VOID
NTAPI
HookedLdrHotPatchRoutine(
HotPatchBuffer * s_HotPatchBuffer
)
{
DEBUG_PRINTF(LSHL, NULL, "HookedLdrHotPatchRoutine called.\n");
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_API);
mxmlElementSetAttr(XmlIDLogNode, "api", "LdrHotPatchRoutine");
mxmlElementSetAttrf(XmlIDLogNode, "value", "%ls,%ls", s_HotPatchBuffer->PatcherName, s_HotPatchBuffer->PatcheeName);
if (PWNYPOT_REGCONFIG.SHELLCODE.ALLOW_MALWARE_DOWNLOAD)
{
//mxmlElementSetAttr(XmlIDLogNode, "downloaded_dll", "1");
SaveXml( XmlLog );
LdrHotPatchRoutine_(s_HotPatchBuffer);
}
else {
//mxmlElementSetAttr(XmlIDLogNode, "downloaded_dll", "0");
SaveXml( XmlLog );
DEBUG_PRINTF(LSHL, NULL, "Denied downloading of library because of ALLOW_MALWARE_DOWNLOAD=0");
}
}
BOOL
WINAPI
HookedSetProcessDEPPolicy(
DWORD dwFlags
)
{
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_API);
mxmlElementSetAttr(XmlIDLogNode, "api", "SetProcessDEPPolicy");
mxmlElementSetAttrf(XmlIDLogNode, "value", "%d", dwFlags);
if (PWNYPOT_REGCONFIG.GENERAL.ALLOW_MALWARE_EXEC)
{
SaveXml( XmlLog );
return SetProcessDEPPolicy_(dwFlags);
}
else
{
if (dwFlags == 0)
{
DEBUG_PRINTF(LSHL, NULL, "Stopping Process because it was trying to disable DEP.\n");
SaveXml( XmlLog );
TerminateProcess(GetCurrentProcess(), STATUS_ACCESS_VIOLATION);
}
}
return 0;
}
SOCKET
WSAAPI
Hookedaccept(
SOCKET s,
struct sockaddr *addr,
int *addrlen
)
{
if ( DbgGetShellcodeFlag() == MCEDP_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlLogNode;
PXMLNODE XmlIDLogNode;
CHAR szPort[20];
sockaddr_in *sdata;
sdata = (sockaddr_in *)addr;
if ( addr != NULL && addrlen != NULL )
{
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
XmlLogNode = mxmlNewElement( XmlIDLogNode, "type");
mxmlNewText( XmlLogNode, 0, "7");
// accept
XmlLogNode = mxmlNewElement( XmlIDLogNode, "accept_ip");
mxmlNewText( XmlLogNode, 0, inet_ntoa(sdata->sin_addr));
XmlLogNode = mxmlNewElement( XmlIDLogNode, "accept_port");
mxmlNewText( XmlLogNode, 0, _itoa(htons(sdata->sin_port),szPort, 10));
// save
SaveXml( XmlLog );
}
else
{
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
XmlLogNode = mxmlNewElement( XmlIDLogNode, "type");
mxmlNewText( XmlLogNode, 0, "7");
// accept
XmlLogNode = mxmlNewElement( XmlIDLogNode, "accept_ip");
mxmlNewText( XmlLogNode, 0, "NULL");
XmlLogNode = mxmlNewElement( XmlIDLogNode, "accept_port");
mxmlNewText( XmlLogNode, 0, "NULL");
// save
SaveXml( XmlLog );
}
}
return (accept_( s, addr, addrlen ));
}
int
WSAAPI
Hookedrecv(
SOCKET s,
char *buf,
int len,
int flags
)
{
if ( DbgGetShellcodeFlag() == PWNYPOT_STATUS_SHELLCODE_FLAG_SET && len > 1)
{
CHAR szPort[20];
CHAR szUID[UID_SIZE];
sockaddr_in sdata;
int sock_len = sizeof(sockaddr);
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_RECV);
getpeername( s, (sockaddr *)&sdata, &sock_len);
mxmlElementSetAttrf(XmlIDLogNode, "socket", "%d", s);
mxmlElementSetAttr(XmlIDLogNode, "recv_ip", inet_ntoa(sdata.sin_addr));
mxmlElementSetAttr(XmlIDLogNode, "recv_port", _itoa(htons(sdata.sin_port), szPort, 10));
mxmlElementSetAttr(XmlIDLogNode, "recv_datalen", _itoa(len, szPort, 10));
mxmlElementSetAttr(XmlIDLogNode, "data_uid", GenRandomStr(szUID, UID_SIZE-1));
HexDumpToFile((PBYTE)buf, len ,szUID);
// save
SaveXml( XmlLog );
}
return (recv_( s, buf, len, flags));
}
NTSTATUS
WINAPI
HookedNtSetInformationProcess(
HANDLE ProcessHandle,
ULONG ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength
)
{
if (ProcessInformationClass == ProcessExecuteFlags){
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_API);
mxmlElementSetAttr(XmlIDLogNode, "api", "NtSetInformationProcess");
mxmlElementSetAttrf(XmlIDLogNode, "value", "0x%p", (*(ULONG_PTR *)ProcessInformation));
SaveXml( XmlLog );
if (PWNYPOT_REGCONFIG.GENERAL.ALLOW_MALWARE_EXEC)
{
DEBUG_PRINTF(LSHL, NULL, "HookedNtSetInformationProcess is called with ProcessExecuteFlags value: %p.\n", (*(ULONG_PTR *)ProcessInformation) );
return NtSetInformationProcess_(ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength);
}
else
{
if (((*(ULONG_PTR *)ProcessInformation) & MEM_EXECUTE_OPTION_ENABLE) == 0x2 )
{
DEBUG_PRINTF(LSHL, NULL, "Stopping Process because it was trying to disable DEP.\n");
TerminateProcess(GetCurrentProcess(), STATUS_ACCESS_VIOLATION);
}
}
}
return 0;
}
HMODULE
WINAPI
HookedLoadLibraryExW(
LPCWSTR lpLibFileName,
HANDLE hFile,
DWORD dwFlags
)
{
if ( DbgGetShellcodeFlag() == MCEDP_STATUS_SHELLCODE_FLAG_SET )
{
CHAR *szLibFileNameA = (CHAR *)LocalAlloc(LMEM_ZEROINIT, 1024);
PXMLNODE XmlLogNode;
PXMLNODE XmlDataNode;
if ( lpLibFileName != NULL )
wcstombs( szLibFileNameA, lpLibFileName, 1024);
XmlLogNode = CreateXmlElement( XmlShellcode, "loadlib");
XmlDataNode = CreateXmlElement( XmlLogNode, "libname");
SetTextNode( XmlDataNode, 0, szLibFileNameA);
SaveXml( XmlLog );
LocalFree(szLibFileNameA);
}
return (LoadLibraryExW_( lpLibFileName, hFile, dwFlags));
}
int
WSAAPI
Hookedlisten(
SOCKET s,
int backlog
)
{
if ( DbgGetShellcodeFlag() == MCEDP_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlLogNode;
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
XmlLogNode = mxmlNewElement( XmlIDLogNode, "type");
mxmlNewText( XmlLogNode, 0, "5");
// listen
XmlLogNode = mxmlNewElement( XmlIDLogNode, "listen_desc");
mxmlNewText( XmlLogNode, 0, "Shellcode attemp to listen on a port (possibly on previously bind address).");
// save
SaveXml( XmlLog );
}
return (listen_( s,backlog ));
}
int
WSAAPI
Hookedbind(
SOCKET s,
const struct sockaddr *name,
int namelen
)
{
if ( DbgGetShellcodeFlag() == MCEDP_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlLogNode;
PXMLNODE XmlIDLogNode;
CHAR szPort[20];
sockaddr_in *sdata;
sdata = (sockaddr_in *)name;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
XmlLogNode = mxmlNewElement( XmlIDLogNode, "type");
mxmlNewText( XmlLogNode, 0, "6");
// bind
XmlLogNode = mxmlNewElement( XmlIDLogNode, "bind_ip");
mxmlNewText( XmlLogNode, 0, inet_ntoa(sdata->sin_addr));
XmlLogNode = mxmlNewElement( XmlIDLogNode, "bind_port");
mxmlNewText( XmlLogNode, 0, itoa(htons(sdata->sin_port),szPort, 10));
// save
SaveXml( XmlLog );
}
return (bind_(s, name, namelen));
}
int
WSAAPI
Hookedlisten(
SOCKET s,
int backlog
)
{
if ( DbgGetShellcodeFlag() == PWNYPOT_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlIDLogNode;
PXMLNODE XmlLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_LISTEN);
// listen
mxmlElementSetAttrf(XmlIDLogNode, "socket", "%d", s);
XmlLogNode = mxmlNewElement( XmlIDLogNode, "listen_desc");
mxmlNewText( XmlLogNode, 0, "Shellcode attemp to listen on a port (possibly on previously bind address).");
// save
SaveXml( XmlLog );
}
return (listen_( s,backlog ));
}
int
WSAAPI
Hookedbind(
SOCKET s,
const struct sockaddr *name,
int namelen
)
{
if ( DbgGetShellcodeFlag() == PWNYPOT_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlIDLogNode;
CHAR szPort[20];
sockaddr_in *sdata;
sdata = (sockaddr_in *)name;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_BIND);
mxmlElementSetAttrf(XmlIDLogNode, "socket", "%d", s);
mxmlElementSetAttr(XmlIDLogNode, "bind_ip", inet_ntoa(sdata->sin_addr));
mxmlElementSetAttr(XmlIDLogNode, "bind_port", _itoa(htons(sdata->sin_port),szPort, 10));
// save
SaveXml( XmlLog );
}
return (bind_(s, name, namelen));
}
bool GameMode::ExportToString(std::string& mode,
std::string& mode_objects) const
{
mode_objects = doc_objects->ExportToString();
XmlWriter *out = SaveXml(m_current);
mode = out->SaveToString();
delete out;
return !mode_objects.empty() && !mode.empty();
}
bool SettingsManager::AddProfile(Profile profile)
{
// check if the profile already exists
wxArrayString profileNameList = GetProfilesList();
for(int i = 0; i < (int)profileNameList.Count(); i++)
{
if(profileNameList[i] == profile.GetName())
return false;
}
m_profileArray.Add(profile);
SaveXml();
return true;
}
bool GameMode::ExportToFile(const std::string& game_mode_name)
{
Config * config = Config::GetInstance();
std::string filename = std::string("game_mode" PATH_SEPARATOR)
+ game_mode_name + std::string(".xml");
std::string fullname = config->GetPersonalDataDir() + filename;
XmlWriter *out = SaveXml(game_mode_name, fullname);
if (!out)
return false;
bool ok = out->Save();
delete out;
return ok;
}
void SettingsManager::DeleteProfile(wxString profileName)
{
// cannot delete Latest
if(profileName == wxT("Latest"))
return;
for(int i = 0; i < (int)m_profileArray.Count(); i++)
{
if(m_profileArray[i].GetName() == profileName)
{
m_profileArray.RemoveAt(i);
SaveXml();
return;
}
}
}
HRESULT
WINAPI
HookedURLDownloadToFileW(
LPUNKNOWN pCaller,
LPCWSTR szURL,
LPCWSTR szFileName,
DWORD dwReserved,
LPBINDSTATUSCALLBACK lpfnCB
)
{
if ( DbgGetShellcodeFlag() == MCEDP_STATUS_SHELLCODE_FLAG_SET )
{
CHAR *szUrlA = (CHAR *)LocalAlloc(LMEM_ZEROINIT, 1024);
CHAR *szFileNameA = (CHAR *)LocalAlloc(LMEM_ZEROINIT, 1024);
PXMLNODE XmlLogNode;
PXMLNODE XmlIDLogNode;
if ( szURL != NULL )
wcstombs( szUrlA, szURL, 1024);
if ( szFileName != NULL )
wcstombs( szFileNameA, szFileName, 1024);
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
/* type */
XmlLogNode = mxmlNewElement( XmlIDLogNode, "type");
mxmlNewText( XmlLogNode, 0, "2");
/* download */
XmlLogNode = mxmlNewElement( XmlIDLogNode, "download_url");
mxmlNewText( XmlLogNode, 0, (PCHAR)szUrlA);
XmlLogNode = mxmlNewElement( XmlIDLogNode, "download_filename");
mxmlNewText( XmlLogNode, 0, (PCHAR)szFileNameA);
/* save */
SaveXml( XmlLog );
if ( MCEDP_REGCONFIG.SHELLCODE.ALLOW_MALWARE_DWONLOAD == FALSE )
return S_OK;
LocalFree(szUrlA);
LocalFree(szFileNameA);
}
return (URLDownloadToFileW_( pCaller, szURL, szFileName, dwReserved, lpfnCB));
}
int
WSAAPI
Hookedsend(
SOCKET s,
const char *buf,
int len,
int flags
)
{
if ( DbgGetShellcodeFlag() == MCEDP_STATUS_SHELLCODE_FLAG_SET )
{
CHAR szPort[20];
CHAR szUID[UID_SIZE];
sockaddr_in sdata;
PXMLNODE XmlLogNode;
PXMLNODE XmlIDLogNode;
int sock_len = sizeof(sockaddr);
if ( len > 1 )
{
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
XmlLogNode = mxmlNewElement( XmlIDLogNode, "type");
mxmlNewText( XmlLogNode, 0, "8");
// send
getpeername( s, (sockaddr *)&sdata, &sock_len);
XmlLogNode = mxmlNewElement( XmlIDLogNode, "send_ip");
mxmlNewText( XmlLogNode, 0, inet_ntoa(sdata.sin_addr));
XmlLogNode = mxmlNewElement( XmlIDLogNode, "send_port");
mxmlNewText( XmlLogNode, 0, _itoa(htons(sdata.sin_port), szPort, 10));
XmlLogNode = mxmlNewElement( XmlIDLogNode, "send_datalen");
mxmlNewText( XmlLogNode, 0, _itoa(len, szPort, 10));
XmlLogNode = mxmlNewElement( XmlIDLogNode, "data_uid");
mxmlNewText( XmlLogNode, 0, GenRandomStr(szUID, UID_SIZE-1));
HexDumpToFile((PBYTE)buf, len ,szUID);
// save
SaveXml( XmlLog );
}
}
return (send_( s, buf, len, flags));
}
bool SettingsManager::ModifyProfile(wxString profileName, Profile profile)
{
for(int i = 0; i < (int)m_profileArray.Count(); i++)
{
if(m_profileArray[i].GetName() == profileName)
{
m_profileArray[i] = profile;
// if modifying the Latest profile, make sure that it keep it's name
if(profileName == wxT("Latest"))
m_profileArray[i].SetName(wxT("Latest"));
SaveXml();
return true;
}
}
return false;
}
SOCKET
WSAAPI
Hookedaccept(
SOCKET s,
struct sockaddr *addr,
int *addrlen
)
{
if ( DbgGetShellcodeFlag() == PWNYPOT_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlIDLogNode;
CHAR szPort[20];
sockaddr_in *sdata;
sdata = (sockaddr_in *)addr;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_ACCEPT);
if ( addr != NULL && addrlen != NULL )
{
mxmlElementSetAttrf(XmlIDLogNode, "socket", "%d", s);
mxmlElementSetAttr(XmlIDLogNode, "accept_ip", inet_ntoa(sdata->sin_addr));
mxmlElementSetAttr(XmlIDLogNode, "accept_port", _itoa(htons(sdata->sin_port),szPort, 10));
}
else
{
mxmlElementSetAttr(XmlIDLogNode, "accept_ip", "NULL");
mxmlElementSetAttr(XmlIDLogNode, "accept_port", "NULL");
}
// save
SaveXml( XmlLog );
}
return (accept_( s, addr, addrlen ));
}
void CFilterDlg::OnSave(UINT /*uNotifyCode*/, int /*nID*/, CWindow /*wndCtl*/)
{
CFileDialog dlg(false, L".xml", m_name.c_str(), OFN_OVERWRITEPROMPT | OFN_HIDEREADONLY,
L"XML Files (*.xml)\0*.xml\0"
L"JSON Files (*.json)\0*.json\0"
L"All Files\0*.*\0"
L"\0", 0);
dlg.m_ofn.nFilterIndex = 0;
dlg.m_ofn.lpstrTitle = L"Save DebugView Filter";
if (dlg.DoModal() != IDOK)
return;
LogFilter filter;
auto name = Win32::GetDlgItemText(*this, IDC_NAME);
filter.messageFilters = m_messagePage.GetFilters();
filter.processFilters = m_processPage.GetFilters();
auto ext = GetFileNameExt(dlg.m_szFileName);
auto fileName = Str(dlg.m_szFileName).str();
if (boost::iequals(ext, L"json"))
SaveJson(fileName, Str(name), filter);
else /* if (boost::iequals(ext, L"xml")) */
SaveXml(fileName, Str(name), filter);
}
void SettingsManager::SetVideoDevice(const wxString &videoDevice)
{
m_videoDevice = videoDevice;
SaveXml();
}
SOCKET
WSAAPI
Hookedsocket(
int af,
int type,
int protocol
)
{
if ( DbgGetShellcodeFlag() == MCEDP_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlLogNode;
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
XmlLogNode = mxmlNewElement( XmlIDLogNode, "type");
mxmlNewText( XmlLogNode, 0, "3");
// socket
XmlLogNode = mxmlNewElement( XmlIDLogNode, "socket_af");
switch (af)
{
case AF_UNSPEC:
mxmlNewText( XmlLogNode, 0, "Unspecified");
break;
case AF_INET:
mxmlNewText( XmlLogNode, 0, "AF_INET (IPv4)");
break;
case AF_INET6:
mxmlNewText( XmlLogNode, 0, "AF_INET6 (IPv6)");
break;
case AF_NETBIOS:
mxmlNewText( XmlLogNode, 0, "AF_NETBIOS (NetBIOS)");
break;
case AF_BTH:
mxmlNewText( XmlLogNode, 0, "AF_BTH (Bluetooth)");
break;
default:
mxmlNewText( XmlLogNode, 0, "Other");
break;
}
XmlLogNode = mxmlNewElement( XmlIDLogNode, "socket_type");
switch (type)
{
case 0:
mxmlNewText( XmlLogNode, 0, "Unspecified");
break;
case SOCK_STREAM:
mxmlNewText( XmlLogNode, 0, "SOCK_STREAM (stream)");
break;
case SOCK_DGRAM:
mxmlNewText( XmlLogNode, 0, "SOCK_DGRAM (datagram)");
break;
case SOCK_RAW:
mxmlNewText( XmlLogNode, 0, "SOCK_RAW (raw)");
break;
case SOCK_RDM:
mxmlNewText( XmlLogNode, 0, "SOCK_RDM (reliable message datagram)");
break;
case SOCK_SEQPACKET:
mxmlNewText( XmlLogNode, 0, "SOCK_SEQPACKET (pseudo-stream packet)");
break;
default:
mxmlNewText( XmlLogNode, 0, "Other");
break;
}
XmlLogNode = mxmlNewElement( XmlIDLogNode, "socket_protocol");
switch (protocol)
{
case 0:
mxmlNewText( XmlLogNode, 0, "Unspecified");
break;
case IPPROTO_ICMP:
mxmlNewText( XmlLogNode, 0, "IPPROTO_ICMP (ICMP)");
break;
case IPPROTO_IGMP:
mxmlNewText( XmlLogNode, 0, "IPPROTO_IGMP (IGMP)");
break;
case IPPROTO_TCP:
mxmlNewText( XmlLogNode, 0, "IPPROTO_TCP (TCP)");
break;
case IPPROTO_UDP:
mxmlNewText( XmlLogNode, 0, "IPPROTO_UDP (UDP)");
break;
case IPPROTO_ICMPV6:
mxmlNewText( XmlLogNode, 0, "IPPROTO_ICMPV6 (ICMP Version 6)");
break;
default:
mxmlNewText( XmlLogNode, 0, "Other");
break;
}
// save
SaveXml( XmlLog );
}
return (socket_( af, type, protocol));
}
void SettingsManager::SetVideoCodec(const wxString &videoCodec)
{
m_videoCodec = videoCodec;
SaveXml();
}
BOOL
WINAPI
HookedCreateProcessInternalW(
HANDLE hToken,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
PHANDLE hNewToken
)
{
BOOL bReturn;
CHAR szDllFullPath[MAX_PATH];
/* apply config rules if shellcode or ROP detected */
if ( DbgGetShellcodeFlag() == MCEDP_STATUS_SHELLCODE_FLAG_SET || DbgGetRopFlag() == MCEDP_STATUS_ROP_FLAG_SET )
{
if ( MCEDP_REGCONFIG.SHELLCODE.ANALYSIS_SHELLCODE )
{
CHAR *szApplicationNameA = (CHAR *)LocalAlloc(LMEM_ZEROINIT, 1024);
CHAR *szCommandLineA = (CHAR *)LocalAlloc(LMEM_ZEROINIT, 1024);
PXMLNODE XmlLogNode;
PXMLNODE XmlIDLogNode;
if ( lpApplicationName != NULL )
wcstombs( szApplicationNameA, lpApplicationName, 1024);
if ( lpCommandLine != NULL )
wcstombs( szCommandLineA, lpCommandLine, 1024);
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
/* type */
XmlLogNode = mxmlNewElement( XmlIDLogNode, "type");
mxmlNewText( XmlLogNode, 0, "1");
/* exec */
XmlLogNode = mxmlNewElement( XmlIDLogNode, "exec_process");
mxmlNewText( XmlLogNode, 0, szApplicationNameA);
XmlLogNode = mxmlNewElement( XmlIDLogNode, "exec_cmd");
mxmlNewText( XmlLogNode, 0, szCommandLineA);
/* save */
SaveXml( XmlLog );
LocalFree(szApplicationNameA);
LocalFree(szCommandLineA);
}
/* if malware execution is not allowd then terminate the process */
if ( MCEDP_REGCONFIG.GENERAL.ALLOW_MALWARE_EXEC == FALSE )
TerminateProcess(GetCurrentProcess(), STATUS_ACCESS_VIOLATION);
/* let the malware execute */
return (CreateProcessInternalW_( hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation, hNewToken));
}
/* if the process is creating with CREATE_SUSPENDED flag, let it do its job */
if ( IsBitSet(dwCreationFlags, 2) )
{
bReturn = CreateProcessInternalW_( hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation, hNewToken);
if ( bReturn != FALSE )
{
strncpy( szDllFullPath, MCEDP_REGCONFIG.MCEDP_MODULE_PATH, MAX_PATH );
if ( InjectDLLIntoProcess( szDllFullPath, lpProcessInformation->hProcess ) != MCEDP_STATUS_SUCCESS )
{
DEBUG_PRINTF(LDBG, NULL, "Module failed to inject itself into newly created process , PID : %d\n", lpProcessInformation->dwProcessId);
return bReturn;
}
DEBUG_PRINTF(LDBG, NULL, "Module injected itself into newly created process , PID : %d\n", lpProcessInformation->dwProcessId);
/* Sleep for INIT_WAIT_TIME sec and let MCEDP init itself in newly created process
TODO : use a messaging mechanism and resume process after init finished instead of sleeping! */
Sleep(INIT_WAIT_TIME);
return bReturn;
}
}
else
{
/* if the process is not creating with CREATE_SUSPENDED flag, force it do it */
bReturn = CreateProcessInternalW_( hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags | CREATE_SUSPENDED , lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation, hNewToken);
if ( bReturn != FALSE )
{
/* TODO : We dont need this if ther process is already added into Protection List in registry, so we should remove this lines */
strncpy( szDllFullPath, MCEDP_REGCONFIG.MCEDP_MODULE_PATH, MAX_PATH );
if ( InjectDLLIntoProcess( szDllFullPath, lpProcessInformation->hProcess ) != MCEDP_STATUS_SUCCESS )
{
DEBUG_PRINTF(LDBG, NULL, "Module failed to inject itself into newly created process , PID : %d\n", lpProcessInformation->dwProcessId);
ResumeThread(lpProcessInformation->hThread);
return bReturn;
}
DEBUG_PRINTF(LDBG, NULL, "Module injected itself into newly created process , PID : %d\n", lpProcessInformation->dwProcessId);
/* Sleep for INIT_WAIT_TIME sec and let MCEDP init itself in newly created process
TODO : use a messaging mechanism and resume process after init finished instead of sleeping! */
Sleep(INIT_WAIT_TIME);
ResumeThread(lpProcessInformation->hThread);
return bReturn;
}
}
return bReturn;
}
void SettingsManager::SetRecordingStatus(const wxString &recordingStatus)
{
m_recordingStatus = recordingStatus;
SaveXml();
}
void SettingsManager::SetRecordingPath(const wxString &recordingPath)
{
m_recordingPath = recordingPath;
SaveXml();
}
void SettingsManager::SetAudioDevice(const wxString &audioDevice)
{
m_audioDevice = audioDevice;
SaveXml();
}
void SettingsManager::SetLanguage(wxString language)
{
m_language = language;
SaveXml();
}
void SettingsManager::SetTransmissionProfile(const wxString &transmissionProfile)
{
m_transmissionProfile = transmissionProfile;
SaveXml();
}
MainWindow::MainWindow(const std::string &simulationName)
{
this->m_dw = NULL;
this->m_gen = new Generator(simulationName);
//
// Menu
//
QMenu *menuFichier = menuBar()->addMenu("&File");
/*
QAction *menuOpen = menuFichier->addAction("Open");
menuOpen->setDisabled(true);
QAction *menuNew = menuFichier->addAction("New");
menuNew->setDisabled(true);
QAction *menuSave = menuFichier->addAction("Save");
menuSave->setDisabled(true);
QAction *menuSaveAs = menuFichier->addAction("Save as");
menuSaveAs->setDisabled(true);
*/
QAction *menuSavePix = menuFichier->addAction("Save as picture");
connect(menuSavePix, SIGNAL(triggered()), this, SLOT(SavePicture()));
QAction *menuXml = menuFichier->addAction("Save as XML");
connect(menuXml, SIGNAL(triggered()), this, SLOT(SaveXml()));
QAction *menuXmlLoad = menuFichier->addAction("Load XML file");
connect(menuXmlLoad, SIGNAL(triggered()), this, SLOT(LoadXml()));
QAction *actionQuit = menuFichier->addAction("Quit");
connect(actionQuit, SIGNAL(triggered()), qApp, SLOT(quit()));
QMenu *menuEdit = menuBar()->addMenu("&Edit");
QAction *actionConfig = menuEdit->addAction("Configuration");
actionConfig->setDisabled(true);
//connect(actionConfig, SIGNAL(triggered()), this, SLOT(ConfigurationMenu()));
QMenu *menuView = menuBar()->addMenu("&Generate");
QAction *actionCpp = menuView->addAction("&C++");
connect(actionCpp, SIGNAL(triggered()), this, SLOT(GenerateCpp()));
QAction *actionPython = menuView->addAction("&Python");
connect(actionPython, SIGNAL(triggered()), this, SLOT(GeneratePython()));
QMenu *menuHelp = menuBar()->addMenu("&Help");
QAction *menuOnlineHelp = menuHelp->addAction("Online Help");
menuOnlineHelp->setDisabled(true);
//connect(menuOnlineHelp, SIGNAL(triggered()), this, SLOT(Help()));
QAction *menuAbout = menuHelp->addAction("About");
connect(menuAbout, SIGNAL(triggered()), this, SLOT(About()));
menuAbout = menuAbout;
menuHelp = menuHelp;
//
// toolbar for add equipements.
//
QToolBar *toolBarFichier = addToolBar("");
//PC
QIcon pcIcon(":/Ico/Pc.png");
QString pcString("Terminal");
QAction *pcAction = toolBarFichier->addAction(pcIcon, pcString);
connect(pcAction, SIGNAL(triggered()), this, SLOT(CreatePc()));
//Pc-group
QIcon pcgIcon(":/Ico/Pc-group.png");
QString pcgString("Terminal Group");
QAction *pcgAction = toolBarFichier->addAction(pcgIcon, pcgString);
connect(pcgAction, SIGNAL(triggered()), this, SLOT(CreatePcGroup()));
//PC-Emu
QIcon emuIcon(":/Ico/Emu.png");
QString emuString("PC with emu");
QAction *emuAction = toolBarFichier->addAction(emuIcon, emuString);
connect(emuAction, SIGNAL(triggered()), this, SLOT(CreateEmu()));
//PC-Tap
QIcon tapIcon(":/Ico/Tap.png");
QString tapString("PC with tap");
QAction *tapAction = toolBarFichier->addAction(tapIcon, tapString);
connect(tapAction, SIGNAL(triggered()), this, SLOT(CreateTap()));
//AP-Wifi
QIcon apIcon(":/Ico/Ap-Wifi.png");
QString apString("AP Wifi");
QAction *apAction = toolBarFichier->addAction(apIcon, apString);
connect(apAction, SIGNAL(triggered()), this, SLOT(CreateAp()));
//StationWifi
QIcon stasIcon(":/Ico/StationWifi.png");
QString stasString("Station Wifi");
QAction *stasAction = toolBarFichier->addAction(stasIcon, stasString);
connect(stasAction, SIGNAL(triggered()), this, SLOT(CreateStation()));
//Hub
QIcon hubIcon(":/Ico/Hub.png");
QString hubString("Hub");
QAction *hubAction = toolBarFichier->addAction(hubIcon, hubString);
connect(hubAction, SIGNAL(triggered()), this, SLOT(CreateHub()));
//Switch
QIcon switchIcon(":/Ico/Switch.png");
QString switchString("Switch");
QAction *switchAction = toolBarFichier->addAction(switchIcon, switchString);
connect(switchAction, SIGNAL(triggered()), this, SLOT(CreateSwitch()));
//Router
QIcon routerIcon(":/Ico/Router.png");
QString routerString("Router");
QAction *routerAction = toolBarFichier->addAction(routerIcon, routerString);
connect(routerAction, SIGNAL(triggered()), this, SLOT(CreateRouter()));
//separator
toolBarFichier->addSeparator();
// Wired Link
QIcon linkIcon(":/Ico/WiredLink.png");
QString linkString("Wired Link");
QAction *linkAction = toolBarFichier->addAction(linkIcon, linkString);
connect(linkAction, SIGNAL(triggered()), this, SLOT(CreateWiredLink()));
// Station link
QIcon stasLinkIcon(":/Ico/Link.png");
QString stasLinkString("Station Link");
QAction *stasLinkAction = toolBarFichier->addAction(stasLinkIcon, stasLinkString);
connect(stasLinkAction, SIGNAL(triggered()), this, SLOT(CreateWifiLink()));
//P2P link
QIcon p2pLinkIcon(":/Ico/P2pLink.png");
QString p2pLinkString("P2P Link");
QAction *p2pLinkAction = toolBarFichier->addAction(p2pLinkIcon, p2pLinkString);
connect(p2pLinkAction, SIGNAL(triggered()), this, SLOT(CreateP2pLink()));
//separator
toolBarFichier->addSeparator();
QIcon appsLinkIcon("");
QString appsLinkString("Application");
QAction *appsLinkAction = toolBarFichier->addAction(appsLinkIcon, appsLinkString);
connect(appsLinkAction, SIGNAL(triggered()), this, SLOT(CreateApplication()));
//separator
toolBarFichier->addSeparator();
//Delete button
QIcon delIcon(":/Ico/Del.png");
QString delString("Delete");
this->m_delAction = toolBarFichier->addAction(delIcon, delString);
this->m_delAction->setDisabled (true);
connect(this->m_delAction, SIGNAL(triggered()), this, SLOT(DeleteObject()));
//
// Creation of Drag N Drop Area.
//
QHBoxLayout *dragLayout = new QHBoxLayout;
this->m_dw = new DragWidget();
dragLayout->addWidget(this->m_dw);
QWidget *zoneCentral = new QWidget;
zoneCentral->setLayout(dragLayout);
this->setCentralWidget(zoneCentral);
//
//
//
this->m_dw->SetMainWindow(this);
}
void SettingsManager::SetAudioCodec(const wxString &audioCodec)
{
m_audioCodec = audioCodec;
SaveXml();
}
