int act_cd(char* const argv[]) { int argc; for ( argc = 0; argv[argc] != NULL; argc++ ) { /* nothing to do */; } if ( argc == 1 ) { char* homepath; homepath = getenv("HOME"); if ( homepath == NULL ) { print_last_error("getenv"); return -1; } if ( chdir(homepath) < 0 ) { print_last_error("chdir"); return -1; } } else if ( argc == 2 ) { char res_path[PATH_MAX]; if ( realpath(argv[1], res_path) == NULL ) { print_last_error("realpath"); return -1; } if ( chdir(res_path) < 0 ) { print_last_error("chdir"); return -1; } } else { fprintf(stderr, "cd: Too many arguments\n"); return -1; } return 0; }
int tdav_producer_waveapi_start(tmedia_producer_t* self) { tdav_producer_waveapi_t* producer = (tdav_producer_waveapi_t*)self; MMRESULT result; tsk_size_t i; if(!producer){ TSK_DEBUG_ERROR("Invalid parameter"); return -1; } if(producer->started || producer->hWaveIn){ TSK_DEBUG_WARN("Producer already started"); return 0; } /* create events */ if(!producer->events[0]){ producer->events[0] = CreateEvent(NULL, FALSE, FALSE, NULL); } if(!producer->events[1]){ producer->events[1] = CreateEvent(NULL, FALSE, FALSE, NULL); } /* open */ result = waveInOpen((HWAVEIN *)&producer->hWaveIn, /*WAVE_MAPPER*/0, &producer->wfx, (DWORD)producer->events[0], (DWORD_PTR)producer, CALLBACK_EVENT); if(result != MMSYSERR_NOERROR){ print_last_error(result, "waveInOpen"); return -2; } /* start */ result = waveInStart(producer->hWaveIn); if(result != MMSYSERR_NOERROR){ print_last_error(result, "waveInStart"); return -2; } /* start thread */ tsk_thread_create(&producer->tid[0], __record_thread, producer); /* write */ for(i = 0; i< sizeof(producer->hWaveHeaders)/sizeof(LPWAVEHDR); i++){ add_wavehdr(producer, i); } producer->started = tsk_true; return 0; }
int tdav_producer_waveapi_stop(tmedia_producer_t* self) { tdav_producer_waveapi_t* producer = (tdav_producer_waveapi_t*)self; MMRESULT result; if(!self){ TSK_DEBUG_ERROR("Invalid parameter"); return -1; } if(!producer->started){ TSK_DEBUG_WARN("Producer not started"); return 0; } /* stop thread */ if(producer->tid[0]){ SetEvent(producer->events[1]); tsk_thread_join(&(producer->tid[0])); } /* should be done here */ producer->started = tsk_false; if(producer->hWaveIn && (((result = waveInReset(producer->hWaveIn)) != MMSYSERR_NOERROR) || ((result = waveInClose(producer->hWaveIn)) != MMSYSERR_NOERROR))){ print_last_error(result, "waveInReset/waveInClose"); } return 0; }
static BOOL stop_service(void){ SC_HANDLE scm; SC_HANDLE service; BOOL ret; SERVICE_STATUS ss; if(!open_service_control(&scm,&service)){ #ifdef HARDDEBUG fwprintf(stderr,L"Failed to open service.\n"); #endif return FALSE; } ret = ControlService(service,SERVICE_CONTROL_STOP,&ss); if(!ret){ last_error = GetLastError(); } CloseServiceHandle(service); CloseServiceHandle(scm); #ifdef HARDDEBUG if(!ret) { fwprintf(stderr,L"Failed to control service.\n"); print_last_error(); } #endif return ret; }
int rwp_write_byte(unsigned long address, unsigned char data) { HANDLE hDriver; DWORD BytesReturned; int iError; int result = 0; unsigned char buf[3]; hDriver = CreateFile("\\\\.\\RwPorts", GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hDriver == INVALID_HANDLE_VALUE) { printf("Couldn't access " DRV_NAME " driver; Please ensure driver is installed/loaded."); return -1; } *((unsigned short *)buf) = (unsigned short)address; buf[2] = data; iError = DeviceIoControl(hDriver, IOCTL_RWPORTS_WRITE_BYTE, &buf, 3, &buf, 1, &BytesReturned, NULL); if(!iError) { print_last_error("RwPorts: error %d occured in IOCTL_RWPORTS_WRITE_BYTE"); result = -1; } else printf("I/O ports write at 0x%04x.\n", address); CloseHandle(hDriver); hDriver = INVALID_HANDLE_VALUE; return result; }
int dha_enable(void) { HANDLE hDriver; DWORD BytesReturned; int iError; int result = 0; hDriver = CreateFile("\\\\.\\DhaHelper", GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hDriver == INVALID_HANDLE_VALUE) { printf("Couldn't access " DHA_DRV_NAME " driver; Please ensure driver is installed/loaded."); return -1; } iError = DeviceIoControl(hDriver, IOCTL_DHAHELPER_ENABLEDIRECTIO, NULL, 0, NULL, 0, &BytesReturned, NULL); if(!iError) { print_last_error("DhaHelper: error %d occured in IOCTL_DHAHELPER_ENABLEDIRECTIO"); result = -1; } else printf("I/O ports have been enabled.\n"); CloseHandle(hDriver); hDriver = INVALID_HANDLE_VALUE; return result; }
static int record_wavehdr(tdav_producer_waveapi_t* producer, LPWAVEHDR lpHdr) { MMRESULT result; if(!producer || !lpHdr || !producer->hWaveIn){ TSK_DEBUG_ERROR("Invalid parameter"); return -1; } // // Alert the session that there is new data to send over the network // if(TMEDIA_PRODUCER(producer)->callback){ TMEDIA_PRODUCER(producer)->callback(TMEDIA_PRODUCER(producer)->callback_data, lpHdr->lpData, (lpHdr->dwBytesRecorded/2)); } if(!producer->started){ return 0; } result = waveInUnprepareHeader(producer->hWaveIn, lpHdr, sizeof(WAVEHDR)); if(result != MMSYSERR_NOERROR){ print_last_error(result, "waveInUnprepareHeader"); return -2; } result = waveInPrepareHeader(producer->hWaveIn, lpHdr, sizeof(WAVEHDR)); if(result != MMSYSERR_NOERROR){ print_last_error(result, "waveInPrepareHeader"); return -3; } result = waveInAddBuffer(producer->hWaveIn, lpHdr, sizeof(WAVEHDR)); if(result != MMSYSERR_NOERROR){ print_last_error(result, "waveInAddBuffer"); return -4; } return 0; }
DWORD queue_func(BYTE* pParam, DWORD param_size) { queue_func_params_t * params = (queue_func_params_t*)pParam; unsigned char checksum = 0; unsigned char buffer[16 * 1024]; params->succ = false; DWORD ret = -1; // we must open the file each time, because we need separate file pointers HANDLE hfile = CreateFile(params->filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hfile == INVALID_HANDLE_VALUE) { print_last_error(_T("CreateFile")); return -1; } // seek to offset if (SetFilePointer(hfile, params->offset, NULL, FILE_BEGIN) == INVALID_SET_FILE_POINTER) { print_last_error(_T("SetFilePointer")); goto cleanup; } // read the file in chunks and compute the checksum for (int i = 0; i < params->size; ) { DWORD readcount; if (!ReadFile(hfile, buffer, sizeof(buffer), &readcount, NULL)) { print_last_error(_T("ReadFile")); goto cleanup; } if (readcount <= 0) { _tprintf(_T("read count is not > 0\n")); goto cleanup; } i += readcount; checksum ^= xor_buffer(buffer, readcount); } params->succ = true; ret = checksum; cleanup: CloseHandle(hfile); return ret; }
static int add_wavehdr(tdav_producer_waveapi_t* producer, tsk_size_t index) { MMRESULT result; if(!producer || !producer->hWaveHeaders[index] || !producer->hWaveIn){ TSK_DEBUG_ERROR("Invalid parameter"); return -1; } result = waveInPrepareHeader(producer->hWaveIn, producer->hWaveHeaders[index], sizeof(WAVEHDR)); if(result != MMSYSERR_NOERROR){ print_last_error(result, "waveInPrepareHeader"); return -2; } result = waveInAddBuffer(producer->hWaveIn, producer->hWaveHeaders[index], sizeof(WAVEHDR)); if(result != MMSYSERR_NOERROR){ print_last_error(result, "waveInAddBuffer"); return -3; } return 0; }
VOID timing_WaitForSingleObject(UINT delayInSeconds) { HANDLE hEvent; // Create a nonsignaled event hEvent = CreateEvent(NULL, TRUE, FALSE, NULL); if (hEvent == NULL) print_last_error(_T("CreateEvent")); // Wait until timeout DWORD x = WaitForSingleObject(hEvent, delayInSeconds); // Malicious code goes here }
void fatal_errorf(const char *fmt, ...) { if (fmt != NULL) { va_list va; va_start(va, fmt); StrBuf msg; StrBuf_init_refstr(&msg, 0); StrBuf_vprintf(&msg, fmt, va); va_end(va); fg->error = StrBuf_str_Value(&msg, fs->cls_str); } print_last_error(); fox_close(); exit(0); }
int dha_install(void) { SC_HANDLE hSCManager = NULL; SC_HANDLE hService = NULL; char szPath[MAX_PATH]; int result = 0; GetWindowsDirectory(szPath, MAX_PATH); strcpy(szPath + strlen(szPath), "\\system32\\drivers\\" DRV_FILENAME); if(!CopyFile(DRV_FILENAME, szPath, FALSE)) { printf("Copying " DRV_FILENAME " failed.\nEither " DRV_FILENAME " is not in the current directory or you lack sufficient\nprivileges to write to %s.", szPath); return -1; } // Install the driver hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); hService = CreateService(hSCManager, DRV_NAME, DRV_NAME, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_SYSTEM_START, SERVICE_ERROR_NORMAL, szPath, NULL, NULL, NULL, NULL, NULL); if(!hService) { print_last_error("Unable to register DhaHelper Service"); result = -1; } else { printf("Success!\n"); result = 0; } CloseServiceHandle(hService); CloseServiceHandle(hSCManager); return result; }
int dha_start(void) { SC_HANDLE hSCManager = NULL; SC_HANDLE hService = NULL; int result; hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); hService = OpenService(hSCManager, DRV_NAME, SERVICE_ALL_ACCESS); result = StartService(hService, 0, NULL); if(!result) print_last_error("Error while starting service"); CloseServiceHandle(hService); CloseServiceHandle(hSCManager); return 0; }
int rwp_write_byte(unsigned short address, unsigned char data) { DWORD BytesReturned; int iError; int result = 0; unsigned char buf[3]; *((unsigned short *)buf) = (unsigned short)address; buf[2] = data; iError = DeviceIoControl(hDriver, IOCTL_RWPORTS_WRITE_BYTE, &buf, 3, &buf, 1, &BytesReturned, NULL); if(!iError) { print_last_error("RwPorts: error occured in IOCTL_RWPORTS_WRITE_BYTE"); result = -1; } //else printf("I/O ports write at 0x%04x.\n", address); return result; }
int dha_stop(void) { SC_HANDLE hSCManager = NULL; SC_HANDLE hService = NULL; SERVICE_STATUS ServiceStatus; int result; hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); hService = OpenService(hSCManager, DRV_NAME, SERVICE_ALL_ACCESS); result = ControlService(hService, SERVICE_CONTROL_STOP, &ServiceStatus); if(!result) print_last_error("Error while stopping service"); CloseServiceHandle(hService); CloseServiceHandle(hSCManager); return 0; }
bool compute_checksums(program_state_t * state) { TPHANDLE tpool = state->start_func(state->num_of_threads, state->num_of_chunks, sizeof(queue_func_params_t)); bool succ = false; if (tpool == (TPHANDLE)-1) { _tprintf(_T("StartThreadPool failed\n")); return false; } // enqueue all tasks DWORD offset = 0; for (int i = 0; i < state->num_of_chunks; i++) { queue_func_params_t params; params.completion_sem = state->completion_sem; params.succ = false; params.state = state; params.filename = state->filename; params.offset = offset; DWORD remaining = state->filesize - offset; params.size = remaining > state->chunk_size ? state->chunk_size : remaining; offset += params.size; if (!state->enqueue_func(tpool, queue_func, (BYTE*)¶ms, sizeof(params), queue_callback_func)) { _tprintf(_T("QueueWorkItem failed\n")); goto cleanup; } } // wait for all of the tasks to finish for (int i = 0; i < state->num_of_chunks; i++) { if (WaitForSingleObject(state->completion_sem, INFINITE) != WAIT_OBJECT_0) { print_last_error(_T("WaitForSingleObject: completion_sem")); goto cleanup; } } succ = true; cleanup: state->stop_func(tpool, 1000); return succ; }
bool init_state(program_state_t * state) { state->dll = NULL; state->completion_sem = NULL; state->checksum = 0; InitializeCriticalSection(&state->checksum_guard); state->dll = LoadLibrary(_T("mythreadpool.dll")); if (state->dll == NULL) { print_last_error(_T("LoadLibrary")); return false; } state->start_func = (StartThreadPool_t)GetProcAddress(state->dll, "StartThreadPool"); if (state->start_func == NULL) { print_last_error(_T("GetProcAddress: StartThreadPool")); return false; } state->stop_func = (StopThreadPool_t)GetProcAddress(state->dll, "StopThreadPool"); if (state->stop_func == NULL) { print_last_error(_T("GetProcAddress: StopThreadPool")); return false; } state->enqueue_func = (QueueWorkItem_t)GetProcAddress(state->dll, "QueueWorkItem"); if (state->enqueue_func == NULL) { print_last_error(_T("GetProcAddress: QueueWorkItem")); return false; } HANDLE hfile = CreateFile(state->filename, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hfile == INVALID_HANDLE_VALUE) { print_last_error(_T("CreateFile")); return false; } state->filesize = GetFileSize(hfile, NULL); CloseHandle(hfile); state->num_of_chunks = state->filesize / state->chunk_size; if (state->filesize % state->chunk_size != 0) { // one more chunk for the overflow state->num_of_chunks++; } state->completion_sem = CreateSemaphore(NULL, 0, state->num_of_chunks, NULL); if (state->completion_sem == NULL) { print_last_error(_T("CreateSemaphore: completetion_sem")); return false; } return true; }
int rwp_read_byte(unsigned short address, unsigned char *data) { DWORD BytesReturned; int iError; int result = 0; unsigned char buf[3]; *((unsigned short *)buf) = (unsigned short)address; iError = DeviceIoControl(hDriver, IOCTL_RWPORTS_READ_BYTE, &buf, 2, &buf, 1, &BytesReturned, NULL); if(!iError) { print_last_error("RwPorts: error occured in IOCTL_RWPORTS_READ_BYTE"); result = -1; } else { *data = buf[0]; //printf("I/O ports read at 0x%04x: %02x\n", address, *data); } return result; }
int dha_uninstall(void) { SC_HANDLE hSCManager = NULL; SC_HANDLE hService = NULL; char szPath[MAX_PATH]; int result = 0; hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); hService = OpenService(hSCManager, DRV_NAME, SERVICE_ALL_ACCESS); dha_stop(); result = DeleteService(hService); if(!result) print_last_error("Error while deleting service"); CloseServiceHandle(hService); CloseServiceHandle(hSCManager); GetWindowsDirectory(szPath, MAX_PATH); strcpy(szPath + strlen(szPath), "\\system32\\drivers\\" DRV_FILENAME); DeleteFile(szPath); return 0; }
BOOL GetSetThreadContext_Injection() { TCHAR lpApplicationName[] = _T("C:\\Windows\\System32\\svchost.exe"); TCHAR lpApplicationName2[] = _T("C:\\masm32\\examples\\dialogs_later\\basic\\basicdlg.exe"); BOOL bResult; STARTUPINFO StartupInfo; PROCESS_INFORMATION ProcessInfo; SecureZeroMemory(&StartupInfo, sizeof(STARTUPINFO)); SecureZeroMemory(&ProcessInfo, sizeof(PPROCESS_INFORMATION)); // Create the hollowed process in suspended mode bResult = CreateProcess(lpApplicationName, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &StartupInfo, &ProcessInfo); if (bResult == NULL){ print_last_error(_T("CreateProcess")); return FALSE; } // Allocate space for context structure PCONTEXT pContext; LPVOID pTargetImageBase = NULL; pContext = PCONTEXT(VirtualAlloc(NULL, sizeof(LPVOID), MEM_COMMIT, PAGE_READWRITE)); if (pContext == NULL) { print_last_error(_T("VirtualAlloc")); return FALSE; } // Get the thread context of target pContext->ContextFlags = CONTEXT_FULL; bResult = GetThreadContext(ProcessInfo.hThread, pContext); if (bResult == NULL) { print_last_error(_T("GetThreadContext")); return FALSE; } // Read the image base address of target ReadProcessMemory(ProcessInfo.hProcess, LPCVOID(pContext->Ebx + 8), pTargetImageBase, 4, NULL); // Opening source image HANDLE hFile = CreateFile(lpApplicationName2, GENERIC_READ, NULL, NULL, OPEN_ALWAYS, NULL, NULL); if (hFile == INVALID_HANDLE_VALUE) { print_last_error(_T("CreateFile")); return FALSE; } // Reading the file DWORD dwSize = GetFileSize(hFile, 0); DWORD dwBytesRead; PBYTE pBuffer = new BYTE[dwSize]; ReadFile(hFile, pBuffer, dwSize, &dwBytesRead, 0); PIMAGE_SECTION_HEADER pImageSectionHeader; PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)pBuffer; if (pDosHeader->e_magic == IMAGE_DOS_SIGNATURE) { PIMAGE_NT_HEADERS32 pNTHeaders = PIMAGE_NT_HEADERS(DWORD(pBuffer) + pDosHeader->e_lfanew); if (pNTHeaders->Signature == IMAGE_NT_SIGNATURE) { if (DWORD(pTargetImageBase) == pNTHeaders->OptionalHeader.ImageBase) { pNtUnmapViewOfSection NtUnmapViewOfSection; NtUnmapViewOfSection = (pNtUnmapViewOfSection)(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtUnmapViewOfSection")); NtUnmapViewOfSection(ProcessInfo.hProcess, pTargetImageBase); } LPVOID pImageBase; pImageBase = VirtualAllocEx(ProcessInfo.hProcess, LPVOID(pNTHeaders->OptionalHeader.ImageBase), pNTHeaders->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); if (pImageBase == NULL) { print_last_error(_T("VirtualAllocEx")); return FALSE; } WriteProcessMemory(ProcessInfo.hProcess, pImageBase, pBuffer, pNTHeaders->OptionalHeader.SizeOfHeaders, NULL); for (int Count = 0; Count < pNTHeaders->FileHeader.NumberOfSections; Count++) { pImageSectionHeader = PIMAGE_SECTION_HEADER(DWORD(pBuffer) + pDosHeader->e_lfanew + 248 + (Count * 40)); WriteProcessMemory(ProcessInfo.hProcess, LPVOID(DWORD(pImageBase) + pImageSectionHeader->VirtualAddress), LPVOID(DWORD(pBuffer) + pImageSectionHeader->PointerToRawData), pImageSectionHeader->SizeOfRawData, NULL); } WriteProcessMemory(ProcessInfo.hProcess, LPVOID(pContext->Ebx + 8), LPVOID(&pNTHeaders->OptionalHeader.ImageBase), 4, NULL); pContext->Eax = DWORD(pImageBase) + pNTHeaders->OptionalHeader.AddressOfEntryPoint; SetThreadContext(ProcessInfo.hThread, LPCONTEXT(pContext)); ResumeThread(ProcessInfo.hThread); } } return TRUE; }
int main_fox(int argc, const char **argv) { ArgumentInfo ai; RefNode *mod; RefStr *name_startup; int ret = FALSE; memset(&ai, 0, sizeof(ai)); init_stdio(); // デフォルト値 fs->max_alloc = 64 * 1024 * 1024; // 64MB fs->max_stack = 32768; fv->err_dst = "alert"; if (!parse_args(&ai, argc, argv)) { goto ERROR_END; } fox_init_compile(FALSE); if (ai.srcfile != NULL) { mod = get_module_by_file(ai.srcfile); if (mod != NULL) { mod->u.m.src_path = ai.srcfile; } } else { throw_errorf(fs->mod_lang, "ArgumentError", "Missing filename"); goto ERROR_END; } // ソースを読み込んだ後で実行 if (fs->running_mode == RUNNING_MODE_CGI) { throw_errorf(fs->mod_lang, "CompileError", "CGI mode is not supported"); goto ERROR_END; } init_fox_stack(); if (mod == NULL) { throw_error_select(THROW_CANNOT_OPEN_FILE__STR, Str_new(ai.srcfile, -1)); goto ERROR_END; } if (fg->error != VALUE_NULL) { goto ERROR_END; } // 参照できない名前で登録 name_startup = intern("[startup]", 9); mod->name = name_startup; Hash_add_p(&fg->mod_root, &fg->st_mem, name_startup, mod); if (!fox_link()) { goto ERROR_END; } if (!fox_run(mod)) { goto ERROR_END; } ret = TRUE; ERROR_END: print_last_error(); fox_close(); return ret; }
void ClientSend::operator()(void) { while(true) { BufferItem item; bool has_item=false; bool do_exit; bool needs_flush = true; { IScopedLock lock(mutex); if(tqueue.empty() && exit==false) { cond->wait(&lock, 100); if(tqueue.empty() && needs_flush) { needs_flush = false; if(!has_error && !pipe->Flush(-1)) { print_last_error(); has_error=true; } } } if(tqueue.empty() && exit==false) cond->wait(&lock); do_exit=exit; if(!tqueue.empty()) { item=tqueue.front(); tqueue.pop(); has_item=true; } } if(has_item) { if(!has_error) { bool b=pipe->Write(item.buf, item.bsize, 60000, false); if(!b) { print_last_error(); has_error=true; } } bufmgr->releaseBuffer(item.buf); } else if(do_exit) { if (!has_error && !pipe->Flush(-1)) { print_last_error(); has_error = true; } break; } } }