PULONG64)&szPath[i] = TAG4W('save');
szPath[i + 4] = 0;
MYAPI(CreateDirectoryW)(szPath, NULL);
#if defined(USE_CACHE)
g_ImageCache.Init();
#endif
}
UPK_STATUS
NitroPlus::
Pack(
PCWSTR InputPath,
PCWSTR OutputFile /* = NULL */,
PLARGE_INTEGER PackedFiles /* = NULL */,
ULONG Flags /* = 0 */
)
{
UNREFERENCED_PARAMETER(OutputFile);
UNREFERENCED_PARAMETER(Flags);
ULONG PathLength, Length, Hash, Offset;
ULONG Size, CompressedSize, FileBufferSize, CompresseBufferSize;
WCHAR FilePath[MAX_NTPATH];
PVOID NpaEntryBase, FileBuffer, CompresseBuffer;
PBYTE NpaEntryBuffer;
PWSTR FileName;
NTSTATUS Status;
LARGE_INTEGER FileCount, PackedFileCount;
NITRO_PLUS_ENTRY *BaseEntry, *Entry;
NITRO_PLUS_NPA_HEADER Header;
NITRO_PLUS_NPA_ETNRY *Info;
NtFileDisk File;
if (PackedFiles == NULL)
PackedFiles = &PackedFileCount;
PackedFiles->QuadPart = 0;
if (!EnumDirectoryFiles(
(PVOID *)&BaseEntry,
L"*.*",
sizeof(*BaseEntry),
InputPath,
&FileCount,
(EnumDirectoryFilesCallBackRoutine)QueryFileList,
0,
EDF_SUBDIR)
)
{
return STATUS_UNSUCCESSFUL;
}
FileBufferSize = 0;
CompresseBufferSize = 0;
FileBuffer = NULL;
CompresseBuffer = NULL;
*(PULONG)&Header.Signature = NPA_HEADER_MAGIC;
Header.Version = NPA_GCLX_VERSION;
Header.EntryCount = FileCount.LowPart;
Header.FileCount = FileCount.LowPart;
Header.DirectoryCount = 0;
Header.IsCompressed = TRUE;
Header.IsEncrypted = TRUE;
RtlRandom(&Header.Hash[0]);
RtlRandom(&Header.Hash[1]);
PathLength = StrLengthW(InputPath);
if (OutputFile != NULL)
{
Status = m_File.Create(OutputFile);
}
else
{
FileName = FilePath + PathLength;
CopyMemory(FilePath, InputPath, PathLength * sizeof(*FilePath));
if (FileName[-1] == '\\')
--FileName;
*(PULONG64)FileName = TAG4W('.npa');
FileName[4] = 0;
Status = m_File.Create(FilePath);
}
if (!NT_SUCCESS(Status))
goto RETURN_POINT;
PathLength += InputPath[PathLength - 1] != '\\';
NpaEntryBase = AllocateMemory(sizeof(*BaseEntry) * FileCount.LowPart);
if (NpaEntryBase == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto RETURN_POINT;
}
NpaEntryBuffer = (PBYTE)NpaEntryBase;
Entry = BaseEntry;
for (ULONG Index = 0, Count = FileCount.LowPart; Count; ++Index, --Count)
{
Length = StrLengthW(Entry->FileName) - PathLength;
Length = WideCharToMultiByte(
CP_SHIFTJIS,
0,
Entry->FileName + PathLength,
Length,
(PSTR)NpaEntryBuffer + 4,
INT_MAX,
NULL,
NULL
);
// Nt_UnicodeToAnsi((PSTR)NpaEntryBuffer + 4, INT_MAX, Entry->FileName + PathLength, Length, &Length);
*(PULONG)NpaEntryBuffer = Length;
NpaEntryBuffer += 4;
Entry->DecryptLength = Length;
Entry->Seed = HashBuffer(NpaEntryBuffer, Length);
EncryptName(NpaEntryBuffer, Length, Index, &Header);
NpaEntryBuffer += Length;
NpaEntryBuffer += sizeof(*Info);
++Entry;
}
Header.EntrySize = PtrOffset(NpaEntryBuffer, NpaEntryBase);
Hash = Header.Hash[0] * Header.Hash[1];
NpaEntryBuffer = (PBYTE)NpaEntryBase;
Entry = BaseEntry;
Offset = 0;
m_File.Seek(Header.EntrySize + sizeof(Header), FILE_BEGIN);
for (ULONG Index = 0, Count = FileCount.LowPart; Count; ++Index, --Count)
{
Status = File.Open(Entry->FileName);
if (!NT_SUCCESS(Status))
break;
Size = File.GetSize32();
if (FileBufferSize < Size)
{
FileBufferSize = Size;
FileBuffer = ReAllocateMemory(FileBuffer, FileBufferSize);
if (FileBuffer == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
break;
}
}
Status = File.Read(FileBuffer, Size);
if (!NT_SUCCESS(Status))
break;
CompressedSize = Size * 4;
if (CompresseBufferSize < CompressedSize)
{
CompresseBufferSize = CompressedSize;
CompresseBuffer = ReAllocateMemory(CompresseBuffer, CompresseBufferSize);
if (CompresseBuffer == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
break;
}
}
CompressedSize = CompresseBufferSize;
Status = compress2(CompresseBuffer, &CompressedSize, FileBuffer, Size, Z_BEST_COMPRESSION);
if (Status != Z_OK)
{
Status = STATUS_UNSUCCESSFUL;
break;
}
EncryptData(
CompresseBuffer,
MY_MIN(CompressedSize, Entry->DecryptLength + 0x1000),
(Hash + Entry->Seed) * Size
);
NpaEntryBuffer += *(PULONG)NpaEntryBuffer + 4;
Info = (NITRO_PLUS_NPA_ETNRY *)NpaEntryBuffer;
NpaEntryBuffer += sizeof(*Info);
Info->FileType = NP_FILE_TYPE_FILE;
Info->CompressedSize = CompressedSize;
Info->Offset = Offset;
Info->OriginalSize = Size;
Info->DirectoryIndex = 0;
Status = m_File.Write(CompresseBuffer, CompressedSize);
if (!NT_SUCCESS(Status))
break;
Offset += CompressedSize;
++Entry;
}
if (!NT_SUCCESS(Status))
goto RETURN_POINT;
m_File.Seek(0, FILE_BEGIN);
Status = m_File.Write(&Header, sizeof(Header));
if (!NT_SUCCESS(Status))
goto RETURN_POINT;
Status = m_File.Write(NpaEntryBase, Header.EntrySize);
if (!NT_SUCCESS(Status))
goto RETURN_POINT;
PackedFiles->QuadPart = FileCount.QuadPart;
RETURN_POINT:
FreeMemory(FileBuffer);
EnumDirectoryFilesFree(BaseEntry);
return Status;
}
ForceInline VOID main2(Int argc, WChar **argv)
{
NTSTATUS Status;
WCHAR *pExePath, szDllPath[MAX_NTPATH], FullExePath[MAX_NTPATH];
STARTUPINFOW si;
PROCESS_INFORMATION pi;
#if 0
PVOID buf;
// CNtFileDisk file;
UNICODE_STRING str;
// file.Open((FIELD_BASE(FindLdrModuleByName(NULL)->InLoadOrderModuleList.Flink, LDR_MODULE, InLoadOrderModuleList))->FullDllName.Buffer);
// buf = AllocateMemory(file.GetSize32());
// file.Read(buf);
// file.Close();
RTL_CONST_STRING(str, L"OllyDbg.exe");
LoadDllFromMemory(GetNtdllHandle(), -1, &str, NULL, LMD_MAPPED_DLL);
PrintConsoleW(
L"%s handle = %08X\n"
L"%s.NtSetEvent = %08X\n",
str.Buffer, GetModuleHandleW(str.Buffer),
str.Buffer, Nt_GetProcAddress(GetModuleHandleW(str.Buffer), "NtSetEvent")
);
getch();
FreeMemory(buf);
return;
#endif
#if 1
if (argc == 1)
return;
RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, (PBOOLEAN)&Status);
while (--argc)
{
pExePath = findextw(*++argv);
if (CHAR_UPPER4W(*(PULONG64)pExePath) == CHAR_UPPER4W(TAG4W('.LNK')))
{
if (FAILED(GetPathFromLinkFile(*argv, FullExePath, countof(FullExePath))))
{
pExePath = *argv;
}
else
{
pExePath = FullExePath;
}
}
else
{
pExePath = *argv;
}
RtlGetFullPathName_U(pExePath, sizeof(szDllPath), szDllPath, NULL);
#if 0
Status = FakeCreateProcess(szDllPath, NULL);
if (!NT_SUCCESS(Status))
#else
rmnamew(szDllPath);
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
Status = CreateProcessInternalW(
NULL,
pExePath,
NULL,
NULL,
NULL,
FALSE,
CREATE_SUSPENDED,
NULL,
*szDllPath == 0 ? NULL : szDllPath,
&si,
&pi,
NULL);
if (!Status)
#endif
{
PrintConsoleW(L"%s: CreateProcess() failed\n", pExePath);
continue;
}
ULONG Length;
UNICODE_STRING DllFullPath;
Length = Nt_GetExeDirectory(szDllPath, countof(szDllPath));
CopyStruct(szDllPath + Length, L"XP3Viewer.dll", sizeof(L"XP3Viewer.dll"));
DllFullPath.Buffer = szDllPath;
DllFullPath.Length = (USHORT)(Length + CONST_STRLEN(L"XP3Viewer.dll"));
DllFullPath.Length *= sizeof(WCHAR);
DllFullPath.MaximumLength = DllFullPath.Length;
Status = InjectDllToRemoteProcess(pi.hProcess, pi.hThread, &DllFullPath, FALSE);
if (!NT_SUCCESS(Status))
{
// PrintError(GetLastError());
NtTerminateProcess(pi.hProcess, 0);
}
NtClose(pi.hProcess);
NtClose(pi.hThread);
}
#endif
}
ForceInline Void main2(Int argc, WChar **argv)
{
NTSTATUS Status;
WCHAR *pExePath, szDllPath[MAX_NTPATH], FullExePath[MAX_NTPATH];
STARTUPINFOW si;
PROCESS_INFORMATION pi;
if (argc == 1)
return;
RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, (PBOOLEAN)&Status);
while (--argc)
{
pExePath = findextw(*++argv);
if (CHAR_UPPER4W(*(PULONG64)pExePath) == CHAR_UPPER4W(TAG4W('.LNK')))
{
if (FAILED(GetPathFromLinkFile(*argv, FullExePath, countof(FullExePath))))
{
pExePath = *argv;
}
else
{
pExePath = FullExePath;
}
}
else
{
pExePath = *argv;
}
RtlGetFullPathName_U(pExePath, sizeof(szDllPath), szDllPath, NULL);
rmnamew(szDllPath);
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
Status = CreateProcessInternalW(
NULL,
pExePath,
NULL,
NULL,
NULL,
FALSE,
CREATE_SUSPENDED,
NULL,
*szDllPath == 0 ? NULL : szDllPath,
&si,
&pi,
NULL);
if (!Status)
{
PrintConsoleW(L"CreateProcess() failed.\n");
continue;
}
Status = InjectSelfToRemoteProcess(pi.hProcess, pi.hThread);
if (!NT_SUCCESS(Status))
{
// PrintError(GetLastError());
NtTerminateProcess(pi.hProcess, 0);
}
NtClose(pi.hProcess);
NtClose(pi.hThread);
}
}
