uint8_t *hook_addrcb_IWbemServices_ExecQueryAsync(hook_t *h, uint8_t *module_address, uint32_t module_size) { (void) module_address; (void) module_size; h->is_hooked = 1; if(init_co_create_instance() < 0) { return NULL; } IWbemLocator *wbem_locator = NULL; HRESULT res = pCoCreateInstance(&our_CLSID_WbemLocator, NULL, CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER, &our_IID_IUnknown, (void **) &wbem_locator); if(res == CO_E_NOTINITIALIZED) { h->is_hooked = 0; return NULL; } if(SUCCEEDED(res) == FALSE) { pipe("WARNING:IWbemServices::ExecQueryAsync error creating " "instance error=0x%x [aborting hook]", res); h->is_hooked = 0; return NULL; } IWbemServices *wbem_services = NULL; if(SUCCEEDED(wbem_locator->lpVtbl->ConnectServer(wbem_locator, L"root\\CIMV2", NULL, NULL, NULL, 0, NULL, NULL, &wbem_services)) == FALSE) { pipe("WARNING:IWbemServices::ExecQueryAsync error connecting to " "fetch IWbemServices instance [aborting hook]"); wbem_locator->lpVtbl->Release(wbem_locator); h->is_hooked = 0; return NULL; } uint8_t *ret = (uint8_t *) wbem_services->lpVtbl->ExecQueryAsync; wbem_locator->lpVtbl->Release(wbem_locator); wbem_services->lpVtbl->Release(wbem_services); return ret; }
static int _locate_wbem_services( hook_t *h, IWbemLocator **wbem_locator, IWbemServices **wbem_services ) { h->is_hooked = 1; if(init_co_create_instance() < 0) { return -1; } HRESULT res = pCoCreateInstance(&our_CLSID_WbemLocator, NULL, CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER, &our_IID_IUnknown, (void **) wbem_locator); if(res == CO_E_NOTINITIALIZED) { h->is_hooked = 0; return -1; } if(SUCCEEDED(res) == FALSE) { pipe("WARNING:Error creating IWBemLocator instance error=0x%x " "[aborting hook %z]", res, h->funcname); h->is_hooked = 0; return -1; } if(SUCCEEDED((*wbem_locator)->lpVtbl->ConnectServer(*wbem_locator, L"root\\CIMV2", NULL, NULL, NULL, 0, NULL, NULL, wbem_services)) == FALSE) { pipe("WARNING:Error connecting to IWBemLocator to fetch " "IWbemServices instance [aborting hook %z]", h->funcname); (*wbem_locator)->lpVtbl->Release(*wbem_locator); h->is_hooked = 0; return -1; } return 0; }