HFONT WINAPI MyCreateFontIndirectA(LOGFONTA *lplf) { LOGFONTW lf; CopyStruct(&lf, lplf, sizeof(*lplf) - sizeof(lplf->lfFaceName)); lf.lfCharSet = GB2312_CHARSET; CopyStruct(lf.lfFaceName, DEFAULT_FACE_NAME, sizeof(DEFAULT_FACE_NAME)); return CreateFontIndirectW(&lf); }
HFONT WINAPI HookCreateFontA(int cHeight, int cWidth, int cEscapement, int cOrientation, int cWeight, DWORD bItalic, DWORD bUnderline, __in DWORD bStrikeOut, __in DWORD iCharSet, __in DWORD iOutPrecision, __in DWORD iClipPrecision, DWORD iQuality, DWORD iPitchAndFamily, LPCSTR pszFaceName) { LOGFONTW lf; lf.lfHeight = cHeight; lf.lfWidth = cWidth; lf.lfEscapement = cEscapement; lf.lfOrientation = cOrientation; lf.lfWeight = cWeight; lf.lfItalic = (BYTE)bItalic; lf.lfUnderline = (BYTE)bUnderline; lf.lfStrikeOut = (BYTE)bStrikeOut; lf.lfOutPrecision = (BYTE)iOutPrecision; lf.lfClipPrecision = (BYTE)iClipPrecision; lf.lfQuality = CLEARTYPE_QUALITY; lf.lfPitchAndFamily = (BYTE)iPitchAndFamily; if (iCharSet == SHIFTJIS_CHARSET && g_TextTable != NULL) { iCharSet = GB2312_CHARSET; CopyStruct(lf.lfFaceName, L"SIMHEI", sizeof(L"SIMHEI")); } else { AnsiToUnicode(lf.lfFaceName, countof(lf.lfFaceName), pszFaceName); } lf.lfCharSet = (BYTE)iCharSet; return CreateFontIndirectW(&lf); }
ULONG WINAPI QqGetModuleFileNameExW( HANDLE Process, PVOID Module, PWSTR Filename, ULONG Size ) { ULONG Length; PWSTR File; NTSTATUS Status; PROCESS_BASIC_INFORMATION BasicInfo; static WCHAR QQProtect[] = L"QQProtect.exe"; Length = StubGetModuleFileNameExW(Process, (HMODULE)Module, Filename, Size); if (Length == 0 || Filename == nullptr || Size == 0) return Length; Status = NtQueryInformationProcess(Process, ProcessBasicInformation, &BasicInfo, sizeof(BasicInfo), nullptr); if (NT_FAILED(Status) || BasicInfo.UniqueProcessId != CurrentPid()) return Length; File = findnamew(Filename); CopyStruct(File, QQProtect, sizeof(QQProtect)); return File - Filename + CONST_STRLEN(QQProtect); }
void WinEDA_SchematicFrame::HandleBlockPlace(wxDC * DC) /******************************************************/ /* Routine to handle the BLOCK PLACE commande Last routine for block operation for: - block move & drag - block copie & paste */ { bool err = FALSE; if(GetScreen()->ManageCurseur == NULL) { err = TRUE; DisplayError(this, wxT("HandleBlockPLace() : ManageCurseur = NULL") ); } if(GetScreen()->BlockLocate.m_BlockDrawStruct == NULL) { wxString msg; err = TRUE; msg.Printf( wxT("HandleBlockPLace() : m_BlockDrawStruct = NULL (cmd %d, state %d)"), GetScreen()->BlockLocate.m_Command, GetScreen()->BlockLocate.m_State); DisplayError(this, msg ); } GetScreen()->BlockLocate.m_State = STATE_BLOCK_STOP; switch(GetScreen()->BlockLocate.m_Command ) { case BLOCK_IDLE: err = TRUE; break; case BLOCK_DRAG: /* Drag */ case BLOCK_MOVE: /* Move */ if ( GetScreen()->ManageCurseur ) GetScreen()->ManageCurseur(DrawPanel, DC, FALSE); MoveStruct(DrawPanel, DC, GetScreen()->BlockLocate.m_BlockDrawStruct); GetScreen()->BlockLocate.m_BlockDrawStruct = NULL; break; case BLOCK_COPY: /* Copy */ case BLOCK_PRESELECT_MOVE: /* Move with preselection list*/ if ( GetScreen()->ManageCurseur ) GetScreen()->ManageCurseur(DrawPanel, DC, FALSE); CopyStruct(DrawPanel, DC, GetScreen(), GetScreen()->BlockLocate.m_BlockDrawStruct); GetScreen()->BlockLocate.m_BlockDrawStruct = NULL; break; case BLOCK_PASTE: /* Paste (recopie du dernier bloc sauve */ if ( GetScreen()->ManageCurseur ) GetScreen()->ManageCurseur(DrawPanel, DC, FALSE); PasteStruct(DC); GetScreen()->BlockLocate.m_BlockDrawStruct = NULL; break; case BLOCK_ZOOM: // Handled by HandleBlockEnd() case BLOCK_DELETE: case BLOCK_SAVE: case BLOCK_ROTATE: case BLOCK_INVERT: case BLOCK_ABORT: case BLOCK_SELECT_ITEMS_ONLY: break; } SetFlagModify(GetScreen()); /* clear struct.m_Flags */ EDA_BaseStruct * Struct; for(Struct = GetScreen()->EEDrawList; Struct != NULL; Struct=Struct->Pnext) Struct->m_Flags = 0; GetScreen()->ManageCurseur = NULL; GetScreen()->ForceCloseManageCurseur = NULL; GetScreen()->BlockLocate.m_Flags = 0; GetScreen()->BlockLocate.m_State = STATE_NO_BLOCK; GetScreen()->BlockLocate.m_Command = BLOCK_IDLE; GetScreen()->m_CurrentItem = NULL; TestDanglingEnds(GetScreen()->EEDrawList, DC); if ( GetScreen()->BlockLocate.m_BlockDrawStruct ) { DisplayError(this, wxT("HandleBlockPLace() error: DrawStruct != Null") ); GetScreen()->BlockLocate.m_BlockDrawStruct = NULL; } SetToolID(m_ID_current_state, DrawPanel->m_PanelDefaultCursor, wxEmptyString ); }
ForceInline VOID main2(Int argc, WChar **argv) { NTSTATUS Status; WCHAR *pExePath, szDllPath[MAX_NTPATH], FullExePath[MAX_NTPATH]; STARTUPINFOW si; PROCESS_INFORMATION pi; #if 0 PVOID buf; // CNtFileDisk file; UNICODE_STRING str; // file.Open((FIELD_BASE(FindLdrModuleByName(NULL)->InLoadOrderModuleList.Flink, LDR_MODULE, InLoadOrderModuleList))->FullDllName.Buffer); // buf = AllocateMemory(file.GetSize32()); // file.Read(buf); // file.Close(); RTL_CONST_STRING(str, L"OllyDbg.exe"); LoadDllFromMemory(GetNtdllHandle(), -1, &str, NULL, LMD_MAPPED_DLL); PrintConsoleW( L"%s handle = %08X\n" L"%s.NtSetEvent = %08X\n", str.Buffer, GetModuleHandleW(str.Buffer), str.Buffer, Nt_GetProcAddress(GetModuleHandleW(str.Buffer), "NtSetEvent") ); getch(); FreeMemory(buf); return; #endif #if 1 if (argc == 1) return; RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, (PBOOLEAN)&Status); while (--argc) { pExePath = findextw(*++argv); if (CHAR_UPPER4W(*(PULONG64)pExePath) == CHAR_UPPER4W(TAG4W('.LNK'))) { if (FAILED(GetPathFromLinkFile(*argv, FullExePath, countof(FullExePath)))) { pExePath = *argv; } else { pExePath = FullExePath; } } else { pExePath = *argv; } RtlGetFullPathName_U(pExePath, sizeof(szDllPath), szDllPath, NULL); #if 0 Status = FakeCreateProcess(szDllPath, NULL); if (!NT_SUCCESS(Status)) #else rmnamew(szDllPath); ZeroMemory(&si, sizeof(si)); si.cb = sizeof(si); Status = CreateProcessInternalW( NULL, pExePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, *szDllPath == 0 ? NULL : szDllPath, &si, &pi, NULL); if (!Status) #endif { PrintConsoleW(L"%s: CreateProcess() failed\n", pExePath); continue; } ULONG Length; UNICODE_STRING DllFullPath; Length = Nt_GetExeDirectory(szDllPath, countof(szDllPath)); CopyStruct(szDllPath + Length, L"XP3Viewer.dll", sizeof(L"XP3Viewer.dll")); DllFullPath.Buffer = szDllPath; DllFullPath.Length = (USHORT)(Length + CONST_STRLEN(L"XP3Viewer.dll")); DllFullPath.Length *= sizeof(WCHAR); DllFullPath.MaximumLength = DllFullPath.Length; Status = InjectDllToRemoteProcess(pi.hProcess, pi.hThread, &DllFullPath, FALSE); if (!NT_SUCCESS(Status)) { // PrintError(GetLastError()); NtTerminateProcess(pi.hProcess, 0); } NtClose(pi.hProcess); NtClose(pi.hThread); } #endif }
PWSTR GetFileName( PWSTR HookedPath, ULONG HookedPathCount, PWSTR OriginalPath, ULONG OriginalCount, LPCSTR InputFileName, BOOL IsInputUnicode = FALSE ) { ULONG_PTR Length, AppPathLength; PWSTR FileName; static WCHAR szDataPath[] = L"data\\"; static WCHAR szPatch[] = L"patch\\\\"; static WCHAR szPatch2[] = L"patch2\\"; if (IsInputUnicode) { StrCopyW(OriginalPath, (PWSTR)InputFileName); } else { AnsiToUnicode(OriginalPath, OriginalCount, (PSTR)InputFileName, -1); } PLDR_MODULE Module; Module = FindLdrModuleByHandle(NULL); AppPathLength = (Module->FullDllName.Length - Module->BaseDllName.Length) / sizeof(WCHAR); Length = RtlGetFullPathName_U(OriginalPath, HookedPathCount * sizeof(WCHAR), HookedPath, NULL); Length = Length / sizeof(WCHAR) + 1; FileName = HookedPath + AppPathLength; LOOP_ONCE { if (StrNICompareW(FileName, szDataPath, countof(szDataPath) - 1) || StrNICompareW(Module->FullDllName.Buffer, HookedPath, AppPathLength)) { FileName = OriginalPath; break; } FileName += countof(szDataPath) - 2; RtlMoveMemory( FileName + countof(szPatch) - countof(szDataPath), FileName, (Length - (FileName - HookedPath)) * sizeof(*FileName) ); FileName -= countof(szDataPath) - 2; CopyStruct(FileName, szPatch, sizeof(szPatch) - sizeof(*szPatch)); WriteLog(L"pass1: %s", HookedPath); if (IsPathExists(HookedPath)) { FileName = HookedPath; break; } CopyStruct(FileName, szPatch2, sizeof(szPatch2) - sizeof(*szPatch2)); FileName = IsPathExists(HookedPath) ? HookedPath : OriginalPath; WriteLog(L"pass2: %s", HookedPath); } WriteLog(L"%d, %s -> %s", FileName == HookedPath, OriginalPath, HookedPath); return FileName; }
NTSTATUS CheckIsExplorer() { NTSTATUS Status; PLDR_MODULE Module; PWSTR FullPath, BackSlash; ULONG ReturnLength; ULONG_PTR Length; MEMORY_BASIC_INFORMATION MemoryBasic; PPROCESS_IMAGE_FILE_NAME ExeFileName; PMEMORY_MAPPED_FILENAME_INFORMATION NtdllFileName; MEMORY_MAPPED_FILENAME_INFORMATION LocalMapped; static WCHAR ExplorerName[] = L"explorer.exe"; Status = NtQueryVirtualMemory(CurrentProcess, NtClose, MemoryMappedFilenameInformation, &LocalMapped, sizeof(LocalMapped), &Length); if (Status != STATUS_INFO_LENGTH_MISMATCH && Status != STATUS_BUFFER_OVERFLOW) return Status; NtdllFileName = (PMEMORY_MAPPED_FILENAME_INFORMATION)AllocStack(Length); Status = NtQueryVirtualMemory(CurrentProcess, NtClose, MemoryMappedFilenameInformation, NtdllFileName, Length, &Length); FAIL_RETURN(Status); Status = NtQueryInformationProcess(CurrentProcess, ProcessImageFileName, nullptr, 0, &ReturnLength); if (Status != STATUS_INFO_LENGTH_MISMATCH) return Status; ExeFileName = (PPROCESS_IMAGE_FILE_NAME)AllocStack(ReturnLength); Status = NtQueryInformationProcess(CurrentProcess, ProcessImageFileName, ExeFileName, ReturnLength, &ReturnLength); FAIL_RETURN(Status); BackSlash = nullptr; Length = NtdllFileName->Name.Length / sizeof(WCHAR) - 1; for (; Length != 0; --Length) { if (NtdllFileName->Name.Buffer[Length] != '\\') continue; if (BackSlash != nullptr) { BackSlash = &NtdllFileName->Name.Buffer[Length]; break; } BackSlash = &NtdllFileName->Name.Buffer[Length]; } if (BackSlash == nullptr) return STATUS_NO_MATCH; ++BackSlash; if (PtrOffset(BackSlash, NtdllFileName->Name.Buffer) + sizeof(ExplorerName) > NtdllFileName->Name.MaximumLength) return STATUS_NO_MATCH; CopyStruct(BackSlash, ExplorerName, sizeof(ExplorerName)); NtdllFileName->Name.Length = PtrOffset(BackSlash + CONST_STRLEN(ExplorerName), NtdllFileName->Name.Buffer); Status = RtlEqualUnicodeString(&NtdllFileName->Name, &ExeFileName->ImageFileName, TRUE) ? STATUS_SUCCESS : STATUS_NO_MATCH; return Status; }
BOOL FASTCALL GetCharOutline( IN LONG Unknown, PVOID, IN PVOID pThis, IN ULONG Height, IN WCHAR uChar, OUT PULONG pBitsPerRow, IN OUT PULONG pDescent, IN OUT ALICE_MEMORY *pMem ) { HDC hDC; HFONT hFont; ULONG FontIndex, OutlineSize, BytesPerRow, BitsOfLeftSpace; GLYPHMETRICS GlyphMetrics; BYTE Buffer[0x5000]; PBYTE pbOutline, pbBuffer; FONT_OUTLINE_INFO *pOutlineInfo; static FONT_OUTLINE_INFO *s_pOutlineInfo; static MAT2 mat = { { 0, 1 }, { 0, 0 }, { 0, 0 }, { 0, 1 } }; pOutlineInfo = s_pOutlineInfo; if (s_pOutlineInfo == NULL) { HANDLE hHeap = CMem::GetGlobalHeap(); if (hHeap == NULL) { hHeap = CMem::CreateGlobalHeap(); if (hHeap == NULL) goto DEFAULT_PROC; } pOutlineInfo = (FONT_OUTLINE_INFO *)HeapAlloc(hHeap, 0, sizeof(*pOutlineInfo)); if (pOutlineInfo == NULL) goto DEFAULT_PROC; s_pOutlineInfo = pOutlineInfo; pOutlineInfo->hDC = NULL; pOutlineInfo->LastFontIndex = -1; ZeroMemory(pOutlineInfo->hFont, sizeof(pOutlineInfo->hFont)); FillMemory(pOutlineInfo->Descent, sizeof(pOutlineInfo->Descent), -1); } if (Unknown < 0 || IsCharSpec(uChar)) goto DEFAULT_PROC; FontIndex = Height / FONT_STEP; if (FontIndex > countof(pOutlineInfo->hFont)) goto DEFAULT_PROC; hDC = pOutlineInfo->hDC; if (hDC == NULL) { hDC = CreateCompatibleDC(NULL); if (hDC == NULL) goto DEFAULT_PROC; pOutlineInfo->hDC = hDC; } hFont = pOutlineInfo->hFont[FontIndex]; if (hFont == NULL) { LOGFONTW lf; ZeroMemory(&lf, sizeof(lf)); lf.lfHeight = Height; lf.lfWeight = FW_NORMAL; lf.lfCharSet = GB2312_CHARSET; lf.lfQuality = CLEARTYPE_QUALITY; lf.lfPitchAndFamily = FIXED_PITCH; CopyStruct(lf.lfFaceName, g_szFaceName, sizeof(g_szFaceName)); hFont = CreateFontIndirectW(&lf); if (hFont == NULL) goto DEFAULT_PROC; pOutlineInfo->hFont[FontIndex] = hFont; } if (FontIndex != pOutlineInfo->LastFontIndex) { if (SelectObject(hDC, hFont) == HGDI_ERROR) goto DEFAULT_PROC; pOutlineInfo->LastFontIndex = FontIndex; } if (pDescent != NULL) { TEXTMETRICW tm; tm.tmDescent = pOutlineInfo->Descent[FontIndex]; if (tm.tmDescent == -1) { if (GetTextMetricsW(hDC, &tm)) pOutlineInfo->Descent[FontIndex] = tm.tmDescent; else ++tm.tmDescent; } *pDescent = tm.tmDescent; if (pBitsPerRow == NULL) return TRUE; } uChar = MBCharToUnicode(uChar); OutlineSize = GetGlyphOutlineW( hDC, uChar, GGO_BITMAP, &GlyphMetrics, sizeof(Buffer), pThis == NULL ? NULL : Buffer, &mat); if (OutlineSize == GDI_ERROR) goto DEFAULT_PROC; #if 0 ULONG DwordOfLeftSpace, BytesPerRowRaw, Mask; static BYTE Bits[FONT_COUNT] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x16, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C }; BitsOfLeftSpace = Bits[FontIndex]; BitsOfLeftSpace = 4; DwordOfLeftSpace = BitsOfLeftSpace / 8 / 4; if (pBitsPerRow != NULL) *pBitsPerRow = GlyphMetrics.gmBlackBoxX + BitsOfLeftSpace % bitsof(DWORD) + DwordOfLeftSpace * 4 * 8; if (pDescent != NULL) { TEXTMETRICW tm; tm.tmDescent = s_Descent[FontIndex]; if (tm.tmDescent == -1) { if (GetTextMetricsW(hDC, &tm)) s_Descent[FontIndex] = tm.tmDescent; else ++tm.tmDescent; } *pDescent = tm.tmDescent; } if (pThis == NULL) return TRUE; BytesPerRow = GlyphMetrics.gmBlackBoxX + BitsOfLeftSpace; BytesPerRow = ROUND_UP(BytesPerRow, bitsof(DWORD)) / 8; BitsOfLeftSpace %= bitsof(DWORD); ChipSpriteEngAllocMemory(pMem, BytesPerRow * Height); if (pMem->pvBufferEnd == pMem->pvBuffer) goto DEFAULT_PROC; ZeroMemory(pMem->pvBuffer, BytesPerRow * Height); BytesPerRowRaw = ROUND_UP(GlyphMetrics.gmBlackBoxX, bitsof(DWORD)) / 8; pbBuffer = Buffer; pbOutline = (PBYTE)pMem->pvBuffer; pbOutline += (GlyphMetrics.gmBlackBoxY - 1) * BytesPerRow; pbOutline += ((Height - GlyphMetrics.gmBlackBoxY) / 2 - 1) * BytesPerRow; pbOutline += DwordOfLeftSpace * 4; Mask = _rotl(1, BitsOfLeftSpace) - 1; for (ULONG i = GlyphMetrics.gmBlackBoxY; i; --i) { PBYTE pbOutline2, pbBuffer2; DWORD BitsHigh, BitsLow; BitsHigh = 0; BitsLow = 0; pbBuffer2 = pbBuffer; pbOutline2 = pbOutline; for (ULONG Count = BytesPerRowRaw / 4; Count; --Count) { DWORD v = *(PDWORD)pbBuffer2; BitsHigh = _rotl(v, BitsOfLeftSpace) & Mask; v = (v << BitsOfLeftSpace) | BitsLow; BitsLow = BitsHigh; *(PDWORD)pbOutline2 = v; pbOutline2 += 4; pbBuffer2 += 4; } // *(PDWORD)pbOutline2 = BitsLow; pbOutline -= BytesPerRow; pbBuffer += BytesPerRowRaw; } WCHAR buf[0x500]; wsprintfW( buf - 1 + GetTextFaceW(hDC, countof(buf), buf), L" Char = %c Index = %02u Bits = %02X", uChar, FontIndex + 1, BitsOfLeftSpace); SetWindowTextW(GetActiveWindow(), buf); #else ULONG BytesPerRowRaw; static BYTE Bits[FONT_COUNT] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x16, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C }; BitsOfLeftSpace = Bits[FontIndex]; if (pBitsPerRow != NULL) *pBitsPerRow = GlyphMetrics.gmBlackBoxX + BitsOfLeftSpace; if (pThis == NULL) return TRUE; BytesPerRow = GlyphMetrics.gmBlackBoxX + BitsOfLeftSpace; BytesPerRow = ROUND_UP(BytesPerRow, bitsof(DWORD)) / 8; ChipSpriteEngAllocMemory(pMem, BytesPerRow * Height); if (pMem->pvBufferEnd == pMem->pvBuffer) goto DEFAULT_PROC; ZeroMemory(pMem->pvBuffer, BytesPerRow * Height); BytesPerRowRaw = ROUND_UP(GlyphMetrics.gmBlackBoxX, bitsof(DWORD)) / 8; pbBuffer = Buffer; pbOutline = (PBYTE)pMem->pvBuffer; pbOutline += (GlyphMetrics.gmBlackBoxY - 1) * BytesPerRow; pbOutline += ((Height - GlyphMetrics.gmBlackBoxY) / 2 - 1) * BytesPerRow; for (ULONG i = GlyphMetrics.gmBlackBoxY; i; --i) { __movsd(pbOutline, pbBuffer, BytesPerRowRaw / 4); pbOutline -= BytesPerRow; pbBuffer += BytesPerRowRaw; } #endif return TRUE; DEFAULT_PROC: if (pThis == NULL) return FALSE; return OldGetCharOutline(Unknown, 0, pThis, Height, uChar, pBitsPerRow, pDescent, pMem); }
ULONG UnicodeWin32FindDataToAnsi(LPWIN32_FIND_DATAW pwfdW, LPWIN32_FIND_DATAA pwfdA) { CopyStruct(pwfdA, pwfdW, FIELD_OFFSET(WIN32_FIND_DATAW, cFileName)); Nt_UnicodeToAnsi(pwfdA->cFileName, sizeof(pwfdA->cFileName), pwfdW->cFileName, -1); return Nt_UnicodeToAnsi(pwfdA->cAlternateFileName, sizeof(pwfdA->cAlternateFileName), pwfdW->cAlternateFileName, -1); }
PWCHAR GetFileName( PWCHAR pszHooked, ULONG HookedBufferCount, PWCHAR pszOriginal, ULONG OriginalCount, LPCSTR lpFileName, BOOL IsInputUnicode = FALSE ) { ULONG Length, AppPathLength; PWCHAR pszFileName; static WCHAR szDataPath[] = L"data\\"; static WCHAR szPatch[] = L"patch\\\\\\"; static WCHAR szDataSc[] = L"data_sc\\"; if (IsInputUnicode) { lstrcpyW(pszOriginal, (LPWSTR)lpFileName); } else { Nt_AnsiToUnicode(pszOriginal, OriginalCount, (PCHAR)lpFileName, -1); } Length = RtlGetFullPathName_U(pszOriginal, HookedBufferCount * sizeof(WCHAR), pszHooked, NULL); Length = Length / sizeof(WCHAR) + 1; AppPathLength = g_AppPathLength; pszFileName = pszHooked + AppPathLength; LOOP_ONCE { if (StrNICompareW(pszFileName, szDataPath, countof(szDataPath) - 1) || StrNICompareW((PWCHAR)g_AppPathBuffer, pszHooked, AppPathLength)) { pszFileName = pszOriginal; break; } pszFileName += countof(szDataPath) - 2; RtlMoveMemory( pszFileName + countof(szDataSc) - countof(szDataPath), pszFileName, (Length - (pszFileName - pszHooked)) * sizeof(*pszFileName) ); pszFileName -= countof(szDataPath) - 2; CopyStruct(pszFileName, szPatch, sizeof(szPatch) - sizeof(*szPatch)); if (Nt_IsPathExists(pszHooked)) { pszFileName = pszHooked; break; } CopyStruct(pszFileName, szDataSc, sizeof(szDataSc) - sizeof(*szDataSc)); if (!Nt_IsPathExists(pszHooked)) pszFileName = pszOriginal; else pszFileName = pszHooked; } /* AllocConsole(); PrintConsoleW(L"%s\n", pszFileName); if (!StrICompareW(findextw(pszFileName), L".it3")) __asm nop; */ #if CONSOLE_DEBUG PrintConsoleW(L"%s\n", pszFileName); #endif return pszFileName; }
BOOL Initialize(PVOID BaseAddress) { PVOID hModule; SizeT Length, Length2; LPWSTR lpCmdLineW, pCmdLine; WChar end, szCmdLine[MAX_PATH + 40]; static WChar AddCmdLineHeadW[] = L" --user-data-dir=\""; static WChar AddCmdLineTailW[] = L"UserData\" --purge-memory-button"; LdrDisableThreadCalloutsForDll(BaseAddress); Length = Nt_GetSystemDirectory(szCmdLine, countof(szCmdLine)); CopyStruct(szCmdLine + Length, L"wtsapi32.dll", sizeof(L"wtsapi32.dll")); hModule = Ldr::LoadDll(szCmdLine); *(PVOID *)&StubWTSFreeMemory = GetRoutineAddress(hModule, "WTSFreeMemory"); *(PVOID *)&StubWTSQuerySessionInformationW = GetRoutineAddress(hModule, "WTSQuerySessionInformationW"); *(PVOID *)&StubWTSUnRegisterSessionNotification = GetRoutineAddress(hModule, "WTSUnRegisterSessionNotification"); *(PVOID *)&StubWTSRegisterSessionNotification = GetRoutineAddress(hModule, "WTSRegisterSessionNotification"); *(PVOID *)&StubWTSQueryUserToken = GetRoutineAddress(hModule, "WTSQueryUserToken"); lpCmdLineW = Ps::GetCommandLine(); Length = StrLengthW(lpCmdLineW); pCmdLine = szCmdLine; StrCopyW(pCmdLine, AddCmdLineHeadW); pCmdLine += countof(AddCmdLineHeadW) - 1; pCmdLine += Nt_GetExeDirectory(pCmdLine, countof(szCmdLine) - (pCmdLine - szCmdLine)); StrCopyW(pCmdLine, AddCmdLineTailW); pCmdLine += countof(AddCmdLineTailW); Length2 = pCmdLine - szCmdLine; g_pCmdLineW = (PWChar)AllocateMemory(Length * 2 + Length2 * 2 + 2); pCmdLine = lpCmdLineW; end = *pCmdLine++ == '\"' ? '\"' : ' '; while (*pCmdLine && *pCmdLine != end) ++pCmdLine; ++pCmdLine; /* if (*++pCmdLine) { while (*pCmdLine == ' ' || *pCmdLine == '\t') ++pCmdLine; } */ end = *pCmdLine; *pCmdLine = 0; StrCopyW(g_pCmdLineW, lpCmdLineW); *pCmdLine = end; lpCmdLineW = g_pCmdLineW + (pCmdLine - lpCmdLineW); StrCopyW(lpCmdLineW, szCmdLine); lpCmdLineW += Length2 - 1; StrCopyW(lpCmdLineW, pCmdLine); Length = StrLengthW(g_pCmdLineW); g_pCmdLineA = (PChar)AllocateMemory(Length * 2); // WideCharToMultiByte(CP_ACP, 0, g_pCmdLineW, -1, g_pCmdLineA, Length * 2, NULL, NULL); UnicodeToAnsi(g_pCmdLineA, Length * 2, g_pCmdLineW, -1); hModule = Nt_GetModuleHandle(L"chrome.dll"); MEMORY_FUNCTION_PATCH f[] = { INLINE_HOOK_JUMP_NULL(::GetCommandLineW, MyGetCommandLineW), INLINE_HOOK_JUMP_NULL(::GetCommandLineA, MyGetCommandLineA), INLINE_HOOK_JUMP(LoadAcceleratorsW, MyLoadAcceleratorsW, StubLoadAcceleratorsW), }; Nt_PatchMemory(0, 0, f, countof(f), 0); return TRUE; }